diff options
Diffstat (limited to 'spec/controllers')
20 files changed, 673 insertions, 145 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 55851befc8c..186239d3096 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -30,44 +30,4 @@ describe ApplicationController do controller.send(:check_password_expiration) end end - - describe 'check labels authorization' do - let(:project) { create(:project) } - let(:user) { create(:user) } - let(:controller) { ApplicationController.new } - - before do - project.team << [user, :guest] - allow(controller).to receive(:current_user).and_return(user) - allow(controller).to receive(:project).and_return(project) - end - - it 'should succeed if issues and MRs are enabled' do - project.issues_enabled = true - project.merge_requests_enabled = true - controller.send(:authorize_read_label!) - expect(response.status).to eq(200) - end - - it 'should succeed if issues are enabled, MRs are disabled' do - project.issues_enabled = true - project.merge_requests_enabled = false - controller.send(:authorize_read_label!) - expect(response.status).to eq(200) - end - - it 'should succeed if issues are disabled, MRs are enabled' do - project.issues_enabled = false - project.merge_requests_enabled = true - controller.send(:authorize_read_label!) - expect(response.status).to eq(200) - end - - it 'should fail if issues and MRs are disabled' do - project.issues_enabled = false - project.merge_requests_enabled = false - expect(controller).to receive(:access_denied!) - controller.send(:authorize_read_label!) - end - end end diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb index 612e344c411..f83c3b64f8f 100644 --- a/spec/controllers/autocomplete_controller_spec.rb +++ b/spec/controllers/autocomplete_controller_spec.rb @@ -21,7 +21,7 @@ describe AutocompleteController do it { expect(body).to be_kind_of(Array) } it { expect(body.size).to eq 1 } - it { expect(body.first["username"]).to eq user.username } + it { expect(body.map { |u| u["username"] }).to include(user.username) } end describe 'GET #users with unknown project' do diff --git a/spec/controllers/ci/projects_controller_spec.rb b/spec/controllers/ci/projects_controller_spec.rb new file mode 100644 index 00000000000..5022a3e2c80 --- /dev/null +++ b/spec/controllers/ci/projects_controller_spec.rb @@ -0,0 +1,74 @@ +require 'spec_helper' + +describe Ci::ProjectsController do + let(:visibility) { :public } + let!(:project) { create(:project, visibility, ci_id: 1) } + let(:ci_id) { project.ci_id } + + describe '#index' do + context 'user signed in' do + before do + sign_in(create(:user)) + get(:index) + end + + it 'redirects to /' do + expect(response).to redirect_to(root_path) + end + end + + context 'user not signed in' do + before { get(:index) } + + it 'redirects to sign in page' do + expect(response).to redirect_to(new_user_session_path) + end + end + end + + ## + # Specs for *deprecated* CI badge + # + describe '#badge' do + shared_examples 'badge provider' do + it 'shows badge' do + expect(response.status).to eq 200 + expect(response.headers) + .to include('Content-Type' => 'image/svg+xml') + end + end + + context 'user not signed in' do + before { get(:badge, id: ci_id) } + + context 'project has no ci_id reference' do + let(:ci_id) { 123 } + + it 'returns 404' do + expect(response.status).to eq 404 + end + end + + context 'project is public' do + let(:visibility) { :public } + it_behaves_like 'badge provider' + end + + context 'project is private' do + let(:visibility) { :private } + it_behaves_like 'badge provider' + end + end + + context 'user signed in' do + let(:user) { create(:user) } + before { sign_in(user) } + before { get(:badge, id: ci_id) } + + context 'private is internal' do + let(:visibility) { :internal } + it_behaves_like 'badge provider' + end + end + end +end diff --git a/spec/controllers/commit_controller_spec.rb b/spec/controllers/commit_controller_spec.rb index bbe400dad88..f09e4fcb154 100644 --- a/spec/controllers/commit_controller_spec.rb +++ b/spec/controllers/commit_controller_spec.rb @@ -81,7 +81,7 @@ describe Projects::CommitController do expect(response.body).to start_with("diff --git") # without whitespace option, there are more than 2 diff_splits - diff_splits = assigns(:diffs)[0].diff.split("\n") + diff_splits = assigns(:diffs).first.diff.split("\n") expect(diff_splits.length).to be <= 2 end end diff --git a/spec/controllers/groups/avatars_controller_spec.rb b/spec/controllers/groups/avatars_controller_spec.rb index 3dac134a731..91d639218e5 100644 --- a/spec/controllers/groups/avatars_controller_spec.rb +++ b/spec/controllers/groups/avatars_controller_spec.rb @@ -2,9 +2,10 @@ require 'spec_helper' describe Groups::AvatarsController do let(:user) { create(:user) } - let(:group) { create(:group, owner: user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) } + let(:group) { create(:group, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) } before do + group.add_owner(user) sign_in(user) end diff --git a/spec/controllers/groups_controller_spec.rb b/spec/controllers/groups_controller_spec.rb index 938e97298b6..465531b2b36 100644 --- a/spec/controllers/groups_controller_spec.rb +++ b/spec/controllers/groups_controller_spec.rb @@ -1,10 +1,15 @@ require 'rails_helper' describe GroupsController do - describe 'GET index' do + let(:user) { create(:user) } + let(:group) { create(:group) } + let(:project) { create(:project, namespace: group) } + let!(:group_member) { create(:group_member, group: group, user: user) } + + describe 'GET #index' do context 'as a user' do it 'redirects to Groups Dashboard' do - sign_in(create(:user)) + sign_in(user) get :index @@ -20,4 +25,54 @@ describe GroupsController do end end end + + describe 'GET #issues' do + let(:issue_1) { create(:issue, project: project) } + let(:issue_2) { create(:issue, project: project) } + + before do + create_list(:upvote_note, 3, project: project, noteable: issue_2) + create_list(:upvote_note, 2, project: project, noteable: issue_1) + create_list(:downvote_note, 2, project: project, noteable: issue_2) + + sign_in(user) + end + + context 'sorting by votes' do + it 'sorts most popular issues' do + get :issues, id: group.to_param, sort: 'upvotes_desc' + expect(assigns(:issues)).to eq [issue_2, issue_1] + end + + it 'sorts least popular issues' do + get :issues, id: group.to_param, sort: 'downvotes_desc' + expect(assigns(:issues)).to eq [issue_2, issue_1] + end + end + end + + describe 'GET #merge_requests' do + let(:merge_request_1) { create(:merge_request, source_project: project) } + let(:merge_request_2) { create(:merge_request, :simple, source_project: project) } + + before do + create_list(:upvote_note, 3, project: project, noteable: merge_request_2) + create_list(:upvote_note, 2, project: project, noteable: merge_request_1) + create_list(:downvote_note, 2, project: project, noteable: merge_request_2) + + sign_in(user) + end + + context 'sorting by votes' do + it 'sorts most popular merge requests' do + get :merge_requests, id: group.to_param, sort: 'upvotes_desc' + expect(assigns(:merge_requests)).to eq [merge_request_2, merge_request_1] + end + + it 'sorts least popular merge requests' do + get :merge_requests, id: group.to_param, sort: 'downvotes_desc' + expect(assigns(:merge_requests)).to eq [merge_request_2, merge_request_1] + end + end + end end diff --git a/spec/controllers/namespaces_controller_spec.rb b/spec/controllers/namespaces_controller_spec.rb index 77436958711..27e9afe582e 100644 --- a/spec/controllers/namespaces_controller_spec.rb +++ b/spec/controllers/namespaces_controller_spec.rb @@ -15,14 +15,9 @@ describe NamespacesController do end context "when the namespace belongs to a group" do - let!(:group) { create(:group) } - let!(:project) { create(:project, namespace: group) } - - context "when the group has public projects" do - before do - project.update_attribute(:visibility_level, Project::PUBLIC) - end + let!