summaryrefslogtreecommitdiff
path: root/spec/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'spec/controllers')
-rw-r--r--spec/controllers/application_controller_spec.rb8
-rw-r--r--spec/controllers/groups/milestones_controller_spec.rb12
-rw-r--r--spec/controllers/projects/artifacts_controller_spec.rb188
-rw-r--r--spec/controllers/projects/branches_controller_spec.rb38
-rw-r--r--spec/controllers/projects/deploy_keys_controller_spec.rb66
-rw-r--r--spec/controllers/projects/deployments_controller_spec.rb42
-rw-r--r--spec/controllers/projects/issues_controller_spec.rb24
-rw-r--r--spec/controllers/projects/milestones_controller_spec.rb3
-rw-r--r--spec/controllers/projects/notes_controller_spec.rb41
-rw-r--r--spec/controllers/projects/pages_controller_spec.rb57
-rw-r--r--spec/controllers/projects/pages_domains_controller_spec.rb58
-rw-r--r--spec/controllers/snippets/notes_controller_spec.rb196
-rw-r--r--spec/controllers/snippets_controller_spec.rb180
-rw-r--r--spec/controllers/uploads_controller_spec.rb87
14 files changed, 891 insertions, 109 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 760f33b09c1..1bf0533ca24 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -4,7 +4,7 @@ describe ApplicationController do
let(:user) { create(:user) }
describe '#check_password_expiration' do
- let(:controller) { ApplicationController.new }
+ let(:controller) { described_class.new }
it 'redirects if the user is over their password expiry' do
user.password_expires_at = Time.new(2002)
@@ -34,7 +34,7 @@ describe ApplicationController do
describe "#authenticate_user_from_token!" do
describe "authenticating a user from a private token" do
- controller(ApplicationController) do
+ controller(described_class) do
def index
render text: "authenticated"
end
@@ -66,7 +66,7 @@ describe ApplicationController do
end
describe "authenticating a user from a personal access token" do
- controller(ApplicationController) do
+ controller(described_class) do
def index
render text: 'authenticated'
end
@@ -115,7 +115,7 @@ describe ApplicationController do
end
context 'two-factor authentication' do
- let(:controller) { ApplicationController.new }
+ let(:controller) { described_class.new }
describe '#check_two_factor_requirement' do
subject { controller.send :check_two_factor_requirement }
diff --git a/spec/controllers/groups/milestones_controller_spec.rb b/spec/controllers/groups/milestones_controller_spec.rb
index 6e4b5f78e33..7cf2996ffd0 100644
--- a/spec/controllers/groups/milestones_controller_spec.rb
+++ b/spec/controllers/groups/milestones_controller_spec.rb
@@ -6,6 +6,16 @@ describe Groups::MilestonesController do
let(:project2) { create(:empty_project, group: group) }
let(:user) { create(:user) }
let(:title) { '肯定不是中文的问题' }
+ let(:milestone) do
+ project_milestone = create(:milestone, project: project)
+
+ GroupMilestone.build(
+ group,
+ [project],
+ project_milestone.title
+ )
+ end
+ let(:milestone_path) { group_milestone_path(group, milestone.safe_title, title: milestone.title) }
before do
sign_in(user)
@@ -14,6 +24,8 @@ describe Groups::MilestonesController do
controller.instance_variable_set(:@group, group)
end
+ it_behaves_like 'milestone tabs'
+
describe "#create" do
it "creates group milestone with Chinese title" do
post :create,
diff --git a/spec/controllers/projects/artifacts_controller_spec.rb b/spec/controllers/projects/artifacts_controller_spec.rb
new file mode 100644
index 00000000000..eff9fab8da2
--- /dev/null
+++ b/spec/controllers/projects/artifacts_controller_spec.rb
@@ -0,0 +1,188 @@
+require 'spec_helper'
+
+describe Projects::ArtifactsController do
+ let(:user) { create(:user) }
+ let(:project) { create(:project, :repository) }
+
+ let(:pipeline) do
+ create(:ci_pipeline,
+ project: project,
+ sha: project.commit.sha,
+ ref: project.default_branch,
+ status: 'success')
+ end
+
+ let(:build) { create(:ci_build, :success, :artifacts, pipeline: pipeline) }
+
+ before do
+ project.team << [user, :developer]
+
+ sign_in(user)
+ end
+
+ describe 'GET download' do
+ it 'sends the artifacts file' do
+ expect(controller).to receive(:send_file).with(build.artifacts_file.path, disposition: 'attachment').and_call_original
+
+ get :download, namespace_id: project.namespace, project_id: project, build_id: build
+ end
+ end
+
+ describe 'GET browse' do
+ context 'when the directory exists' do
+ it 'renders the browse view' do
