1 files changed, 48 insertions, 18 deletions

diff --git a/spec/controllers/projects/boards_controller_spec.rb b/spec/controllers/projects/boards_controller_spec.rb
index 4d765229bde..509f19ed030 100644
--- a/spec/controllers/projects/boards_controller_spec.rb
+++ b/spec/controllers/projects/boards_controller_spec.rb
@@ -27,6 +27,20 @@ describe Projects::BoardsController do
         expect(response).to render_template :index
         expect(response.content_type).to eq 'text/html'
       end
+
+      context 'with unauthorized user' do
+        before do
+          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+          allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+        end
+
+        it 'returns a not found 404 response' do
+          list_boards
+
+          expect(response).to have_gitlab_http_status(404)
+          expect(response.content_type).to eq 'text/html'
+        end
+      end
     end
 
     context 'when format is JSON' do
@@ -40,18 +54,19 @@ describe Projects::BoardsController do
         expect(response).to match_response_schema('boards')
         expect(parsed_response.length).to eq 2
       end
-    end
 
-    context 'with unauthorized user' do
-      before do
-        allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
-        allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
-      end
+      context 'with unauthorized user' do
+        before do
+          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+          allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+        end
 
-      it 'returns a not found 404 response' do
-        list_boards
+        it 'returns a not found 404 response' do
+          list_boards format: :json
 
-        expect(response).to have_gitlab_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
+          expect(response.content_type).to eq 'application/json'
+        end
       end
     end
 
@@ -88,6 +103,20 @@ describe Projects::BoardsController do
         expect(response).to render_template :show
         expect(response.content_type).to eq 'text/html'
       end
+
+      context 'with unauthorized user' do
+        before do
+          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+          allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+        end
+
+        it 'returns a not found 404 response' do
+          read_board board: board
+
+          expect(response).to have_gitlab_http_status(404)
+          expect(response.content_type).to eq 'text/html'
+        end
+      end
     end
 
     context 'when format is JSON' do
@@ -96,18 +125,19 @@ describe Projects::BoardsController do
 
         expect(response).to match_response_schema('board')
       end
-    end
 
-    context 'with unauthorized user' do
-      before do
-        allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
-        allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
-      end
+      context 'with unauthorized user' do
+        before do
+          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+          allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+        end
 
-      it 'returns a not found 404 response' do
-        read_board board: board
+        it 'returns a not found 404 response' do
+          read_board board: board, format: :json
 
-        expect(response).to have_gitlab_http_status(404)
+          expect(response).to have_gitlab_http_status(404)
+          expect(response.content_type).to eq 'application/json'
+        end
       end
     end