(:group) { create(:group) } + context "when the group is public" do context "when not signed in" do it "redirects to the group's page" do get :show, id: group.path @@ -44,27 +39,31 @@ describe NamespacesController do end end - context "when the project doesn't have public projects" do + context "when the group is private" do + before do + group.update_attribute(:visibility_level, Group::PRIVATE) + end + context "when not signed in" do - it "does not redirect to the sign in page" do + it "redirects to the sign in page" do get :show, id: group.path - expect(response).not_to redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end + context "when signed in" do before do sign_in(user) end - context "when the user has access to the project" do + context "when the user has access to the group" do before do - project.team << [user, :master] + group.add_developer(user) end context "when the user is blocked" do before do user.block - project.team << [user, :master] end it "redirects to the sign in page" do @@ -83,11 +82,11 @@ describe NamespacesController do end end - context "when the user doesn't have access to the project" do - it "redirects to the group's page" do + context "when the user doesn't have access to the group" do + it "responds with status 404" do get :show, id: group.path - expect(response).to redirect_to(group_path(group)) + expect(response.status).to eq(404) end end end diff --git a/spec/controllers/projects/avatars_controller_spec.rb b/spec/controllers/projects/avatars_controller_spec.rb index e79b46a3504..4d724ca9ed0 100644 --- a/spec/controllers/projects/avatars_controller_spec.rb +++ b/spec/controllers/projects/avatars_controller_spec.rb @@ -6,7 +6,7 @@ describe Projects::AvatarsController do before do sign_in(user) - project.team << [user, :developer] + project.team << [user, :master] controller.instance_variable_set(:@project, project) end diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb index 8e06d4bdc77..98ae424ed7c 100644 --- a/spec/controllers/projects/branches_controller_spec.rb +++ b/spec/controllers/projects/branches_controller_spec.rb @@ -17,49 +17,79 @@ describe Projects::BranchesController do describe "POST create" do render_views - before do - post :create, - namespace_id: project.namespace.to_param, - project_id: project.to_param, - branch_name: branch, - ref: ref - end + context "on creation of a new branch" do + before do + post :create, + namespace_id: project.namespace.to_param, + project_id: project.to_param, + branch_name: branch, + ref: ref + end - context "valid branch name, valid source" do - let(:branch) { "merge_branch" } - let(:ref) { "master" } - it 'redirects' do - expect(subject). - to redirect_to("/#{project.path_with_namespace}/tree/merge_branch") + context "valid branch name, valid source" do + let(:branch) { "merge_branch" } + let(:ref) { "master" } + it 'redirects' do + expect(subject). + to redirect_to("/#{project.path_with_namespace}/tree/merge_branch") + end + end + + context "invalid branch name, valid ref" do + let(:branch) { "<script>alert('merge');</script>" } + let(:ref) { "master" } + it 'redirects' do + expect(subject). + to redirect_to("/#{project.path_with_namespace}/tree/alert('merge');") + end + end + + context "valid branch name, invalid ref" do + let(:branch) { "merge_branch" } + let(:ref) { "<script>alert('ref');</script>" } + it { is_expected.to render_template('new') } + end + + context "invalid branch name, invalid ref" do + let(:branch) { "<script>alert('merge');</script>" } + let(:ref) { "<script>alert('ref');</script>" } + it { is_expected.to render_template('new') } + end + + context "valid branch name with encoded slashes" do + let(:branch) { "feature%2Ftest" } + let(:ref) { "<script>alert('ref');</script>" } + it { is_expected.to render_template('new') } + it { project.repository.branch_names.include?('feature/test') } end end - context "invalid branch name, valid ref" do - let(:branch) { "<script>alert('merge');</script>" } - let(:ref) { "master" } + describe "created from the new branch button on issues" do + let(:branch) { "1-feature-branch" } + let!