+ get :browse, namespace_id: project.namespace, project_id: project, build_id: build, path: 'other_artifacts_0.1.2'
+
+ expect(response).to render_template('projects/artifacts/browse')
+ end
+ end
+
+ context 'when the directory does not exist' do
+ it 'responds Not Found' do
+ get :browse, namespace_id: project.namespace, project_id: project, build_id: build, path: 'unknown'
+
+ expect(response).to be_not_found
+ end
+ end
+ end
+
+ describe 'GET file' do
+ context 'when the file exists' do
+ it 'renders the file view' do
+ get :file, namespace_id: project.namespace, project_id: project, build_id: build, path: 'ci_artifacts.txt'
+
+ expect(response).to render_template('projects/artifacts/file')
+ end
+ end
+
+ context 'when the file does not exist' do
+ it 'responds Not Found' do
+ get :file, namespace_id: project.namespace, project_id: project, build_id: build, path: 'unknown'
+
+ expect(response).to be_not_found
+ end
+ end
+ end
+
+ describe 'GET raw' do
+ context 'when the file exists' do
+ it 'serves the file using workhorse' do
+ get :raw, namespace_id: project.namespace, project_id: project, build_id: build, path: 'ci_artifacts.txt'
+
+ send_data = response.headers[Gitlab::Workhorse::SEND_DATA_HEADER]
+
+ expect(send_data).to start_with('artifacts-entry:')
+
+ base64_params = send_data.sub(/\Aartifacts\-entry:/, '')
+ params = JSON.parse(Base64.urlsafe_decode64(base64_params))
+
+ expect(params.keys).to eq(%w(Archive Entry))
+ expect(params['Archive']).to end_with('build_artifacts.zip')
+ expect(params['Entry']).to eq(Base64.encode64('ci_artifacts.txt'))
+ end
+ end
+
+ context 'when the file does not exist' do
+ it 'responds Not Found' do
+ get :raw, namespace_id: project.namespace, project_id: project, build_id: build, path: 'unknown'
+
+ expect(response).to be_not_found
+ end
+ end
+ end
+
+ describe 'GET latest_succeeded' do
+ def params_from_ref(ref = pipeline.ref, job = build.name, path = 'browse')
+ {
+ namespace_id: project.namespace,
+ project_id: project,
+ ref_name_and_path: File.join(ref, path),
+ job: job
+ }
+ end
+
+ context 'cannot find the build' do
+ shared_examples 'not found' do
+ it { expect(response).to have_http_status(:not_found) }
+ end
+
+ context 'has no such ref' do
+ before do
+ get :latest_succeeded, params_from_ref('TAIL', build.name)
+ end
+
+ it_behaves_like 'not found'
+ end
+
+ context 'has no such build' do
+ before do
+ get :latest_succeeded, params_from_ref(pipeline.ref, 'NOBUILD')
+ end
+
+ it_behaves_like 'not found'
+ end
+
+ context 'has no path' do
+ before do
+ get :latest_succeeded, params_from_ref(pipeline.sha, build.name, '')
+ end
+
+ it_behaves_like 'not found'
+ end
+ end
+
+ context 'found the build and redirect' do
+ shared_examples 'redirect to the build' do
+ it 'redirects' do
+ path = browse_namespace_project_build_artifacts_path(
+ project.namespace,
+ project,
+ build)
+
+ expect(response).to redirect_to(path)
+ end
+ end
+
+ context 'with regular branch' do
+ before do
+ pipeline.update(ref: 'master',
+ sha: project.commit('master').sha)
+
+ get :latest_succeeded, params_from_ref('master')
+ end
+
+ it_behaves_like 'redirect to the build'
+ end
+
+ context 'with branch name containing slash' do
+ before do
+ pipeline.update(ref: 'improve/awesome',
+ sha: project.commit('improve/awesome').sha)
+
+ get :latest_succeeded, params_from_ref('improve/awesome')
+ end
+
+ it_behaves_like 'redirect to the build'
+ end
+
+ context 'with branch name and path containing slashes' do
+ before do
+ pipeline.update(ref: 'improve/awesome',
+ sha: project.commit('improve/awesome').sha)
+
+ get :latest_succeeded, params_from_ref('improve/awesome', build.name, 'file/README.md')
+ end
+
+ it 'redirects' do
+ path = file_namespace_project_build_artifacts_path(
+ project.namespace,
+ project,
+ build,
+ 'README.md')
+
+ expect(response).to redirect_to(path)
+ end
+ end
+ end
+ end
+end
diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb
index d20e7368086..8f915d9d210 100644
--- a/spec/controllers/projects/branches_controller_spec.rb
+++ b/spec/controllers/projects/branches_controller_spec.rb
@@ -14,7 +14,7 @@ describe Projects::BranchesController do
controller.instance_variable_set(:@project, project)
end
- describe "POST create" do
+ describe "POST create with HTML format" do
render_views
context "on creation of a new branch" do
