279 lines
9.4 KiB
Ruby
279 lines
9.4 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe API::API, api: true do
|
|
include ApiHelpers
|
|
|
|
let(:user1) { create(:user) }
|
|
let(:user2) { create(:user) }
|
|
let(:admin) { create(:admin) }
|
|
let!(:group1) { create(:group) }
|
|
let!(:group2) { create(:group) }
|
|
|
|
before do
|
|
group1.add_owner(user1)
|
|
group2.add_owner(user2)
|
|
end
|
|
|
|
describe "GET /groups" do
|
|
context "when unauthenticated" do
|
|
it "should return authentication error" do
|
|
get api("/groups")
|
|
response.status.should == 401
|
|
end
|
|
end
|
|
|
|
context "when authenticated as user" do
|
|
it "normal user: should return an array of groups of user1" do
|
|
get api("/groups", user1)
|
|
response.status.should == 200
|
|
json_response.should be_an Array
|
|
json_response.length.should == 1
|
|
json_response.first['name'].should == group1.name
|
|
end
|
|
end
|
|
|
|
context "when authenticated as admin" do
|
|
it "admin: should return an array of all groups" do
|
|
get api("/groups", admin)
|
|
response.status.should == 200
|
|
json_response.should be_an Array
|
|
json_response.length.should == 2
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "GET /groups/:id" do
|
|
context "when authenticated as user" do
|
|
it "should return one of user1's groups" do
|
|
get api("/groups/#{group1.id}", user1)
|
|
response.status.should == 200
|
|
json_response['name'] == group1.name
|
|
end
|
|
|
|
it "should not return a non existing group" do
|
|
get api("/groups/1328", user1)
|
|
response.status.should == 404
|
|
end
|
|
|
|
it "should not return a group not attached to user1" do
|
|
get api("/groups/#{group2.id}", user1)
|
|
response.status.should == 403
|
|
end
|
|
end
|
|
|
|
context "when authenticated as admin" do
|
|
it "should return any existing group" do
|
|
get api("/groups/#{group2.id}", admin)
|
|
response.status.should == 200
|
|
json_response['name'] == group2.name
|
|
end
|
|
|
|
it "should not return a non existing group" do
|
|
get api("/groups/1328", admin)
|
|
response.status.should == 404
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "POST /groups" do
|
|
context "when authenticated as user" do
|
|
it "should not create group" do
|
|
post api("/groups", user1), attributes_for(:group)
|
|
response.status.should == 403
|
|
end
|
|
end
|
|
|
|
context "when authenticated as admin" do
|
|
it "should create group" do
|
|
post api("/groups", admin), attributes_for(:group)
|
|
response.status.should == 201
|
|
end
|
|
|
|
it "should not create group, duplicate" do
|
|
post api("/groups", admin), {name: "Duplicate Test", path: group2.path}
|
|
response.status.should == 404
|
|
end
|
|
|
|
it "should return 400 bad request error if name not given" do
|
|
post api("/groups", admin), {path: group2.path}
|
|
response.status.should == 400
|
|
end
|
|
|
|
it "should return 400 bad request error if path not given" do
|
|
post api("/groups", admin), { name: 'test' }
|
|
response.status.should == 400
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "DELETE /groups/:id" do
|
|
context "when authenticated as user" do
|
|
it "should remove group" do
|
|
delete api("/groups/#{group1.id}", user1)
|
|
response.status.should == 200
|
|
end
|
|
|
|
it "should not remove a group if not an owner" do
|
|
user3 = create(:user)
|
|
group1.add_user(user3, Gitlab::Access::MASTER)
|
|
delete api("/groups/#{group1.id}", user3)
|
|
response.status.should == 403
|
|
end
|
|
|
|
it "should not remove a non existing group" do
|
|
delete api("/groups/1328", user1)
|
|
response.status.should == 404
|
|
end
|
|
|
|
it "should not remove a group not attached to user1" do
|
|
delete api("/groups/#{group2.id}", user1)
|
|
response.status.should == 403
|
|
end
|
|
end
|
|
|
|
context "when authenticated as admin" do
|
|
it "should remove any existing group" do
|
|
delete api("/groups/#{group2.id}", admin)
|
|
response.status.should == 200
|
|
end
|
|
|
|
it "should not remove a non existing group" do
|
|
delete api("/groups/1328", admin)
|
|
response.status.should == 404
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "POST /groups/:id/projects/:project_id" do
|
|
let(:project) { create(:project) }
|
|
before(:each) do
|
|
Projects::TransferService.any_instance.stub(execute: true)
|
|
Project.stub(:find).and_return(project)
|
|
end
|
|
|
|
context "when authenticated as user" do
|
|
it "should not transfer project to group" do
|
|
post api("/groups/#{group1.id}/projects/#{project.id}", user2)
|
|
response.status.should == 403
|
|
end
|
|
end
|
|
|
|
context "when authenticated as admin" do
