diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-16 18:18:33 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-16 18:18:33 +0000 |
commit | f64a639bcfa1fc2bc89ca7db268f594306edfd7c (patch) | |
tree | a2c3c2ebcc3b45e596949db485d6ed18ffaacfa1 /spec/controllers | |
parent | bfbc3e0d6583ea1a91f627528bedc3d65ba4b10f (diff) | |
download | gitlab-ce-f64a639bcfa1fc2bc89ca7db268f594306edfd7c.tar.gz |
Add latest changes from gitlab-org/gitlab@13-10-stable-eev13.10.0-rc40
Diffstat (limited to 'spec/controllers')
32 files changed, 565 insertions, 561 deletions
diff --git a/spec/controllers/admin/application_settings_controller_spec.rb b/spec/controllers/admin/application_settings_controller_spec.rb index 71abf3191b8..2b562e2dd64 100644 --- a/spec/controllers/admin/application_settings_controller_spec.rb +++ b/spec/controllers/admin/application_settings_controller_spec.rb @@ -144,10 +144,10 @@ RSpec.describe Admin::ApplicationSettingsController do end it 'updates repository_storages_weighted setting' do - put :update, params: { application_setting: { repository_storages_weighted_default: 75 } } + put :update, params: { application_setting: { repository_storages_weighted: { default: 75 } } } expect(response).to redirect_to(general_admin_application_settings_path) - expect(ApplicationSetting.current.repository_storages_weighted_default).to eq(75) + expect(ApplicationSetting.current.repository_storages_weighted).to eq('default' => 75) end it 'updates kroki_formats setting' do diff --git a/spec/controllers/admin/instance_statistics_controller_spec.rb b/spec/controllers/admin/usage_trends_controller_spec.rb index c589e46857f..35fb005aacb 100644 --- a/spec/controllers/admin/instance_statistics_controller_spec.rb +++ b/spec/controllers/admin/usage_trends_controller_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Admin::InstanceStatisticsController do +RSpec.describe Admin::UsageTrendsController do let(:admin) { create(:user, :admin) } before do diff --git a/spec/controllers/concerns/spammable_actions_spec.rb b/spec/controllers/concerns/spammable_actions_spec.rb index 25d5398c9da..7bd5a76e60c 100644 --- a/spec/controllers/concerns/spammable_actions_spec.rb +++ b/spec/controllers/concerns/spammable_actions_spec.rb @@ -69,8 +69,11 @@ RSpec.describe SpammableActions do end context 'when spammable.render_recaptcha? is true' do + let(:spam_log) { instance_double(SpamLog, id: 123) } + let(:captcha_site_key) { 'abc123' } + before do - expect(spammable).to receive(:render_recaptcha?) { true } + expect(spammable).to receive(:render_recaptcha?).at_least(:once) { true } end context 'when format is :html' do @@ -83,24 +86,24 @@ RSpec.describe SpammableActions do context 'when format is :json' do let(:format) { :json } - let(:recaptcha_html) { '<recaptcha-html/>' } - it 'renders json with recaptcha_html' do - expect(controller).to receive(:render_to_string).with( - { - partial: 'shared/recaptcha_form', - formats: :html, - locals: { - spammable: spammable, - script: false, - has_submit: false - } - } - ) { recaptcha_html } + before do + expect(spammable).to receive(:spam?) { false } + expect(spammable).to receive(:spam_log) { spam_log } + expect(Gitlab::CurrentSettings).to receive(:recaptcha_site_key) { captcha_site_key } + end + it 'renders json with spam_action_response_fields' do subject - expect(json_response).to eq({ 'recaptcha_html' => recaptcha_html }) + expected_json_response = HashWithIndifferentAccess.new( + { + spam: false, + needs_captcha_response: true, + spam_log_id: spam_log.id, + captcha_site_key: captcha_site_key + }) + expect(json_response).to eq(expected_json_response) end end end diff --git a/spec/controllers/explore/projects_controller_spec.rb b/spec/controllers/explore/projects_controller_spec.rb index cfbd129388d..a2b62aa49d2 100644 --- a/spec/controllers/explore/projects_controller_spec.rb +++ b/spec/controllers/explore/projects_controller_spec.rb @@ -4,6 +4,8 @@ require 'spec_helper' RSpec.describe Explore::ProjectsController do shared_examples 'explore projects' do + let(:expected_default_sort) { 'latest_activity_desc' } + describe 'GET #index.json' do render_views @@ -12,6 +14,11 @@ RSpec.describe Explore::ProjectsController do end it { is_expected.to respond_with(:success) } + + it 'sets a default sort parameter' do + expect(controller.params[:sort]).to eq(expected_default_sort) + expect(assigns[:sort]).to eq(expected_default_sort) + end end describe 'GET #trending.json' do @@ -22,6 +29,11 @@ RSpec.describe Explore::ProjectsController do end it { is_expected.to respond_with(:success) } + + it 'sets a default sort parameter' do + expect(controller.params[:sort]).to eq(expected_default_sort) + expect(assigns[:sort]).to eq(expected_default_sort) + end end describe 'GET #starred.json' do @@ -32,6 +44,11 @@ RSpec.describe Explore::ProjectsController do end it { is_expected.to respond_with(:success) } + + it 'sets a default sort parameter' do + expect(controller.params[:sort]).to eq(expected_default_sort) + expect(assigns[:sort]).to eq(expected_default_sort) + end end describe 'GET #trending' do diff --git a/spec/controllers/groups/boards_controller_spec.rb b/spec/controllers/groups/boards_controller_spec.rb index a7480130e0a..6201cddecb0 100644 --- a/spec/controllers/groups/boards_controller_spec.rb +++ b/spec/controllers/groups/boards_controller_spec.rb @@ -29,7 +29,7 @@ RSpec.describe Groups::BoardsController do expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true) - allow(Ability).to receive(:allowed?).with(user, :read_board, group).and_return(false) + allow(Ability).to receive(:allowed?).with(user, :read_issue_board, group).and_return(false) end it 'returns a not found 404 response' do @@ -74,7 +74,7 @@ RSpec.describe Groups::BoardsController do expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true) - allow(Ability).to receive(:allowed?).with(user, :read_board, group).and_return(false) + allow(Ability).to receive(:allowed?).with(user, :read_issue_board, group).and_return(false) end it 'returns a not found 404 response' do @@ -111,7 +111,7 @@ RSpec.describe Groups::BoardsController do expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(true) allow(Ability).to receive(:allowed?).with(user, :read_group, group).and_return(true) - allow(Ability).to receive(:allowed?).with(user, :read_board, group).and_return(false) + allow(Ability).to receive(:allowed?).with(user, :read_issue_board, group).and_return(false) end it 'returns a not found 404 response' do diff --git a/spec/controllers/groups/clusters/applications_controller_spec.rb b/spec/controllers/groups/clusters/applications_controller_spec.rb index c3947c27399..5629e86c928 100644 --- a/spec/controllers/groups/clusters/applications_controller_spec.rb +++ b/spec/controllers/groups/clusters/applications_controller_spec.rb @@ -10,7 +10,8 @@ RSpec.describe Groups::Clusters::ApplicationsController do end shared_examples 'a secure endpoint' do - it { expect { subject }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { subject }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { subject }.to be_denied_for(:admin) } it { expect { subject }.to be_allowed_for(:owner).of(group) } it { expect { subject }.to be_allowed_for(:maintainer).of(group) } it { expect { subject }.to be_denied_for(:developer).of(group) } diff --git a/spec/controllers/groups/clusters_controller_spec.rb b/spec/controllers/groups/clusters_controller_spec.rb index b287aca1e46..1334372a1f5 100644 --- a/spec/controllers/groups/clusters_controller_spec.rb +++ b/spec/controllers/groups/clusters_controller_spec.rb @@ -99,7 +99,8 @@ RSpec.describe Groups::ClustersController do describe 'security' do let(:cluster) { create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group]) } - it { expect { go }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } it { expect { go }.to be_allowed_for(:owner).of(group) } it { expect { go }.to be_allowed_for(:maintainer).of(group) } it { expect { go }.to be_denied_for(:developer).of(group) } @@ -183,7 +184,8 @@ RSpec.describe Groups::ClustersController do include_examples 'GET new cluster shared examples' describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } it { expect { go }.to be_allowed_for(:owner).of(group) } it { expect { go }.to be_allowed_for(:maintainer).of(group) } it { expect { go }.to be_denied_for(:developer).of(group) } @@ -316,7 +318,8 @@ RSpec.describe Groups::ClustersController do allow(WaitForClusterCreationWorker).to receive(:perform_in).and_return(nil) end - it { expect { go }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } it { expect { go }.to be_allowed_for(:owner).of(group) } it { expect { go }.to be_allowed_for(:maintainer).of(group) } it { expect { go }.to be_denied_for(:developer).of(group) } @@ -418,7 +421,8 @@ RSpec.describe Groups::ClustersController do end describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } it { expect { go }.to be_allowed_for(:owner).of(group) } it { expect { go }.to be_allowed_for(:maintainer).of(group) } it { expect { go }.to be_denied_for(:developer).of(group) } @@ -486,7 +490,8 @@ RSpec.describe Groups::ClustersController do allow(WaitForClusterCreationWorker).to receive(:perform_in) end - it { expect { post_create_aws }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { post_create_aws }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { post_create_aws }.to be_denied_for(:admin) } it { expect { post_create_aws }.to be_allowed_for(:owner).of(group) } it { expect { post_create_aws }.to be_allowed_for(:maintainer).of(group) } it { expect { post_create_aws }.to be_denied_for(:developer).of(group) } @@ -544,7 +549,8 @@ RSpec.describe Groups::ClustersController do end end - it { expect { go }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } it { expect { go }.to be_allowed_for(:owner).of(group) } it { expect { go }.to be_allowed_for(:maintainer).of(group) } it { expect { go }.to be_denied_for(:developer).of(group) } @@ -580,7 +586,8 @@ RSpec.describe Groups::ClustersController do end describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } it { expect { go }.to be_allowed_for(:owner).of(group) } it { expect { go }.to be_allowed_for(:maintainer).of(group) } it { expect { go }.to be_denied_for(:developer).of(group) } @@ -619,7 +626,8 @@ RSpec.describe Groups::ClustersController do end describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } it { expect { go }.to be_allowed_for(:owner).of(group) } it { expect { go }.to be_allowed_for(:maintainer).of(group) } it { expect { go }.to be_denied_for(:developer).of(group) } @@ -651,7 +659,8 @@ RSpec.describe Groups::ClustersController do end describe 'security' do - it { expect { go }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } it { expect { go }.to be_allowed_for(:owner).of(group) } it { expect { go }.to be_allowed_for(:maintainer).of(group) } it { expect { go }.to be_denied_for(:developer).of(group) } @@ -759,7 +768,8 @@ RSpec.describe Groups::ClustersController do describe 'security' do let_it_be(:cluster) { create(:cluster, :provided_by_gcp, cluster_type: :group_type, groups: [group]) } - it { expect { go }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } it { expect { go }.to be_allowed_for(:owner).of(group) } it { expect { go }.to be_allowed_for(:maintainer).of(group) } it { expect { go }.to be_denied_for(:developer).of(group) } @@ -827,7 +837,8 @@ RSpec.describe Groups::ClustersController do describe 'security' do let_it_be(:cluster) { create(:cluster, :provided_by_gcp, :production_environment, cluster_type: :group_type, groups: [group]) } - it { expect { go }.to be_allowed_for(:admin) } + it('is allowed for admin when admin mode is enabled', :enable_admin_mode) { expect { go }.to be_allowed_for(:admin) } + it('is denied for admin when admin mode is disabled') { expect { go }.to be_denied_for(:admin) } it { expect { go }.to be_allowed_for(:owner).of(group) } it { expect { go }.to be_allowed_for(:maintainer).of(group) } it { expect { go }.to be_denied_for(:developer).of(group) } diff --git a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb index 39cbdfb9123..83775dcdbdf 100644 --- a/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb +++ b/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb @@ -130,7 +130,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do } end - it 'proxies status from the remote token request' do + it 'proxies status from the remote token request', :aggregate_failures do subject expect(response).to have_gitlab_http_status(:service_unavailable) @@ -147,7 +147,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do } end - it 'proxies status from the remote manifest request' do + it 'proxies status from the remote manifest request', :aggregate_failures do subject expect(response).to have_gitlab_http_status(:bad_request) @@ -156,7 +156,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do end it 'sends a file' do - expect(controller).to receive(:send_file).with(manifest.file.path, {}) + expect(controller).to receive(:send_file).with(manifest.file.path, type: manifest.content_type) subject end @@ -165,6 +165,10 @@ RSpec.describe Groups::DependencyProxyForContainersController do subject expect(response).to have_gitlab_http_status(:ok) + expect(response.headers['Docker-Content-Digest']).to eq(manifest.digest) + expect(response.headers['Content-Length']).to eq(manifest.size) + expect(response.headers['Docker-Distribution-Api-Version']).to eq(DependencyProxy::DISTRIBUTION_API_VERSION) + expect(response.headers['Etag']).to eq("\"#{manifest.digest}\"") expect(response.headers['Content-Disposition']).to match(/^attachment/) end end @@ -207,7 +211,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do } end - it 'proxies status from the remote blob request' do + it 'proxies status from the remote blob request', :aggregate_failures do subject expect(response).to have_gitlab_http_status(:bad_request) @@ -221,7 +225,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do subject end - it 'returns Content-Disposition: attachment' do + it 'returns Content-Disposition: attachment', :aggregate_failures do subject expect(response).to have_gitlab_http_status(:ok) diff --git a/spec/controllers/groups_controller_spec.rb b/spec/controllers/groups_controller_spec.rb index 9e5f68820d9..cce61c4534b 100644 --- a/spec/controllers/groups_controller_spec.rb +++ b/spec/controllers/groups_controller_spec.rb @@ -4,17 +4,23 @@ require 'spec_helper' RSpec.describe GroupsController, factory_default: :keep do include ExternalAuthorizationServiceHelpers + include AdminModeHelper let_it_be_with_refind(:group) { create_default(:group, :public) } let_it_be_with_refind(:project) { create(:project, namespace: group) } let_it_be(:user) { create(:user) } - let_it_be(:admin) { create(:admin) } + let_it_be(:admin_with_admin_mode) { create(:admin) } + let_it_be(:admin_without_admin_mode) { create(:admin) } let_it_be(:group_member) { create(:group_member, group: group, user: user) } let_it_be(:owner) { group.add_owner(create(:user)).user } let_it_be(:maintainer) { group.add_maintainer(create(:user)).user } let_it_be(:developer) { group.add_developer(create(:user)).user } let_it_be(:guest) { group.add_guest(create(:user)).user } + before do + enable_admin_mode!(admin_with_admin_mode) + end + shared_examples 'member with ability to create subgroups' do it 'renders the new page' do sign_in(member) @@ -105,10 +111,10 @@ RSpec.describe GroupsController, factory_default: :keep do [true, false].each do |can_create_group_status| context "and can_create_group is #{can_create_group_status}" do before do - User.where(id: [admin, owner, maintainer, developer, guest]).update_all(can_create_group: can_create_group_status) + User.where(id: [admin_with_admin_mode, admin_without_admin_mode, owner, maintainer, developer, guest]).update_all(can_create_group: can_create_group_status) end - [:admin, :owner, :maintainer].each do |member_type| + [:admin_with_admin_mode, :owner, :maintainer].each do |member_type| context "and logged in as #{member_type.capitalize}" do it_behaves_like 'member with ability to create subgroups' do let(:member) { send(member_type) } @@ -116,7 +122,7 @@ RSpec.describe GroupsController, factory_default: :keep do end end - [:guest, :developer].each do |member_type| + [:guest, :developer, :admin_without_admin_mode].each do |member_type| context "and logged in as #{member_type.capitalize}" do it_behaves_like 'member without ability to create subgroups' do let(:member) { send(member_type) } @@ -856,6 +862,12 @@ RSpec.describe GroupsController, factory_default: :keep do end describe 'POST #export' do + let(:admin) { create(:admin) } + + before do + enable_admin_mode!(admin) + end + context 'when the group export feature flag is not enabled' do before do sign_in(admin) @@ -918,6 +930,12 @@ RSpec.describe GroupsController, factory_default: :keep do end describe 'GET #download_export' do + let(:admin) { create(:admin) } + + before do + enable_admin_mode!