diff options
Diffstat (limited to 'spec/controllers/projects')
15 files changed, 403 insertions, 182 deletions
diff --git a/spec/controllers/projects/blob_controller_spec.rb b/spec/controllers/projects/blob_controller_spec.rb index 16be7394174..68551ce4858 100644 --- a/spec/controllers/projects/blob_controller_spec.rb +++ b/spec/controllers/projects/blob_controller_spec.rb @@ -424,7 +424,7 @@ RSpec.describe Projects::BlobController do end end - it_behaves_like 'tracking unique hll events', :track_editor_edit_actions do + it_behaves_like 'tracking unique hll events' do subject(:request) { put :update, params: default_params } let(:target_id) { 'g_edit_by_sfe' } @@ -540,7 +540,7 @@ RSpec.describe Projects::BlobController do sign_in(user) end - it_behaves_like 'tracking unique hll events', :track_editor_edit_actions do + it_behaves_like 'tracking unique hll events' do subject(:request) { post :create, params: default_params } let(:target_id) { 'g_edit_by_sfe' } diff --git a/spec/controllers/projects/ci/daily_build_group_report_results_controller_spec.rb b/spec/controllers/projects/ci/daily_build_group_report_results_controller_spec.rb index 594c24bb7e3..81318b49cd9 100644 --- a/spec/controllers/projects/ci/daily_build_group_report_results_controller_spec.rb +++ b/spec/controllers/projects/ci/daily_build_group_report_results_controller_spec.rb @@ -11,6 +11,7 @@ RSpec.describe Projects::Ci::DailyBuildGroupReportResultsController do let(:end_date) { '2020-03-09' } let(:allowed_to_read) { true } let(:user) { create(:user) } + let(:feature_enabled?) { true } before do create_daily_coverage('rspec', 79.0, '2020-03-09') @@ -24,6 +25,8 @@ RSpec.describe Projects::Ci::DailyBuildGroupReportResultsController do allow(Ability).to receive(:allowed?).and_call_original allow(Ability).to receive(:allowed?).with(user, :read_build_report_results, project).and_return(allowed_to_read) + stub_feature_flags(coverage_data_new_finder: feature_enabled?) + get :index, params: { namespace_id: project.namespace, project_id: project, @@ -55,9 +58,7 @@ RSpec.describe Projects::Ci::DailyBuildGroupReportResultsController do end end - context 'when format is CSV' do - let(:format) { :csv } - + shared_examples 'CSV results' do it 'serves the results in CSV' do expect(response).to have_gitlab_http_status(:ok) expect(response.headers['Content-Type']).to eq('text/csv; charset=utf-8') @@ -88,9 +89,7 @@ RSpec.describe Projects::Ci::DailyBuildGroupReportResultsController do it_behaves_like 'ensuring policy' end - context 'when format is JSON' do - let(:format) { :json } - + shared_examples 'JSON results' do it 'serves the results in JSON' do expect(response).to have_gitlab_http_status(:ok) @@ -137,6 +136,38 @@ RSpec.describe Projects::Ci::DailyBuildGroupReportResultsController do it_behaves_like 'validating param_type' it_behaves_like 'ensuring policy' end + + context 'when format is JSON' do + let(:format) { :json } + + context 'when coverage_data_new_finder flag is enabled' do + let(:feature_enabled?) { true } + + it_behaves_like 'JSON results' + end + + context 'when coverage_data_new_finder flag is disabled' do + let(:feature_enabled?) { false } + + it_behaves_like 'JSON results' + end + end + + context 'when format is CSV' do + let(:format) { :csv } + + context 'when coverage_data_new_finder flag is enabled' do + let(:feature_enabled?) { true } + + it_behaves_like 'CSV results' + end + + context 'when coverage_data_new_finder flag is disabled' do + let(:feature_enabled?) { false } + + it_behaves_like 'CSV results' + end + end end def create_daily_coverage(group_name, coverage, date) diff --git a/spec/controllers/projects/discussions_controller_spec.rb b/spec/controllers/projects/discussions_controller_spec.rb index f9d16e761cb..8a793e29bfa 100644 --- a/spec/controllers/projects/discussions_controller_spec.rb +++ b/spec/controllers/projects/discussions_controller_spec.rb @@ -186,6 +186,13 @@ RSpec.describe Projects::DiscussionsController do expect(Note.find(note.id).discussion.resolved?).to be false end + it "tracks thread unresolve usage data" do + expect(Gitlab::UsageDataCounters::MergeRequestActivityUniqueCounter) + .to receive(:track_unresolve_thread_action).with(user: user) + + delete :unresolve, params: request_params + end + it "returns status 200" do delete :unresolve, params: request_params diff --git a/spec/controllers/projects/forks_controller_spec.rb b/spec/controllers/projects/forks_controller_spec.rb index e8b30294cdd..7da3d403b53 100644 --- a/spec/controllers/projects/forks_controller_spec.rb +++ b/spec/controllers/projects/forks_controller_spec.rb @@ -209,6 +209,13 @@ RSpec.describe Projects::ForksController do } end + let(:created_project) do + Namespace + .find_by_id(params[:namespace_key]) + .projects + .find_by_path(params.fetch(:path, project.path)) + end + subject do post :create, params: params end @@ -260,6 +267,21 @@ RSpec.describe Projects::ForksController do expect(response).to redirect_to(namespace_project_import_path(user.namespace, project, continue: continue_params)) end end + + context 'custom attributes set' do + let(:params) { super().merge(path: 'something_custom', name: 'Something Custom', description: 'Something Custom', visibility: 'private') } + + it 'creates a project with custom values' do + subject + + expect(response).to have_gitlab_http_status(:found) + expect(response).to redirect_to(namespace_project_import_path(user.namespace, params[:path])) + expect(created_project.path).to eq(params[:path]) + expect(created_project.name).to eq(params[:name]) + expect(created_project.description).to eq(params[:description]) + expect(created_project.visibility).to eq(params[:visibility]) + end + end end context 'when user is not signed in' do diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index d3bdf1baaae..81ffd2c4512 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -63,53 +63,20 @@ RSpec.describe Projects::IssuesController do end end - describe 'the null hypothesis experiment', :snowplow do - it 'defines the expected before actions' do - expect(controller).to use_before_action(:run_null_hypothesis_experiment) - end - - context 'when rolled out to 100%' do - it 'assigns the candidate experience and tracks the event' do - get :index, params: { namespace_id: project.namespace, project_id: project } - - expect_snowplow_event( - category: 'null_hypothesis', - action: 'index', - context: [{ - schema: 'iglu:com.gitlab/gitlab_experiment/jsonschema/0-3-0', - data: { variant: 'candidate', experiment: 'null_hypothesis', key: anything } - }] - ) - end + describe 'the null hypothesis experiment', :experiment do + before do + stub_experiments(null_hypothesis: :candidate) end - context 'when not rolled out' do - before do - stub_feature_flags(null_hypothesis: false) - end - - it 'assigns the control experience and tracks the event' do - get :index, params: { namespace_id: project.namespace, project_id: project } - - expect_snowplow_event( - category: 'null_hypothesis', - action: 'index', - context: [{ - schema: 'iglu:com.gitlab/gitlab_experiment/jsonschema/0-3-0', - data: { variant: 'control', experiment: 'null_hypothesis', key: anything } - }] - ) - end + it 'defines the expected before actions' do + expect(controller).to use_before_action(:run_null_hypothesis_experiment) end - context 'when gitlab_experiments is disabled' do - it 'does not run the experiment at all' do - stub_feature_flags(gitlab_experiments: false) + it 'assigns the candidate experience and tracks the event' do + expect(experiment(:null_hypothesis)).to track('index').on_any_instance.for(:candidate) + .with_context(project: project) - expect(controller).not_to receive(:run_null_hypothesis_experiment) - - get :index, params: { namespace_id: project.namespace, project_id: project } - end + get :index, params: { namespace_id: project.namespace, project_id: project } end end end @@ -1314,11 +1281,13 @@ RSpec.describe Projects::IssuesController do let!