diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-01-18 19:00:14 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-01-18 19:00:14 +0000 |
commit | 05f0ebba3a2c8ddf39e436f412dc2ab5bf1353b2 (patch) | |
tree | 11d0f2a6ec31c7793c184106cedc2ded3d9a2cc5 /spec/requests/api/users_spec.rb | |
parent | ec73467c23693d0db63a797d10194da9e72a74af (diff) | |
download | gitlab-ce-05f0ebba3a2c8ddf39e436f412dc2ab5bf1353b2.tar.gz |
Add latest changes from gitlab-org/gitlab@15-8-stable-eev15.8.0-rc42
Diffstat (limited to 'spec/requests/api/users_spec.rb')
-rw-r--r-- | spec/requests/api/users_spec.rb | 277 |
1 files changed, 222 insertions, 55 deletions
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index bfb71d95f5e..c063187fdf4 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -1454,6 +1454,46 @@ RSpec.describe API::Users, feature_category: :users do include_examples 'does not allow the "read_user" scope' end + + context "`private_profile` attribute" do + context "based on the application setting" do + before do + stub_application_setting(user_defaults_to_private_profile: true) + end + + let(:params) { attributes_for(:user) } + + shared_examples_for 'creates the user with the value of `private_profile` based on the application setting' do + specify do + post api("/users", admin), params: params + + expect(response).to have_gitlab_http_status(:created) + user = User.find_by(id: json_response['id'], private_profile: true) + expect(user).to be_present + end + end + + context 'when the attribute is not overridden in params' do + it_behaves_like 'creates the user with the value of `private_profile` based on the application setting' + end + + context 'when the attribute is overridden in params' do + it 'creates the user with the value of `private_profile` same as the value of the overridden param' do + post api("/users", admin), params: params.merge(private_profile: false) + + expect(response).to have_gitlab_http_status(:created) + user = User.find_by(id: json_response['id'], private_profile: false) + expect(user).to be_present + end + + context 'overridden as `nil`' do + let(:params) { attributes_for(:user, private_profile: nil) } + + it_behaves_like 'creates the user with the value of `private_profile` based on the application setting' + end + end + end + end end describe "PUT /users/:id" do @@ -1634,12 +1674,6 @@ RSpec.describe API::Users, feature_category: :users do expect(user.reload.external?).to be_truthy end - it "private profile is false by default" do - put api("/users/#{user.id}", admin), params: {} - - expect(user.reload.private_profile).to eq(false) - end - it "does have default values for theme and color-scheme ID" do put api("/users/#{user.id}", admin), params: {} @@ -1647,13 +1681,6 @@ RSpec.describe API::Users, feature_category: :users do expect(user.reload.color_scheme_id).to eq(Gitlab::ColorSchemes.default.id) end - it "updates private profile" do - put api("/users/#{user.id}", admin), params: { private_profile: true } - - expect(response).to have_gitlab_http_status(:ok) - expect(user.reload.private_profile).to eq(true) - end - it "updates viewing diffs file by file" do put api("/users/#{user.id}", admin), params: { view_diffs_file_by_file: true } @@ -1661,22 +1688,40 @@ RSpec.describe API::Users, feature_category: :users do expect(user.reload.user_preference.view_diffs_file_by_file?).to eq(true) end - it "updates private profile to false when nil is given" do - user.update!(private_profile: true) + context 'updating `private_profile`' do + it "updates private profile" do + current_value = user.private_profile + new_value = !current_value - put api("/users/#{user.id}", admin), params: { private_profile: nil } + put api("/users/#{user.id}", admin), params: { private_profile: new_value } - expect(response).to have_gitlab_http_status(:ok) - expect(user.reload.private_profile).to eq(false) - end + expect(response).to have_gitlab_http_status(:ok) + expect(user.reload.private_profile).to eq(new_value) + end + + context 'when `private_profile` is set to `nil`' do + before do + stub_application_setting(user_defaults_to_private_profile: true) + end - it "does not modify private profile when field is not provided" do - user.update!