@@ -152,6 +152,42 @@ describe Projects::BranchesController do
end
end
+ describe 'POST create with JSON format' do
+ before do
+ sign_in(user)
+ end
+
+ context 'with valid params' do
+ it 'returns a successful 200 response' do
+ create_branch name: 'my-branch', ref: 'master'
+
+ expect(response).to have_http_status(200)
+ end
+
+ it 'returns the created branch' do
+ create_branch name: 'my-branch', ref: 'master'
+
+ expect(response).to match_response_schema('branch')
+ end
+ end
+
+ context 'with invalid params' do
+ it 'returns an unprocessable entity 422 response' do
+ create_branch name: "<script>alert('merge');</script>", ref: "<script>alert('ref');</script>"
+
+ expect(response).to have_http_status(422)
+ end
+ end
+
+ def create_branch(name:, ref:)
+ post :create, namespace_id: project.namespace.to_param,
+ project_id: project.to_param,
+ branch_name: name,
+ ref: ref,
+ format: :json
+ end
+ end
+
describe "POST destroy with HTML format" do
render_views
diff --git a/spec/controllers/projects/deploy_keys_controller_spec.rb b/spec/controllers/projects/deploy_keys_controller_spec.rb
new file mode 100644
index 00000000000..efe1a78415b
--- /dev/null
+++ b/spec/controllers/projects/deploy_keys_controller_spec.rb
@@ -0,0 +1,66 @@
+require 'spec_helper'
+
+describe Projects::DeployKeysController do
+ let(:project) { create(:project, :repository) }
+ let(:user) { create(:user) }
+
+ before do
+ project.team << [user, :master]
+
+ sign_in(user)
+ end
+
+ describe 'GET index' do
+ let(:params) do
+ { namespace_id: project.namespace, project_id: project }
+ end
+
+ context 'when html requested' do
+ it 'redirects to blob' do
+ get :index, params
+
+ expect(response).to redirect_to(namespace_project_settings_repository_path(params))
+ end
+ end
+
+ context 'when json requested' do
+ let(:project2) { create(:empty_project, :internal)}
+ let(:project_private) { create(:empty_project, :private)}
+
+ let(:deploy_key_internal) do
+ create(:deploy_key, key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCdMHEHyhRjbhEZVddFn6lTWdgEy5Q6Bz4nwGB76xWZI5YT/1WJOMEW+sL5zYd31kk7sd3FJ5L9ft8zWMWrr/iWXQikC2cqZK24H1xy+ZUmrRuJD4qGAaIVoyyzBL+avL+lF8J5lg6YSw8gwJY/lX64/vnJHUlWw2n5BF8IFOWhiw== dummy@gitlab.com')
+ end
+ let(:deploy_key_actual) do
+ create(:deploy_key, key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDNd/UJWhPrpb+b/G5oL109y57yKuCxE+WUGJGYaj7WQKsYRJmLYh1mgjrl+KVyfsWpq4ylOxIfFSnN9xBBFN8mlb0Fma5DC7YsSsibJr3MZ19ZNBprwNcdogET7aW9I0In7Wu5f2KqI6e5W/spJHCy4JVxzVMUvk6Myab0LnJ2iQ== dummy@gitlab.com')
+ end
+ let!(:deploy_key_public) { create(:deploy_key, public: true) }
+
+ let!(:deploy_keys_project_internal) do
+ create(:deploy_keys_project, project: project2, deploy_key: deploy_key_internal)
+ end
+
+ let!(:deploy_keys_actual_project) do
+ create(:deploy_keys_project, project: project, deploy_key: deploy_key_actual)
+ end
+
+ let!(:deploy_keys_project_private) do
+ create(:deploy_keys_project, project: project_private, deploy_key: create(:another_deploy_key))
+ end
+
+ before do
+ project2.team << [user, :developer]
+ end
+
+ it 'returns json in a correct format' do
+ get :index, params.merge(format: :json)
+
+ json = JSON.parse(response.body)
+
+ expect(json.keys).to match_array(%w(enabled_keys available_project_keys public_keys))
+ expect(json['enabled_keys'].count).to eq(1)
+ expect(json['available_project_keys'].count).to eq(1)
+ expect(json['public_keys'].count).to eq(1)
+ end
+ end
+ end
+end
diff --git a/spec/controllers/projects/deployments_controller_spec.rb b/spec/controllers/projects/deployments_controller_spec.rb
new file mode 100644
index 00000000000..89692b601b2
--- /dev/null
+++ b/spec/controllers/projects/deployments_controller_spec.rb
@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+describe Projects::DeploymentsController do
+ include ApiHelpers
+
+ let(:user) { create(:user) }
+ let(:project) { create(:empty_project) }
+ let(:environment) { create(:environment, name: 'production', project: project) }
+
+ before do
+ project.add_master(user)
+
+ sign_in(user)
+ end
+
+ describe 'GET #index' do
+ it 'returns list of deployments from last 8 hours' do
+ create(:deployment, environment: environment, created_at: 9.hours.ago)
+ create(:deployment, environment: environment, created_at: 7.hours.ago)
+ create(:deployment, environment: environment)
+
+ get :index, environment_params(after: 8.hours.ago)
+
