gitlab-org--gitlab-foss/spec/requests/api/protected_branches_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe API::ProtectedBranches do
  let(:user) { create(:user) }
  let!(:project) { create(:project, :repository) }
  let(:protected_name) { 'feature' }
  let(:branch_name) { protected_name }
  let!(:protected_branch) do
    create(:protected_branch, project: project, name: protected_name)
  end

  describe "GET /projects/:id/protected_branches" do
    let(:params) { {} }
    let(:route) { "/projects/#{project.id}/protected_branches" }

    shared_examples_for 'protected branches' do
      it 'returns the protected branches' do
        get api(route, user), params: params.merge(per_page: 100)

        expect(response).to have_gitlab_http_status(:ok)
        expect(response).to include_pagination_headers
        expect(json_response).to be_an Array

        protected_branch_names = json_response.map { |x| x['name'] }
        expect(protected_branch_names).to match_array(expected_branch_names)
      end
    end

    context 'when authenticated as a maintainer' do
      before do
        project.add_maintainer(user)
      end

      context 'when search param is not present' do
        it_behaves_like 'protected branches' do
          let(:expected_branch_names) { project.protected_branches.map { |x| x['name'] } }
        end
      end

      context 'when search param is present' do
        it_behaves_like 'protected branches' do
          let(:another_protected_branch) { create(:protected_branch, project: project, name: 'stable') }
          let(:params) { { search: another_protected_branch.name } }
          let(:expected_branch_names) { [another_protected_branch.name] }
        end
      end
    end

    context 'when authenticated as a guest' do
      before do
        project.add_guest(user)
      end

      it_behaves_like '403 response' do
        let(:request) { get api(route, user) }
      end
    end
  end

  describe "GET /projects/:id/protected_branches/:branch" do
    let(:route) { "/projects/#{project.id}/protected_branches/#{branch_name}" }

    shared_examples_for 'protected branch' do
      it 'returns the protected branch' do
        get api(route, user)

        expect(response).to have_gitlab_http_status(:ok)
        expect(json_response['name']).to eq(branch_name)
        expect(json_response['push_access_levels'][0]['access_level']).to eq(::Gitlab::Access::MAINTAINER)
        expect(json_response['merge_access_levels'][0]['access_level']).to eq(::Gitlab::Access::MAINTAINER)
      end

      context 'when protected branch does not exist' do
        let(:branch_name) { 'unknown' }

        it_behaves_like '404 response' do
          let(:request) { get api(route, user) }
          let(:message) { '404 Not found' }
        end
      end
    end

    context 'when authenticated as a maintainer' do
      before do
        project.add_maintainer(user)
      end

      it_behaves_like 'protected branch'

      context 'when protected branch contains a wildcard' do
        let(:protected_name) { 'feature*' }

        it_behaves_like 'protected branch'
      end

      context 'when protected branch contains a period' do
        let(:protected_name) { 'my.feature' }

        it_behaves_like 'protected branch'
      end
    end

    context 'when authenticated as a guest' do
      before do
        project.add_guest(user)
      end

      it_behaves_like '403 response' do
        let(:request) { get api(route, user) }
      end
    end
  end

  describe 'POST /projects/:id/protected_branches' do
    let(:branch_name) { 'new_branch' }
    let(:post_endpoint) { api("/projects/#{project.id}/protected_branches", user) }

    def expect_protection_to_be_successful
      expect(response).to have_gitlab_http_status(:created)
      expect(json_response['name']).to eq(branch_name)
    end

    context 'when authenticated as a maintainer' do
      before do
        project.add_maintainer(user)
      end

      it 'protects a single branch' do
        post post_endpoint, params: { name: branch_name }

        expect(response).to have_gitlab_http_status(:created)
        expect(json_response['name']).to eq(branch_name)
        expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)
        expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)
      end

      it 'protects a single branch and developers can push' do
        post post_endpoint, params: { name: branch_name, push_access_level: 30 }

        expect(response).to have_gitlab_http_status(:created)
        expect(json_response['name']).to eq(branch_name)
        expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER)
        expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)
      end

      it 'protects a single branch and developers can merge' do
        post post_endpoint, params: { name: branch_name, merge_access_level: 30 }

        expect(response).to have_gitlab_http_status(:created)
        expect(json_response['name']).to eq(branch_name)
        expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)
        expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER)
      end

      it 'protects a single branch and developers can push and merge' do
        post post_endpoint, params: { name: branch_name, push_access_level: 30, merge_access_level: 30 }

        expect(response).to have_gitlab_http_status(:created)
        expect(json_response['name']).to eq(branch_name)
        expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER)
        expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER)
      end

