diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 07:08:36 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-10-21 07:08:36 +0000 |
commit | 48aff82709769b098321c738f3444b9bdaa694c6 (patch) | |
tree | e00c7c43e2d9b603a5a6af576b1685e400410dee /spec/support/shared_examples/requests/api/snippets_shared_examples.rb | |
parent | 879f5329ee916a948223f8f43d77fba4da6cd028 (diff) | |
download | gitlab-ce-48aff82709769b098321c738f3444b9bdaa694c6.tar.gz |
Add latest changes from gitlab-org/gitlab@13-5-stable-eev13.5.0-rc42
Diffstat (limited to 'spec/support/shared_examples/requests/api/snippets_shared_examples.rb')
-rw-r--r-- | spec/support/shared_examples/requests/api/snippets_shared_examples.rb | 179 |
1 files changed, 152 insertions, 27 deletions
diff --git a/spec/support/shared_examples/requests/api/snippets_shared_examples.rb b/spec/support/shared_examples/requests/api/snippets_shared_examples.rb index 051367fbe96..2b72c69cb37 100644 --- a/spec/support/shared_examples/requests/api/snippets_shared_examples.rb +++ b/spec/support/shared_examples/requests/api/snippets_shared_examples.rb @@ -1,46 +1,30 @@ # frozen_string_literal: true RSpec.shared_examples 'raw snippet files' do - let_it_be(:unauthorized_user) { create(:user) } + let_it_be(:user_token) { create(:personal_access_token, user: snippet.author) } let(:snippet_id) { snippet.id } let(:user) { snippet.author } let(:file_path) { '%2Egitattributes' } let(:ref) { 'master' } - context 'with no user' do - it 'requires authentication' do - get api(api_path) + subject { get api(api_path, personal_access_token: user_token) } - expect(response).to have_gitlab_http_status(:unauthorized) - end - end + context 'with an invalid snippet ID' do + let(:snippet_id) { non_existing_record_id } - shared_examples 'not found' do it 'returns 404' do - get api(api_path, user) + subject expect(response).to have_gitlab_http_status(:not_found) expect(json_response['message']).to eq('404 Snippet Not Found') end end - context 'when not authorized' do - let(:user) { unauthorized_user } - - it_behaves_like 'not found' - end - - context 'with an invalid snippet ID' do - let(:snippet_id) { 'invalid' } - - it_behaves_like 'not found' - end - context 'with valid params' do it 'returns the raw file info' do expect(Gitlab::Workhorse).to receive(:send_git_blob).and_call_original - get api(api_path, user) + subject aggregate_failures do expect(response).to have_gitlab_http_status(:ok) @@ -52,6 +36,17 @@ RSpec.shared_examples 'raw snippet files' do end end + context 'with unauthorized user' do + let(:user_token) { create(:personal_access_token) } + + it 'returns 404' do + subject + + expect(response).to have_gitlab_http_status(:not_found) + expect(json_response['message']).to eq('404 Snippet Not Found') + end + end + context 'with invalid params' do using RSpec::Parameterized::TableSyntax @@ -68,12 +63,12 @@ RSpec.shared_examples 'raw snippet files' do end with_them do - before do - get api(api_path, user) - end + it 'returns the proper response code and message' do + subject - it { expect(response).to have_gitlab_http_status(status) } - it { expect(json_response[key]).to eq(message) } + expect(response).to have_gitlab_http_status(status) + expect(json_response[key]).to eq(message) + end end end end @@ -216,3 +211,133 @@ RSpec.shared_examples 'invalid snippet updates' do expect(json_response['error']).to eq 'title is empty' end end + +RSpec.shared_examples 'snippet access with different users' do + using RSpec::Parameterized::TableSyntax + + where(:requester, :visibility, :status) do + :admin | :public | :ok + :admin | :private | :ok + :admin | :internal | :ok + :author | :public | :ok + :author | :private | :ok + :author | :internal | :ok + :other | :public | :ok + :other | :private | :not_found + :other | :internal | :ok + nil | :public | :ok + nil | :private | :not_found + nil | :internal | :not_found + end + + with_them do + let(:snippet) { snippet_for(visibility) } + + it 'returns the correct response' do + request_user = user_for(requester) + + get api(path, request_user) + + expect(response).to have_gitlab_http_status(status) + end + end + + def user_for(user_type) + case user_type + when :author + user + when :other + other_user + when :admin + admin + else + nil + end + end + + def snippet_for(snippet_type) + case snippet_type + when :private + private_snippet + when :internal + internal_snippet + when :public + public_snippet + end + end +end + +RSpec.shared_examples 'expected response status' do + it 'returns the correct response' do + get api(path, personal_access_token: user_token) + + expect(response).to have_gitlab_http_status(status) + end +end + +RSpec.shared_examples 'unauthenticated project snippet access' do + using RSpec::Parameterized::TableSyntax + + let(:user_token) { nil } + + where(:project_visibility, :snippet_visibility, :status) do + :public | :public | :ok + :public | :private | :not_found + :public | :internal | :not_found + :internal | :public | :not_found + :private | :public | :not_found + end + + with_them do + it_behaves_like 'expected response status' + end +end + +RSpec.shared_examples 'non-member project snippet access' do + using RSpec::Parameterized::TableSyntax + + where(:project_visibility, :snippet_visibility, :status) do + :public | :public | :ok + :public | :internal | :ok + :internal | :public | :ok + :public | :private | :not_found + :private | :public | :not_found + end + + with_them do + it_behaves_like 'expected response status' + end +end + +RSpec.shared_examples 'member project snippet access' do + using RSpec::Parameterized::TableSyntax + + before do + project.add_guest(user) + end + + where(:project_visibility, :snippet_visibility, :status) do + :public | :public | :ok + :public | :internal | :ok + :internal | :public | :ok + :public | :private | :ok + :private | :public | :ok + end + + with_them do + it_behaves_like 'expected response status' + end +end + +RSpec.shared_examples 'project snippet access levels' do + let_it_be(:user_token) { create(:personal_access_token, user: user) } + + let(:project) { create(:project, project_visibility) } + let(:snippet) { create(:project_snippet, :repository, snippet_visibility, project: project) } + + it_behaves_like 'unauthenticated project snippet access' + + it_behaves_like 'non-member project snippet access' + + it_behaves_like 'member project snippet access' +end |