diff options
| author | John Jarvis <jarv@gitlab.com> | 2019-01-01 20:38:07 +0000 |
|---|---|---|
| committer | John Jarvis <jarv@gitlab.com> | 2019-01-01 20:38:07 +0000 |
| commit | 082a65670290cd4d6064ecc0fe1a3a947bf39d8e (patch) | |
| tree | 35343007575cf60ced6766e367769a04542d0328 /spec/controllers/groups | |
| parent | 5d550fa5a2d780fecef328525d16b3288606696f (diff) | |
| parent | e264677bf1799f52c23cd602aaafad4fb53b36ba (diff) | |
| download | gitlab-ce-082a65670290cd4d6064ecc0fe1a3a947bf39d8e.tar.gz | |
Merge branch 'security-master-group-cicd-settings-accessible-to-maintainer' into 'master'
[master] Group Ex-Maintainer Could maintain Access to Project's Source Code/Jobs/Pipelines/Artifacts if it had Shared Group Runner Configured
See merge request gitlab/gitlabhq!2721
Diffstat (limited to 'spec/controllers/groups')
| -rw-r--r-- | spec/controllers/groups/settings/ci_cd_controller_spec.rb | 55 |
1 files changed, 45 insertions, 10 deletions
diff --git a/spec/controllers/groups/settings/ci_cd_controller_spec.rb b/spec/controllers/groups/settings/ci_cd_controller_spec.rb index b7f04f732b9..40673d10b91 100644 --- a/spec/controllers/groups/settings/ci_cd_controller_spec.rb +++ b/spec/controllers/groups/settings/ci_cd_controller_spec.rb @@ -5,30 +5,65 @@ describe Groups::Settings::CiCdController do let(:user) { create(:user) } before do - group.add_maintainer(user) sign_in(user) end describe 'GET #show' do - it 'renders show with 200 status code' do - get :show, params: { group_id: group } + context 'when user is owner' do + before do + group.add_owner(user) + end - expect(response).to have_gitlab_http_status(200) - expect(response).to render_template(:show) + it 'renders show with 200 status code' do + get :show, params: { group_id: group } + + expect(response).to have_gitlab_http_status(200) + expect(response).to render_template(:show) + end + end + + context 'when user is not owner' do + before do + group.add_maintainer(user) + end + + it 'renders a 404' do + get :show, params: { group_id: group } + + expect(response).to have_gitlab_http_status(404) + end end end describe 'PUT #reset_registration_token' do subject { put :reset_registration_token, params: { group_id: group } } - it 'resets runner registration token' do - expect { subject }.to change { group.reload.runners_token } + context 'when user is owner' do + before do + group.add_owner(user) + end + + it 'resets runner registration token' do + expect { subject }.to change { group.reload.runners_token } + end + + it 'redirects the user to admin runners page' do + subject + + expect(response).to redirect_to(group_settings_ci_cd_path) + end end - it 'redirects the user to admin runners page' do - subject + context 'when user is not owner' do + before do + group.add_maintainer(user) + end + + it 'renders a 404' do + subject - expect(response).to redirect_to(group_settings_ci_cd_path) + expect(response).to have_gitlab_http_status(404) + end end end end |