|
|
it "should transfer project to group" do
|
|
post api("/groups/#{group1.id}/projects/#{project.id}", admin)
|
|
response.status.should == 201
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "members" do
|
|
let(:owner) { create(:user) }
|
|
let(:reporter) { create(:user) }
|
|
let(:developer) { create(:user) }
|
|
let(:master) { create(:user) }
|
|
let(:guest) { create(:user) }
|
|
let!(:group_with_members) do
|
|
group = create(:group)
|
|
group.add_users([reporter.id], UsersGroup::REPORTER)
|
|
group.add_users([developer.id], UsersGroup::DEVELOPER)
|
|
group.add_users([master.id], UsersGroup::MASTER)
|
|
group.add_users([guest.id], UsersGroup::GUEST)
|
|
group
|
|
end
|
|
let!(:group_no_members) { create(:group) }
|
|
|
|
before do
|
|
group_with_members.add_owner owner
|
|
group_no_members.add_owner owner
|
|
end
|
|
|
|
describe "GET /groups/:id/members" do
|
|
context "when authenticated as user that is part or the group" do
|
|
it "each user: should return an array of members groups of group3" do
|
|
[owner, master, developer, reporter, guest].each do |user|
|
|
get api("/groups/#{group_with_members.id}/members", user)
|
|
response.status.should == 200
|
|
json_response.should be_an Array
|
|
json_response.size.should == 5
|
|
json_response.find { |e| e['id']==owner.id }['access_level'].should == UsersGroup::OWNER
|
|
json_response.find { |e| e['id']==reporter.id }['access_level'].should == UsersGroup::REPORTER
|
|
json_response.find { |e| e['id']==developer.id }['access_level'].should == UsersGroup::DEVELOPER
|
|
json_response.find { |e| e['id']==master.id }['access_level'].should == UsersGroup::MASTER
|
|
json_response.find { |e| e['id']==guest.id }['access_level'].should == UsersGroup::GUEST
|
|
end
|
|
end
|
|
|
|
it "users not part of the group should get access error" do
|
|
get api("/groups/#{group_with_members.id}/members", user1)
|
|
response.status.should == 403
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "POST /groups/:id/members" do
|
|
context "when not a member of the group" do
|
|
it "should not add guest as member of group_no_members when adding being done by person outside the group" do
|
|
post api("/groups/#{group_no_members.id}/members", reporter), user_id: guest.id, access_level: UsersGroup::MASTER
|
|
response.status.should == 403
|
|
end
|
|
end
|
|
|
|
context "when a member of the group" do
|
|
it "should return ok and add new member" do
|
|
count_before=group_no_members.users_groups.count
|
|
new_user = create(:user)
|
|
post api("/groups/#{group_no_members.id}/members", owner), user_id: new_user.id, access_level: UsersGroup::MASTER
|
|
response.status.should == 201
|
|
json_response['name'].should == new_user.name
|
|
json_response['access_level'].should == UsersGroup::MASTER
|
|
group_no_members.users_groups.count.should == count_before + 1
|
|
end
|
|
|
|
it "should return error if member already exists" do
|
|
post api("/groups/#{group_with_members.id}/members", owner), user_id: master.id, access_level: UsersGroup::MASTER
|
|
response.status.should == 409
|
|
end
|
|
|
|
it "should return a 400 error when user id is not given" do
|
|
post api("/groups/#{group_no_members.id}/members", owner), access_level: UsersGroup::MASTER
|
|
response.status.should == 400
|
|
end
|
|
|
|
it "should return a 400 error when access level is not given" do
|
|
post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id
|
|
response.status.should == 400
|
|
end
|
|
|
|
it "should return a 422 error when access level is not known" do
|
|
post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id, access_level: 1234
|
|
response.status.should == 422
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "DELETE /groups/:id/members/:user_id" do
|
|
context "when not a member of the group" do
|
|
it "should not delete guest's membership of group_with_members" do
|
|
random_user = create(:user)
|
|
delete api("/groups/#{group_with_members.id}/members/#{owner.id}", random_user)
|
|
response.status.should == 403
|
|
end
|
|
end
|
|
|
|
context "when a member of the group" do
|
|
it "should delete guest's membership of group" do
|
|
count_before=group_with_members.users_groups.count
|
|
delete api("/groups/#{group_with_members.id}/members/#{guest.id}", owner)
|
|
response.status.should == 200
|
|
group_with_members.users_groups.count.should == count_before - 1
|
|
end
|
|
|
|
it "should return a 404 error when user id is not known" do
|
|
delete api("/groups/#{group_with_members.id}/members/1328", owner)
|
|
response.status.should == 404
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|