Merge branch 'master' into new-issue-by-email

* master: (1246 commits)
  Update CHANGELOG
  Update tests to make it work with Turbolinks approach
  Use Turbolink instead of ajax
  Reinitialize checkboxes to toggle event bindings
  Turn off handlers before binding events
  Removed console.log Uses outerWidth instead of width
  Revert "Added API endpoint for Sidekiq Metrics"
  Added API endpoint for Sidekiq Metrics
  Added CHANGELOG entry for allocations Gem/name fix
  Filter out classes without names in the sampler
  Update the allocations Gem to 1.0.5
  Put all sidebar icons in fixed width container
  Instrument private/protected methods
  Fix Ci::Build#artifacts_expire_in= when assigning invalid duration
  Fix grammar and syntax
  Update CI API docs
  UI and copywriting improvements
  Factorize members mails into a new Emails::Members module
  Factorize access request routes into a new :access_requestable route concern
  Factorize #request_access and #approve_access_request  into a new AccessRequestActions controller concern
  ...

1 files changed, 18 insertions, 3 deletions

diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb
index 37ddab83c30..7ecefce80d6 100644
--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -12,6 +12,7 @@ describe API::API, api: true  do
   let!(:group2) { create(:group, :private) }
   let!(:project1) { create(:project, namespace: group1) }
   let!(:project2) { create(:project, namespace: group2) }
+  let!(:project3) { create(:project, namespace: group1, path: 'test', visibility_level: Gitlab::VisibilityLevel::PRIVATE) }
 
   before do
     group1.add_owner(user1)
@@ -147,9 +148,11 @@ describe API::API, api: true  do
     context "when authenticated as user" do
       it "should return the group's projects" do
         get api("/groups/#{group1.id}/projects", user1)
+
         expect(response.status).to eq(200)
-        expect(json_response.length).to eq(1)
-        expect(json_response.first['name']).to eq(project1.name)
+        expect(json_response.length).to eq(2)
+        project_names = json_response.map { |proj| proj['name' ] }
+        expect(project_names).to match_array([project1.name, project3.name])
       end
 
       it "should not return a non existing group" do
@@ -162,6 +165,16 @@ describe API::API, api: true  do
 
         expect(response.status).to eq(404)
       end
+
+      it "should only return projects to which user has access" do
+        project3.team << [user3, :developer]
+
+        get api("/groups/#{group1.id}/projects", user3)
+
+        expect(response.status).to eq(200)
+        expect(json_response.length).to eq(1)
+        expect(json_response.first['name']).to eq(project3.name)
+      end
     end
 
     context "when authenticated as admin" do
@@ -181,8 +194,10 @@ describe API::API, api: true  do
     context 'when using group path in URL' do
       it 'should return any existing group' do
         get api("/groups/#{group1.path}/projects", admin)
+
         expect(response.status).to eq(200)
-        expect(json_response.first['name']).to eq(project1.name)
+        project_names = json_response.map { |proj| proj['name' ] }
+        expect(project_names).to match_array([project1.name, project3.name])
       end
 
       it 'should not return a non existing group' do