(:issue) { create(:issue, project: project) } + + it 'redirects' do + post :create, + namespace_id: project.namespace.to_param, + project_id: project.to_param, + branch_name: branch, + issue_iid: issue.iid + expect(subject). - to redirect_to("/#{project.path_with_namespace}/tree/alert('merge');") + to redirect_to("/#{project.path_with_namespace}/tree/1-feature-branch") end - end - context "valid branch name, invalid ref" do - let(:branch) { "merge_branch" } - let(:ref) { "<script>alert('ref');</script>" } - it { is_expected.to render_template('new') } - end + it 'posts a system note' do + expect(SystemNoteService).to receive(:new_issue_branch).with(issue, project, user, "1-feature-branch") - context "invalid branch name, invalid ref" do - let(:branch) { "<script>alert('merge');</script>" } - let(:ref) { "<script>alert('ref');</script>" } - it { is_expected.to render_template('new') } - end + post :create, + namespace_id: project.namespace.to_param, + project_id: project.to_param, + branch_name: branch, + issue_iid: issue.iid + end - context "valid branch name with encoded slashes" do - let(:branch) { "feature%2Ftest" } - let(:ref) { "<script>alert('ref');</script>" } - it { is_expected.to render_template('new') } - it { project.repository.branch_names.include?('feature/test')} end end diff --git a/spec/controllers/projects/compare_controller_spec.rb b/spec/controllers/projects/compare_controller_spec.rb index be19f1abc53..788a609ee40 100644 --- a/spec/controllers/projects/compare_controller_spec.rb +++ b/spec/controllers/projects/compare_controller_spec.rb @@ -19,7 +19,7 @@ describe Projects::CompareController do to: ref_to) expect(response).to be_success - expect(assigns(:diffs).length).to be >= 1 + expect(assigns(:diffs).first).to_not be_nil expect(assigns(:commits).length).to be >= 1 end @@ -32,10 +32,10 @@ describe Projects::CompareController do w: 1) expect(response).to be_success - expect(assigns(:diffs).length).to be >= 1 + expect(assigns(:diffs).first).to_not be_nil expect(assigns(:commits).length).to be >= 1 # without whitespace option, there are more than 2 diff_splits - diff_splits = assigns(:diffs)[0].diff.split("\n") + diff_splits = assigns(:diffs).first.diff.split("\n") expect(diff_splits.length).to be <= 2 end @@ -48,7 +48,7 @@ describe Projects::CompareController do to: ref_to) expect(response).to be_success - expect(assigns(:diffs)).to eq([]) + expect(assigns(:diffs).to_a).to eq([]) expect(assigns(:commits)).to eq([]) end diff --git a/spec/controllers/projects/forks_controller_spec.rb b/spec/controllers/projects/forks_controller_spec.rb new file mode 100644 index 00000000000..70ed8f3a62e --- /dev/null +++ b/spec/controllers/projects/forks_controller_spec.rb @@ -0,0 +1,72 @@ +require 'spec_helper' + +describe Projects::ForksController do + let(:user) { create(:user) } + let(:project) { create(:project, :public) } + let(:forked_project) { Projects::ForkService.new(project, user).execute } + let(:group) { create(:group, owner: forked_project.creator) } + + describe 'GET index' do + def get_forks + get :index, + namespace_id: project.namespace.to_param, + project_id: project.to_param + end + + context 'when fork is public' do + before { forked_project.update_attribute(:visibility_level, Project::PUBLIC) } + + it 'should be visible for non logged in users' do + get_forks + + expect(assigns[:forks]).to be_present + end + end + + context 'when fork is private' do + before do + forked_project.update_attributes(visibility_level: Project::PRIVATE, group: group) + end + + it 'should not be visible for non logged in users' do + get_forks + + expect(assigns[:forks]).to be_blank + end + + context 'when user is logged in' do + before { sign_in(project.creator) } + + context 'when user is not a Project member neither a group member' do + it 'should not see the Project listed' do + get_forks + + expect(assigns[:forks]).to be_blank + end + end + + context 'when user is a member of the Project' do + before { forked_project.team << [project.creator, :developer] } + + it 'should see the project listed' do + get_forks + + expect(assigns[:forks]).to be_present + end + end + + context 'when user is a member of the Group' do + before { forked_project.group.add_developer(project.creator) } + + it 'should see the project listed' do + get_forks + + expect(assigns[:forks]).to be_present + end + end + + end + end + end + +end diff --git a/spec/controllers/projects/imports_controller_spec.rb b/spec/controllers/projects/imports_controller_spec.rb index 0147bd2b953..2acbba469e3 100644 --- a/spec/controllers/projects/imports_controller_spec.rb +++ b/spec/controllers/projects/imports_controller_spec.rb @@ -19,7 +19,7 @@ describe Projects::ImportsController do end it 'sets flash.now if params is present' do - get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { notice_now: 'Started' } + get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { to: '/', notice_now: 'Started' } expect(flash.now[:notice]).to eq 'Started' end @@ -45,7 +45,7 @@ describe Projects::ImportsController do end it 'sets flash.now if params is present' do - get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { notice_now: 'In progress' } + get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { to: '/', notice_now: 'In progress' } expect(flash.now[:notice]).to eq 'In progress' end diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index 76d56bc989d..d6e4cd71ce6 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -1,16 +1,16 @@ require('spec_helper') describe Projects::IssuesController do - let(:project) { create(:project) } + let(:project) { create(:project_empty_repo) } let(:user) { create(:user) } - let(:issue) { create(:issue, project: project) } - - before do - sign_in(user) - project.team << [user, :developer] - end + let(:issue) { create(:issue, project: project) } describe "GET #index" do + before do + sign_in(user) + project.team << [user, :developer] + end + it "returns index" do get :index, namespace_id: project.namespace.path, project_id: project.path @@ -38,6 +38,177 @@ describe Projects::IssuesController do get :index, namespace_id: project.namespace.path, project_id: project.path expect(response.status).to eq(404) end + end + + describe 'Confidential Issues' do + let(:project) { create(:project_empty_repo, :public) } + let(:assignee) { create(:assignee) } + let(:author) { create(:user) } + let(:non_member) { create(:user) } + let(:member) { create(:user) } + let(:admin) { create(:admin) } + let!(:issue) { create(:issue, project: project) } + let!(:unescaped_parameter_value) { create(:issue, :confidential, project: project, author: author) } + let!(:request_forgery_timing_attack) { create(:issue, :confidential, project: project, assignee: assignee) } + + describe 'GET #index' do + it 'should not list confidential issues for guests' do + sign_out(:user) + get_issues + + expect(assigns(:issues)).to eq [issue] + end + + it 'should not list confidential issues for non project members' do + sign_in(non_member) + get_issues + + expect(assigns(:issues)).to eq [issue] + end + + it 'should list confidential issues for author' do + sign_in(author) + get_issues + + expect(assigns(:issues)).to include unescaped_parameter_value + expect(assigns(:issues)).not_to include request_forgery_timing_attack + end + + it 'should list confidential issues for assignee' do + sign_in(assignee) + get_issues + + expect(assigns(:issues)).not_to include unescaped_parameter_value + expect(assigns(:issues)).to include request_forgery_timing_attack + end + + it 'should list confidential issues for project members' do + sign_in(member) + project.team << [member, :developer] + + get_issues + + expect(assigns(:issues)).to include unescaped_parameter_value + expect(assigns(:issues)).to include request_forgery_timing_attack + end + + it 'should list confidential issues for admin' do + sign_in(admin) + get_issues + + expect(assigns(:issues)).to include unescaped_parameter_value + expect(assigns(:issues)).to include request_forgery_timing_attack + end + + def get_issues + get :index, + namespace_id: project.namespace.to_param, + project_id: project.to_param + end + end + + shared_examples_for 'restricted action' do |http_status| + it 'returns 404 for guests' do + sign_out :user + go(id: unescaped_parameter_value.to_param) + + expect(response).to have_http_status :not_found + end + + it 'returns 404 for non project members' do + sign_in(non_member) + go(id: unescaped_parameter_value.to_param) + + expect(response).to have_http_status :not_found + end + + it "returns #{http_status[:success]} for author" do + sign_in(author) + go(id: unescaped_parameter_value.to_param) + + expect(response).to have_http_status