diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-20 12:26:25 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-07-20 12:26:25 +0000 |
commit | a09983ae35713f5a2bbb100981116d31ce99826e (patch) | |
tree | 2ee2af7bd104d57086db360a7e6d8c9d5d43667a /spec/requests/api/members_spec.rb | |
parent | 18c5ab32b738c0b6ecb4d0df3994000482f34bd8 (diff) | |
download | gitlab-ce-a09983ae35713f5a2bbb100981116d31ce99826e.tar.gz |
Add latest changes from gitlab-org/gitlab@13-2-stable-ee
Diffstat (limited to 'spec/requests/api/members_spec.rb')
-rw-r--r-- | spec/requests/api/members_spec.rb | 63 |
1 files changed, 49 insertions, 14 deletions
diff --git a/spec/requests/api/members_spec.rb b/spec/requests/api/members_spec.rb index 0ecef26c27a..23889912d7a 100644 --- a/spec/requests/api/members_spec.rb +++ b/spec/requests/api/members_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -describe API::Members do +RSpec.describe API::Members do let(:maintainer) { create(:user, username: 'maintainer_user') } let(:developer) { create(:user) } let(:access_requester) { create(:user) } @@ -321,6 +321,26 @@ describe API::Members do expect(response).to have_gitlab_http_status(:bad_request) end end + + context 'adding project bot' do + let_it_be(:project_bot) { create(:user, :project_bot) } + + before do + unrelated_project = create(:project) + unrelated_project.add_maintainer(project_bot) + end + + it 'returns 400' do + expect do + post api("/#{source_type.pluralize}/#{source.id}/members", maintainer), + params: { user_id: project_bot.id, access_level: Member::DEVELOPER } + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['message']['user_id']).to( + include('project bots cannot be added to other groups / projects')) + end.not_to change { project.members.count } + end + end end shared_examples 'PUT /:source_type/:id/members/:user_id' do |source_type| @@ -461,8 +481,34 @@ describe API::Members do end end - it_behaves_like 'POST /:source_type/:id/members', 'project' do - let(:source) { project } + describe 'POST /projects/:id/members' do + it_behaves_like 'POST /:source_type/:id/members', 'project' do + let(:source) { project } + end + + context 'adding owner to project' do + it 'returns 403' do + expect do + post api("/projects/#{project.id}/members", maintainer), + params: { user_id: stranger.id, access_level: Member::OWNER } + + expect(response).to have_gitlab_http_status(:bad_request) + end.not_to change { project.members.count } + end + end + + context 'remove bot from project' do + it 'returns a 403 forbidden' do + project_bot = create(:user, :project_bot) + create(:project_member, project: project, user: project_bot) + + expect do + delete api("/projects/#{project.id}/members/#{project_bot.id}", maintainer) + + expect(response).to have_gitlab_http_status(:forbidden) + end.not_to change { project.members.count } + end + end end it_behaves_like 'POST /:source_type/:id/members', 'group' do @@ -484,15 +530,4 @@ describe API::Members do it_behaves_like 'DELETE /:source_type/:id/members/:user_id', 'group' do let(:source) { group } end - - context 'Adding owner to project' do - it 'returns 403' do - expect do - post api("/projects/#{project.id}/members", maintainer), - params: { user_id: stranger.id, access_level: Member::OWNER } - - expect(response).to have_gitlab_http_status(:bad_request) - end.to change { project.members.count }.by(0) - end - end end |