(:last_spam_log) { spam_logs.last } def post_verified_issue - post_new_issue({}, { spam_log_id: last_spam_log.id, 'g-recaptcha-response': true } ) + post_new_issue({}, { spam_log_id: last_spam_log.id, 'g-recaptcha-response': 'abc123' } ) end before do - expect(controller).to receive_messages(verify_recaptcha: true) + expect_next_instance_of(Captcha::CaptchaVerificationService) do |instance| + expect(instance).to receive(:execute) { true } + end end it 'accepts an issue after reCAPTCHA is verified' do diff --git a/spec/controllers/projects/jobs_controller_spec.rb b/spec/controllers/projects/jobs_controller_spec.rb index 430808e1c63..80e1268cb01 100644 --- a/spec/controllers/projects/jobs_controller_spec.rb +++ b/spec/controllers/projects/jobs_controller_spec.rb @@ -15,54 +15,6 @@ RSpec.describe Projects::JobsController, :clean_gitlab_redis_shared_state do end describe 'GET index' do - describe 'pushing tracking_data to Gon' do - before do - stub_experiment(jobs_empty_state: experiment_active) - stub_experiment_for_subject(jobs_empty_state: in_experiment_group) - - get_index - end - - context 'when experiment not active' do - let(:experiment_active) { false } - let(:in_experiment_group) { false } - - it 'does not push tracking_data to Gon' do - expect(Gon.tracking_data).to be_nil - end - end - - context 'when experiment active and user in control group' do - let(:experiment_active) { true } - let(:in_experiment_group) { false } - - it 'pushes tracking_data to Gon' do - expect(Gon.tracking_data).to match( - { - category: 'Growth::Activation::Experiment::JobsEmptyState', - action: 'click_button', - label: anything, - property: 'control_group' - } - ) - end - end - - context 'when experiment active and user in experimental group' do - let(:experiment_active) { true } - let(:in_experiment_group) { true } - - it 'pushes tracking_data to gon' do - expect(Gon.tracking_data).to match( - category: 'Growth::Activation::Experiment::JobsEmptyState', - action: 'click_button', - label: anything, - property: 'experimental_group' - ) - end - end - end - context 'when scope is pending' do before do create(:ci_build, :pending, pipeline: pipeline) diff --git a/spec/controllers/projects/learn_gitlab_controller_spec.rb b/spec/controllers/projects/learn_gitlab_controller_spec.rb new file mode 100644 index 00000000000..f633f7aa246 --- /dev/null +++ b/spec/controllers/projects/learn_gitlab_controller_spec.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Projects::LearnGitlabController do + describe 'GET #index' do + let_it_be(:user) { create(:user) } + let_it_be(:project) { create(:project, namespace: user.namespace) } + + let(:learn_gitlab_experiment_enabled) { true } + let(:params) { { namespace_id: project.namespace.to_param, project_id: project } } + + subject { get :index, params: params } + + before do + allow(controller.helpers).to receive(:learn_gitlab_experiment_enabled?).and_return(learn_gitlab_experiment_enabled) + end + + context 'unauthenticated user' do + it { is_expected.to have_gitlab_http_status(:redirect) } + end + + context 'authenticated user' do + before do + sign_in(user) + end + + it { is_expected.to render_template(:index) } + + it 'pushes experiment to frontend' do + expect(controller).to receive(:push_frontend_experiment).with(:learn_gitlab_a, subject: user) + expect(controller).to receive(:push_frontend_experiment).with(:learn_gitlab_b, subject: user) + + subject + end + + context 'learn_gitlab experiment not enabled' do + let(:learn_gitlab_experiment_enabled) { false } + + it { is_expected.to have_gitlab_http_status(:not_found) } + end + end + end +end diff --git