+ expect(response).to be_ok
+
+ expect(json_response['deployments'].count).to eq(2)
+ end
+
+ it 'returns a list with deployments information' do
+ create(:deployment, environment: environment)
+
+ get :index, environment_params
+
+ expect(response).to be_ok
+ expect(response).to match_response_schema('deployments')
+ end
+ end
+
+ def environment_params(opts = {})
+ opts.reverse_merge(namespace_id: project.namespace, project_id: project, environment_id: environment.id)
+ end
+end
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb
index 79034b8d24d..5f1f892821a 100644
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@@ -756,4 +756,28 @@ describe Projects::IssuesController do
expect(response).to have_http_status(200)
end
end
+
+ describe 'POST create_merge_request' do
+ before do
+ project.add_developer(user)
+ sign_in(user)
+ end
+
+ it 'creates a new merge request' do
+ expect { create_merge_request }.to change(project.merge_requests, :count).by(1)
+ end
+
+ it 'render merge request as json' do
+ create_merge_request
+
+ expect(response).to match_response_schema('merge_request')
+ end
+
+ def create_merge_request
+ post :create_merge_request, namespace_id: project.namespace.to_param,
+ project_id: project.to_param,
+ id: issue.to_param,
+ format: :json
+ end
+ end
end
diff --git a/spec/controllers/projects/milestones_controller_spec.rb b/spec/controllers/projects/milestones_controller_spec.rb
index 47e61c3cea8..84a61b2784e 100644
--- a/spec/controllers/projects/milestones_controller_spec.rb
+++ b/spec/controllers/projects/milestones_controller_spec.rb
@@ -7,6 +7,7 @@ describe Projects::MilestonesController do
let(:issue) { create(:issue, project: project, milestone: milestone) }
let!(:label) { create(:label, project: project, title: 'Issue Label', issues: [issue]) }
let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, milestone: milestone) }
+ let(:milestone_path) { namespace_project_milestone_path }
before do
sign_in(user)
@@ -14,6 +15,8 @@ describe Projects::MilestonesController do
controller.instance_variable_set(:@project, project)
end
+ it_behaves_like 'milestone tabs'
+
describe "#show" do
render_views
diff --git a/spec/controllers/projects/notes_controller_spec.rb b/spec/controllers/projects/notes_controller_spec.rb
index f140eaef5d5..45f4cf9180d 100644
--- a/spec/controllers/projects/notes_controller_spec.rb
+++ b/spec/controllers/projects/notes_controller_spec.rb
@@ -167,6 +167,47 @@ describe Projects::NotesController do
end
end
+ describe 'DELETE destroy' do
+ let(:request_params) do
+ {
+ namespace_id: project.namespace,
+ project_id: project,
+ id: note,
+ format: :js
+ }
+ end
+
+ context 'user is the author of a note' do
+ before do
+ sign_in(note.author)
+ project.team << [note.author, :developer]
+ end
+
+ it "returns status 200 for html" do
+ delete :destroy, request_params
+
+ expect(response).to have_http_status(200)
+ end
+
+ it "deletes the note" do
+ expect { delete :destroy, request_params }.to change { Note.count }.from(1).to(0)
+ end
+ end
+
+ context 'user is not the author of a note' do
+ before do
+ sign_in(user)
+ project.team << [user, :developer]
+ end
+
+ it "returns status 404" do
+ delete :destroy, request_params
+
+ expect(response).to have_http_status(404)
+ end
+ end
+ end
+
describe 'POST toggle_award_emoji' do
before do
sign_in(user)
diff --git a/spec/controllers/projects/pages_controller_spec.rb b/spec/controllers/projects/pages_controller_spec.rb
new file mode 100644
index 00000000000..df35d8e86b9
--- /dev/null
+++ b/spec/controllers/projects/pages_controller_spec.rb
@@ -0,0 +1,57 @@
+require 'spec_helper'
+
+describe Projects::PagesController do
+ let(:user) { create(:user) }
+ let(:project) { create(:empty_project, :public, :access_requestable) }
+
+ let(:request_params) do
+ {
+ namespace_id: project.namespace,
+ project_id: project
+ }
+ end
+
+ before do
+ allow(Gitlab.config.pages).to receive(:enabled).and_return(true)
+ sign_in(user)
+ project.add_master(user)
+ end
+
+ describe 'GET show' do
+ it 'returns 200 status' do
+ get :show, request_params
+
+ expect(response).to have_http_status(200)
+ end
+ end
+
+ describe 'DELETE destroy' do
+ it 'returns 302 status' do
+ delete :destroy, request_params
+
+ expect(response).to have_http_status(302)
+ end
+ end
+
+ context 'pages disabled' do
+ before do
+ allow(Gitlab.config.pages).to receive(:enabled).and_return(false)
