1 files changed, 75 insertions, 0 deletions

diff --git a/spec/controllers/groups/releases_controller_spec.rb b/spec/controllers/groups/releases_controller_spec.rb
new file mode 100644
index 00000000000..0925548f60a
--- /dev/null
+++ b/spec/controllers/groups/releases_controller_spec.rb
@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Groups::ReleasesController do
+  let(:group) { create(:group) }
+  let!(:project)         { create(:project, :repository, :public, namespace: group) }
+  let!(:private_project) { create(:project, :repository, :private, namespace: group) }
+  let(:developer)        { create(:user) }
+  let!(:release_1)       { create(:release, project: project, tag: 'v1', released_at: Time.zone.parse('2020-02-15')) }
+  let!(:release_2)       { create(:release, project: project, tag: 'v2', released_at: Time.zone.parse('2020-02-20')) }
+  let!(:private_release_1)       { create(:release, project: private_project, tag: 'p1', released_at: Time.zone.parse('2020-03-01')) }
+  let!(:private_release_2)       { create(:release, project: private_project, tag: 'p2', released_at: Time.zone.parse('2020-03-05')) }
+
+  before do
+    private_project.add_developer(developer)
+  end
+
+  describe 'GET #index' do
+    context 'as json' do
+      let(:format) { :json }
+
+      subject { get :index, params: { group_id: group }, format: format }
+
+      context 'json_response' do
+        before do
+          subject
+        end
+
+        it 'returns an application/json content_type' do
+          expect(response.content_type).to eq 'application/json'
+        end
+
+        it 'returns OK' do
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'the user is not authorized' do
+        before do
+          subject
+        end
+
+        it 'does not return any releases' do
+          expect(json_response.map {|r| r['tag'] } ).to match_array(%w(v2 v1))
+        end
+
+        it 'returns OK' do
+          expect(response).to have_gitlab_http_status(:ok)
+        end
+      end
+
+      context 'the user is authorized' do
+        it "returns all group's public and private project's releases as JSON, ordered by released_at" do
+          sign_in(developer)
+
+          subject
+
+          expect(json_response.map {|r| r['tag'] } ).to match_array(%w(p2 p1 v2 v1))
+        end
+      end
+
+      context 'N+1 queries' do
+        it 'avoids N+1 database queries' do
+          control_count = ActiveRecord::QueryRecorder.new { subject }.count
+
+          create_list(:release, 5, project: project)
+          create_list(:release, 5, project: private_project)
+
+          expect { subject }.not_to exceed_query_limit(control_count)
+        end
+      end
+    end
+  end
+end