a/spec/controllers/projects/merge_requests/diffs_controller_spec.rb b/spec/controllers/projects/merge_requests/diffs_controller_spec.rb index f54a07de853..50f8942d9d5 100644 --- a/spec/controllers/projects/merge_requests/diffs_controller_spec.rb +++ b/spec/controllers/projects/merge_requests/diffs_controller_spec.rb @@ -226,11 +226,7 @@ RSpec.describe Projects::MergeRequests::DiffsController do let(:diffable_merge_ref) { true } it 'compares diffs with the head' do - MergeRequests::MergeToRefService.new(project, merge_request.author).execute(merge_request) - - expect(CompareService).to receive(:new).with( - project, merge_request.merge_ref_head.sha - ).and_call_original + create(:merge_request_diff, :merge_head, merge_request: merge_request) go(diff_head: true) @@ -242,8 +238,6 @@ RSpec.describe Projects::MergeRequests::DiffsController do let(:diffable_merge_ref) { false } it 'compares diffs with the base' do - expect(CompareService).not_to receive(:new) - go(diff_head: true) expect(response).to have_gitlab_http_status(:ok) diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb index cf8b4c564c4..9b37c46fd86 100644 --- a/spec/controllers/projects/merge_requests_controller_spec.rb +++ b/spec/controllers/projects/merge_requests_controller_spec.rb @@ -1118,6 +1118,108 @@ RSpec.describe Projects::MergeRequestsController do end end + describe 'GET codequality_mr_diff_reports' do + let_it_be(:merge_request) do + create(:merge_request, + :with_merge_request_pipeline, + target_project: project, + source_project: project) + end + + let(:pipeline) do + create(:ci_pipeline, + :success, + project: merge_request.source_project, + ref: merge_request.source_branch, + sha: merge_request.diff_head_sha) + end + + before do + allow_any_instance_of(MergeRequest) + .to receive(:find_codequality_mr_diff_reports) + .and_return(report) + + allow_any_instance_of(MergeRequest) + .to receive(:actual_head_pipeline) + .and_return(pipeline) + end + + subject(:get_codequality_mr_diff_reports) do + get :codequality_mr_diff_reports, params: { + namespace_id: project.namespace.to_param, + project_id: project, + id: merge_request.iid + }, + format: :json + end + + context 'permissions on a public project with private CI/CD' do + let(:project) { create :project, :repository, :public, :builds_private } + let(:report) { { status: :parsed, data: { 'files' => {} } } } + + context 'while signed out' do + before do + sign_out(user) + end + + it 'responds with a 404' do + get_codequality_mr_diff_reports + + expect(response).to have_gitlab_http_status(:not_found) + expect(response.body).to be_blank + end + end + + context 'while signed in as an unrelated user' do + before do + sign_in(create(:user)) + end + + it 'responds with a 404' do + get_codequality_mr_diff_reports + + expect(response).to have_gitlab_http_status(:not_found) + expect(response.body).to be_blank + end + end + end + + context 'when pipeline has jobs with codequality mr diff report' do + before do + allow_any_instance_of(MergeRequest) + .to receive(:has_codequality_mr_diff_report?) + .and_return(true) + end + + context 'when processing codequality mr diff report is in progress' do + let(:report) { { status: :parsing } } + + it 'sends polling interval' do + expect(Gitlab::PollingInterval).to receive(:set_header) + + get_codequality_mr_diff_reports + end + + it 'returns 204 HTTP status' do + get_codequality_mr_diff_reports + + expect(response).to have_gitlab_http_status(:no_content) + end + end + + context 'when processing codequality mr diff report is completed' do + let(:report) { { status: :parsed, data: { 'files' => {} } } } + + it 'returns codequality mr diff report' do + get_codequality_mr_diff_reports + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to eq({ 'files' => {} }) + end + end + end + end + describe 'GET terraform_reports' do let_it_be(:merge_request) do create(:merge_request, @@ -1269,7 +1371,6 @@ RSpec.describe Projects::MergeRequestsController do describe 'GET test_reports' do let_it_be(:merge_request) do create(:merge_request, - :with_diffs, :with_merge_request_pipeline, target_project: project, source_project: project @@ -1380,7 +1481,6 @@ RSpec.describe Projects::MergeRequestsController do describe 'GET accessibility_reports' do let_it_be(:merge_request) do create(:merge_request, - :with_diffs, :with_merge_request_pipeline, target_project: project, source_project: project @@ -1501,7 +1601,6 @@ RSpec.describe Projects::MergeRequestsController do describe 'GET codequality_reports' do let_it_be(:merge_request) do create(:merge_request, - :with_diffs, :with_merge_request_pipeline, target_project: project, source_project: project diff --git a/spec/controllers/projects/notes_controller_spec.rb b/spec/controllers/projects/notes_controller_spec.rb index e96113c0133..edebaf294c4 100644 --- a/spec/controllers/projects/notes_controller_spec.rb +++ b/spec/controllers/projects/notes_controller_spec.rb @@ -150,7 +150,7 @@ RSpec.describe Projects::NotesController do end it 'returns an empty page of notes' do - expect(Gitlab::EtagCaching::Middleware).not_to receive(:skip!) + expect(Gitlab::EtagCaching::Middleware).to receive(:skip!) request.headers['X-Last-Fetched-At'] = microseconds(Time.zone.now) @@ -169,6 +169,8 @@ RSpec.describe Projects::NotesController do end it 'returns all notes' do + expect(Gitlab::EtagCaching::Middleware).to receive(:skip!) + get :index, params: request_params expect(json_response['notes'].count).to eq((page_1 + page_2 + page_3).size + 1) @@ -313,7 +315,7 @@ RSpec.describe Projects::NotesController do let(:note_text) { 'some note' } let(:request_params) do { - note: { note: note_text, noteable_id: merge_request.id, noteable_type: 'MergeRequest' }, + note: { note: note_text, noteable_id: merge_request.id, noteable_type: 'MergeRequest' }.merge(extra_note_params), namespace_id: project.namespace, project_id: project, merge_request_diff_head_sha: 'sha', @@ -323,6 +325,7 @@ RSpec.describe Projects::NotesController do end let(:extra_request_params) { {} } + let(:extra_note_params) { {} } let(:project_visibility) { Gitlab::VisibilityLevel::PUBLIC } let(:merge_requests_access_level) { ProjectFeature::ENABLED } @@ -421,6 +424,41 @@ RSpec.describe Projects::NotesController do end end + context 'when creating a confidential note' do + let(:extra_request_params) { { format: :json } } + + context 'when `confidential` parameter is not provided' do + it 'sets `confidential` to `false` in JSON response' do + create! + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be false + end + end + + context 'when `confidential` parameter is `false`' do + let(:extra_note_params) { { confidential: false } } + + it 'sets `confidential` to `false` in JSON response' do + create! + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be false + end + end + + context 'when `confidential` parameter is `true`' do + let(:extra_note_params) { { confidential: true } } + + it 'sets `confidential` to `true` in JSON response' do + create! + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['confidential']).to be true + end + end + end + context 'when creating a note with quick actions' do context 'with commands that return changes' do let(:note_text) { "/award :thumbsup:\n/estimate 1d\n/spend 3h" } @@ -725,6 +763,51 @@ RSpec.describe Projects::NotesController do end end end + + context 'when the endpoint receives requests above the limit' do + before do + stub_application_setting(notes_create_limit: 3) + end + + it 'prevents from creating more notes', :request_store do + 3.times { create! } + + expect { create! } + .to change { Gitlab::GitalyClient.get_request_count }.by(0) + + create! + expect(response.body).to eq(_('This endpoint has been requested too many times. Try again later.')) + expect(response).to