+ end
+
+ describe 'GET show' do
+ it 'returns 404 status' do
+ get :show, request_params
+
+ expect(response).to have_http_status(404)
+ end
+ end
+
+ describe 'DELETE destroy' do
+ it 'returns 404 status' do
+ delete :destroy, request_params
+
+ expect(response).to have_http_status(404)
+ end
+ end
+ end
+end
diff --git a/spec/controllers/projects/pages_domains_controller_spec.rb b/spec/controllers/projects/pages_domains_controller_spec.rb
index 2362df895a8..33853c4b9d0 100644
--- a/spec/controllers/projects/pages_domains_controller_spec.rb
+++ b/spec/controllers/projects/pages_domains_controller_spec.rb
@@ -1,8 +1,9 @@
require 'spec_helper'
describe Projects::PagesDomainsController do
- let(:user) { create(:user) }
- let(:project) { create(:project) }
+ let(:user) { create(:user) }
+ let(:project) { create(:empty_project) }
+ let!(:pages_domain) { create(:pages_domain, project: project) }
let(:request_params) do
{
@@ -11,14 +12,17 @@ describe Projects::PagesDomainsController do
}
end
+ let(:pages_domain_params) do
+ build(:pages_domain, :with_certificate, :with_key, domain: 'my.otherdomain.com').slice(:key, :certificate, :domain)
+ end
+
before do
+ allow(Gitlab.config.pages).to receive(:enabled).and_return(true)
sign_in(user)
- project.team << [user, :master]
+ project.add_master(user)
end
describe 'GET show' do
- let!(:pages_domain) { create(:pages_domain, project: project) }
-
it "displays the 'show' page" do
get(:show, request_params.merge(id: pages_domain.domain))
@@ -37,10 +41,6 @@ describe Projects::PagesDomainsController do
end
describe 'POST create' do
- let(:pages_domain_params) do
- build(:pages_domain, :with_certificate, :with_key).slice(:key, :certificate, :domain)
- end
-
it "creates a new pages domain" do
expect do
post(:create, request_params.merge(pages_domain: pages_domain_params))
@@ -51,8 +51,6 @@ describe Projects::PagesDomainsController do
end
describe 'DELETE destroy' do
- let!(:pages_domain) { create(:pages_domain, project: project) }
-
it "deletes the pages domain" do
expect do
delete(:destroy, request_params.merge(id: pages_domain.domain))
@@ -61,4 +59,42 @@ describe Projects::PagesDomainsController do
expect(response).to redirect_to(namespace_project_pages_path(project.namespace, project))
end
end
+
+ context 'pages disabled' do
+ before do
+ allow(Gitlab.config.pages).to receive(:enabled).and_return(false)
+ end
+
+ describe 'GET show' do
+ it 'returns 404 status' do
+ get(:show, request_params.merge(id: pages_domain.domain))
+
+ expect(response).to have_http_status(404)
+ end
+ end
+
+ describe 'GET new' do
+ it 'returns 404 status' do
+ get :new, request_params
+
+ expect(response).to have_http_status(404)
+ end
+ end
+
+ describe 'POST create' do
+ it "returns 404 status" do
+ post(:create, request_params.merge(pages_domain: pages_domain_params))
+
+ expect(response).to have_http_status(404)
+ end
+ end
+
+ describe 'DELETE destroy' do
+ it "deletes the pages domain" do
+ delete(:destroy, request_params.merge(id: pages_domain.domain))
+
+ expect(response).to have_http_status(404)
+ end
+ end
+ end
end
diff --git a/spec/controllers/snippets/notes_controller_spec.rb b/spec/controllers/snippets/notes_controller_spec.rb
new file mode 100644
index 00000000000..1c494b8c7ab
--- /dev/null
+++ b/spec/controllers/snippets/notes_controller_spec.rb
@@ -0,0 +1,196 @@
+require 'spec_helper'
+
+describe Snippets::NotesController do
+ let(:user) { create(:user) }
+
+ let(:private_snippet) { create(:personal_snippet, :private) }
+ let(:internal_snippet) { create(:personal_snippet, :internal) }
+ let(:public_snippet) { create(:personal_snippet, :public) }
+
+ let(:note_on_private) { create(:note_on_personal_snippet, noteable: private_snippet) }
+ let(:note_on_internal) { create(:note_on_personal_snippet, noteable: internal_snippet) }
+ let(:note_on_public) { create(:note_on_personal_snippet, noteable: public_snippet) }
+
+ describe 'GET index' do
+ context 'when a snippet is public' do
+ before do
+ note_on_public
+
+ get :index, { snippet_id: public_snippet }
+ end
+
+ it "returns status 200" do
+ expect(response).to have_http_status(200)
+ end
+
+ it "returns not empty array of notes" do
+ expect(JSON.parse(response.body)["notes"].empty?).to be_falsey
+ end
+ end
+
+ context 'when a snippet is internal' do
+ before do
+ note_on_internal
+ end
+
