diff options
| author | Rémy Coutable <remy@rymai.me> | 2016-06-17 18:59:33 +0200 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-06-18 06:06:34 +0200 |
| commit | 654565c9dc734a597c525a75c8f72dd63235604b (patch) | |
| tree | 0dbd5935c0019201dc93ee183e69e95d5f3513ce /spec | |
| parent | a08a26ac814d7fd9f7523e22847fab0cc25ceb78 (diff) | |
| download | gitlab-ce-654565c9dc734a597c525a75c8f72dd63235604b.tar.gz | |
Raise a new Gitlab::Access::AccessDeniedError when permission is not enough to destroy a member
This is a try for a new approach to put the access checks at the service level.
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/services/members/destroy_service_spec.rb | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/spec/services/members/destroy_service_spec.rb b/spec/services/members/destroy_service_spec.rb index 04c2782c125..2395445e7fd 100644 --- a/spec/services/members/destroy_service_spec.rb +++ b/spec/services/members/destroy_service_spec.rb @@ -5,13 +5,23 @@ describe Members::DestroyService, services: true do let(:project) { create(:project) } let!(:member) { create(:project_member, source: project) } + context 'when member is nil' do + before do + project.team << [user, :developer] + end + + it 'does not destroy the member' do + expect { destroy_member(nil, user) }.to raise_error(Gitlab::Access::AccessDeniedError) + end + end + context 'when current user cannot destroy the given member' do before do project.team << [user, :developer] end it 'does not destroy the member' do - expect(destroy_member(member, user)).not_to be_destroyed + expect { destroy_member(member, user) }.to raise_error(Gitlab::Access::AccessDeniedError) end end @@ -21,7 +31,9 @@ describe Members::DestroyService, services: true do end it 'destroys the member' do - expect(destroy_member(member, user)).to be_destroyed + destroy_member(member, user) + + expect(member).to be_destroyed end context 'when the given member is a requester' do @@ -42,6 +54,14 @@ describe Members::DestroyService, services: true do destroy_member(member, member.user) end end + + context 'when current user is the member and ' do + it 'does not call Member#after_decline_request' do + expect_any_instance_of(NotificationService).not_to receive(:decline_access_request).with(member) + + destroy_member(member, member.user) + end + end end end |