have_gitlab_http_status(:too_many_requests) + end + + it 'logs the event in auth.log' do + attributes = { + message: 'Application_Rate_Limiter_Request', + env: :notes_create_request_limit, + remote_ip: '0.0.0.0', + request_method: 'POST', + path: "/#{project.full_path}/notes", + user_id: user.id, + username: user.username + } + + expect(Gitlab::AuthLogger).to receive(:error).with(attributes).once + + project.add_developer(user) + sign_in(user) + + 4.times { create! } + end + + it 'allows user in allow-list to create notes, even if the case is different' do + user.update_attribute(:username, user.username.titleize) + stub_application_setting(notes_create_limit_allowlist: ["#{user.username.downcase}"]) + 3.times { create! } + + create! + expect(response).to have_gitlab_http_status(:found) + end + end end describe 'PUT update' do diff --git a/spec/controllers/projects/pipelines/tests_controller_spec.rb b/spec/controllers/projects/pipelines/tests_controller_spec.rb index 61118487e20..e6ff3a487ac 100644 --- a/spec/controllers/projects/pipelines/tests_controller_spec.rb +++ b/spec/controllers/projects/pipelines/tests_controller_spec.rb @@ -34,20 +34,38 @@ RSpec.describe Projects::Pipelines::TestsController do end describe 'GET #show.json' do - context 'when pipeline has build report results' do - let(:pipeline) { create(:ci_pipeline, :with_report_results, project: project) } + context 'when pipeline has builds with test reports' do + let(:main_pipeline) { create(:ci_pipeline, :with_test_reports_with_three_failures, project: project) } + let(:pipeline) { create(:ci_pipeline, :with_test_reports_with_three_failures, project: project, ref: 'new-feature') } let(:suite_name) { 'test' } let(:build_ids) { pipeline.latest_builds.pluck(:id) } + before do + build = main_pipeline.builds.last + build.update_column(:finished_at, 1.day.ago) # Just to be sure we are included in the report window + + # The JUnit fixture for the given build has 3 failures. + # This service will create 1 test case failure record for each. + Ci::TestFailureHistoryService.new(main_pipeline).execute + end + it 'renders test suite data' do get_tests_show_json(build_ids) expect(response).to have_gitlab_http_status(:ok) expect(json_response['name']).to eq('test') + + # Each test failure in this pipeline has a matching failure in the default branch + recent_failures = json_response['test_cases'].map { |tc| tc['recent_failures'] } + expect(recent_failures).to eq([ + { 'count' => 1, 'base_branch' => 'master' }, + { 'count' => 1, 'base_branch' => 'master' }, + { 'count' => 1, 'base_branch' => 'master' } + ]) end end - context 'when pipeline does not have build report results' do + context 'when pipeline has no builds that matches the given build_ids' do let(:pipeline) { create(:ci_empty_pipeline) } let(:suite_name) { 'test' } diff --git a/spec/controllers/projects/pipelines_controller_spec.rb b/spec/controllers/projects/pipelines_controller_spec.rb index be4a1504fc9..e1405660ccb 100644 --- a/spec/controllers/projects/pipelines_controller_spec.rb +++ b/spec/controllers/projects/pipelines_controller_spec.rb @@ -272,72 +272,6 @@ RSpec.describe Projects::PipelinesController do end end - describe 'GET #index' do - subject(:request) { get :index, params: { namespace_id: project.namespace, project_id: project } } - - context 'experiment not active' do - it 'does not push tracking_data to gon' do - request - - expect(Gon.tracking_data).to be_nil - end - - it 'does not record experiment_user' do - expect { request }.not_to change(ExperimentUser, :count) - end - end - - context 'when experiment active' do - before do - stub_experiment(pipelines_empty_state: true) - stub_experiment_for_subject(pipelines_empty_state: true) - end - - it 'pushes tracking_data to Gon' do - request - - expect(Gon.experiments["pipelinesEmptyState"]).to eq(true) - expect(Gon.tracking_data).to