diff options
| author | Robert Schilling <rschilling@student.tugraz.at> | 2016-04-13 11:20:45 +0200 |
|---|---|---|
| committer | Robert Schilling <rschilling@student.tugraz.at> | 2016-04-13 11:20:45 +0200 |
| commit | ca40479c512f327c12adf51b47be46d75e4e333c (patch) | |
| tree | 7739ed84e2a87a14e8c9b323efd2b64b5efd4f2f | |
| parent | b2f48d8c46cebcf2a576c18b661c3481b3450f3b (diff) | |
| download | gitlab-ce-ca40479c512f327c12adf51b47be46d75e4e333c.tar.gz | |
API: Avoid group leak while updating the group
| -rw-r--r-- | spec/requests/api/groups_spec.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 083d5c459c6..37ddab83c30 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -135,10 +135,10 @@ describe API::API, api: true do end context 'when authenticated as an user that cannot see the group' do - it 'returns 403 when trying to update the group' do + it 'returns 404 when trying to update the group' do put api("/groups/#{group2.id}", user1), name: new_group_name - expect(response.status).to eq(403) + expect(response.status).to eq(404) end end end |