      it 'protects a single branch and no one can push' do
        post post_endpoint, params: { name: branch_name, push_access_level: 0 }

        expect(response).to have_gitlab_http_status(:created)
        expect(json_response['name']).to eq(branch_name)
        expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS)
        expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)
      end

      it 'protects a single branch and no one can merge' do
        post post_endpoint, params: { name: branch_name, merge_access_level: 0 }

        expect(response).to have_gitlab_http_status(:created)
        expect(json_response['name']).to eq(branch_name)
        expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)
        expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS)
      end

      it 'protects a single branch and no one can push or merge' do
        post post_endpoint, params: { name: branch_name, push_access_level: 0, merge_access_level: 0 }

        expect(response).to have_gitlab_http_status(:created)
        expect(json_response['name']).to eq(branch_name)
        expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS)
        expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS)
      end

      it 'returns a 409 error if the same branch is protected twice' do
        post post_endpoint, params: { name: protected_name }

        expect(response).to have_gitlab_http_status(:conflict)
      end

      context 'when branch has a wildcard in its name' do
        let(:branch_name) { 'feature/*' }

        it "protects multiple branches with a wildcard in the name" do
          post post_endpoint, params: { name: branch_name }

          expect_protection_to_be_successful
          expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)
          expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)
        end
      end

      context 'when a policy restricts rule deletion' do
        before do
          policy = instance_double(ProtectedBranchPolicy, can?: false)
          expect(ProtectedBranchPolicy).to receive(:new).and_return(policy)
        end

        it "prevents deletion of the protected branch rule" do
          post post_endpoint, params: { name: branch_name }

          expect(response).to have_gitlab_http_status(:forbidden)
        end
      end
    end

    context 'when authenticated as a guest' do
      before do
        project.add_guest(user)
      end

      it "returns a 403 error if guest" do
        post post_endpoint, params: { name: branch_name }

        expect(response).to have_gitlab_http_status(:forbidden)
      end
    end
  end

  describe "DELETE /projects/:id/protected_branches/unprotect/:branch" do
    let(:delete_endpoint) { api("/projects/#{project.id}/protected_branches/#{branch_name}", user) }

    before do
      project.add_maintainer(user)
    end

    it "unprotects a single branch" do
      delete delete_endpoint

      expect(response).to have_gitlab_http_status(:no_content)
    end

    it_behaves_like '412 response' do
      let(:request) { delete_endpoint }
    end

    it "returns 404 if branch does not exist" do
      delete api("/projects/#{project.id}/protected_branches/barfoo", user)

      expect(response).to have_gitlab_http_status(:not_found)
    end

    context 'when a policy restricts rule deletion' do
      before do
        policy = instance_double(ProtectedBranchPolicy, can?: false)
        expect(ProtectedBranchPolicy).to receive(:new).and_return(policy)
      end

      it "prevents deletion of the protected branch rule" do
        delete delete_endpoint

        expect(response).to have_gitlab_http_status(:forbidden)
      end
    end

    context 'when branch has a wildcard in its name' do
      let(:protected_name) { 'feature*' }

      it "unprotects a wildcard branch" do
        delete delete_endpoint

        expect(response).to have_gitlab_http_status(:no_content)
      end
    end
  end
end
Add latest changes from gitlab-org/gitlab@master 2019-10-28 20:06:10 -04:00			`# frozen_string_literal: true`

Extending API for protected branches 2017-08-02 06:16:17 -04:00			`require 'spec_helper'`

Add latest changes from gitlab-org/gitlab@master 2020-06-24 02:09:01 -04:00			`RSpec.describe API::ProtectedBranches do`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`let(:user) { create(:user) }`
			`let!(:project) { create(:project, :repository) }`
			`let(:protected_name) { 'feature' }`
			`let(:branch_name) { protected_name }`
			`let!(:protected_branch) do`
			`create(:protected_branch, project: project, name: protected_name)`
			`end`

			`describe "GET /projects/:id/protected_branches" do`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 16:08:48 -05:00			`let(:params) { {} }`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`let(:route) { "/projects/#{project.id}/protected_branches" }`

			`shared_examples_for 'protected branches' do`
			`it 'returns the protected branches' do`
Add latest changes from gitlab-org/gitlab@master 2020-02-06 16:08:48 -05:00			`get api(route, user), params: params.merge(per_page: 100)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:ok)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(response).to include_pagination_headers`
			`expect(json_response).to be_an Array`

			`protected_branch_names = json_response.map { \|x\| x['name'] }`
			`expect(protected_branch_names).to match_array(expected_branch_names)`
			`end`
			`end`

Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`context 'when authenticated as a maintainer' do`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`before do`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`project.add_maintainer(user)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

Add latest changes from gitlab-org/gitlab@master 2020-02-06 16:08:48 -05:00			`context 'when search param is not present' do`
			`it_behaves_like 'protected branches' do`
			`let(:expected_branch_names) { project.protected_branches.map { \|x\| x['name'] } }`
			`end`
			`end`

			`context 'when search param is present' do`
			`it_behaves_like 'protected branches' do`
			`let(:another_protected_branch) { create(:protected_branch, project: project, name: 'stable') }`
			`let(:params) { { search: another_protected_branch.name } }`
			`let(:expected_branch_names) { [another_protected_branch.name] }`
			`end`
			`end`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`context 'when authenticated as a guest' do`
			`before do`
			`project.add_guest(user)`
			`end`

			`it_behaves_like '403 response' do`
			`let(:request) { get api(route, user) }`
			`end`
			`end`
			`end`

			`describe "GET /projects/:id/protected_branches/:branch" do`
			`let(:route) { "/projects/#{project.id}/protected_branches/#{branch_name}" }`

			`shared_examples_for 'protected branch' do`
			`it 'returns the protected branch' do`
			`get api(route, user)`

Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:ok)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(json_response['name']).to eq(branch_name)`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`expect(json_response['push_access_levels'][0]['access_level']).to eq(::Gitlab::Access::MAINTAINER)`
			`expect(json_response['merge_access_levels'][0]['access_level']).to eq(::Gitlab::Access::MAINTAINER)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`context 'when protected branch does not exist' do`
			`let(:branch_name) { 'unknown' }`

			`it_behaves_like '404 response' do`
			`let(:request) { get api(route, user) }`
			`let(:message) { '404 Not found' }`
			`end`
			`end`
			`end`

Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`context 'when authenticated as a maintainer' do`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`before do`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`project.add_maintainer(user)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`it_behaves_like 'protected branch'`

			`context 'when protected branch contains a wildcard' do`
			`let(:protected_name) { 'feature*' }`

			`it_behaves_like 'protected branch'`
			`end`
Fix protected branches API to accept name parameter with dot 2018-01-19 15:07:44 -05:00
			`context 'when protected branch contains a period' do`
			`let(:protected_name) { 'my.feature' }`

			`it_behaves_like 'protected branch'`
			`end`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`context 'when authenticated as a guest' do`
			`before do`
			`project.add_guest(user)`
			`end`

			`it_behaves_like '403 response' do`
			`let(:request) { get api(route, user) }`
			`end`
			`end`
			`end`

			`describe 'POST /projects/:id/protected_branches' do`
			`let(:branch_name) { 'new_branch' }`
CE backport of ProtectedBranches API changes In EE we now allow individual users/groups to be set on POST, which required some refactoring. See https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3516 2017-11-22 12:08:47 -05:00			`let(:post_endpoint) { api("/projects/#{project.id}/protected_branches", user) }`

			`def expect_protection_to_be_successful`
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:created)`
CE backport of ProtectedBranches API changes In EE we now allow individual users/groups to be set on POST, which required some refactoring. See https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3516 2017-11-22 12:08:47 -05:00			`expect(json_response['name']).to eq(branch_name)`
			`end`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`context 'when authenticated as a maintainer' do`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`before do`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`project.add_maintainer(user)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`it 'protects a single branch' do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: branch_name }`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:created)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(json_response['name']).to eq(branch_name)`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)`
			`expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`it 'protects a single branch and developers can push' do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: branch_name, push_access_level: 30 }`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:created)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(json_response['name']).to eq(branch_name)`
			`expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER)`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`it 'protects a single branch and developers can merge' do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: branch_name, merge_access_level: 30 }`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:created)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(json_response['name']).to eq(branch_name)`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER)`
			`end`

			`it 'protects a single branch and developers can push and merge' do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: branch_name, push_access_level: 30, merge_access_level: 30 }`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:created)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(json_response['name']).to eq(branch_name)`
			`expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER)`
			`expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::DEVELOPER)`
			`end`

			`it 'protects a single branch and no one can push' do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: branch_name, push_access_level: 0 }`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:created)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(json_response['name']).to eq(branch_name)`
			`expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS)`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`it 'protects a single branch and no one can merge' do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: branch_name, merge_access_level: 0 }`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:created)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(json_response['name']).to eq(branch_name)`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS)`
			`end`

