diff options
| -rw-r--r-- | spec/requests/api/pipelines_spec.rb | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/spec/requests/api/pipelines_spec.rb b/spec/requests/api/pipelines_spec.rb index e786b7531a9..638cc9767d4 100644 --- a/spec/requests/api/pipelines_spec.rb +++ b/spec/requests/api/pipelines_spec.rb @@ -473,11 +473,28 @@ describe API::Pipelines do end context 'unauthorized user' do - it 'should return a 404' do - get api("/projects/#{project.id}/pipelines/#{pipeline.id}", non_member) + context 'when user is not member' do + it 'should return a 404' do + delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", non_member) - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq '404 Project Not Found' + expect(response).to have_gitlab_http_status(404) + expect(json_response['message']).to eq '404 Project Not Found' + end + end + + context 'when user is developer' do + let(:developer) { create(:user) } + + before do + project.add_developer(developer) + end + + it 'should return a 403' do + delete api("/projects/#{project.id}/pipelines/#{pipeline.id}", developer) + + expect(response).to have_gitlab_http_status(403) + expect(json_response['message']).to eq '403 Forbidden' + end end end end |