2016-03-30 16:14:21 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe Groups::GroupMembersController do
|
|
|
|
let(:user) { create(:user) }
|
2016-11-11 07:51:50 -05:00
|
|
|
let(:group) { create(:group, :public, :access_requestable) }
|
2016-03-30 16:14:21 -04:00
|
|
|
|
2016-10-19 07:13:44 -04:00
|
|
|
describe 'GET index' do
|
|
|
|
it 'renders index with 200 status code' do
|
2018-12-17 17:52:17 -05:00
|
|
|
get :index, params: { group_id: group }
|
2016-04-07 15:36:26 -04:00
|
|
|
|
2017-10-19 14:28:19 -04:00
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2016-04-07 15:36:26 -04:00
|
|
|
expect(response).to render_template(:index)
|
2016-03-30 16:14:21 -04:00
|
|
|
end
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2016-10-19 10:50:41 -04:00
|
|
|
describe 'POST create' do
|
|
|
|
let(:group_user) { create(:user) }
|
|
|
|
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-10-19 10:50:41 -04:00
|
|
|
|
|
|
|
context 'when user does not have enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_developer(user)
|
|
|
|
end
|
2016-10-19 10:50:41 -04:00
|
|
|
|
|
|
|
it 'returns 403' do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :create, params: {
|
|
|
|
group_id: group,
|
|
|
|
user_ids: group_user.id,
|
|
|
|
access_level: Gitlab::Access::GUEST
|
|
|
|
}
|
2016-10-19 10:50:41 -04:00
|
|
|
|
2017-10-19 14:28:19 -04:00
|
|
|
expect(response).to have_gitlab_http_status(403)
|
2016-10-19 10:50:41 -04:00
|
|
|
expect(group.users).not_to include group_user
|
2016-10-05 15:58:34 -04:00
|
|
|
end
|
2016-10-19 10:50:41 -04:00
|
|
|
end
|
2016-10-05 15:58:34 -04:00
|
|
|
|
2016-10-19 10:50:41 -04:00
|
|
|
context 'when user has enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
end
|
2016-10-05 15:58:34 -04:00
|
|
|
|
2016-10-19 10:50:41 -04:00
|
|
|
it 'adds user to members' do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :create, params: {
|
|
|
|
group_id: group,
|
|
|
|
user_ids: group_user.id,
|
|
|
|
access_level: Gitlab::Access::GUEST
|
|
|
|
}
|
2016-10-05 15:58:34 -04:00
|
|
|
|
2016-10-19 10:50:41 -04:00
|
|
|
expect(response).to set_flash.to 'Users were successfully added.'
|
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
|
|
|
expect(group.users).to include group_user
|
2016-10-05 15:58:34 -04:00
|
|
|
end
|
|
|
|
|
2016-10-19 10:50:41 -04:00
|
|
|
it 'adds no user to members' do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :create, params: {
|
|
|
|
group_id: group,
|
|
|
|
user_ids: '',
|
|
|
|
access_level: Gitlab::Access::GUEST
|
|
|
|
}
|
2016-10-19 10:50:41 -04:00
|
|
|
|
|
|
|
expect(response).to set_flash.to 'No users specified.'
|
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
|
|
|
expect(group.users).not_to include group_user
|
2016-10-05 15:58:34 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-12-11 09:53:31 -05:00
|
|
|
describe 'PUT update' do
|
|
|
|
let(:requester) { create(:group_member, :access_request, group: group) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
sign_in(user)
|
|
|
|
end
|
|
|
|
|
|
|
|
Gitlab::Access.options.each do |label, value|
|
|
|
|
it "can change the access level to #{label}" do
|
2018-12-19 16:57:41 -05:00
|
|
|
put :update, params: {
|
|
|
|
group_member: { access_level: value },
|
|
|
|
group_id: group,
|
|
|
|
id: requester
|
|
|
|
}, xhr: true
|
2017-12-11 09:53:31 -05:00
|
|
|
|
|
|
|
expect(requester.reload.human_access).to eq(label)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-10-19 07:13:44 -04:00
|
|
|
describe 'DELETE destroy' do
|
|
|
|
let(:member) { create(:group_member, :developer, group: group) }
|
|
|
|
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
context 'when member is not found' do
|
|
|
|
it 'returns 403' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :destroy, params: { group_id: group, id: 42 }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2017-10-19 14:28:19 -04:00
|
|
|
expect(response).to have_gitlab_http_status(403)
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when member is found' do
|
|
|
|
context 'when user does not have enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_developer(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
it 'returns 403' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :destroy, params: { group_id: group, id: member }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2017-10-19 14:28:19 -04:00
|
|
|
expect(response).to have_gitlab_http_status(403)
|
2016-10-19 07:13:44 -04:00
|
|
|
expect(group.members).to include member
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user has enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
it '[HTML] removes user from members' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :destroy, params: { group_id: group, id: member }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2018-11-16 10:09:32 -05:00
|
|
|
expect(response).to set_flash.to 'User was successfully removed from group and any subresources.'