(admin) + end + context 'when there is a file available to download' do let(:export_file) { fixture_file_upload('spec/fixtures/group_export.tar.gz') } @@ -934,8 +952,6 @@ RSpec.describe GroupsController, factory_default: :keep do end context 'when there is no file available to download' do - let(:admin) { create(:admin) } - before do sign_in(admin) end diff --git a/spec/controllers/help_controller_spec.rb b/spec/controllers/help_controller_spec.rb index 629d9b50d73..71d9cab7280 100644 --- a/spec/controllers/help_controller_spec.rb +++ b/spec/controllers/help_controller_spec.rb @@ -132,6 +132,18 @@ RSpec.describe HelpController do expect(response).to redirect_to(new_user_session_path) end end + + context 'when two factor is required' do + before do + stub_two_factor_required + end + + it 'does not redirect to two factor auth' do + get :index + + expect(response).not_to redirect_to(profile_two_factor_auth_path) + end + end end describe 'GET #show' do @@ -152,6 +164,16 @@ RSpec.describe HelpController do end it_behaves_like 'documentation pages local render' + + context 'when two factor is required' do + before do + stub_two_factor_required + end + + it 'does not redirect to two factor auth' do + expect(response).not_to redirect_to(profile_two_factor_auth_path) + end + end end context 'when a custom help_page_documentation_url is set in database' do @@ -254,4 +276,9 @@ RSpec.describe HelpController do def stub_readme(content) expect_file_read(Rails.root.join('doc', 'README.md'), content: content) end + + def stub_two_factor_required + allow(controller).to receive(:two_factor_authentication_required?).and_return(true) + allow(controller).to receive(:current_user_requires_two_factor?).and_return(true) + end end diff --git a/spec/controllers/import/bulk_imports_controller_spec.rb b/spec/controllers/import/bulk_imports_controller_spec.rb index 08a54f112bb..b450318f6f7 100644 --- a/spec/controllers/import/bulk_imports_controller_spec.rb +++ b/spec/controllers/import/bulk_imports_controller_spec.rb @@ -123,7 +123,7 @@ RSpec.describe Import::BulkImportsController do it 'denies network request' do get :status - expect(controller).to redirect_to(new_group_path) + expect(controller).to redirect_to(new_group_path(anchor: 'import-group-pane')) expect(flash[:alert]).to eq('Specified URL cannot be used: "Only allowed schemes are http, https"') end end @@ -184,9 +184,15 @@ RSpec.describe Import::BulkImportsController do end describe 'POST create' do - let(:instance_url) { "http://fake-intance" } + let(:instance_url) { "http://fake-instance" } let(:bulk_import) { create(:bulk_import) } let(:pat) { "fake-pat" } + let(:bulk_import_params) do + [{ "source_type" => "group_entity", + "source_full_path" => "full_path", + "destination_name" => "destination_name", + "destination_namespace" => "root" }] + end before do session[:bulk_import_gitlab_access_token] = pat @@ -194,15 +200,9 @@ RSpec.describe Import::BulkImportsController do end it 'executes BulkImportService' do - bulk_import_params = [{ "source_type" => "group_entity", - "source_full_path" => "full_path", - "destination_name" => - "destination_name", - "destination_namespace" => "root" }] - expect_next_instance_of( BulkImportService, user, bulk_import_params, { url: instance_url, access_token: pat }) do |service| - allow(service).to receive(:execute).and_return(bulk_import) + allow(service).to receive(:execute).and_return(ServiceResponse.success(payload: bulk_import)) end post :create, params: { bulk_import: bulk_import_params } @@ -210,6 +210,19 @@ RSpec.describe Import::BulkImportsController do expect(response).to have_gitlab_http_status(:ok) expect(response.body).to eq({ id: bulk_import.id }.to_json) end + + it 'returns error when validation fails' do + error_response = ServiceResponse.error(message: 'Record invalid', http_status: :unprocessable_entity) + expect_next_instance_of( + BulkImportService, user, bulk_import_params, { url: instance_url, access_token: pat }) do |service| + allow(service).to receive(:execute).and_return(error_response) + end + + post :create, params: { bulk_import: bulk_import_params } + + expect(response).to have_gitlab_http_status(:unprocessable_entity) + expect(response.body).to eq({ error: 'Record invalid' }.to_json) + end end end diff --git a/spec/controllers/notification_settings_controller_spec.rb b/spec/controllers/notification_settings_controller_spec.rb deleted file mode 100644 index c4d67df15f7..00000000000 --- a/spec/controllers/notification_settings_controller_spec.rb +++ /dev/null @@ -1,202 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe NotificationSettingsController do - let(:project) { create(:project) } - let(:group) { create(:group, :internal) } - let(:user) { create(:user) } - - before do - project.add_developer(user) - end - - describe '#create' do - context 'when not authorized' do - it 'redirects to sign in page' do - post :create, - params: { - project_id: project.id, - notification_setting: { level: :participating } - } - - expect(response).to redirect_to(new_user_session_path) - end - end - - context 'when authorized' do - let(:notification_setting) { user.notification_settings_for(source) } - let(:custom_events) do - events = {} - - NotificationSetting.email_events(source).each do |event| - events[event.to_s] = true - end - - events - end - - before do - sign_in(user) - end - - context 'for projects' do - let(:source) { project } - - it 'creates notification setting' do - post :create, - params: { - project_id: project.id, - notification_setting: { level: :participating } - } - - expect(response).to have_gitlab_http_status(:ok) - expect(notification_setting.level).to eq("participating") - expect(notification_setting.user_id).to eq(user.id) - expect(notification_setting.source_id).to eq(project.id) - expect(notification_setting.source_type).to eq("Project") - end - - context 'with custom settings' do - it 'creates notification setting' do - post :create, - params: { - project_id: project.id, - notification_setting: { level: :custom }.merge(custom_events) - } - - expect(response).to have_gitlab_http_status(:ok) - expect(notification_setting.level).to eq("custom") - - custom_events.each do |event, value| - expect(notification_setting.event_enabled?(event)).to eq(value) - end - end - end - end - - context 'for groups' do - let(:source) { group } - - it 'creates notification setting' do - post :create, - params: { - namespace_id: group.id, - notification_setting: { level: :watch } - } - - expect(response).to have_gitlab_http_status(:ok) - expect(notification_setting.level).to eq("watch") - expect(notification_setting.user_id).to eq(user.id) - expect(notification_setting.source_id).to eq(group.id) - expect(notification_setting.source_type).to eq("Namespace") - end - - context 'with custom settings' do - it 'creates notification setting' do - post :create, - params: { - namespace_id: group.id, - notification_setting: { level: :custom }.merge(custom_events) - } - - expect(response).to have_gitlab_http_status(:ok) - expect(notification_setting.level).to eq("custom") - - custom_events.each do |event, value| - expect(notification_setting.event_enabled?(event)).to eq(value) - end - end - end - end - end - - context 'not authorized' do - let(:private_project) { create(:project, :private) } - - before do - sign_in(user) - end - - it 'returns 404' do - post :create, - params: { - project_id: private_project.id, - notification_setting: { level: :participating } - } - - expect(response).to have_gitlab_http_status(:not_found) - end - end - end - - describe '#update' do - let(:notification_setting) { user.global_notification_setting } - - context 'when not authorized' do - it 'redirects to sign in page' do - put :update, - params: { - id: notification_setting, - notification_setting: { level: :participating } - } - - expect(response).to redirect_to(new_user_session_path) - end - end - - context 'when authorized' do - before do - sign_in(user) - end - - it 'returns success' do - put :update, - params: { - id: notification_setting, - notification_setting: { level: :participating } - } - - expect(response).to have_gitlab_http_status(:ok) - end - - context 'and setting custom notification setting' do - let(:custom_events) do - events = {} - - notification_setting.email_events.each do |event| - events[event] = "true" - end - end - - it 'returns success' do - put :update, - params: { - id: notification_setting, - notification_setting: { level: :participating, events: custom_events } - } - - expect(response).to have_gitlab_http_status(:ok) - end - end - end - - context 'not authorized' do - let(:other_user) { create(:user) } - - before do - sign_in(other_user) - end - - it 'returns 404' do - put :update, - params: { - id: notification_setting, - notification_setting: { level: :participating } - } - - expect(response).to have_gitlab_http_status(:not_found) - end - end - end -end diff --git a/spec/controllers/projects/blob_controller_spec.rb b/spec/controllers/projects/blob_controller_spec.rb index 68551ce4858..c9a76049e19 100644 --- a/spec/controllers/projects/blob_controller_spec.rb +++ b/spec/controllers/projects/blob_controller_spec.rb @@ -20,8 +20,8 @@ RSpec.describe Projects::BlobController do project.add_maintainer(user) sign_in(user) - stub_experiment(ci_syntax_templates: experiment_active) - stub_experiment_for_subject(ci_syntax_templates: in_experiment_group) + stub_experiment(ci_syntax_templates_b: experiment_active) + stub_experiment_for_subject(ci_syntax_templates_b: in_experiment_group) end context 'when the experiment is not active' do @@ -35,48 +35,62 @@ RSpec.describe Projects::BlobController do end end - context 'when the experiment is active and the user is in the control group' do + context 'when the experiment is active' do let(:experiment_active) { true } - let(:in_experiment_group) { false } - - it 'records the experiment user in the control group' do - expect(Experiment).to receive(:add_user) - .with(:ci_syntax_templates, :control, user, namespace_id: project.namespace_id) - request - end - end + context 'when the user is in the control group' do + let(:in_experiment_group) { false } - context 'when the experiment is active and the user is in the experimental group' do - let(:experiment_active) { true } - let(:in_experiment_group) { true } - - it 'records the experiment user in the experimental group' do - expect(Experiment).to receive(:add_user) - .with(:ci_syntax_templates, :experimental, user, namespace_id: project.namespace_id) + it 'records the experiment user in the control group' do + expect(Experiment).to receive(:add_user) + .with(:ci_syntax_templates_b, :control, user, namespace_id: project.namespace_id) - request + request + end end - context 'when requesting a non default config file type' do - let(:file_name) { '.non_default_ci_config' } - let(:project) { create(:project, :public, :repository, ci_config_path: file_name) } + context 'when the user is in the experimental group' do + let(:in_experiment_group) { true } it 'records the experiment user in the experimental group' do expect(Experiment).to receive(:add_user) - .with(:ci_syntax_templates, :experimental, user, namespace_id: project.namespace_id) + .with(:ci_syntax_templates_b, :experimental, user, namespace_id: project.namespace_id) request end - end - context 'when requesting a different file type' do - let(:file_name) { '.gitignore' } + context 'when requesting a non default config file type' do + let(:file_name) { '.non_default_ci_config' } + let(:project) { create(:project, :public, :repository, ci_config_path: file_name) } - it 'does not record the experiment user' do - expect(Experiment).not_to receive(:add_user) + it 'records the experiment user in the experimental group' do + expect(Experiment).to receive(:add_user) + .with(:ci_syntax_templates_b, :experimental, user, namespace_id: project.namespace_id) - request + request + end + end + + context 'when requesting a different file type' do + let(:file_name) { '.gitignore' } + + it 'does not record the experiment user' do + expect(Experiment).not_to receive(:add_user) + + request + end + end + + context 'when the group is created longer than 90 days ago' do + before do + project.namespace.update_attribute(:created_at, 91.days.ago) + end + + it 'does not record the experiment user' do + expect(Experiment).not_to receive(:add_user) + + request + end end end end diff --git a/spec/controllers/projects/boards_controller_spec.rb b/spec/controllers/projects/boards_controller_spec.rb index 1ed61e0990f..cde3a8d4761 100644 --- a/spec/controllers/projects/boards_controller_spec.rb +++ b/spec/controllers/projects/boards_controller_spec.rb @@ -34,7 +34,7 @@ RSpec.describe Projects::BoardsController do before do expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) - allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false) + allow(Ability).to receive(:allowed?).with(user, :read_issue_board, project).and_return(false) end it 'returns a not found 404 response' do @@ -78,7 +78,7 @@ RSpec.describe Projects::BoardsController do before do expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) - allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false) + allow(Ability).to receive(:allowed?).with(user, :read_issue_board, project).and_return(false) end it 'returns a not found 404 response' do @@ -134,7 +134,7 @@ RSpec.describe Projects::BoardsController do before do expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) - allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false) + allow(Ability).to receive(:allowed?).with(user, :read_issue_board, project).and_return(false) end it 'returns a not found 404 response' do @@ -172,7 +172,7 @@ RSpec.describe Projects::BoardsController do before do expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true) - allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false) + allow(Ability).to receive(:allowed?).with(user, :read_issue_board, project).and_return(false) end it 'returns a not found 404 response' do diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb index 14a5e7da7d2..a99db2664a7 100644 --- a/spec/controllers/projects/branches_controller_spec.rb +++ b/spec/controllers/projects/branches_controller_spec.rb @@ -648,7 +648,9 @@ RSpec.describe Projects::BranchesController do end it 'sets active and stale branches' do - expect(assigns[:active_branches]).to eq([]) + expect(assigns[:active_branches].map(&:name)).not_to include( + "feature", "improve/awesome", "merge-test", "markdown", "feature_conflict", "'test'" + ) expect(assigns[:stale_branches].map(&:name)).to eq( ["feature", "improve/awesome", "merge-test", "markdown", "feature_conflict", "'test'"] ) @@ -660,7 +662,9 @@ RSpec.describe Projects::BranchesController do end it 'sets active and stale branches' do - expect(assigns[:active_branches]).to eq([]) + expect(assigns[:active_branches].map(&:name)).not_to include( + "feature", "improve/awesome", "merge-test", "markdown", "feature_conflict", "'test'" + ) expect(assigns[:stale_branches].map(&:name)).to eq( ["feature", "improve/awesome", "merge-test", "markdown", "feature_conflict", "'test'"] ) diff --git a/spec/controllers/projects/ci/daily_build_group_report_results_controller_spec.rb b/spec/controllers/projects/ci/daily_build_group_report_results_controller_spec.rb index 81318b49cd9..3c4376909f8 100644 --- a/spec/controllers/projects/ci/daily_build_group_report_results_controller_spec.rb +++ b/spec/controllers/projects/ci/daily_build_group_report_results_controller_spec.rb @@ -4,29 +4,25 @@ require 'spec_helper' RSpec.describe Projects::Ci::DailyBuildGroupReportResultsController do describe 'GET index' do - let(:project) { create(:project, :public, :repository) } - let(:ref_path) { 'refs/heads/master' } - let(:param_type) { 'coverage' } - let(:start_date) { '2019-12-10' } - let(:end_date) { '2020-03-09' } - let(:allowed_to_read) { true } - let(:user) { create(:user) } - let(:feature_enabled?) { true } + let_it_be(:project) { create(:project, :public, :repository) } + let_it_be(:ref_path) { 'refs/heads/master' } + let_it_be(:param_type) { 'coverage' } + let_it_be(:start_date) { '2019-12-10' } + let_it_be(:end_date) { '2020-03-09' } + let_it_be(:allowed_to_read) { true } + let_it_be(:user) { create(:user) } + let_it_be(:rspec_coverage_1) { create_daily_coverage('rspec', 79.0, '2020-03-09') } + let_it_be(:rspec_coverage_2) { create_daily_coverage('rspec', 77.0, '2020-03-08') } + let_it_be(:karma_coverage) { create_daily_coverage('karma', 81.0, '2019-12-10') } + let_it_be(:minitest_coverage) { create_daily_coverage('minitest', 67.0, '2019-12-09') } + let_it_be(:mocha_coverage) { create_daily_coverage('mocha', 71.0, '2019-12-09') } before do - create_daily_coverage('rspec', 79.0, '2020-03-09') - create_daily_coverage('rspec', 77.0, '2020-03-08') - create_daily_coverage('karma', 81.0, '2019-12-10') - create_daily_coverage('minitest', 67.0, '2019-12-09') - create_daily_coverage('mocha', 71.0, '2019-12-09') - sign_in(user) allow(Ability).to receive(:allowed?).and_call_original allow(Ability).to receive(:allowed?).with(user, :read_build_report_results, project).and_return(allowed_to_read) - stub_feature_flags(coverage_data_new_finder: feature_enabled?) - get :index, params: { namespace_id: project.namespace, project_id: project, @@ -140,33 +136,13 @@ RSpec.describe Projects::Ci::DailyBuildGroupReportResultsController do context 'when format is JSON' do let(:format) { :json } - context 'when coverage_data_new_finder flag is enabled' do - let(:feature_enabled?) { true } - - it_behaves_like 'JSON results' - end - - context 'when coverage_data_new_finder flag is disabled' do - let(:feature_enabled?) { false } - - it_behaves_like 'JSON results' - end + it_behaves_like 'JSON results' end context 'when format is CSV' do let(:format) { :csv } - context 'when coverage_data_new_finder flag is enabled' do - let(:feature_enabled?) { true } - - it_behaves_like 'CSV results' - end - - context 'when coverage_data_new_finder flag is disabled' do - let(:feature_enabled?) { false } - - it_behaves_like 'CSV results' - end + it_behaves_like 'CSV results' end end diff --git a/spec/controllers/projects/ci/pipeline_editor_controller_spec.rb b/spec/controllers/projects/ci/pipeline_editor_controller_spec.rb index 1bf6ff95c44..942402a6d00 100644 --- a/spec/controllers/projects/ci/pipeline_editor_controller_spec.rb +++ b/spec/controllers/projects/ci/pipeline_editor_controller_spec.rb @@ -36,18 +36,5 @@ RSpec.describe Projects::Ci::PipelineEditorController do expect(response).to have_gitlab_http_status(:not_found) end end - - context 'when ci_pipeline_editor_page feature flag is disabled' do - before do - stub_feature_flags(ci_pipeline_editor_page: false) - project.add_developer(user) - - get :show, params: { namespace_id: project.namespace, project_id: project } - end - - it 'responds with 404' do - expect(response).to have_gitlab_http_status(:not_found) - end - end end end diff --git a/spec/controllers/projects/commit_controller_spec.rb b/spec/controllers/projects/commit_controller_spec.rb index 706bf787b2d..2d7f036be21 100644 --- a/spec/controllers/projects/commit_controller_spec.rb +++ b/spec/controllers/projects/commit_controller_spec.rb @@ -9,6 +9,8 @@ RSpec.describe Projects::CommitController do let(:commit) { project.commit("master") } let(:master_pickable_sha) { '7d3b0f7cff5f37573aea97cebfd5692ea1689924' } let(:master_pickable_commit) { project.commit(master_pickable_sha) } + let(:pipeline) { create(:ci_pipeline, project: project, ref: project.default_branch, sha: commit.sha, status: :running) } + let(:build) { create(:ci_build, pipeline: pipeline, status: :running) } before do sign_in(user) @@ -33,6 +35,19 @@ RSpec.describe Projects::CommitController do expect(response).to be_ok end + + context 'when a pipeline job is running' do + before do + build.run + end + + it 'defines last pipeline information' do + go(id: commit.id) + + expect(assigns(:last_pipeline)).to have_attributes(id: pipeline.id, status: 'running') + expect(assigns(:last_pipeline_stages)).not_to be_empty + end + end end context 'with invalid id' do @@ -363,15 +378,22 @@ RSpec.describe Projects::CommitController do context 'when the commit exists' do context 'when the commit has pipelines' do before do - create(:ci_pipeline, project: project, sha: commit.id) + build.run end context 'when rendering a HTML format' do - it 'shows pipelines' do + before do get_pipelines(id: commit.id) + end + it 'shows pipelines' do expect(response).to be_ok end + + it 'defines last pipeline information' do + expect(assigns(:last_pipeline)).to have_attributes(id: pipeline.id, status: 'running') + expect(assigns(:last_pipeline_stages)).not_to be_empty + end end context 'when rendering a JSON format' do diff --git a/spec/controllers/projects/compare_controller_spec.rb b/spec/controllers/projects/compare_controller_spec.rb index 6aa4bfe235b..80a6d3960cd 100644 --- a/spec/controllers/projects/compare_controller_spec.rb +++ b/spec/controllers/projects/compare_controller_spec.rb @@ -3,8 +3,21 @@ require 'spec_helper' RSpec.describe Projects::CompareController do - let(:project) { create(:project, :repository) } - let(:user) { create(:user) } + include ProjectForksHelper + + using RSpec::Parameterized::TableSyntax + + let_it_be(:project) { create(:project, :repository, :public) } + let_it_be(:user) { create(:user) } + + let(:private_fork) { fork_project(project, nil, repository: true).tap { |fork| fork.update!(visibility: 'private') } } + let(:public_fork) do + fork_project(project, nil, repository: true).tap do |fork| + fork.update!(visibility: 'public') + # Create a reference that only exists in this project + fork.repository.create_ref('refs/heads/improve/awesome', 'refs/heads/improve/more-awesome') + end + end before do sign_in(user) @@ -32,18 +45,20 @@ RSpec.describe Projects::CompareController do { namespace_id: project.namespace, project_id: project, - from: source_ref, - to: target_ref, + from_project_id: from_project_id, + from: from_ref, + to: to_ref, w: whitespace } end let(:whitespace) { nil } - context 'when the refs exist' do + context 'when the refs exist in the same project' do context 'when we set the white space param' do - let(:source_ref) { "08f22f25" } - let(:target_ref) { "66eceea0" } + let(:from_project_id) { nil } + let(:from_ref) { '08f22f25' } + let(:to_ref) { '66eceea0' } let(:whitespace) { 1 } it 'shows some diffs with ignore whitespace change option' do @@ -60,8 +75,9 @@ RSpec.describe Projects::CompareController do end context 'when we do not set the white space param' do - let(:source_ref) { "improve%2Fawesome" } - let(:target_ref) { "feature" } + let(:from_project_id) { nil } + let(:from_ref) { 'improve%2Fawesome' } + let(:to_ref) { 'feature' } let(:whitespace) { nil } it 'sets the diffs and commits ivars' do @@ -74,9 +90,40 @@ RSpec.describe Projects::CompareController do end end + context 'when the refs exist in different projects that the user can see' do + let(:from_project_id) { public_fork.id } + let(:from_ref) { 'improve%2Fmore-awesome' } + let(:to_ref) { 'feature' } + let(:whitespace) { nil } + + it 'shows the diff' do + show_request + + expect(response).to be_successful + expect(assigns(:diffs).diff_files.first).not_to be_nil + expect(assigns(:commits).length).to be >= 1 + end + end + + context 'when the refs exist in different projects but the user cannot see' do + let(:from_project_id) { private_fork.id } + let(:from_ref) { 'improve%2Fmore-awesome' } + let(:to_ref) { 'feature' } + let(:whitespace) { nil } + + it 'does not show the diff' do + show_request + + expect(response).to be_successful + expect(assigns(:diffs)).to be_empty + expect(assigns(:commits)).to be_empty + end + end + context 'when the source ref does not exist' do - let(:source_ref) { 'non-existent-source-ref' } - let(:target_ref) { "feature" } + let(:from_project_id) { nil } + let(:from_ref) { 'non-existent-source-ref' } + let(:to_ref) { 'feature' } it 'sets empty diff and commit ivars' do show_request @@ -88,8 +135,9 @@ RSpec.describe Projects::CompareController do end context 'when the target ref does not exist' do - let(:target_ref) { 'non-existent-target-ref' } - let(:source_ref) { "improve%2Fawesome" } + let(:from_project_id) { nil } + let(:from_ref) { 'improve%2Fawesome' } + let(:to_ref) { 'non-existent-target-ref' } it 'sets empty diff and commit ivars' do show_request @@ -101,8 +149,9 @@ RSpec.describe Projects::CompareController do end context 'when the target ref is invalid' do - let(:target_ref) { "master%' AND 2554=4423 AND '%'='" } - let(:source_ref) { "improve%2Fawesome" } + let(:from_project_id) { nil } + let(:from_ref) { 'improve%2Fawesome' } + let(:to_ref) { "master%' AND 2554=4423 AND '%'='" } it 'shows a flash message and redirects' do show_request @@ -113,8 +162,9 @@ RSpec.describe Projects::CompareController do end context 'when the source ref is invalid' do - let(:source_ref) { "master%' AND 2554=4423 AND '%'='" } - let(:target_ref) { "improve%2Fawesome" } + let(:from_project_id) { nil } + let(:from_ref) { "master%' AND 2554=4423 AND '%'='" } + let(:to_ref) { 'improve%2Fawesome' } it 'shows a flash message and redirects' do show_request @@ -126,24 +176,33 @@ RSpec.describe Projects::CompareController do end describe 'GET diff_for_path' do - def diff_for_path(extra_params = {}) - params = { + subject(:diff_for_path_request) { get :diff_for_path, params: request_params } + + let(:request_params) do + { + from_project_id: from_project_id, + from: from_ref, + to: to_ref, namespace_id: project.namespace, - project_id: project + project_id: project, + old_path: old_path, + new_path: new_path } - - get :diff_for_path, params: params.merge(extra_params) end let(:existing_path) { 'files/ruby/feature.rb' } - let(:source_ref) { "improve%2Fawesome" } - let(:target_ref) { "feature" } - context 'when the source and target refs exist' do + let(:from_project_id) { nil } + let(:from_ref) { 'improve%2Fawesome' } + let(:to_ref) { 'feature' } + let(:old_path) { existing_path } + let(:new_path) { existing_path } + + context 'when the source and target refs exist in the same project' do context 'when the user has access target the project' do context 'when the path exists in the diff' do it 'disables diff notes' do - diff_for_path(from: source_ref, to: target_ref, old_path: existing_path, new_path: existing_path) + diff_for_path_request expect(assigns(:diff_notes_disabled)).to be_truthy end @@ -154,16 +213,17 @@ RSpec.describe Projects::CompareController do meth.call(diffs) end - diff_for_path(from: source_ref, to: target_ref, old_path: existing_path, new_path: existing_path) + diff_for_path_request end end context 'when the path does not exist in the diff' do - before do - diff_for_path(from: source_ref, to: target_ref, old_path: existing_path.succ, new_path: existing_path.succ) - end + let(:old_path) { existing_path.succ } + let(:new_path) { existing_path.succ } it 'returns a 404' do + diff_for_path_request + expect(response).to have_gitlab_http_status(:not_found) end end @@ -172,31 +232,56 @@ RSpec.describe Projects::CompareController do context 'when the user does not have access target the project' do before do project.team.truncate - diff_for_path(from: source_ref, to: target_ref, old_path: existing_path, new_path: existing_path) end it 'returns a 404' do + diff_for_path_request + expect(response).to have_gitlab_http_status(:not_found) end end end - context 'when the source ref does not exist' do - before do - diff_for_path(from: source_ref.succ, to: target_ref, old_path: existing_path, new_path: existing_path) + context 'when the source and target refs exist in different projects and the user can see' do + let(:from_project_id) { public_fork.id } + let(:from_ref) { 'improve%2Fmore-awesome' } + + it 'shows the diff for that path' do + expect(controller).to receive(:render_diff_for_path).and_wrap_original do |meth, diffs| + expect(diffs.diff_files.map(&:new_path)).to contain_exactly(existing_path) + meth.call(diffs) + end + + diff_for_path_request + end + end + + context 'when the source and target refs exist in different projects and the user cannot see' do + let(:from_project_id) { private_fork.id } + + it 'does not show the diff for that path' do + diff_for_path_request + + expect(response).to have_gitlab_http_status(:not_found) end + end + + context 'when the source ref does not exist' do + let(:from_ref) { 'this-ref-does-not-exist' } it 'returns a 404' do + diff_for_path_request + expect(response).to have_gitlab_http_status(:not_found) end end context 'when the target ref does not exist' do - before do - diff_for_path(from: source_ref, to: target_ref.succ, old_path: existing_path, new_path: existing_path) - end + let(:to_ref) { 'this-ref-does-not-exist' } it 'returns a 404' do + diff_for_path_request + expect(response).to have_gitlab_http_status(:not_found) end end @@ -209,53 +294,54 @@ RSpec.describe Projects::CompareController do { namespace_id: project.namespace, project_id: project, - from: source_ref, - to: target_ref + from_project_id: from_project_id, + from: from_ref, + to: to_ref } end context 'when sending valid params' do - let(:source_ref) { "improve%2Fawesome" } - let(:target_ref) { "feature" } + let(:from_ref) { 'awesome%2Ffeature' } + let(:to_ref) { 'feature' } - it 'redirects back to show' do - create_request - - expect(response).to redirect_to(project_compare_path(project, to: target_ref, from: source_ref)) - end - end + context 'without a from_project_id' do + let(:from_project_id) { nil } - context 'when sending invalid params' do - context 'when the source ref is empty and target ref is set' do - let(:source_ref) { '' } - let(:target_ref) { 'master' } - - it 'redirects back to index and preserves the target ref' do + it 'redirects to the show page' do create_request - expect(response).to redirect_to(project_compare_index_path(project, to: target_ref)) + expect(response).to redirect_to(project_compare_path(project, from: from_ref, to: to_ref)) end end - context 'when the target ref is empty and source ref is set' do - let(:source_ref) { 'master' } - let(:target_ref) { '' } + context 'with a from_project_id' do + let(:from_project_id) { 'something or another' } - it 'redirects back to index and preserves source ref' do + it 'redirects to the show page without interpreting from_project_id' do create_request - expect(response).to redirect_to(project_compare_index_path(project, from: source_ref)) + expect(response).to redirect_to(project_compare_path(project, from: from_ref, to: to_ref, from_project_id: from_project_id)) end end + end + + context 'when sending invalid params' do + where(:from_ref, :to_ref, :from_project_id, :expected_redirect_params) do + '' | '' | '' | {} + 'main' | '' | '' | { from: 'main' } + '' | 'main' | '' | { to: 'main' } + '' | '' | '1' | { from_project_id: 1 } + 'main' | '' | '1' | { from: 'main', from_project_id: 1 } + '' | 'main' | '1' | { to: 'main', from_project_id: 1 } + end - context 'when the target and source ref are empty' do - let(:source_ref) { '' } - let(:target_ref) { '' } + with_them do + let(:expected_redirect) { project_compare_index_path(project, expected_redirect_params) } - it 'redirects back to index' do + it 'redirects back to the index' do create_request - expect(response).to redirect_to(namespace_project_compare_index_path) + expect(response).to redirect_to(expected_redirect) end end end @@ -268,15 +354,15 @@ RSpec.describe Projects::CompareController do { namespace_id: project.namespace, project_id: project, - from: source_ref, - to: target_ref, + from: from_ref, + to: to_ref, format: :json } end context 'when the source and target refs exist' do - let(:source_ref) { "improve%2Fawesome" } - let(:target_ref) { "feature" } + let(:from_ref) { 'improve%2Fawesome' } + let(:to_ref) { 'feature' } context 'when the user has access to the project' do render_views @@ -285,14 +371,14 @@ RSpec.describe Projects::CompareController do let(:non_signature_commit) { build(:commit, project: project, safe_message: "message", sha: 'non_signature_commit') } before do - escaped_source_ref = Addressable::URI.unescape(source_ref) - escaped_target_ref = Addressable::URI.unescape(target_ref) + escaped_from_ref = Addressable::URI.unescape(from_ref) + escaped_to_ref = Addressable::URI.unescape(to_ref) - compare_service = CompareService.new(project, escaped_target_ref) - compare = compare_service.execute(project, escaped_source_ref) + compare_service = CompareService.new(project, escaped_to_ref) + compare = compare_service.execute(project, escaped_from_ref) - expect(CompareService).to receive(:new).with(project, escaped_target_ref).and_return(compare_service) - expect(compare_service).to receive(:execute).with(project, escaped_source_ref).and_return(compare) + expect(CompareService).to receive(:new).with(project, escaped_to_ref).and_return(compare_service) + expect(compare_service).to receive(:execute).with(project, escaped_from_ref).and_return(compare) expect(compare).to receive(:commits).and_return([signature_commit, non_signature_commit]) expect(non_signature_commit).to receive(:has_signature?).and_return(false) @@ -313,6 +399,7 @@ RSpec.describe Projects::CompareController do context 'when the user does not have access to the project' do before do project.team.truncate + project.update!(visibility: 'private') end it 'returns a 404' do @@ -324,8 +411,8 @@ RSpec.describe Projects::CompareController do end context 'when the source ref does not exist' do - let(:source_ref) { 'non-existent-ref-source' } - let(:target_ref) { "feature" } + let(:from_ref) { 'non-existent-ref-source' } + let(:to_ref) { 'feature' } it 'returns no signatures' do signatures_request @@ -336,8 +423,8 @@ RSpec.describe Projects::CompareController do end context 'when the target ref does not exist' do - let(:target_ref) { 'non-existent-ref-target' } - let(:source_ref) { "improve%2Fawesome" } + let(:from_ref) { 'improve%2Fawesome' } + let(:to_ref) { 'non-existent-ref-target' } it 'returns no signatures' do signatures_request diff --git a/spec/controllers/projects/design_management/designs/raw_images_controller_spec.rb b/spec/controllers/projects/design_management/designs/raw_images_controller_spec.rb index f664604ac15..e0f86876f67 100644 --- a/spec/controllers/projects/design_management/designs/raw_images_controller_spec.rb +++ b/spec/controllers/projects/design_management/designs/raw_images_controller_spec.rb @@ -37,13 +37,24 @@ RSpec.describe Projects::DesignManagement::Designs::RawImagesController do # For security, .svg images should only ever be served with Content-Disposition: attachment. # If this specs ever fails we must assess whether we should be serving svg images. # See https://gitlab.com/gitlab-org/gitlab/issues/12771 - it 'serves files with `Content-Disposition: attachment`' do + it 'serves files with `Content-Disposition` header set to attachment plus the filename' do subject - expect(response.header['Content-Disposition']).to eq('attachment') + expect(response.header['Content-Disposition']).to match "attachment; filename=\"#{design.filename}\"" expect(response).to have_gitlab_http_status(:ok) end + context 'when the feature flag attachment_with_filename is disabled' do + it 'serves files with just `attachment` in the disposition header' do + stub_feature_flags(attachment_with_filename: false) + + subject + + expect(response.header['Content-Disposition']).to eq('attachment') + expect(response).to have_gitlab_http_status(:ok) + end + end + it 'serves files with Workhorse' do subject diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index 81ffd2c4512..74062038248 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -9,6 +9,7 @@ RSpec.describe Projects::IssuesController do let_it_be(:project, reload: true) { create(:project) } let_it_be(:user, reload: true) { create(:user) } let(:issue) { create(:issue, project: project) } + let(:spam_action_response_fields) { { 'stub_spam_action_response_fields' => true } } describe "GET #index" do context 'external issue tracker' do @@ -613,12 +614,15 @@ RSpec.describe Projects::IssuesController do context 'when allow_possible_spam feature flag is false' do before do stub_feature_flags(allow_possible_spam: false) + expect(controller).to(receive(:spam_action_response_fields).with(issue)) do + spam_action_response_fields + end end - it 'renders json with recaptcha_html' do + it 'renders json with spam_action_response_fields' do subject - expect(json_response).to have_key('recaptcha_html') + expect(json_response).to eq(spam_action_response_fields) end end @@ -948,12 +952,17 @@ RSpec.describe Projects::IssuesController do context 'renders properly' do render_views - it 'renders recaptcha_html json response' do + before do + expect(controller).to(receive(:spam_action_response_fields).with(issue)) do + spam_action_response_fields + end + end + + it 'renders spam_action_response_fields json response' do update_issue - expect(response).to have_gitlab_http_status(:ok) - expect(json_response).to have_key('recaptcha_html') - expect(json_response['recaptcha_html']).not_to be_empty + expect(response).to have_gitlab_http_status(:conflict) + expect(json_response).to eq(spam_action_response_fields) end end end diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb index 9b37c46fd86..93d5e7eff6c 100644 --- a/spec/controllers/projects/merge_requests_controller_spec.rb +++ b/spec/controllers/projects/merge_requests_controller_spec.rb @@ -2048,21 +2048,6 @@ RSpec.describe Projects::MergeRequestsController do end end - context 'with SELECT FOR UPDATE lock' do - before do - stub_feature_flags(merge_request_rebase_nowait_lock: false) - end - - it 'executes rebase' do - allow_any_instance_of(MergeRequest).to receive(:with_lock).with(true).and_call_original - expect(RebaseWorker).to receive(:perform_async) - - post_rebase - - expect(response).to have_gitlab_http_status(:ok) - end - end - context 'with NOWAIT lock' do it 'returns a 409' do allow_any_instance_of(MergeRequest).to receive(:with_lock).with('FOR UPDATE NOWAIT').and_raise(ActiveRecord::LockWaitTimeout) diff --git a/spec/controllers/projects/notes_controller_spec.rb b/spec/controllers/projects/notes_controller_spec.rb index edebaf294c4..add249e2c74 100644 --- a/spec/controllers/projects/notes_controller_spec.rb +++ b/spec/controllers/projects/notes_controller_spec.rb @@ -150,7 +150,7 @@ RSpec.describe Projects::NotesController do end it 'returns an empty page of notes' do - expect(Gitlab::EtagCaching::Middleware).to receive(:skip!) + expect(Gitlab::EtagCaching::Middleware).not_to receive(:skip!) request.headers['X-Last-Fetched-At'] = microseconds(Time.zone.now) @@ -169,8 +169,6 @@ RSpec.describe Projects::NotesController do end it 'returns all notes' do - expect(Gitlab::EtagCaching::Middleware).to receive(:skip!) - get :index, params: request_params expect(json_response['notes'].count).to eq((page_1 + page_2 + page_3).size + 1) @@ -764,49 +762,9 @@ RSpec.describe Projects::NotesController do end end - context 'when the endpoint receives requests above the limit' do - before do - stub_application_setting(notes_create_limit: 3) - end - - it 'prevents from creating more notes', :request_store do - 3.times { create! } - - expect { create! } - .to change { Gitlab::GitalyClient.get_request_count }.by(0) - - create! - expect(response.body).to eq(_('This endpoint has been requested too many times. Try again later.')) - expect(response).to have_gitlab_http_status(:too_many_requests) - end - - it 'logs the event in auth.log' do - attributes = { - message: 'Application_Rate_Limiter_Request', - env: :notes_create_request_limit, - remote_ip: '0.0.0.0', - request_method: 'POST', - path: "/#{project.full_path}/notes", - user_id: user.id, - username: user.username - } - - expect(Gitlab::AuthLogger).to receive(:error).with(attributes).once - - project.add_developer(user) - sign_in(user) - - 4.times { create! } - end - - it 'allows user in allow-list to create notes, even if the case is different' do - user.update_attribute(:username, user.username.titleize) - stub_application_setting(notes_create_limit_allowlist: ["#{user.username.downcase}"]) - 3.times { create! } - - create! - expect(response).to have_gitlab_http_status(:found) - end + it_behaves_like 'request exceeding rate limit', :clean_gitlab_redis_cache do + let(:params) { request_params.except(:format) } + let(:request_full_path) { project_notes_path(project) } end end diff --git a/spec/controllers/projects/security/configuration_controller_spec.rb b/spec/controllers/projects/security/configuration_controller_spec.rb index ef255d1efd0..848db16fb02 100644 --- a/spec/controllers/projects/security/configuration_controller_spec.rb +++ b/spec/controllers/projects/security/configuration_controller_spec.rb @@ -13,42 +13,28 @@ RSpec.describe Projects::Security::ConfigurationController do end describe 'GET show' do - context 'when feature flag is disabled' do + context 'when user has guest access' do before do - stub_feature_flags(secure_security_and_compliance_configuration_page_on_ce: false) + project.add_guest(user) end - it 'renders not found' do + it 'denies access' do get :show, params: { namespace_id: project.namespace, project_id: project } - expect(response).to have_gitlab_http_status(:not_found) + expect(response).to have_gitlab_http_status(:forbidden) end end - context 'when feature flag is enabled' do - context 'when user has guest access' do - before do - project.add_guest(user) - end - - it 'denies access' do - get :show, params: { namespace_id: project.namespace, project_id: project } - - expect(response).to have_gitlab_http_status(:forbidden) - end + context 'when user has developer access' do + before do + project.add_developer(user) end - context 'when user has developer access' do - before do - project.add_developer(user) - end - - it 'grants access' do - get :show, params: { namespace_id: project.namespace, project_id: project } + it 'grants access' do + get :show, params: { namespace_id: project.namespace, project_id: project } - expect(response).to have_gitlab_http_status(:ok) - expect(response).to render_template(:show) - end + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template(:show) end end end diff --git a/spec/controllers/projects/snippets_controller_spec.rb b/spec/controllers/projects/snippets_controller_spec.rb index f9221c5a4ef..793ffbbfad9 100644 --- a/spec/controllers/projects/snippets_controller_spec.rb +++ b/spec/controllers/projects/snippets_controller_spec.rb @@ -207,14 +207,14 @@ RSpec.describe Projects::SnippetsController do subject expect(assigns(:snippet)).to eq(project_snippet) - expect(assigns(:blobs)).to eq(project_snippet.blobs) + expect(assigns(:blobs).map(&:name)).to eq(project_snippet.blobs.map(&:name)) expect(response).to have_gitlab_http_status(:ok) end it 'does not show the blobs expanded by default' do subject - expect(project_snippet.blobs.map(&:expanded?)).to be_all(false) + expect(assigns(:blobs).map(&:expanded?)).to be_all(false) end context 'when param expanded is set' do @@ -223,7 +223,7 @@ RSpec.describe Projects::SnippetsController do it 'shows all blobs expanded' do subject - expect(project_snippet.blobs.map(&:expanded?)).to be_all(true) + expect(assigns(:blobs).map(&:expanded?)).to be_all(true) end end end diff --git a/spec/controllers/projects/templates_controller_spec.rb b/spec/controllers/projects/templates_controller_spec.rb index fe282baf769..bd299efb5b5 100644 --- a/spec/controllers/projects/templates_controller_spec.rb +++ b/spec/controllers/projects/templates_controller_spec.rb @@ -160,13 +160,28 @@ RSpec.describe Projects::TemplatesController do end shared_examples 'template names request' do - it 'returns the template names' do - get(:names, params: { namespace_id: project.namespace, template_type: template_type, project_id: project }, format: :json) + context 'when feature flag enabled' do + it 'returns the template names', :aggregate_failures do + get(:names, params: { namespace_id: project.namespace, template_type: template_type, project_id: project }, format: :json) - expect(response).to have_gitlab_http_status(:ok) - expect(json_response.size).to eq(2) - expect(json_response.size).to eq(2) - expect(json_response.map { |x| x.slice('name') }).to match(expected_template_names) + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['Project Templates'].size).to eq(2) + expect(json_response['Project Templates'].map { |x| x.slice('name') }).to match(expected_template_names) + end + end + + context 'when feature flag disabled' do + before do + stub_feature_flags(inherited_issuable_templates: false) + end + + it 'returns the template names', :aggregate_failures do + get(:names, params: { namespace_id: project.namespace, template_type: template_type, project_id: project }, format: :json) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response.size).to eq(2) + expect(json_response.map { |x| x.slice('name') }).to match(expected_template_names) + end end it 'fails for user with no access' do diff --git a/spec/controllers/projects/web_ide_schemas_controller_spec.rb b/spec/controllers/projects/web_ide_schemas_controller_spec.rb index fbec941aecc..136edd2f7ad 100644 --- a/spec/controllers/projects/web_ide_schemas_controller_spec.rb +++ b/spec/controllers/projects/web_ide_schemas_controller_spec.rb @@ -53,13 +53,13 @@ RSpec.describe Projects::WebIdeSchemasController do end context 'when an error occurs parsing the schema' do - let(:result) { { status: :error, message: 'Some error occured' } } + let(:result) { { status: :error, message: 'Some error occurred' } } it 'returns 422 with the error' do subject expect(response).to have_gitlab_http_status(:unprocessable_entity) - expect(response.body).to eq('{"status":"error","message":"Some error