+ context 'when user not logged in' do
+ it "returns status 404" do
+ get :index, { snippet_id: internal_snippet }
+
+ expect(response).to have_http_status(404)
+ end
+ end
+
+ context 'when user logged in' do
+ before do
+ sign_in(user)
+ end
+
+ it "returns status 200" do
+ get :index, { snippet_id: internal_snippet }
+
+ expect(response).to have_http_status(200)
+ end
+ end
+ end
+
+ context 'when a snippet is private' do
+ before do
+ note_on_private
+ end
+
+ context 'when user not logged in' do
+ it "returns status 404" do
+ get :index, { snippet_id: private_snippet }
+
+ expect(response).to have_http_status(404)
+ end
+ end
+
+ context 'when user other than author logged in' do
+ before do
+ sign_in(user)
+ end
+
+ it "returns status 404" do
+ get :index, { snippet_id: private_snippet }
+
+ expect(response).to have_http_status(404)
+ end
+ end
+
+ context 'when author logged in' do
+ before do
+ note_on_private
+
+ sign_in(private_snippet.author)
+ end
+
+ it "returns status 200" do
+ get :index, { snippet_id: private_snippet }
+
+ expect(response).to have_http_status(200)
+ end
+
+ it "returns 1 note" do
+ get :index, { snippet_id: private_snippet }
+
+ expect(JSON.parse(response.body)['notes'].count).to eq(1)
+ end
+ end
+ end
+
+ context 'dont show non visible notes' do
+ before do
+ note_on_public
+
+ sign_in(user)
+
+ expect_any_instance_of(Note).to receive(:cross_reference_not_visible_for?).and_return(true)
+ end
+
+ it "does not return any note" do
+ get :index, { snippet_id: public_snippet }
+
+ expect(JSON.parse(response.body)['notes'].count).to eq(0)
+ end
+ end
+ end
+
+ describe 'DELETE destroy' do
+ let(:request_params) do
+ {
+ snippet_id: public_snippet,
+ id: note_on_public,
+ format: :js
+ }
+ end
+
+ context 'when user is the author of a note' do
+ before do
+ sign_in(note_on_public.author)
+ end
+
+ it "returns status 200" do
+ delete :destroy, request_params
+
+ expect(response).to have_http_status(200)
+ end
+
+ it "deletes the note" do
+ expect{ delete :destroy, request_params }.to change{ Note.count }.from(1).to(0)
+ end
+
+ context 'system note' do
+ before do
+ expect_any_instance_of(Note).to receive(:system?).and_return(true)
+ end
+
+ it "does not delete the note" do
+ expect{ delete :destroy, request_params }.not_to change{ Note.count }
+ end
+ end
+ end
+
+ context 'when user is not the author of a note' do
+ before do
+ sign_in(user)
+
+ note_on_public
+ end
+
+ it "returns status 404" do
+ delete :destroy, request_params
+
+ expect(response).to have_http_status(404)
+ end
+
+ it "does not update the note" do
+ expect{ delete :destroy, request_params }.not_to change{ Note.count }
+ end
+ end
+ end
+
+ describe 'POST toggle_award_emoji' do
+ let(:note) { create(:note_on_personal_snippet, noteable: public_snippet) }
+ before do
+ sign_in(user)
+ end
+
+ subject { post(:toggle_award_emoji, snippet_id: public_snippet, id: note.id, name: "thumbsup") }
+
+ it "toggles the award emoji" do
+ expect { subject }.to change { note.award_emoji.count }.by(1)
+
+ expect(response).to have_http_status(200)
+ end
+
+ it "removes the already awarded emoji when it exists" do
+ note.toggle_award_emoji('thumbsup', user) # create award emoji before
+
+ expect { subject }.to change { AwardEmoji.count }.by(-1)
+
+ expect(response).to have_http_status(200)
+ end
+ end
+end
diff --git a/spec/controllers/snippets_controller_spec.rb b/spec/controllers/snippets_controller_spec.rb
index 234f3edd3d8..41cd5bdcdd8 100644
--- a/spec/controllers/snippets_controller_spec.rb
+++ b/spec/controllers/snippets_controller_spec.rb
@@ -350,144 +350,138 @@ describe SnippetsController do
end
end
- %w(raw download).each do |action|
- describe "GET #{action}" do
- context 'when the personal snippet is private' do
- let(:personal_snippet) { create(:personal_snippet, :private, author: user) }
+ describe "GET #raw" do
+ context 'when the personal snippet is private' do
+ let(:personal_snippet) { create(:personal_snippet, :private, author: user) }
- context 'when signed in' do
- before do
- sign_in(user)
- end
+ context 'when signed in' do
+ before do
+ sign_in(user)
+ end
- context 'when signed in user is not the author' do
- let(:other_author) { create(:author) }
- let(:other_personal_snippet) { create(:personal_snippet, :private, author: other_author) }
+ context 'when signed in user is not the author' do
+ let(:other_author) { create(:author) }
