Check for group admin permissions

author: Matija Čupić <matteeyah@gmail.com> 2018-12-16 15:38:36 +0100
committer: Matija Čupić <matteeyah@gmail.com> 2018-12-20 12:21:49 +0100
commit: 178270a0f3689917e3764a128b8a281bb7feae76 (patch)
tree: 0c770121c42a6185022c672ad03c0a8c9038e592 /spec/controllers/groups
parent: f7ac8041f7ba3639085c26b4185eda00fd54a6e7 (diff)
download: gitlab-ce-178270a0f3689917e3764a128b8a281bb7feae76.tar.gz
1 files changed, 45 insertions, 10 deletions
diff --git a/spec/controllers/groups/settings/ci_cd_controller_spec.rb b/spec/controllers/groups/settings/ci_cd_controller_spec.rb
index b7f04f732b9..40673d10b91 100644
--- a/spec/controllers/groups/settings/ci_cd_controller_spec.rb
+++ b/spec/controllers/groups/settings/ci_cd_controller_spec.rb
@@ -5,30 +5,65 @@ describe Groups::Settings::CiCdController do
   let(:user) { create(:user) }
 
   before do
-    group.add_maintainer(user)
     sign_in(user)
   end
 
   describe 'GET #show' do
-    it 'renders show with 200 status code' do
-      get :show, params: { group_id: group }
+    context 'when user is owner' do
+      before do
+        group.add_owner(user)
+      end
 
-      expect(response).to have_gitlab_http_status(200)
-      expect(response).to render_template(:show)
+      it 'renders show with 200 status code' do
+        get :show, params: { group_id: group }
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(response).to render_template(:show)
+      end
+    end
+
+    context 'when user is not owner' do
+      before do
+        group.add_maintainer(user)
+      end
+
+      it 'renders a 404' do
+        get :show, params: { group_id: group }
+
+        expect(response).to have_gitlab_http_status(404)
+      end
     end
   end
 
   describe 'PUT #reset_registration_token' do
     subject { put :reset_registration_token, params: { group_id: group } }
 
-    it 'resets runner registration token' do
-      expect { subject }.to change { group.reload.runners_token }
+    context 'when user is owner' do
+      before do
+        group.add_owner(user)
+      end
+
+      it 'resets runner registration token' do
+        expect { subject }.to change { group.reload.runners_token }
+      end
+
+      it 'redirects the user to admin runners page' do
+        subject
+
+        expect(response).to redirect_to(group_settings_ci_cd_path)
+      end
     end
 
-    it 'redirects the user to admin runners page' do
-      subject
+    context 'when user is not owner' do
+      before do
+        group.add_maintainer(user)
+      end
+
+      it 'renders a 404' do
+        subject
 
-      expect(response).to redirect_to(group_settings_ci_cd_path)
+        expect(response).to have_gitlab_http_status(404)
+      end
     end
   end
 end
author	Matija Čupić <matteeyah@gmail.com>	2018-12-16 15:38:36 +0100
committer	Matija Čupić <matteeyah@gmail.com>	2018-12-20 12:21:49 +0100
commit	178270a0f3689917e3764a128b8a281bb7feae76 (patch)
tree	0c770121c42a6185022c672ad03c0a8c9038e592 /spec/controllers/groups
parent	f7ac8041f7ba3639085c26b4185eda00fd54a6e7 (diff)
download	gitlab-ce-178270a0f3689917e3764a128b8a281bb7feae76.tar.gz