diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2016-04-05 13:29:48 +0200 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2016-04-05 13:32:28 +0200 |
commit | b248ee93814e8521fa0c73c82ec9ed113698b945 (patch) | |
tree | 2ff67b4755e09c47f737f0c0ec2fec976ed854fe /spec/controllers/projects/project_members_controller_spec.rb | |
parent | 8a0a802ee960a21145995661c3751bbe8cde9e5c (diff) | |
download | gitlab-ce-b248ee93814e8521fa0c73c82ec9ed113698b945.tar.gz |
Check permissions when importing project members
Closes #14899
Diffstat (limited to 'spec/controllers/projects/project_members_controller_spec.rb')
-rw-r--r-- | spec/controllers/projects/project_members_controller_spec.rb | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb new file mode 100644 index 00000000000..6d1df8d9fbe --- /dev/null +++ b/spec/controllers/projects/project_members_controller_spec.rb @@ -0,0 +1,49 @@ +require('spec_helper') + +describe Projects::ProjectMembersController do + let(:project) { create(:project) } + let(:another_project) { create(:project, :private) } + let(:user) { create(:user) } + let(:member) { create(:user) } + + before do + project.team << [user, :master] + another_project.team << [member, :guest] + sign_in(user) + end + + describe '#apply_import' do + shared_context 'import applied' do + before do + post(:apply_import, namespace_id: project.namespace.to_param, + project_id: project.to_param, + source_project_id: another_project.id) + end + end + + context 'when user can access source project members' do + before { another_project.team << [user, :guest] } + include_context 'import applied' + + it 'imports source project members' do + expect(project.team_members).to include member + expect(response).to set_flash.to 'Successfully imported' + expect(response).to redirect_to( + namespace_project_project_members_path(project.namespace, project) + ) + end + end + + context 'when user is not member of a source project' do + include_context 'import applied' + + it 'does not import team members' do + expect(project.team_members).to_not include member + end + + it 'notifies about invalid permissions' do + expect(response).to set_flash.to /not authorized/ + end + end + end +end |