diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-12-03 10:05:41 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-12-03 10:05:41 +0000 |
commit | e12f099f39ef8fb81f9b91612f8b35aefba7347c (patch) | |
tree | 03f55fd572a093bd4d278a7baf683ea40451e07f /spec/requests | |
parent | 01a6adb2b453b852a9348365c4e867d6a36ddeb1 (diff) | |
download | gitlab-ce-e12f099f39ef8fb81f9b91612f8b35aefba7347c.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee
Diffstat (limited to 'spec/requests')
-rw-r--r-- | spec/requests/api/lint_spec.rb | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/spec/requests/api/lint_spec.rb b/spec/requests/api/lint_spec.rb index ac30da99afe..0e83b964121 100644 --- a/spec/requests/api/lint_spec.rb +++ b/spec/requests/api/lint_spec.rb @@ -26,6 +26,35 @@ RSpec.describe API::Lint do expect(response).to have_gitlab_http_status(:ok) end end + + context 'when authenticated as external user' do + let(:project) { create(:project) } + let(:api_user) { create(:user, :external) } + + context 'when reporter in a project' do + before do + project.add_reporter(api_user) + end + + it 'returns authorization failure' do + post api('/ci/lint', api_user), params: { content: 'content' } + + expect(response).to have_gitlab_http_status(:unauthorized) + end + end + + context 'when developer in a project' do + before do + project.add_developer(api_user) + end + + it 'returns authorization success' do + post api('/ci/lint', api_user), params: { content: 'content' } + + expect(response).to have_gitlab_http_status(:ok) + end + end + end end context 'when signup is enabled and not limited' do |