diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-20 15:19:03 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-20 15:19:03 +0000 |
| commit | 14bd84b61276ef29b97d23642d698de769bacfd2 (patch) | |
| tree | f9eba90140c1bd874211dea17750a0d422c04080 /spec/controllers/groups | |
| parent | 891c388697b2db0d8ee0c8358a9bdbf6dc56d581 (diff) | |
| download | gitlab-ce-14bd84b61276ef29b97d23642d698de769bacfd2.tar.gz | |
Add latest changes from gitlab-org/gitlab@15-10-stable-eev15.10.0-rc42
Diffstat (limited to 'spec/controllers/groups')
6 files changed, 139 insertions, 108 deletions
diff --git a/spec/controllers/groups/children_controller_spec.rb b/spec/controllers/groups/children_controller_spec.rb index d0656ee47ce..2e37ed95c1c 100644 --- a/spec/controllers/groups/children_controller_spec.rb +++ b/spec/controllers/groups/children_controller_spec.rb @@ -275,6 +275,18 @@ RSpec.describe Groups::ChildrenController, feature_category: :subgroups do allow(Kaminari.config).to receive(:default_per_page).and_return(per_page) end + it 'rejects negative per_page parameter' do + get :index, params: { group_id: group.to_param, per_page: -1 }, format: :json + + expect(response).to have_gitlab_http_status(:bad_request) + end + + it 'rejects non-numeric per_page parameter' do + get :index, params: { group_id: group.to_param, per_page: 'abc' }, format: :json + + expect(response).to have_gitlab_http_status(:bad_request) + end + context 'with only projects' do let!(:other_project) { create(:project, :public, namespace: group) } let!(:first_page_projects) { create_list(:project, per_page, :public, namespace: group) } diff --git a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb index f1ca9e11a1a..a59c90a3cf2 100644 --- a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb +++ b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb @@ -249,7 +249,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do expect(send_data_type).to eq('send-dependency') expect(header).to eq( "Authorization" => ["Bearer abcd1234"], - "Accept" => ::ContainerRegistry::Client::ACCEPTED_TYPES + "Accept" => ::DependencyProxy::Manifest::ACCEPTED_TYPES ) expect(url).to eq(DependencyProxy::Registry.manifest_url(image, tag)) expect(response.headers['Content-Type']).to eq('application/gzip') diff --git a/spec/controllers/groups/group_members_controller_spec.rb b/spec/controllers/groups/group_members_controller_spec.rb index 4e5dc01f466..35efcb664c0 100644 --- a/spec/controllers/groups/group_members_controller_spec.rb +++ b/spec/controllers/groups/group_members_controller_spec.rb @@ -55,6 +55,20 @@ RSpec.describe Groups::GroupMembersController do expect(assigns(:invited_members).count).to eq(1) end + + context 'when filtering by user type' do + let_it_be(:service_account) { create(:user, :service_account) } + + before do + group.add_developer(service_account) + end + + it 'returns only service accounts' do + get :index, params: { group_id: group, user_type: 'service_account' } + + expect(assigns(:members).map(&:user_id)).to match_array([service_account.id]) + end + end end context 'when user cannot manage members' do @@ -67,6 +81,21 @@ RSpec.describe Groups::GroupMembersController do expect(assigns(:invited_members)).to be_nil end + + context 'when filtering by user type' do + let_it_be(:service_account) { create(:user, :service_account) } + + before do + group.add_developer(user) + group.add_developer(service_account) + end + + it 'returns only service accounts' do + get :index, params: { group_id: group, user_type: 'service_account' } + + expect(assigns(:members).map(&:user_id)).to match_array([user.id, service_account.id]) + end + end end context 'when user has owner access to subgroup' do @@ -489,13 +518,11 @@ RSpec.describe Groups::GroupMembersController do describe 'PUT #update' do it 'is successful' do - put :update, - params: { - group_member: { access_level: Gitlab::Access::GUEST }, - group_id: group, - id: membership - }, - format: :json + put :update, params: { + group_member: { access_level: Gitlab::Access::GUEST }, + group_id: group, + id: membership + }, format: :json expect(response).to