diff options
author | Robert Schilling <rschilling@student.tugraz.at> | 2016-04-13 11:20:45 +0200 |
---|---|---|
committer | Robert Schilling <rschilling@student.tugraz.at> | 2016-04-13 11:20:45 +0200 |
commit | ca40479c512f327c12adf51b47be46d75e4e333c (patch) | |
tree | 7739ed84e2a87a14e8c9b323efd2b64b5efd4f2f | |
parent | b2f48d8c46cebcf2a576c18b661c3481b3450f3b (diff) | |
download | gitlab-ce-ca40479c512f327c12adf51b47be46d75e4e333c.tar.gz |
API: Avoid group leak while updating the group
-rw-r--r-- | spec/requests/api/groups_spec.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 083d5c459c6..37ddab83c30 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -135,10 +135,10 @@ describe API::API, api: true do end context 'when authenticated as an user that cannot see the group' do - it 'returns 403 when trying to update the group' do + it 'returns 404 when trying to update the group' do put api("/groups/#{group2.id}", user1), name: new_group_name - expect(response.status).to eq(403) + expect(response.status).to eq(404) end end end |