occured"}') + expect(response.body).to eq('{"status":"error","message":"Some error occurred"}') end end end diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index 1e4ec48b119..554487db8f2 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -221,6 +221,20 @@ RSpec.describe ProjectsController do allow(controller).to receive(:record_experiment_user) end + context 'when user can push to default branch' do + let(:user) { empty_project.owner } + + it 'creates an "view_project_show" experiment tracking event', :snowplow do + allow_next_instance_of(ApplicationExperiment) do |e| + allow(e).to receive(:should_track?).and_return(true) + end + + get :show, params: { namespace_id: empty_project.namespace, id: empty_project } + + expect_snowplow_event(category: 'empty_repo_upload', action: 'view_project_show', context: [{ schema: 'iglu:com.gitlab/gitlab_experiment/jsonschema/0-3-0', data: anything }], property: 'empty') + end + end + User.project_views.keys.each do |project_view| context "with #{project_view} view set" do before do @@ -416,7 +430,8 @@ RSpec.describe ProjectsController do path: 'foo', description: 'bar', namespace_id: user.namespace.id, - visibility_level: Gitlab::VisibilityLevel::PUBLIC + visibility_level: Gitlab::VisibilityLevel::PUBLIC, + initialize_with_readme: 1 } end @@ -425,9 +440,11 @@ RSpec.describe ProjectsController do end it 'tracks a created event for the new_project_readme experiment', :experiment do - expect(experiment(:new_project_readme)).to track(:created, property: 'blank').on_any_instance.with_context( - actor: user - ) + expect(experiment(:new_project_readme)).to track( + :created, + property: 'blank', + value: 1 + ).on_any_instance.with_context(actor: user) post :create, params: { project: project_params } end @@ -1345,6 +1362,14 @@ RSpec.describe ProjectsController do expect(response.body).to eq('This endpoint has been requested too many times. Try again later.') expect(response).to have_gitlab_http_status(:too_many_requests) end + + it 'applies correct scope when throttling' do + expect(Gitlab::ApplicationRateLimiter) + .to receive(:throttled?) + .with(:project_download_export, scope: [user, project]) + + post action, params: { namespace_id: project.namespace, id: project } + end end end end diff --git a/spec/controllers/repositories/git_http_controller_spec.rb b/spec/controllers/repositories/git_http_controller_spec.rb index d21f602f90c..4eede594bb9 100644 --- a/spec/controllers/repositories/git_http_controller_spec.rb +++ b/spec/controllers/repositories/git_http_controller_spec.rb @@ -54,14 +54,17 @@ RSpec.describe Repositories::GitHttpController do }.from(0).to(1) end - it_behaves_like 'records an onboarding progress action', :git_read do - let(:namespace) { project.namespace } - - subject { send_request } + describe 'recording the onboarding progress', :sidekiq_inline do + let_it_be(:namespace) { project.namespace } before do - stub_feature_flags(disable_git_http_fetch_writes: false) + OnboardingProgress.onboard(namespace) + send_request end + + subject { OnboardingProgress.completed?(namespace, :git_pull) } + + it { is_expected.to be(true) } end context 'when disable_git_http_fetch_writes is enabled' do @@ -75,12 +78,6 @@ RSpec.describe Repositories::GitHttpController do send_request end - - it 'does not record onboarding progress' do - expect(OnboardingProgressService).not_to receive(:new) - - send_request - end end end end diff --git a/spec/controllers/root_controller_spec.rb b/spec/controllers/root_controller_spec.rb index 85f9ea66c5f..49841aa61d7 100644 --- a/spec/controllers/root_controller_spec.rb +++ b/spec/controllers/root_controller_spec.rb @@ -68,6 +68,18 @@ RSpec.describe RootController do end end + context 'who has customized their dashboard setting for followed user activities' do + before do + user.dashboard = 'followed_user_activity' + end + + it 'redirects to the activity list' do + get :index + + expect(response).to redirect_to activity_dashboard_path(filter: 'followed') + end + end + context 'who has customized their dashboard setting for groups' do before do user.dashboard = 'groups' @@ -123,11 +135,7 @@ RSpec.describe RootController do expect(response).to render_template 'dashboard/projects/index' end - context 'when experiment is enabled' do - before do - stub_experiment_for_subject(customize_homepage: true) - end - + context 'when customize_homepage is enabled' do it 'renders the default dashboard' do get :index @@ -135,9 +143,9 @@ RSpec.describe RootController do end end - context 'when experiment not enabled' do + context 'when customize_homepage is not enabled' do before do - stub_experiment(customize_homepage: false) + stub_feature_flags(customize_homepage: false) end it 'renders the default dashboard' do diff --git a/spec/controllers/search_controller_spec.rb b/spec/controllers/search_controller_spec.rb index 95cea10f0d0..32ac83847aa 100644 --- a/spec/controllers/search_controller_spec.rb +++ b/spec/controllers/search_controller_spec.rb @@ -252,6 +252,14 @@ RSpec.describe SearchController do get :count, params: { search: 'hello' } end.to raise_error(ActionController::ParameterMissing) end + + it 'sets private cache control headers' do + get :count, params: { search: 'hello', scope: 'projects' } + + expect(response).to have_gitlab_http_status(:ok) + + expect(response.headers['Cache-Control']).to include('max-age=60, private') + end end describe 'GET #autocomplete' do @@ -261,23 +269,29 @@ RSpec.describe SearchController do describe '#append_info_to_payload' do it 'appends search metadata for logging' do - last_payload = nil - original_append_info_to_payload = controller.method(:append_info_to_payload) - - expect(controller).to receive(:append_info_to_payload) do |payload| - original_append_info_to_payload.call(payload) - last_payload = payload + expect(controller).to receive(:append_info_to_payload).and_wrap_original do |method, payload| + method.call(payload) + + expect(payload[:metadata]['meta.search.group_id']).to eq('123') + expect(payload[:metadata]['meta.search.project_id']).to eq('456') + expect(payload[:metadata]).not_to have_key('meta.search.search') + expect(payload[:metadata]['meta.search.scope']).to eq('issues') + expect(payload[:metadata]['meta.search.force_search_results']).to eq('true') + expect(payload[:metadata]['meta.search.filters.confidential']).to eq('true') + expect(payload[:metadata]['meta.search.filters.state']).to eq('true') end get :show, params: { scope: 'issues', search: 'hello world', group_id: '123', project_id: '456', confidential: true, state: true, force_search_results: true } + end + + it 'appends the default scope in meta.search.scope' do + expect(controller).to receive(:append_info_to_payload).and_wrap_original do |method, payload| + method.call(payload) + + expect(payload[:metadata]['meta.search.scope']).to eq('projects') + end - expect(last_payload[:metadata]['meta.search.group_id']).to eq('123') - expect(last_payload[:metadata]['meta.search.project_id']).to eq('456') - expect(last_payload[:metadata]).not_to have_key('meta.search.search') - expect(last_payload[:metadata]['meta.search.scope']).to eq('issues') - expect(last_payload[:metadata]['meta.search.force_search_results']).to eq('true') - expect(last_payload[:metadata]['meta.search.filters.confidential']).to eq('true') - expect(last_payload[:metadata]['meta.search.filters.state']).to eq('true') + get :show, params: { search: 'hello world', group_id: '123', project_id: '456' } end end end diff --git a/spec/controllers/snippets/notes_controller_spec.rb b/spec/controllers/snippets/notes_controller_spec.rb index 487635169fc..558e68fbb8f 100644 --- a/spec/controllers/snippets/notes_controller_spec.rb +++ b/spec/controllers/snippets/notes_controller_spec.rb @@ -141,6 +141,11 @@ RSpec.describe Snippets::NotesController do it 'creates the note' do expect { post :create, params: request_params }.to change { Note.count }.by(1) end + + it_behaves_like 'request exceeding rate limit', :clean_gitlab_redis_cache do + let(:params) { request_params } + let(:request_full_path) { snippet_notes_path(public_snippet) } + end end context 'when a snippet is internal' do @@ -164,6 +169,11 @@ RSpec.describe Snippets::NotesController do it 'creates the note' do expect { post :create, params: request_params }.to change { Note.count }.by(1) end + + it_behaves_like 'request exceeding rate limit', :clean_gitlab_redis_cache do + let(:params) { request_params } + let(:request_full_path) { snippet_notes_path(internal_snippet) } + end end context 'when a snippet is private' do @@ -228,6 +238,12 @@ RSpec.describe Snippets::NotesController do it 'creates the note' do expect { post :create, params: request_params }.to change { Note.count }.by(1) end + + it_behaves_like 'request exceeding rate limit', :clean_gitlab_redis_cache do + let(:params) { request_params } + let(:request_full_path) { snippet_notes_path(private_snippet) } + let(:user) { private_snippet.author } + end end end end |