diff options
author | Jose Ivan Vargas <jvargas@gitlab.com> | 2018-02-05 15:16:41 -0600 |
---|---|---|
committer | Jose Ivan Vargas <jvargas@gitlab.com> | 2018-02-05 15:16:41 -0600 |
commit | 46ae03628de47d1bef2683a3a5fe4963b3df7d52 (patch) | |
tree | aca69b4acab10d5699a6315556de7e7530e65dbe /spec/requests/api/project_snippets_spec.rb | |
parent | e6016d0bc2b640801914369e25e1a3639d3e50eb (diff) | |
parent | 2150ed4094ddb67d7b403cd56360700c80e7d928 (diff) | |
download | gitlab-ce-46ae03628de47d1bef2683a3a5fe4963b3df7d52.tar.gz |
Merge branch 'master' into jivl-update-katex
Diffstat (limited to 'spec/requests/api/project_snippets_spec.rb')
-rw-r--r-- | spec/requests/api/project_snippets_spec.rb | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb index e741ac4b7bd..4a2289ca137 100644 --- a/spec/requests/api/project_snippets_spec.rb +++ b/spec/requests/api/project_snippets_spec.rb @@ -1,9 +1,9 @@ require 'rails_helper' describe API::ProjectSnippets do - let(:project) { create(:project, :public) } - let(:user) { create(:user) } - let(:admin) { create(:admin) } + set(:project) { create(:project, :public) } + set(:user) { create(:user) } + set(:admin) { create(:admin) } describe "GET /projects/:project_id/snippets/:id/user_agent_detail" do let(:snippet) { create(:project_snippet, :public, project: project) } @@ -18,6 +18,13 @@ describe API::ProjectSnippets do expect(json_response['akismet_submitted']).to eq(user_agent_detail.submitted) end + it 'respects project scoping' do + other_project = create(:project) + + get api("/projects/#{other_project.id}/snippets/#{snippet.id}/user_agent_detail", admin) + expect(response).to have_gitlab_http_status(404) + end + it "returns unautorized for non-admin users" do get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/user_agent_detail", user) |