diff options
author | Robert Speicher <rspeicher@gmail.com> | 2019-04-02 12:56:40 +0000 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2019-04-02 12:56:40 +0000 |
commit | 4b9dbec33ce446362d617f481b35628890763bd7 (patch) | |
tree | 9dceae8f3b1a4526c5a20ad23fa0df1874cab90c /spec/requests/api/releases_spec.rb | |
parent | 784b1756020ba564b45cb539a538f79c138f92dd (diff) | |
parent | 69b65a6b745e74bba290787420a0017395fd7c25 (diff) | |
download | gitlab-ce-4b9dbec33ce446362d617f481b35628890763bd7.tar.gz |
Merge branch 'jarv/dev-to-gitlab-2019-04-02' into 'master'
Jarv/dev to gitlab 2019 04 02
Closes #2810
See merge request gitlab-org/gitlab-ce!26846
Diffstat (limited to 'spec/requests/api/releases_spec.rb')
-rw-r--r-- | spec/requests/api/releases_spec.rb | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb index 1f317971a66..71ec091c42c 100644 --- a/spec/requests/api/releases_spec.rb +++ b/spec/requests/api/releases_spec.rb @@ -4,12 +4,14 @@ describe API::Releases do let(:project) { create(:project, :repository, :private) } let(:maintainer) { create(:user) } let(:reporter) { create(:user) } + let(:guest) { create(:user) } let(:non_project_member) { create(:user) } let(:commit) { create(:commit, project: project) } before do project.add_maintainer(maintainer) project.add_reporter(reporter) + project.add_guest(guest) project.repository.add_tag(maintainer, 'v0.1', commit.id) project.repository.add_tag(maintainer, 'v0.2', commit.id) @@ -66,6 +68,24 @@ describe API::Releases do end end + context 'when user is a guest' do + it 'responds 403 Forbidden' do + get api("/projects/#{project.id}/releases", guest) + + expect(response).to have_gitlab_http_status(:forbidden) + end + + context 'when project is public' do + let(:project) { create(:project, :repository, :public) } + + it 'responds 200 OK' do + get api("/projects/#{project.id}/releases", guest) + + expect(response).to have_gitlab_http_status(:ok) + end + end + end + context 'when user is not a project member' do it 'cannot find the project' do get api("/projects/#{project.id}/releases", non_project_member) @@ -189,6 +209,24 @@ describe API::Releases do end end end + + context 'when user is a guest' do + it 'responds 403 Forbidden' do + get api("/projects/#{project.id}/releases/v0.1", guest) + + expect(response).to have_gitlab_http_status(:forbidden) + end + + context 'when project is public' do + let(:project) { create(:project, :repository, :public) } + + it 'responds 200 OK' do + get api("/projects/#{project.id}/releases/v0.1", guest) + + expect(response).to have_gitlab_http_status(:ok) + end + end + end end context 'when specified tag is not found in the project' do |