have_gitlab_http_status(:ok) end diff --git a/spec/controllers/groups/milestones_controller_spec.rb b/spec/controllers/groups/milestones_controller_spec.rb index a3c4c47ab15..f4046cb97a0 100644 --- a/spec/controllers/groups/milestones_controller_spec.rb +++ b/spec/controllers/groups/milestones_controller_spec.rb @@ -230,11 +230,10 @@ RSpec.describe Groups::MilestonesController do describe "#create" do it "creates group milestone with Chinese title" do - post :create, - params: { - group_id: group.to_param, - milestone: milestone_params - } + post :create, params: { + group_id: group.to_param, + milestone: milestone_params + } milestone = Milestone.find_by_title(title) @@ -251,12 +250,11 @@ RSpec.describe Groups::MilestonesController do it "updates group milestone" do milestone_params[:title] = "title changed" - put :update, - params: { - id: milestone.iid, - group_id: group.to_param, - milestone: milestone_params - } + put :update, params: { + id: milestone.iid, + group_id: group.to_param, + milestone: milestone_params + } milestone.reload expect(response).to redirect_to(group_milestone_path(group, milestone.iid)) @@ -390,21 +388,19 @@ RSpec.describe Groups::MilestonesController do context 'for a non-GET request' do context 'when requesting the canonical path with different casing' do it 'does not 404' do - post :create, - params: { - group_id: group.to_param, - milestone: { title: title } - } + post :create, params: { + group_id: group.to_param, + milestone: { title: title } + } expect(response).not_to have_gitlab_http_status(:not_found) end it 'does not redirect to the correct casing' do - post :create, - params: { - group_id: group.to_param, - milestone: { title: title } - } + post :create, params: { + group_id: group.to_param, + milestone: { title: title } + } expect(response).not_to have_gitlab_http_status(:moved_permanently) end @@ -414,11 +410,10 @@ RSpec.describe Groups::MilestonesController do let(:redirect_route) { group.redirect_routes.create!(path: 'old-path') } it 'returns not found' do - post :create, - params: { - group_id: redirect_route.path, - milestone: { title: title } - } + post :create, params: { + group_id: redirect_route.path, + milestone: { title: title } + } expect(response).to have_gitlab_http_status(:not_found) end diff --git a/spec/controllers/groups/settings/applications_controller_spec.rb b/spec/controllers/groups/settings/applications_controller_spec.rb index b9457770ed6..2fadac2dc17 100644 --- a/spec/controllers/groups/settings/applications_controller_spec.rb +++ b/spec/controllers/groups/settings/applications_controller_spec.rb @@ -71,43 +71,18 @@ RSpec.describe Groups::Settings::ApplicationsController do group.add_owner(user) end - context 'with hash_oauth_secrets flag on' do - before do - stub_feature_flags(hash_oauth_secrets: true) - end - - it 'creates the application' do - create_params = attributes_for(:application, trusted: false, confidential: false, scopes: ['api']) - - expect do - post :create, params: { group_id: group, doorkeeper_application: create_params } - end.to change { Doorkeeper::Application.count }.by(1) - - application = Doorkeeper::Application.last - - expect(response).to have_gitlab_http_status(:ok) - expect(response).to render_template :show - expect(application).to have_attributes(create_params.except(:uid, :owner_type)) - end - end - - context 'with hash_oauth_secrets flag off' do - before do - stub_feature_flags(hash_oauth_secrets: false) - end - - it 'creates the application' do - create_params = attributes_for(:application, trusted: false, confidential: false, scopes: ['api']) + it 'creates the application' do + create_params = attributes_for(:application, trusted: false, confidential: false, scopes: ['api']) - expect do - post :create, params: { group_id: group, doorkeeper_application: create_params } - end.to change { Doorkeeper::Application.count }.by(1) + expect do + post :create, params: { group_id: group, doorkeeper_application: create_params } + end.to change { Doorkeeper::Application.count }.by(1) - application = Doorkeeper::Application.last + application = Doorkeeper::Application.last - expect(response).to redirect_to(group_settings_application_path(group, application)) - expect(application).to have_attributes(create_params.except(:uid, :owner_type)) - end + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template :show + expect(application).to have_attributes(create_params.except(:uid, :owner_type)) end it 'renders the application form on errors' do @@ -120,43 +95,18 @@ RSpec.describe Groups::Settings::ApplicationsController do end context 'when the params are for a confidential application' do - context 'with hash_oauth_secrets flag off' do - before do - stub_feature_flags(hash_oauth_secrets: false) - end - - it 'creates a confidential application' do - create_params = attributes_for(:application, confidential: true, scopes: ['read_user']) - - expect do - post :create, params: { group_id: group, doorkeeper_application: create_params } - end.to change { Doorkeeper::Application.count }.by(1) - - application = Doorkeeper::Application.last - - expect(response).to redirect_to(group_settings_application_path(group, application)) - expect(application).to have_attributes(create_params.except(:uid, :owner_type)) - end - end - - context 'with hash_oauth_secrets flag on' do - before do - stub_feature_flags(hash_oauth_secrets: true) - end - - it 'creates a confidential application' do - create_params = attributes_for(:application, confidential: true, scopes: ['read_user']) + it 'creates a confidential application' do + create_params = attributes_for(:application, confidential: true, scopes: ['read_user']) - expect do - post :create, params: { group_id: group, doorkeeper_application: create_params } - end.to change { Doorkeeper::Application.count }.by(1) + expect do + post :create, params: { group_id: group, doorkeeper_application: create_params } + end.to change { Doorkeeper::Application.count }.by(1) - application = Doorkeeper::Application.last + application = Doorkeeper::Application.last - expect(response).to have_gitlab_http_status(:ok) - expect(response).to render_template :show - expect(application).to have_attributes(create_params.except(:uid, :owner_type)) - end + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template :show + expect(application).to have_attributes(create_params.except(:uid, :owner_type)) end end @@ -188,6 +138,55 @@ RSpec.describe Groups::Settings::ApplicationsController do end end + describe 'PUT #renew' do + context 'when user is owner' do + before do + group.add_owner(user) + end + + let(:oauth_params) do + { + group_id: group, + id: application.id + } + end + + subject { put :renew, params: oauth_params } + + it { is_expected.to have_gitlab_http_status(:ok) } + it { expect { subject }.to change { application.reload.secret } } + + context 'when renew fails' do + before do + allow_next_found_instance_of(Doorkeeper::Application) do |application| + allow(application).to receive(:save).and_return(false) + end + end + + it { expect { subject }.not_to change { application.reload.secret } } + it { is_expected.to redirect_to(group_settings_application_url(group, application)) } + end + end + + context 'when user is not owner' do + before do + group.add_maintainer(user) + end + + let(:oauth_params) do + { + group_id: group, + id: application.id + } + end + + it 'renders a 404' do + put :renew, params: oauth_params + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + describe 'PATCH #update' do context 'when user is owner' do before do diff --git a/spec/controllers/groups/variables_controller_spec.rb b/spec/controllers/groups/variables_controller_spec.rb index 6dbe75bb1df..8c6efae89c3 100644 --- a/spec/controllers/groups/variables_controller_spec.rb +++ b/spec/controllers/groups/variables_controller_spec.rb @@ -77,12 +77,10 @@ RSpec.describe Groups::VariablesController do describe 'PATCH #update' do it 'is successful' do - patch :update, - params: { - group_id: group, - variables_attributes: [{ id: variable.id, key: 'hello' }] - }, - format: :json + patch :update, params: { + group_id: group, + variables_attributes: [{ id: variable.id, key: 'hello' }] + }, format: :json expect(response).to have_gitlab_http_status(:ok) end |