			`it 'protects a single branch and no one can push or merge' do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: branch_name, push_access_level: 0, merge_access_level: 0 }`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:created)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`expect(json_response['name']).to eq(branch_name)`
			`expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS)`
			`expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::NO_ACCESS)`
			`end`

			`it 'returns a 409 error if the same branch is protected twice' do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: protected_name }`
CE backport of ProtectedBranches API changes In EE we now allow individual users/groups to be set on POST, which required some refactoring. See https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3516 2017-11-22 12:08:47 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:conflict)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`context 'when branch has a wildcard in its name' do`
			`let(:branch_name) { 'feature/*' }`

			`it "protects multiple branches with a wildcard in the name" do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: branch_name }`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
CE backport of ProtectedBranches API changes In EE we now allow individual users/groups to be set on POST, which required some refactoring. See https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/3516 2017-11-22 12:08:47 -05:00			`expect_protection_to_be_successful`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`expect(json_response['push_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)`
			`expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::MAINTAINER)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`
			`end`
API uses ProtectedBranchPolicy for destroy/create 2018-03-24 21:29:13 -04:00
			`context 'when a policy restricts rule deletion' do`
			`before do`
			`policy = instance_double(ProtectedBranchPolicy, can?: false)`
			`expect(ProtectedBranchPolicy).to receive(:new).and_return(policy)`
			`end`

			`it "prevents deletion of the protected branch rule" do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: branch_name }`
API uses ProtectedBranchPolicy for destroy/create 2018-03-24 21:29:13 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:forbidden)`
API uses ProtectedBranchPolicy for destroy/create 2018-03-24 21:29:13 -04:00			`end`
			`end`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`context 'when authenticated as a guest' do`
			`before do`
			`project.add_guest(user)`
			`end`

			`it "returns a 403 error if guest" do`
Update specs to rails5 format Updates specs to use new rails5 format. The old format: `get :show, { some: params }, { some: headers }` The new format: `get :show, params: { some: params }, headers: { some: headers }` 2018-12-17 17:52:17 -05:00			`post post_endpoint, params: { name: branch_name }`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:forbidden)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`
			`end`
			`end`

			`describe "DELETE /projects/:id/protected_branches/unprotect/:branch" do`
API uses ProtectedBranchPolicy for destroy/create 2018-03-24 21:29:13 -04:00			`let(:delete_endpoint) { api("/projects/#{project.id}/protected_branches/#{branch_name}", user) }`

Extending API for protected branches 2017-08-02 06:16:17 -04:00			`before do`
Resolve "Rename the `Master` role to `Maintainer`" Backend 2018-07-11 10:36:08 -04:00			`project.add_maintainer(user)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

			`it "unprotects a single branch" do`
API uses ProtectedBranchPolicy for destroy/create 2018-03-24 21:29:13 -04:00			`delete delete_endpoint`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:no_content)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

Add tests for the unmodified header 2017-08-24 12:03:39 -04:00			`it_behaves_like '412 response' do`
API uses ProtectedBranchPolicy for destroy/create 2018-03-24 21:29:13 -04:00			`let(:request) { delete_endpoint }`
Add tests for the unmodified header 2017-08-24 12:03:39 -04:00			`end`

Extending API for protected branches 2017-08-02 06:16:17 -04:00			`it "returns 404 if branch does not exist" do`
			`delete api("/projects/#{project.id}/protected_branches/barfoo", user)`

Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:not_found)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`

API uses ProtectedBranchPolicy for destroy/create 2018-03-24 21:29:13 -04:00			`context 'when a policy restricts rule deletion' do`
			`before do`
			`policy = instance_double(ProtectedBranchPolicy, can?: false)`
			`expect(ProtectedBranchPolicy).to receive(:new).and_return(policy)`
			`end`

			`it "prevents deletion of the protected branch rule" do`
			`delete delete_endpoint`

Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:forbidden)`
API uses ProtectedBranchPolicy for destroy/create 2018-03-24 21:29:13 -04:00			`end`
			`end`

Extending API for protected branches 2017-08-02 06:16:17 -04:00			`context 'when branch has a wildcard in its name' do`
			`let(:protected_name) { 'feature*' }`
Enable Layout/TrailingWhitespace cop and auto-correct offenses 2017-08-15 13:44:37 -04:00
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`it "unprotects a wildcard branch" do`
API uses ProtectedBranchPolicy for destroy/create 2018-03-24 21:29:13 -04:00			`delete delete_endpoint`
Extending API for protected branches 2017-08-02 06:16:17 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-27 16:09:17 -05:00			`expect(response).to have_gitlab_http_status(:no_content)`
Extending API for protected branches 2017-08-02 06:16:17 -04:00			`end`
			`end`
			`end`
			`end`