Insert users check into api

author: Felipe Artur <felipefac@gmail.com> 2016-04-06 18:09:24 -0300
committer: Felipe Artur <felipefac@gmail.com> 2016-04-18 11:12:27 -0300
commit: ce96d482d9056e9acdfea02d055c2706653cba92 (patch)
tree: 11cb452624cc94597f7ff12cef0c10933346c5ab /spec/requests/api/users_spec.rb
parent: 07b38c3b389b8b0b6a3d6af7a38555c189e71afe (diff)
download: gitlab-ce-ce96d482d9056e9acdfea02d055c2706653cba92.tar.gz
1 files changed, 18 insertions, 0 deletions
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 679227bf881..40b24c125b5 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -20,6 +20,24 @@ describe API::API, api: true  do
     end
 
     context "when authenticated" do
+      #These specs are written just in case API authentication is not required anymore
+      context "when public level is restricted" do
+        before do
+          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+          allow_any_instance_of(API::Helpers).to receive(:authenticate!).and_return(true)
+        end
+
+        it "renders 403" do
+          get api("/users")
+          expect(response.status).to eq(403)
+        end
+
+        it "renders 404" do
+          get api("/users/#{user.id}")
+          expect(response.status).to eq(404)
+        end
+      end
+
       it "should return an array of users" do
         get api("/users", user)
         expect(response.status).to eq(200)
author	Felipe Artur <felipefac@gmail.com>	2016-04-06 18:09:24 -0300
committer	Felipe Artur <felipefac@gmail.com>	2016-04-18 11:12:27 -0300
commit	ce96d482d9056e9acdfea02d055c2706653cba92 (patch)
tree	11cb452624cc94597f7ff12cef0c10933346c5ab /spec/requests/api/users_spec.rb
parent	07b38c3b389b8b0b6a3d6af7a38555c189e71afe (diff)
download	gitlab-ce-ce96d482d9056e9acdfea02d055c2706653cba92.tar.gz