diff options
author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-08-08 19:03:41 -0300 |
---|---|---|
committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-08-17 12:58:59 -0300 |
commit | a8b1ad250e1ebc1c1e835399ccd010b223108a1d (patch) | |
tree | 6d863ac30dcc7db0238ad5b6c3f82988b7bc1029 /spec/controllers/projects/boards_controller_spec.rb | |
parent | 6113767045971abd3a279705f481c8e712660c88 (diff) | |
download | gitlab-ce-a8b1ad250e1ebc1c1e835399ccd010b223108a1d.tar.gz |
Add authorization to issues board related controllers
Diffstat (limited to 'spec/controllers/projects/boards_controller_spec.rb')
-rw-r--r-- | spec/controllers/projects/boards_controller_spec.rb | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/spec/controllers/projects/boards_controller_spec.rb b/spec/controllers/projects/boards_controller_spec.rb index 2392ee18602..7ef4b786b42 100644 --- a/spec/controllers/projects/boards_controller_spec.rb +++ b/spec/controllers/projects/boards_controller_spec.rb @@ -12,22 +12,33 @@ describe Projects::BoardsController do describe 'GET #show' do context 'when project does not have a board' do it 'creates a new board' do - expect { get :show, namespace_id: project.namespace.to_param, project_id: project.to_param }.to change(Board, :count).by(1) + expect { read_board }.to change(Board, :count).by(1) end end context 'when format is HTML' do it 'renders HTML template' do - get :show, namespace_id: project.namespace.to_param, project_id: project.to_param + read_board expect(response).to render_template :show expect(response.content_type).to eq 'text/html' end + + context 'with unauthorized user' do + it 'returns a successful 404 response' do + allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true) + allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false) + + read_board + + expect(response).to have_http_status(404) + end + end end context 'when format is JSON' do it 'returns a successful 200 response' do - get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, format: :json + read_board format: :json expect(response).to have_http_status(200) expect(response.content_type).to eq 'application/json' @@ -39,13 +50,30 @@ describe Projects::BoardsController do create(:list, board: board) create(:done_list, board: board) - get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, format: :json + read_board format: :json parsed_response = JSON.parse(response.body) expect(response).to match_response_schema('list', array: true) expect(parsed_response.length).to eq 3 end + + context 'with unauthorized user' do + it 'returns a successful 403 response' do + allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true) + allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false) + + read_board format: :json + + expect(response).to have_http_status(403) + end + end + end + + def read_board(format: :html) + get :show, namespace_id: project.namespace.to_param, + project_id: project.to_param, + format: format end end end |