212 lines
5.6 KiB
Ruby
212 lines
5.6 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe Groups::GroupMembersController do
|
|
let(:user) { create(:user) }
|
|
let(:group) { create(:group) }
|
|
|
|
describe '#index' do
|
|
before do
|
|
group.add_owner(user)
|
|
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
|
|
end
|
|
|
|
it 'renders index with group members' do
|
|
get :index, group_id: group
|
|
|
|
expect(response).to have_http_status(200)
|
|
expect(response).to render_template(:index)
|
|
end
|
|
end
|
|
|
|
describe '#destroy' do
|
|
let(:group) { create(:group, :public) }
|
|
|
|
context 'when member is not found' do
|
|
it 'returns 403' do
|
|
delete :destroy, group_id: group,
|
|
id: 42
|
|
|
|
expect(response).to have_http_status(403)
|
|
end
|
|
end
|
|
|
|
context 'when member is found' do
|
|
let(:user) { create(:user) }
|
|
let(:group_user) { create(:user) }
|
|
let(:member) do
|
|
group.add_developer(group_user)
|
|
group.members.find_by(user_id: group_user)
|
|
end
|
|
|
|
context 'when user does not have enough rights' do
|
|
before do
|
|
group.add_developer(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it 'returns 403' do
|
|
delete :destroy, group_id: group,
|
|
id: member
|
|
|
|
expect(response).to have_http_status(403)
|
|
expect(group.users).to include group_user
|
|
end
|
|
end
|
|
|
|
context 'when user has enough rights' do
|
|
before do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it '[HTML] removes user from members' do
|
|
delete :destroy, group_id: group,
|
|
id: member
|
|
|
|
expect(response).to set_flash.to 'User was successfully removed from group.'
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
|
expect(group.users).not_to include group_user
|
|
end
|
|
|
|
it '[JS] removes user from members' do
|
|
xhr :delete, :destroy, group_id: group,
|
|
id: member
|
|
|
|
expect(response).to be_success
|
|
expect(group.users).not_to include group_user
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '#leave' do
|
|
let(:group) { create(:group, :public) }
|
|
let(:user) { create(:user) }
|
|
|
|
context 'when member is not found' do
|
|
before { sign_in(user) }
|
|
|
|
it 'returns 403' do
|
|
delete :leave, group_id: group
|
|
|
|
expect(response).to have_http_status(403)
|
|
end
|
|
end
|
|
|
|
context 'when member is found' do
|
|
context 'and is not an owner' do
|
|
before do
|
|
group.add_developer(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it 'removes user from members' do
|
|
delete :leave, group_id: group
|
|
|
|
expect(response).to set_flash.to "You left the \"#{group.name}\" group."
|
|
expect(response).to redirect_to(dashboard_groups_path)
|
|
expect(group.users).not_to include user
|
|
end
|
|
end
|
|
|
|
context 'and is an owner' do
|
|
before do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it 'cannot removes himself from the group' do
|
|
delete :leave, group_id: group
|
|
|
|
expect(response).to have_http_status(403)
|
|
end
|
|
end
|
|
|
|
context 'and is a requester' do
|
|
before do
|
|
group.request_access(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it 'removes user from members' do
|
|
delete :leave, group_id: group
|
|
|
|
expect(response).to set_flash.to 'Your access request to the group has been withdrawn.'
|
|
expect(response).to redirect_to(group_path(group))
|
|
expect(group.requesters).to be_empty
|
|
expect(group.users).not_to include user
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
describe '#request_access' do
|
|
let(:group) { create(:group, :public) }
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
it 'creates a new GroupMember that is not a team member' do
|
|
post :request_access, group_id: group
|
|
|
|
expect(response).to set_flash.to 'Your request for access has been queued for review.'
|
|
expect(response).to redirect_to(group_path(group))
|
|
expect(group.requesters.exists?(user_id: user)).to be_truthy
|
|
expect(group.users).not_to include user
|
|
end
|
|
end
|
|
|
|
describe '#approve_access_request' do
|
|
let(:group) { create(:group, :public) }
|
|
|
|
context 'when member is not found' do
|
|
it 'returns 403' do
|
|
post :approve_access_request, group_id: group,
|
|
id: 42
|
|
|
|
expect(response).to have_http_status(403)
|
|
end
|
|
end
|
|
|
|
context 'when member is found' do
|
|
let(:user) { create(:user) }
|
|
let(:group_requester) { create(:user) }
|
|
let(:member) do
|
|
group.request_access(group_requester)
|
|
group.requesters.find_by(user_id: group_requester)
|
|
end
|
|
|
|
context 'when user does not have enough rights' do
|
|
before do
|
|
group.add_developer(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it 'returns 403' do
|
|
post :approve_access_request, group_id: group,
|
|
id: member
|
|
|
|
expect(response).to have_http_status(403)
|
|
expect(group.users).not_to include group_requester
|
|
end
|
|
end
|
|
|
|
context 'when user has enough rights' do
|
|
before do
|
|
group.add_owner(user)
|
|
sign_in(user)
|
|
end
|
|
|
|
it 'adds user to members' do
|
|
post :approve_access_request, group_id: group,
|
|
id: member
|
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
|
expect(group.users).to include group_requester
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|