(private_profile: true) + it "updates private_profile to value of the application setting" do + user.update!(private_profile: false) - put api("/users/#{user.id}", admin), params: {} + put api("/users/#{user.id}", admin), params: { private_profile: nil } - expect(response).to have_gitlab_http_status(:ok) - expect(user.reload.private_profile).to eq(true) + expect(response).to have_gitlab_http_status(:ok) + expect(user.reload.private_profile).to eq(true) + end + end + + it "does not modify private profile when field is not provided" do + user.update!(private_profile: true) + + put api("/users/#{user.id}", admin), params: {} + + expect(response).to have_gitlab_http_status(:ok) + expect(user.reload.private_profile).to eq(true) + end end it "does not modify theme or color-scheme ID when field is not provided" do @@ -3617,6 +3662,15 @@ RSpec.describe API::Users, feature_category: :users do expect(response.body).to eq('true') expect(user.reload.state).to eq('blocked') end + + it 'saves a custom attribute', :freeze_time, feature_category: :insider_threat do + block_user + + custom_attribute = user.custom_attributes.last + + expect(custom_attribute.key).to eq(UserCustomAttribute::BLOCKED_BY) + expect(custom_attribute.value).to eq("#{admin.username}/#{admin.id}+#{Time.current}") + end end context 'with an ldap blocked user' do @@ -3708,6 +3762,15 @@ RSpec.describe API::Users, feature_category: :users do expect(response).to have_gitlab_http_status(:created) expect(blocked_user.reload.state).to eq('active') end + + it 'saves a custom attribute', :freeze_time, feature_category: :insider_threat do + unblock_user + + custom_attribute = blocked_user.custom_attributes.last + + expect(custom_attribute.key).to eq(UserCustomAttribute::UNBLOCKED_BY) + expect(custom_attribute.value).to eq("#{admin.username}/#{admin.id}+#{Time.current}") + end end context 'with a ldap blocked user' do @@ -4045,60 +4108,164 @@ RSpec.describe API::Users, feature_category: :users do end end - describe 'GET /user/status' do - let(:path) { '/user/status' } + describe '/user/status' do + let(:user_status) { create(:user_status, clear_status_at: 8.hours.from_now) } + let(:user_with_status) { user_status.user } + let(:params) { {} } + let(:request_user) { user } - it_behaves_like 'rendering user status' - end + shared_examples '/user/status successful response' do + context 'when request is successful' do + let(:params) { { emoji: 'smirk', message: 'hello world' } } - describe 'PUT /user/status' do - it 'saves the status' do - put api('/user/status', user), params: { emoji: 'smirk', message: 'hello world' } + it 'saves the status' do + set_user_status - expect(response).to have_gitlab_http_status(:success) - expect(json_response['emoji']).to eq('smirk') + expect(response).to have_gitlab_http_status(:success) + expect(json_response['emoji']).to eq('smirk') + expect(json_response['message']).to eq('hello world') + end + end end - it 'renders errors when the status was invalid' do - put api('/user/status', user), params: { emoji: 'does not exist', message: 'hello world' } + shared_examples '/user/status unsuccessful response' do + context 'when request is unsuccessful' do + let(:params) { { emoji: 'does not exist', message: 'hello world' } } - expect(response).to have_gitlab_http_status(:bad_request) - expect(json_response['message']['emoji']).to be_present + it 'renders errors' do + set_user_status + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['message']['emoji']).to be_present + end + end end - it 'deletes the status when passing empty values' do - put api('/user/status', user) + shared_examples '/user/status passing nil for params' do + context 'when passing nil for params' do + let(:params) { { emoji: nil, message: nil, clear_status_after: nil } } + let(:request_user) { user_with_status } - expect(response).to have_gitlab_http_status(:success) - expect(user.reload.status).to be_nil + it 'deletes the status' do + set_user_status + + expect(response).to have_gitlab_http_status(:success) + expect(user_with_status.status).to be_nil + end + end end - context 'when clear_status_after is given' do - it 'sets the clear_status_at column' do - freeze_time do + shared_examples '/user/status clear_status_after field' do + context 'when clear_status_after is valid', :freeze_time do + let(:params) { { emoji: 'smirk', message: 'hello world', clear_status_after: '3_hours' } } + + it 'sets the clear_status_at column' do expected_clear_status_at = 3.hours.from_now - put api('/user/status', user), params: { emoji: 'smirk', message: 'hello world', clear_status_after: '3_hours' } + set_user_status expect(response).to have_gitlab_http_status(:success) - expect(user.status.reload.clear_status_at).to be_within(1.minute).of(expected_clear_status_at) - expect(Time.parse(json_response["clear_status_at"])).to be_within(1.minute).of(expected_clear_status_at) + expect(user.status.clear_status_at).to be_like_time(expected_clear_status_at) + expect(Time.parse(json_response["clear_status_at"])).to be_like_time(expected_clear_status_at) end end - it 'unsets the clear_status_at column' do - user.create_status!(clear_status_at: 5.hours.ago) + context 'when clear_status_after is nil' do + let(:params) { { emoji: 'smirk', message: 'hello world', clear_status_after: nil } } + let(:request_user) { user_with_status } - put api('/user/status', user), params: { emoji: 'smirk', message: 'hello world', clear_status_after: nil } + it 'unsets the clear_status_at column' do + set_user_status - expect(response).to have_gitlab_http_status(:success) - expect(user.status.reload.clear_status_at).to be_nil + expect(response).to have_gitlab_http_status(:success) + expect(user_with_status.status.clear_status_at).to be_nil + end end - it 'raises error when unknown status value is given' do - put api('/user/status', user), params: { emoji: 'smirk', message: 'hello world', clear_status_after: 'wrong' } + context 'when clear_status_after is invalid' do + let(:params) { { emoji: 'smirk', message: 'hello world', clear_status_after: 'invalid' } } - expect(response).to have_gitlab_http_status(:bad_request) + it 'raises error when unknown status value is given' do + set_user_status + + expect(response).to have_gitlab_http_status(:bad_request) + end + end + end + + describe 'GET' do + let(:path) { '/user/status' } + + it_behaves_like 'rendering user status' + end + + describe 'PUT' do + subject(:set_user_status) { put api('/user/status', request_user), params: params } + + include_examples '/user/status successful response' + + include_examples '/user/status unsuccessful response' + + include_examples '/user/status passing nil for params' + + include_examples '/user/status clear_status_after field' + + context 'when passing empty params' do + let(:request_user) { user_with_status } + + it 'deletes the status' do + set_user_status + + expect(response).to have_gitlab_http_status(:success) + expect(user_with_status.status).to be_nil + end + end + + context 'when clear_status_after is not given' do + let(:params) { { emoji: 'smirk', message: 'hello world' } } + let(:request_user) { user_with_status } + + it 'unsets clear_status_at column' do + set_user_status + + expect(response).to have_gitlab_http_status(:success) + expect(user_with_status.status.clear_status_at).to be_nil + end + end + end + + describe 'PATCH' do + subject(:set_user_status) { patch api('/user/status', request_user), params: params } + + include_examples '/user/status successful response' + + include_examples '/user/status unsuccessful response' + + include_examples '/user/status passing nil for params' + + include_examples '/user/status clear_status_after field' + + context 'when passing empty params' do + let(:request_user) { user_with_status } + + it 'does not update the status' do + set_user_status + + expect(response).to have_gitlab_http_status(:success) + expect(user_with_status.status).to eq(user_status) + end + end + + context 'when clear_status_after is not given' do + let(:params) { { emoji: 'smirk', message: 'hello world' } } + let(:request_user) { user_with_status } + + it 'does not unset clear_status_at column' do + set_user_status + + expect(response).to have_gitlab_http_status(:success) + expect(user_with_status.status.clear_status_at).not_to be_nil + end end end end |