+ let(:other_personal_snippet) { create(:personal_snippet, :private, author: other_author) }
- it 'responds with status 404' do
- get action, id: other_personal_snippet.to_param
+ it 'responds with status 404' do
+ get :raw, id: other_personal_snippet.to_param
- expect(response).to have_http_status(404)
- end
+ expect(response).to have_http_status(404)
end
+ end
- context 'when signed in user is the author' do
- before { get action, id: personal_snippet.to_param }
+ context 'when signed in user is the author' do
+ before { get :raw, id: personal_snippet.to_param }
- it 'responds with status 200' do
- expect(assigns(:snippet)).to eq(personal_snippet)
- expect(response).to have_http_status(200)
- end
+ it 'responds with status 200' do
+ expect(assigns(:snippet)).to eq(personal_snippet)
+ expect(response).to have_http_status(200)
+ end
- it 'has expected headers' do
- expect(response.header['Content-Type']).to eq('text/plain; charset=utf-8')
+ it 'has expected headers' do
+ expect(response.header['Content-Type']).to eq('text/plain; charset=utf-8')
- if action == :download
- expect(response.header['Content-Disposition']).to match(/attachment/)
- elsif action == :raw
- expect(response.header['Content-Disposition']).to match(/inline/)
- end
- end
+ expect(response.header['Content-Disposition']).to match(/inline/)
end
end
+ end
- context 'when not signed in' do
- it 'redirects to the sign in page' do
- get action, id: personal_snippet.to_param
+ context 'when not signed in' do
+ it 'redirects to the sign in page' do
+ get :raw, id: personal_snippet.to_param
- expect(response).to redirect_to(new_user_session_path)
- end
+ expect(response).to redirect_to(new_user_session_path)
end
end
+ end
- context 'when the personal snippet is internal' do
- let(:personal_snippet) { create(:personal_snippet, :internal, author: user) }
+ context 'when the personal snippet is internal' do
+ let(:personal_snippet) { create(:personal_snippet, :internal, author: user) }
- context 'when signed in' do
- before do
- sign_in(user)
- end
+ context 'when signed in' do
+ before do
+ sign_in(user)
+ end
- it 'responds with status 200' do
- get action, id: personal_snippet.to_param
+ it 'responds with status 200' do
+ get :raw, id: personal_snippet.to_param
- expect(assigns(:snippet)).to eq(personal_snippet)
- expect(response).to have_http_status(200)
- end
+ expect(assigns(:snippet)).to eq(personal_snippet)
+ expect(response).to have_http_status(200)
end
+ end
- context 'when not signed in' do
- it 'redirects to the sign in page' do
- get action, id: personal_snippet.to_param
+ context 'when not signed in' do
+ it 'redirects to the sign in page' do
+ get :raw, id: personal_snippet.to_param
- expect(response).to redirect_to(new_user_session_path)
- end
+ expect(response).to redirect_to(new_user_session_path)
end
end
+ end
- context 'when the personal snippet is public' do
- let(:personal_snippet) { create(:personal_snippet, :public, author: user) }
+ context 'when the personal snippet is public' do
+ let(:personal_snippet) { create(:personal_snippet, :public, author: user) }
- context 'when signed in' do
- before do
- sign_in(user)
- end
+ context 'when signed in' do
+ before do
+ sign_in(user)
+ end
- it 'responds with status 200' do
- get action, id: personal_snippet.to_param
+ it 'responds with status 200' do
+ get :raw, id: personal_snippet.to_param
- expect(assigns(:snippet)).to eq(personal_snippet)
- expect(response).to have_http_status(200)
- end
+ expect(assigns(:snippet)).to eq(personal_snippet)
+ expect(response).to have_http_status(200)
+ end
- context 'CRLF line ending' do
- let(:personal_snippet) do
- create(:personal_snippet, :public, author: user, content: "first line\r\nsecond line\r\nthird line")
- end
+ context 'CRLF line ending' do
+ let(:personal_snippet) do
+ create(:personal_snippet, :public, author: user, content: "first line\r\nsecond line\r\nthird line")
+ end
- it 'returns LF line endings by default' do
- get action, id: personal_snippet.to_param
+ it 'returns LF line endings by default' do
+ get :raw, id: personal_snippet.to_param
- expect(response.body).to eq("first line\nsecond line\nthird line")
- end
+ expect(response.body).to eq("first line\nsecond line\nthird line")
+ end
- it 'does not convert line endings when parameter present' do
- get action, id: personal_snippet.to_param, line_ending: :raw