|
2016-04-18 12:53:32 -04:00
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
2016-10-19 07:13:44 -04:00
|
|
|
expect(group.members).not_to include member
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it '[JS] removes user from members' do
|
2018-12-19 16:57:41 -05:00
|
|
|
delete :destroy, params: { group_id: group, id: member }, xhr: true
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
expect(response).to be_success
|
2016-10-19 07:13:44 -04:00
|
|
|
expect(group.members).not_to include member
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-10-19 07:13:44 -04:00
|
|
|
describe 'DELETE leave' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
context 'when member is not found' do
|
2016-09-09 12:51:31 -04:00
|
|
|
it 'returns 404' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :leave, params: { group_id: group }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2017-10-19 14:28:19 -04:00
|
|
|
expect(response).to have_gitlab_http_status(404)
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when member is found' do
|
|
|
|
context 'and is not an owner' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_developer(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
it 'removes user from members' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :leave, params: { group_id: group }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2016-06-02 12:05:06 -04:00
|
|
|
expect(response).to set_flash.to "You left the \"#{group.name}\" group."
|
2016-04-18 12:53:32 -04:00
|
|
|
expect(response).to redirect_to(dashboard_groups_path)
|
|
|
|
expect(group.users).not_to include user
|
|
|
|
end
|
2017-06-06 06:35:22 -04:00
|
|
|
|
|
|
|
it 'supports json request' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :leave, params: { group_id: group }, format: :json
|
2017-06-06 06:35:22 -04:00
|
|
|
|
2017-10-19 14:28:19 -04:00
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2017-06-07 08:01:38 -04:00
|
|
|
expect(json_response['notice']).to eq "You left the \"#{group.name}\" group."
|
2017-06-06 06:35:22 -04:00
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'and is an owner' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
it 'cannot removes himself from the group' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :leave, params: { group_id: group }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2017-10-19 14:28:19 -04:00
|
|
|
expect(response).to have_gitlab_http_status(403)
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'and is a requester' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.request_access(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
it 'removes user from members' do
|
2018-12-17 17:52:17 -05:00
|
|
|
delete :leave, params: { group_id: group }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2016-06-02 12:05:06 -04:00
|
|
|
expect(response).to set_flash.to 'Your access request to the group has been withdrawn.'
|
2016-06-17 10:33:10 -04:00
|
|
|
expect(response).to redirect_to(group_path(group))
|
2016-06-27 10:20:57 -04:00
|
|
|
expect(group.requesters).to be_empty
|
2016-04-18 12:53:32 -04:00
|
|
|
expect(group.users).not_to include user
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-10-19 07:13:44 -04:00
|
|
|
describe 'POST request_access' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
it 'creates a new GroupMember that is not a team member' do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :request_access, params: { group_id: group }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
expect(response).to set_flash.to 'Your request for access has been queued for review.'
|
|
|
|
expect(response).to redirect_to(group_path(group))
|
2016-06-27 10:20:57 -04:00
|
|
|
expect(group.requesters.exists?(user_id: user)).to be_truthy
|
2016-04-18 12:53:32 -04:00
|
|
|
expect(group.users).not_to include user
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-10-19 07:13:44 -04:00
|
|
|
describe 'POST approve_access_request' do
|
|
|
|
let(:member) { create(:group_member, :access_request, group: group) }
|
|
|
|
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
sign_in(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
context 'when member is not found' do
|
|
|
|
it 'returns 403' do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :approve_access_request, params: { group_id: group, id: 42 }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2017-10-19 14:28:19 -04:00
|
|
|
expect(response).to have_gitlab_http_status(403)
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when member is found' do
|
|
|
|
context 'when user does not have enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_developer(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
it 'returns 403' do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :approve_access_request, params: { group_id: group, id: member }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
2017-10-19 14:28:19 -04:00
|
|
|
expect(response).to have_gitlab_http_status(403)
|
2016-10-19 07:13:44 -04:00
|
|
|
expect(group.members).not_to include member
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when user has enough rights' do
|
2017-06-14 14:18:56 -04:00
|
|
|
before do
|
|
|
|
group.add_owner(user)
|
|
|
|
end
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
it 'adds user to members' do
|
2018-12-17 17:52:17 -05:00
|
|
|
post :approve_access_request, params: { group_id: group, id: member }
|
2016-04-18 12:53:32 -04:00
|
|
|
|
|
|
|
expect(response).to redirect_to(group_group_members_path(group))
|
2016-10-19 07:13:44 -04:00
|
|
|
expect(group.members).to include member
|
2016-04-18 12:53:32 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2016-03-30 16:14:21 -04:00
|
|
|
end
|