match( - { - category: 'Growth::Activation::Experiment::PipelinesEmptyState', - action: 'view', - label: anything, - property: 'experimental_group', - value: anything - } - ) - end - - context 'no pipelines created an no CI set up' do - before do - stub_application_setting(auto_devops_enabled: false) - end - - it 'records experiment_user' do - expect { request }.to change(ExperimentUser, :count).by(1) - end - end - - context 'CI set up' do - it 'does not record experiment_user' do - expect { request }.not_to change(ExperimentUser, :count) - end - end - - context 'pipelines created' do - let!(:pipeline) { create(:ci_pipeline, project: project) } - - before do - stub_application_setting(auto_devops_enabled: false) - end - - it 'does not record experiment_user' do - expect { request }.not_to change(ExperimentUser, :count) - end - end - end - end - describe 'GET show.json' do let(:pipeline) { create(:ci_pipeline, project: project) } diff --git a/spec/controllers/projects/project_members_controller_spec.rb b/spec/controllers/projects/project_members_controller_spec.rb index d30cc8cbfd9..53a7c2ca069 100644 --- a/spec/controllers/projects/project_members_controller_spec.rb +++ b/spec/controllers/projects/project_members_controller_spec.rb @@ -325,6 +325,18 @@ RSpec.describe Projects::ProjectMembersController do expect(requester.reload.expires_at).not_to eq(expires_at.to_date) end + + it 'returns error status' do + subject + + expect(response).to have_gitlab_http_status(:unprocessable_entity) + end + + it 'returns error message' do + subject + + expect(json_response).to eq({ 'message' => 'Expires at cannot be a date in the past' }) + end end context 'when set to a date in the future' do diff --git a/spec/controllers/projects/security/configuration_controller_spec.rb b/spec/controllers/projects/security/configuration_controller_spec.rb new file mode 100644 index 00000000000..ef255d1efd0 --- /dev/null +++ b/spec/controllers/projects/security/configuration_controller_spec.rb @@ -0,0 +1,55 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Projects::Security::ConfigurationController do + let(:project) { create(:project, :public) } + let(:user) { create(:user) } + + before do + allow(controller).to receive(:ensure_security_and_compliance_enabled!) + + sign_in(user) + end + + describe 'GET show' do + context 'when feature flag is disabled' do + before do + stub_feature_flags(secure_security_and_compliance_configuration_page_on_ce: false) + end + + it 'renders not found' do + get :show, params: { namespace_id: project.namespace, project_id: project } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'when feature flag is enabled' do + context 'when user has guest access' do + before do + project.add_guest(user) + end + + it 'denies access' do + get :show, params: { namespace_id: project.namespace, project_id: project } + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + + context 'when user has developer access' do + before do + project.add_developer(user) + end + + it 'grants access' do + get :show, params: { namespace_id: project.namespace, project_id: project } + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template(:show) + end + end + end + end +end diff --git a/spec/controllers/projects/templates_controller_spec.rb b/spec/controllers/projects/templates_controller_spec.rb index 01593f4133c..fe282baf769 100644 --- a/spec/controllers/projects/templates_controller_spec.rb +++ b/spec/controllers/projects/templates_controller_spec.rb @@ -165,7 +165,8 @@ RSpec.describe Projects::TemplatesController do expect(response).to have_gitlab_http_status(:ok) expect(json_response.size).to eq(2) - expect(json_response).to match(expected_template_names) + expect(json_response.size).to eq(2) + expect(json_response.map { |x| x.slice('name') }).to match(expected_template_names) end it 'fails for user with no access' do |