summaryrefslogtreecommitdiff
path: root/spec/requests
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-03-03 22:27:34 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-03-03 22:27:34 +0000
commitaf4486c9f7697f5186bcef08000ca954793bc31b (patch)
tree8a97f10b4312c42fe226ab2001d5f4b14215245b /spec/requests
parent03979b4aaf060cae40934b2aade0bbe8a210e311 (diff)
downloadgitlab-ce-af4486c9f7697f5186bcef08000ca954793bc31b.tar.gz
Add latest changes from gitlab-org/security/gitlab@13-9-stable-ee
Diffstat (limited to 'spec/requests')
-rw-r--r--spec/requests/api/group_variables_spec.rb51
1 files changed, 24 insertions, 27 deletions
diff --git a/spec/requests/api/group_variables_spec.rb b/spec/requests/api/group_variables_spec.rb
index 41b013f49ee..0b6bf65ca44 100644
--- a/spec/requests/api/group_variables_spec.rb
+++ b/spec/requests/api/group_variables_spec.rb
@@ -3,16 +3,19 @@
require 'spec_helper'
RSpec.describe API::GroupVariables do
- let(:group) { create(:group) }
- let(:user) { create(:user) }
+ let_it_be(:group) { create(:group) }
+ let_it_be(:user) { create(:user) }
+ let_it_be(:variable) { create(:ci_group_variable, group: group) }
- describe 'GET /groups/:id/variables' do
- let!(:variable) { create(:ci_group_variable, group: group) }
+ let(:access_level) {}
+
+ before do
+ group.add_user(user, access_level) if access_level
+ end
+ describe 'GET /groups/:id/variables' do
context 'authorized user with proper permissions' do
- before do
- group.add_maintainer(user)
- end
+ let(:access_level) { :owner }
it 'returns group variables' do
get api("/groups/#{group.id}/variables", user)
@@ -23,6 +26,8 @@ RSpec.describe API::GroupVariables do
end
context 'authorized user with invalid permissions' do
+ let(:access_level) { :maintainer }
+
it 'does not return group variables' do
get api("/groups/#{group.id}/variables", user)
@@ -40,12 +45,8 @@ RSpec.describe API::GroupVariables do
end
describe 'GET /groups/:id/variables/:key' do
- let!(:variable) { create(:ci_group_variable, group: group) }
-
context 'authorized user with proper permissions' do
- before do
- group.add_maintainer(user)
- end
+ let(:access_level) { :owner }
it 'returns group variable details' do
get api("/groups/#{group.id}/variables/#{variable.key}", user)
@@ -64,6 +65,8 @@ RSpec.describe API::GroupVariables do
end
context 'authorized user with invalid permissions' do
+ let(:access_level) { :maintainer }
+
it 'does not return group variable details' do
get api("/groups/#{group.id}/variables/#{variable.key}", user)
@@ -82,11 +85,7 @@ RSpec.describe API::GroupVariables do
describe 'POST /groups/:id/variables' do
context 'authorized user with proper permissions' do
- let!(:variable) { create(:ci_group_variable, group: group) }
-
- before do
- group.add_maintainer(user)
- end
+ let(:access_level) { :owner }
it 'creates variable' do
expect do
@@ -124,6 +123,8 @@ RSpec.describe API::GroupVariables do
end
context 'authorized user with invalid permissions' do
+ let(:access_level) { :maintainer }
+
it 'does not create variable' do
post api("/groups/#{group.id}/variables", user)
@@ -141,12 +142,8 @@ RSpec.describe API::GroupVariables do
end
describe 'PUT /groups/:id/variables/:key' do
- let!(:variable) { create(:ci_group_variable, group: group) }
-
context 'authorized user with proper permissions' do
- before do
- group.add_maintainer(user)
- end
+ let(:access_level) { :owner }
it 'updates variable data' do
initial_variable = group.variables.reload.first
@@ -180,6 +177,8 @@ RSpec.describe API::GroupVariables do
end
context 'authorized user with invalid permissions' do
+ let(:access_level) { :maintainer }
+
it 'does not update variable' do
put api("/groups/#{group.id}/variables/#{variable.key}", user)
@@ -197,12 +196,8 @@ RSpec.describe API::GroupVariables do
end
describe 'DELETE /groups/:id/variables/:key' do
- let!(:variable) { create(:ci_group_variable, group: group) }
-
context 'authorized user with proper permissions' do
- before do
- group.add_maintainer(user)
- end
+ let(:access_level) { :owner }
it 'deletes variable' do
expect do
@@ -224,6 +219,8 @@ RSpec.describe API::GroupVariables do
end
context 'authorized user with invalid permissions' do
+ let(:access_level) { :maintainer }
+
it 'does not delete variable' do
delete api("/groups/#{group.id}/variables/#{variable.key}", user)