Merge remote-tracking branch 'dev/15-0-stable' into 15-0-stable15-0-stable

author: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2022-07-28 13:33:09 +0000
committer: GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> 2022-07-28 13:33:09 +0000
commit: 328ff31ff9e6147e4fb883aaee113001da150b9e (patch)
tree: e1c4c45aa86e7d3f3da88030b892764fff3bc0ff /spec/controllers/autocomplete_controller_spec.rb
parent: 4dc46d5b97305108c1b635baa4241a2ce04a7ed0 (diff)
parent: f415ebdb978c4eb976d07664219c788918120d59 (diff)
download: gitlab-ce-15-0-stable.tar.gz
1 files changed, 42 insertions, 31 deletions
diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb
index 0a809e80fcd..1df685e3e5a 100644
--- a/spec/controllers/autocomplete_controller_spec.rb
+++ b/spec/controllers/autocomplete_controller_spec.rb
@@ -378,61 +378,72 @@ RSpec.describe AutocompleteController do
   end
 
   context 'GET deploy_keys_with_owners' do
-    let!(:deploy_key) { create(:deploy_key, user: user) }
-    let!(:deploy_keys_project) { create(:deploy_keys_project, :write_access, project: project, deploy_key: deploy_key) }
+    let_it_be(:public_project) { create(:project, :public) }
+    let_it_be(:user) { create(:user) }
+    let_it_be(:deploy_key) { create(:deploy_key, user: user) }
+    let_it_be(:deploy_keys_project) do
+      create(:deploy_keys_project, :write_access, project: public_project, deploy_key: deploy_key)
+    end
 
     context 'unauthorized user' do
       it 'returns a not found response' do
-        get(:deploy_keys_with_owners, params: { project_id: project.id })
+        get(:deploy_keys_with_owners, params: { project_id: public_project.id })
 
         expect(response).to have_gitlab_http_status(:redirect)
       end
     end
 
-    context 'when the user who can read the project is logged in' do
+    context 'when the user is logged in' do
       before do
         sign_in(user)
       end
 
-      context 'and they cannot read the project' do
+      context 'with a non-existing project' do
         it 'returns a not found response' do
-          allow(Ability).to receive(:allowed?).and_call_original
-          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(false)
-
-          get(:deploy_keys_with_owners, params: { project_id: project.id })
+          get(:deploy_keys_with_owners, params: { project_id: 9999 })
 
           expect(response).to have_gitlab_http_status(:not_found)
         end
       end
 
-      it 'renders the deploy key in a json payload, with its owner' do
-        get(:deploy_keys_with_owners, params: { project_id: project.id })
+      context 'with an existing project' do
+        context 'when user cannot admin project' do
+          it 'returns a forbidden response' do
+            get(:deploy_keys_with_owners, params: { project_id: public_project.id })
 
-        expect(json_response.count).to eq(1)
-        expect(json_response.first['title']).to eq(deploy_key.title)
-        expect(json_response.first['owner']['id']).to eq(deploy_key.user.id)
-      end
+            expect(response).to have_gitlab_http_status(:forbidden)
+          end
+        end
 
-      context 'with an unknown project' do
-        it 'returns a not found response' do
-          get(:deploy_keys_with_owners, params: { project_id: 9999 })
+        context 'when user can admin project' do
+          before do
+            public_project.add_maintainer(user)
+          end
 
-          expect(response).to have_gitlab_http_status(:not_found)
-        end
-      end
+          context 'and user can read owner of key' do
+            it 'renders the deploy keys in a json payload, with owner' do
+              get(:deploy_keys_with_owners, params: { project_id: public_project.id })
 
-      context 'and the user cannot read the owner of the key' do
-        before do
-          allow(Ability).to receive(:allowed?).and_call_original
-          allow(Ability).to receive(:allowed?).with(user, :read_user, deploy_key.user).and_return(false)
-        end
+              expect(json_response.count).to eq(1)
+              expect(json_response.first['title']).to eq(deploy_key.title)
+              expect(json_response.first['owner']['id']).to eq(deploy_key.user.id)
+            end
+          end
+
+          context 'and user cannot read owner of key' do
+            before do
+              allow(Ability).to receive(:allowed?).and_call_original
+              allow(Ability).to receive(:allowed?).with(user, :read_user, deploy_key.user).and_return(false)
+            end
 
-        it 'returns a payload without owner' do
-          get(:deploy_keys_with_owners, params: { project_id: project.id })
+            it 'returns a payload without owner' do
+              get(:deploy_keys_with_owners, params: { project_id: public_project.id })
 
-          expect(json_response.count).to eq(1)
-          expect(json_response.first['title']).to eq(deploy_key.title)
-          expect(json_response.first['owner']).to be_nil
+              expect(json_response.count).to eq(1)
+              expect(json_response.first['title']).to eq(deploy_key.title)
+              expect(json_response.first['owner']).to be_nil
+            end
+          end
         end
       end
     end
author	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2022-07-28 13:33:09 +0000
committer	GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com>	2022-07-28 13:33:09 +0000
commit	328ff31ff9e6147e4fb883aaee113001da150b9e (patch)
tree	e1c4c45aa86e7d3f3da88030b892764fff3bc0ff /spec/controllers/autocomplete_controller_spec.rb
parent	4dc46d5b97305108c1b635baa4241a2ce04a7ed0 (diff)
parent	f415ebdb978c4eb976d07664219c788918120d59 (diff)
download	gitlab-ce-15-0-stable.tar.gz