+ it 'does not convert line endings when parameter present' do
+ get :raw, id: personal_snippet.to_param, line_ending: :raw
- expect(response.body).to eq("first line\r\nsecond line\r\nthird line")
- end
+ expect(response.body).to eq("first line\r\nsecond line\r\nthird line")
end
end
+ end
- context 'when not signed in' do
- it 'responds with status 200' do
- get action, id: personal_snippet.to_param
+ context 'when not signed in' do
+ it 'responds with status 200' do
+ get :raw, id: personal_snippet.to_param
- expect(assigns(:snippet)).to eq(personal_snippet)
- expect(response).to have_http_status(200)
- end
+ expect(assigns(:snippet)).to eq(personal_snippet)
+ expect(response).to have_http_status(200)
end
end
+ end
- context 'when the personal snippet does not exist' do
- context 'when signed in' do
- before do
- sign_in(user)
- end
+ context 'when the personal snippet does not exist' do
+ context 'when signed in' do
+ before do
+ sign_in(user)
+ end
- it 'responds with status 404' do
- get action, id: 'doesntexist'
+ it 'responds with status 404' do
+ get :raw, id: 'doesntexist'
- expect(response).to have_http_status(404)
- end
+ expect(response).to have_http_status(404)
end
+ end
- context 'when not signed in' do
- it 'responds with status 404' do
- get action, id: 'doesntexist'
+ context 'when not signed in' do
+ it 'responds with status 404' do
+ get :raw, id: 'doesntexist'
- expect(response).to have_http_status(404)
- end
+ expect(response).to have_http_status(404)
end
end
end
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index f67d26da0ac..7dedfe160a6 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -8,6 +8,93 @@ end
describe UploadsController do
let!(:user) { create(:user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
+ describe 'POST create' do
+ let(:model) { 'personal_snippet' }
+ let(:snippet) { create(:personal_snippet, :public) }
+ let(:jpg) { fixture_file_upload(Rails.root + 'spec/fixtures/rails_sample.jpg', 'image/jpg') }
+ let(:txt) { fixture_file_upload(Rails.root + 'spec/fixtures/doc_sample.txt', 'text/plain') }
+
+ context 'when a user does not have permissions to upload a file' do
+ it "returns 401 when the user is not logged in" do
+ post :create, model: model, id: snippet.id, format: :json
+
+ expect(response).to have_http_status(401)
+ end
+
+ it "returns 404 when user can't comment on a snippet" do
+ private_snippet = create(:personal_snippet, :private)
+
+ sign_in(user)
+ post :create, model: model, id: private_snippet.id, format: :json
+
+ expect(response).to have_http_status(404)
+ end
+ end
+
+ context 'when a user is logged in' do
+ before do
+ sign_in(user)
+ end
+
+ it "returns an error without file" do
+ post :create, model: model, id: snippet.id, format: :json
+
+ expect(response).to have_http_status(422)
+ end
+
+ it "returns an error with invalid model" do
+ expect { post :create, model: 'invalid', id: snippet.id, format: :json }
+ .to raise_error(ActionController::UrlGenerationError)
+ end
+
+ it "returns 404 status when object not found" do
+ post :create, model: model, id: 9999, format: :json
+
+ expect(response).to have_http_status(404)
+ end
+
+ context 'with valid image' do
+ before do
+ post :create, model: 'personal_snippet', id: snippet.id, file: jpg, format: :json
+ end
+
+ it 'returns a content with original filename, new link, and correct type.' do
+ expect(response.body).to match '\"alt\":\"rails_sample\"'
+ expect(response.body).to match "\"url\":\"/uploads"
+ end
+
+ it 'creates a corresponding Upload record' do
+ upload = Upload.last
+
+ aggregate_failures do
+ expect(upload).to exist
+ expect(upload.model).to eq snippet
+ end
+ end
+ end
+
+ context 'with valid non-image file' do
+ before do
+ post :create, model: 'personal_snippet', id: snippet.id, file: txt, format: :json
+ end
+
+ it 'returns a content with original filename, new link, and correct type.' do
+ expect(response.body).to match '\"alt\":\"doc_sample.txt\"'
+ expect(response.body).to match "\"url\":\"/uploads"
+ end
+
+ it 'creates a corresponding Upload record' do
+ upload = Upload.last
+
+ aggregate_failures do
+ expect(upload).to exist
+ expect(upload.model).to eq snippet
+ end
+ end
+ end
+ end
+ end
+
describe "GET show" do
context 'Content-Disposition security measures' do
let(:project) { create(:empty_project, :public) }
View Lorry Controller Status