diff options
3 files changed, 21 insertions, 11 deletions
diff --git a/spec/controllers/projects/boards/issues_controller_spec.rb b/spec/controllers/projects/boards/issues_controller_spec.rb index 2c6cdf086b8..d0ad5e26dbd 100644 --- a/spec/controllers/projects/boards/issues_controller_spec.rb +++ b/spec/controllers/projects/boards/issues_controller_spec.rb @@ -40,10 +40,12 @@ describe Projects::Boards::IssuesController do end context 'with unauthorized user' do - it 'returns a successful 403 response' do + before do allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true) allow(Ability.abilities).to receive(:allowed?).with(user, :read_issue, project).and_return(false) + end + it 'returns a successful 403 response' do list_issues user: user, list_id: list2 expect(response).to have_http_status(403) diff --git a/spec/controllers/projects/boards/lists_controller_spec.rb b/spec/controllers/projects/boards/lists_controller_spec.rb index a241e2f363f..9496636e3cc 100644 --- a/spec/controllers/projects/boards/lists_controller_spec.rb +++ b/spec/controllers/projects/boards/lists_controller_spec.rb @@ -33,13 +33,17 @@ describe Projects::Boards::ListsController do expect(parsed_response.length).to eq 3 end - it 'returns a successful 403 response with unauthorized user' do - allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true) - allow(Ability.abilities).to receive(:allowed?).with(user, :read_list, project).and_return(false) + context 'with unauthorized user' do + before do + allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true) + allow(Ability.abilities).to receive(:allowed?).with(user, :read_list, project).and_return(false) + end - read_board_list user: user + it 'returns a successful 403 response' do + read_board_list user: user - expect(response).to have_http_status(403) + expect(response).to have_http_status(403) + end end def read_board_list(user:) diff --git a/spec/controllers/projects/boards_controller_spec.rb b/spec/controllers/projects/boards_controller_spec.rb index 9ed4d8a4218..75a6d39e82c 100644 --- a/spec/controllers/projects/boards_controller_spec.rb +++ b/spec/controllers/projects/boards_controller_spec.rb @@ -21,13 +21,17 @@ describe Projects::BoardsController do expect(response.content_type).to eq 'text/html' end - it 'returns a successful 404 response with unauthorized user' do - allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true) - allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false) + context 'with unauthorized user' do + before do + allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true) + allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false) + end - read_board + it 'returns a successful 404 response' do + read_board - expect(response).to have_http_status(404) + expect(response).to have_http_status(404) + end end def read_board(format: :html) |