From 6ad56a229f0eb2c97cfdbe6722d2f154d989918e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matija=20=C4=8Cupi=C4=87?= <matteeyah@gmail.com>
Date: Fri, 7 Dec 2018 17:01:31 +0100
Subject: [PATCH] Add specs for TriggerVariableEntity

---
 app/serializers/trigger_variable_entity.rb    |  2 +-
 .../trigger_variable_entity_spec.rb           | 48 +++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 spec/serializers/trigger_variable_entity_spec.rb

diff --git a/app/serializers/trigger_variable_entity.rb b/app/serializers/trigger_variable_entity.rb
index 8845540cc30..4b28db42e76 100644
--- a/app/serializers/trigger_variable_entity.rb
+++ b/app/serializers/trigger_variable_entity.rb
@@ -4,5 +4,5 @@ class TriggerVariableEntity < Grape::Entity
   include RequestAwareEntity
 
   expose :key, :public
-  expose :value, if: ->(_, _) { request.project.team.maintainer?(request.current_user) }
+  expose :value, if: ->(_, _) { can?(request.current_user, :admin_build, request.project) }
 end
diff --git a/spec/serializers/trigger_variable_entity_spec.rb b/spec/serializers/trigger_variable_entity_spec.rb
new file mode 100644
index 00000000000..198b3de4f3e
--- /dev/null
+++ b/spec/serializers/trigger_variable_entity_spec.rb
@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe TriggerVariableEntity do
+  let(:project) { create(:project) }
+  let(:request) { double('request') }
+  let(:user) { create(:user) }
+  let(:variable) { { key: 'TEST_KEY', value: 'TEST_VALUE' } }
+
+  subject { described_class.new(variable, request: request).as_json }
+
+  before do
+    allow(request).to receive(:current_user).and_return(user)
+    allow(request).to receive(:project).and_return(project)
+  end
+
+  it 'exposes the variable key' do
+  end
+
+  context 'when user has access to the value' do
+    context 'when user is maintainer' do
+      before do
+        project.team.add_maintainer(user)
+      end
+
+      it 'exposes the variable value' do
+        expect(subject).to include(:value)
+      end
+    end
+
+    context 'when user is owner' do
+      let(:user) { project.owner }
+
+      it 'exposes the variable value' do
+        expect(subject).to include(:value)
+      end
+    end
+  end
+
+  context 'when user does not have access to the value' do
+    before do
+      project.team.add_developer(user)
+    end
+
+    it 'does not expose the variable value' do
+      expect(subject).not_to include(:value)
+    end
+  end
+end