gitlab-org--gitlab-foss/spec/finders/deploy_tokens/tokens_finder_spec.rb

135 lines
4 KiB
Ruby

# frozen_string_literal: true
require 'spec_helper'
RSpec.describe DeployTokens::TokensFinder do
include AdminModeHelper
let_it_be(:admin) { create(:admin) }
let_it_be(:user) { create(:user) }
let_it_be(:other_user) { create(:user) }
let_it_be(:project) { create(:project, creator_id: user.id) }
let_it_be(:group) { create(:group) }
let!(:project_deploy_token) { create(:deploy_token, projects: [project]) }
let!(:revoked_project_deploy_token) { create(:deploy_token, projects: [project], revoked: true) }
let!(:expired_project_deploy_token) { create(:deploy_token, projects: [project], expires_at: '1988-01-11T04:33:04-0600') }
let!(:group_deploy_token) { create(:deploy_token, :group, groups: [group]) }
let!(:revoked_group_deploy_token) { create(:deploy_token, :group, groups: [group], revoked: true) }
let!(:expired_group_deploy_token) { create(:deploy_token, :group, groups: [group], expires_at: '1988-01-11T04:33:04-0600') }
describe "#execute" do
let(:params) { {} }
context 'when scope is :all' do
subject { described_class.new(admin, :all, params).execute }
before do
enable_admin_mode!(admin)
end
it 'returns all deploy tokens' do
expect(subject.size).to eq(6)
is_expected.to match_array([
project_deploy_token,
revoked_project_deploy_token,
expired_project_deploy_token,
group_deploy_token,
revoked_group_deploy_token,
expired_group_deploy_token
])
end
context 'and active filter is applied' do
let(:params) { { active: true } }
it 'returns only active tokens' do
is_expected.to match_array([
project_deploy_token,
group_deploy_token
])
end
end
context 'but user is not an admin' do
subject { described_class.new(user, :all, params).execute }
it 'raises Gitlab::Access::AccessDeniedError' do
expect { subject }.to raise_error(Gitlab::Access::AccessDeniedError)
end
end
end
context 'when scope is a Project' do
subject { described_class.new(user, project, params).execute }
before do
project.add_maintainer(user)
end
it 'returns all deploy tokens for the project' do
is_expected.to match_array([
project_deploy_token,
revoked_project_deploy_token,
expired_project_deploy_token
])
end
context 'and active filter is applied' do
let(:params) { { active: true } }
it 'returns only active tokens for the project' do
is_expected.to match_array([project_deploy_token])
end
end
context 'but user is not a member' do
subject { described_class.new(other_user, :all, params).execute }
it 'raises Gitlab::Access::AccessDeniedError' do
expect { subject }.to raise_error(Gitlab::Access::AccessDeniedError)
end
end
end
context 'when scope is a Group' do
subject { described_class.new(user, group, params).execute }
before do
group.add_maintainer(user)
end
it 'returns all deploy tokens for the group' do
is_expected.to match_array([
group_deploy_token,
revoked_group_deploy_token,
expired_group_deploy_token
])
end
context 'and active filter is applied' do
let(:params) { { active: true } }
it 'returns only active tokens for the group' do
is_expected.to match_array([group_deploy_token])
end
end
context 'but user is not a member' do
subject { described_class.new(other_user, :all, params).execute }
it 'raises Gitlab::Access::AccessDeniedError' do
expect { subject }.to raise_error(Gitlab::Access::AccessDeniedError)
end
end
end
context 'when scope is nil' do
subject { described_class.new(user, nil, params).execute }
it 'raises ArgumentError' do
expect { subject }.to raise_error(ArgumentError)
end
end
end
end