http_status[:success] + end + + it "returns #{http_status[:success]} for assignee" do + sign_in(assignee) + go(id: request_forgery_timing_attack.to_param) + + expect(response).to have_http_status http_status[:success] + end + + it "returns #{http_status[:success]} for project members" do + sign_in(member) + project.team << [member, :developer] + go(id: unescaped_parameter_value.to_param) + + expect(response).to have_http_status http_status[:success] + end + + it "returns #{http_status[:success]} for admin" do + sign_in(admin) + go(id: unescaped_parameter_value.to_param) + + expect(response).to have_http_status http_status[:success] + end + end + + describe 'GET #show' do + it_behaves_like 'restricted action', success: 200 + + def go(id:) + get :show, + namespace_id: project.namespace.to_param, + project_id: project.to_param, + id: id + end + end + + describe 'GET #edit' do + it_behaves_like 'restricted action', success: 200 + def go(id:) + get :edit, + namespace_id: project.namespace.to_param, + project_id: project.to_param, + id: id + end + end + + describe 'PUT #update' do + it_behaves_like 'restricted action', success: 302 + + def go(id:) + put :update, + namespace_id: project.namespace.to_param, + project_id: project.to_param, + id: id, + issue: { title: 'New title' } + end + end + end + + describe "DELETE #destroy" do + context "when the user is a developer" do + before { sign_in(user) } + it "rejects a developer to destroy an issue" do + delete :destroy, namespace_id: project.namespace.path, project_id: project.path, id: issue.iid + expect(response.status).to eq(404) + end + end + + context "when the user is owner" do + let(:owner) { create(:user) } + let(:namespace) { create(:namespace, owner: owner) } + let(:project) { create(:project, namespace: namespace) } + + before { sign_in(owner) } + + it "deletes the issue" do + delete :destroy, namespace_id: project.namespace.path, project_id: project.path, id: issue.iid + + expect(response.status).to eq(302) + expect(controller).to set_flash[:notice].to(/The issue was successfully deleted\./).now + end + end end end diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb index e82fe26c7a6..c5b034dc064 100644 --- a/spec/controllers/projects/merge_requests_controller_spec.rb +++ b/spec/controllers/projects/merge_requests_controller_spec.rb @@ -157,6 +157,29 @@ describe Projects::MergeRequestsController do end end + describe "DELETE #destroy" do + it "denies access to users unless they're admin or project owner" do + delete :destroy, namespace_id: project.namespace.path, project_id: project.path, id: merge_request.iid + + expect(response.status).to eq(404) + end + + context "when the user is owner" do + let(:owner) { create(:user) } + let(:namespace) { create(:namespace, owner: owner) } + let(:project) { create(:project, namespace: namespace) } + + before { sign_in owner } + + it "deletes the merge request" do + delete :destroy, namespace_id: project.namespace.path, project_id: project.path, id: merge_request.iid + + expect(response.status).to eq(302) + expect(controller).to set_flash[:notice].to(/The merge request was successfully deleted\./).now + end + end + end + describe 'GET diffs' do def go(format: 'html') get :diffs, diff --git a/spec/controllers/projects/repositories_controller_spec.rb b/spec/controllers/projects/repositories_controller_spec.rb index 09ec4f18f9d..0ddbec9eac2 100644 --- a/spec/controllers/projects/repositories_controller_spec.rb +++ b/spec/controllers/projects/repositories_controller_spec.rb @@ -2,30 +2,41 @@ require "spec_helper" describe Projects::RepositoriesController do let(:project) { create(:project) } - let(:user) { create(:user) } describe "GET archive" do - before do - sign_in(user) - project.team << [user, :developer] - end - - it "uses Gitlab::Workhorse" do - expect(Gitlab::Workhorse).to receive(:send_git_archive).with(project, "master", "zip") + context 'as a guest' do + it 'responds with redirect in correct format' do + get :archive, namespace_id: project.namespace.path, project_id: project.path, format: "zip" - get :archive, namespace_id: project.namespace.path, project_id: project.path, ref: "master", format: "zip" + expect(response.content_type).to start_with 'text/html' + expect(response).to be_redirect + end end - context "when the service raises an error" do + context 'as a user' do + let(:user) { create(:user) } before do - allow(Gitlab::Workhorse).to receive(:send_git_archive).and_raise("Archive failed") + project.team << [user, :developer] + sign_in(user) end + it "uses Gitlab::Workhorse" do + expect(Gitlab::Workhorse).to receive(:send_git_archive).with(project, "master", "zip") - it "renders Not Found" do get :archive, namespace_id: project.namespace.path, project_id: project.path, ref: "master", format: "zip" + end + + context "when the service raises an error" do + + before do + allow(Gitlab::Workhorse).to receive(:send_git_archive).and_raise("Archive failed") + end + + it "renders Not Found" do + get :archive, namespace_id: project.namespace.path, project_id: project.path, ref: "master", format: "zip" - expect(response.status).to eq(404) + expect(response.status).to eq(404) + end end end end diff --git a/spec/controllers/projects/snippets_controller_spec.rb b/spec/controllers/projects/snippets_controller_spec.rb new file mode 100644 index 00000000000..0f32a30f18b --- /dev/null +++ b/spec/controllers/projects/snippets_controller_spec.rb @@ -0,0 +1,107 @@ +require 'spec_helper' + +describe Projects::SnippetsController do + let(:project) { create(:project_empty_repo, :public, snippets_enabled: true) } + let(:user) { create(:user) } + let(:user2) { create(:user) } + + before do + project.team << [user, :master] + project.team << [user2, :master] + end + + describe 'GET #index' do + context 'when the project snippet is private' do + let!(:project_snippet) { create(:project_snippet, :private, project: project, author: user) } + + context 'when anonymous' do + it 'does not include the private snippet' do + get :index, namespace_id: project.namespace.path, project_id: project.path + + expect(assigns(:snippets)).not_to include(project_snippet) + expect(response.status).to eq(200) + end + end + + context 'when signed in as the author' do + before { sign_in(user) } + + it 'renders the snippet' do + get :index, namespace_id: project.namespace.path, project_id: project.path + + expect(assigns(:snippets)).to include(project_snippet) + expect(response.status).to eq(200) + end + end + + context 'when signed in as a project member' do + before { sign_in(user2) } + + it 'renders the snippet' do + get :index, namespace_id: project.namespace.path, project_id: project.path + + expect(assigns(:snippets)).to include(project_snippet) + expect(response.status).to eq(200) + end + end + end + end + + %w[show raw].each do |action| + describe "GET ##{action}" do + context 'when the project snippet is private' do + let(:project_snippet) { create(:project_snippet, :private, project: project, author: user) } + + context 'when anonymous' do + it 'responds with status 404' do + get action, namespace_id: project.namespace.path, project_id: project.path, id: project_snippet.to_param + + expect(response.status).to eq(404) + end + end + + context 'when signed in as the author' do + before { sign_in(user) } + + it 'renders the snippet' do + get action, namespace_id: project.namespace.path, project_id: project.path, id: project_snippet.to_param + + expect(assigns(:snippet)).to eq(project_snippet) + expect(response.status).to eq(200) + end + end + + context 'when signed in as a project member' do + before { sign_in(user2) } + + it 'renders the snippet' do + get action, namespace_id: project.namespace.path, project_id: project.path, id: project_snippet.to_param + + expect(assigns(:snippet)).to eq(project_snippet) + expect(response.status).to eq(200) + end + end + end + + context 'when the project snippet does not exist' do + context 'when anonymous' do + it 'responds with status 404' do + get action, namespace_id: project.namespace.path, project_id: project.path, id: 42 + + expect(response.status).to eq(404) + end + end + + context 'when signed in' do + before { sign_in(user) } + + it 'responds with status 404' do + get action, namespace_id: project.namespace.path, project_id: project.path, id: 42 + + expect(response.status).to eq(404) + end + end + end + end + end +end diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index 6eee4dfe229..1893e946f5c 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -9,19 +9,6 @@ describe ProjectsController do describe "GET show" do - context "when requested by `go get`" do - render_views - - it "renders the go-import meta tag" do - get :show, "go-get" => "1", namespace_id: "bogus_namespace", id: "bogus_project" - - expect(response.body).to include("name='go-import'") - - content = "localhost/bogus_namespace/bogus_project git http://localhost/bogus_namespace/bogus_project.git" - expect(response.body).to include("content='#{content}'") - end - end - context "rendering default project view" do render_views diff --git a/spec/controllers/root_controller_spec.rb b/spec/controllers/root_controller_spec.rb index 5a104ae7c99..b14d275f7fa 100644 --- a/spec/controllers/root_controller_spec.rb +++ b/spec/controllers/root_controller_spec.rb @@ -43,6 +43,28 @@ describe RootController do end end + context 'who has customized their dashboard setting for groups' do + before do + user.update_attribute(:dashboard, 'groups') + end + + it 'redirects to their group list' do + get :index + expect(response).to redirect_to dashboard_groups_path + end + end + + context 'who has customized their dashboard setting for todos' do + before do + user.update_attribute(:dashboard, 'todos') + end + + it 'redirects to their todo list' do + get :index + expect(response).to redirect_to dashboard_todos_path + end + end + context 'who uses the default dashboard setting' do it 'renders the default dashboard' do get :index diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb index af5d043cf02..73858e6f063 100644 --- a/spec/controllers/uploads_controller_spec.rb +++ b/spec/controllers/uploads_controller_spec.rb @@ -30,7 +30,7 @@ describe UploadsController do end end end - + context "when not signed in" do it "responds with status 200" do get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png" @@ -126,14 +126,9 @@ describe UploadsController do end context "when viewing a group avatar" do - let!(:group) { create(:group, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) } - let!(:project) { create(:project, namespace: group) } - - context "when the group has public projects" do - before do - project.update_attribute(:visibility_level, Project::PUBLIC) - end + let!(:group) { create(:group, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) } + context "when the group is public" do context "when not signed in" do it "responds with status 200" do get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png" @@ -155,7 +150,11 @@ describe UploadsController do end end - context "when the project doesn't have public projects" do + context "when the group is private" do + before do + group.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PRIVATE) + end + context "when signed in" do before do sign_in(user) @@ -163,13 +162,12 @@ describe UploadsController do context "when the user has access to the project" do before do - project.team << [user, :master] + group.add_developer(user) end context "when the user is blocked" do before do user.block - project.team << [user, :master] end it "redirects to the sign in page" do diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 104a5f50143..7337ff58be1 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -41,6 +41,7 @@ describe UsersController do end describe 'GET #calendar' do + it 'renders calendar' do sign_in(user) @@ -48,6 +49,23 @@ describe UsersController do expect(response).to render_template('calendar') end + + context 'forked project' do + let!(:project) { create(:project) } + let!(:forked_project) { Projects::ForkService.new(project, user).execute } + + before do + sign_in(user) + project.team << [user, :developer] + EventCreateService.new.push(project, user, []) + EventCreateService.new.push(forked_project, user, []) + end + + it 'includes forked projects' do + get :calendar, username: user.username + expect(assigns(:contributions_calendar).projects.count).to eq(2) + end + end end describe 'GET #calendar_activities' do |