summaryrefslogtreecommitdiff
path: root/spec/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'spec/controllers')
-rw-r--r--spec/controllers/application_controller_spec.rb40
-rw-r--r--spec/controllers/autocomplete_controller_spec.rb2
-rw-r--r--spec/controllers/ci/projects_controller_spec.rb74
-rw-r--r--spec/controllers/commit_controller_spec.rb2
-rw-r--r--spec/controllers/groups/avatars_controller_spec.rb3
-rw-r--r--spec/controllers/groups_controller_spec.rb59
-rw-r--r--spec/controllers/namespaces_controller_spec.rb31
-rw-r--r--spec/controllers/projects/avatars_controller_spec.rb2
-rw-r--r--spec/controllers/projects/branches_controller_spec.rb96
-rw-r--r--spec/controllers/projects/compare_controller_spec.rb8
-rw-r--r--spec/controllers/projects/forks_controller_spec.rb72
-rw-r--r--spec/controllers/projects/imports_controller_spec.rb4
-rw-r--r--spec/controllers/projects/issues_controller_spec.rb185
-rw-r--r--spec/controllers/projects/merge_requests_controller_spec.rb23
-rw-r--r--spec/controllers/projects/repositories_controller_spec.rb37
-rw-r--r--spec/controllers/projects/snippets_controller_spec.rb107
-rw-r--r--spec/controllers/projects_controller_spec.rb13
-rw-r--r--spec/controllers/root_controller_spec.rb22
-rw-r--r--spec/controllers/uploads_controller_spec.rb20
-rw-r--r--spec/controllers/users_controller_spec.rb18
20 files changed, 673 insertions, 145 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 55851befc8c..186239d3096 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -30,44 +30,4 @@ describe ApplicationController do
controller.send(:check_password_expiration)
end
end
-
- describe 'check labels authorization' do
- let(:project) { create(:project) }
- let(:user) { create(:user) }
- let(:controller) { ApplicationController.new }
-
- before do
- project.team << [user, :guest]
- allow(controller).to receive(:current_user).and_return(user)
- allow(controller).to receive(:project).and_return(project)
- end
-
- it 'should succeed if issues and MRs are enabled' do
- project.issues_enabled = true
- project.merge_requests_enabled = true
- controller.send(:authorize_read_label!)
- expect(response.status).to eq(200)
- end
-
- it 'should succeed if issues are enabled, MRs are disabled' do
- project.issues_enabled = true
- project.merge_requests_enabled = false
- controller.send(:authorize_read_label!)
- expect(response.status).to eq(200)
- end
-
- it 'should succeed if issues are disabled, MRs are enabled' do
- project.issues_enabled = false
- project.merge_requests_enabled = true
- controller.send(:authorize_read_label!)
- expect(response.status).to eq(200)
- end
-
- it 'should fail if issues and MRs are disabled' do
- project.issues_enabled = false
- project.merge_requests_enabled = false
- expect(controller).to receive(:access_denied!)
- controller.send(:authorize_read_label!)
- end
- end
end
diff --git a/spec/controllers/autocomplete_controller_spec.rb b/spec/controllers/autocomplete_controller_spec.rb
index 612e344c411..f83c3b64f8f 100644
--- a/spec/controllers/autocomplete_controller_spec.rb
+++ b/spec/controllers/autocomplete_controller_spec.rb
@@ -21,7 +21,7 @@ describe AutocompleteController do
it { expect(body).to be_kind_of(Array) }
it { expect(body.size).to eq 1 }
- it { expect(body.first["username"]).to eq user.username }
+ it { expect(body.map { |u| u["username"] }).to include(user.username) }
end
describe 'GET #users with unknown project' do
diff --git a/spec/controllers/ci/projects_controller_spec.rb b/spec/controllers/ci/projects_controller_spec.rb
new file mode 100644
index 00000000000..5022a3e2c80
--- /dev/null
+++ b/spec/controllers/ci/projects_controller_spec.rb
@@ -0,0 +1,74 @@
+require 'spec_helper'
+
+describe Ci::ProjectsController do
+ let(:visibility) { :public }
+ let!(:project) { create(:project, visibility, ci_id: 1) }
+ let(:ci_id) { project.ci_id }
+
+ describe '#index' do
+ context 'user signed in' do
+ before do
+ sign_in(create(:user))
+ get(:index)
+ end
+
+ it 'redirects to /' do
+ expect(response).to redirect_to(root_path)
+ end
+ end
+
+ context 'user not signed in' do
+ before { get(:index) }
+
+ it 'redirects to sign in page' do
+ expect(response).to redirect_to(new_user_session_path)
+ end
+ end
+ end
+
+ ##
+ # Specs for *deprecated* CI badge
+ #
+ describe '#badge' do
+ shared_examples 'badge provider' do
+ it 'shows badge' do
+ expect(response.status).to eq 200
+ expect(response.headers)
+ .to include('Content-Type' => 'image/svg+xml')
+ end
+ end
+
+ context 'user not signed in' do
+ before { get(:badge, id: ci_id) }
+
+ context 'project has no ci_id reference' do
+ let(:ci_id) { 123 }
+
+ it 'returns 404' do
+ expect(response.status).to eq 404
+ end
+ end
+
+ context 'project is public' do
+ let(:visibility) { :public }
+ it_behaves_like 'badge provider'
+ end
+
+ context 'project is private' do
+ let(:visibility) { :private }
+ it_behaves_like 'badge provider'
+ end
+ end
+
+ context 'user signed in' do
+ let(:user) { create(:user) }
+ before { sign_in(user) }
+ before { get(:badge, id: ci_id) }
+
+ context 'private is internal' do
+ let(:visibility) { :internal }
+ it_behaves_like 'badge provider'
+ end
+ end
+ end
+end
diff --git a/spec/controllers/commit_controller_spec.rb b/spec/controllers/commit_controller_spec.rb
index bbe400dad88..f09e4fcb154 100644
--- a/spec/controllers/commit_controller_spec.rb
+++ b/spec/controllers/commit_controller_spec.rb
@@ -81,7 +81,7 @@ describe Projects::CommitController do
expect(response.body).to start_with("diff --git")
# without whitespace option, there are more than 2 diff_splits
- diff_splits = assigns(:diffs)[0].diff.split("\n")
+ diff_splits = assigns(:diffs).first.diff.split("\n")
expect(diff_splits.length).to be <= 2
end
end
diff --git a/spec/controllers/groups/avatars_controller_spec.rb b/spec/controllers/groups/avatars_controller_spec.rb
index 3dac134a731..91d639218e5 100644
--- a/spec/controllers/groups/avatars_controller_spec.rb
+++ b/spec/controllers/groups/avatars_controller_spec.rb
@@ -2,9 +2,10 @@ require 'spec_helper'
describe Groups::AvatarsController do
let(:user) { create(:user) }
- let(:group) { create(:group, owner: user, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
+ let(:group) { create(:group, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
before do
+ group.add_owner(user)
sign_in(user)
end
diff --git a/spec/controllers/groups_controller_spec.rb b/spec/controllers/groups_controller_spec.rb
index 938e97298b6..465531b2b36 100644
--- a/spec/controllers/groups_controller_spec.rb
+++ b/spec/controllers/groups_controller_spec.rb
@@ -1,10 +1,15 @@
require 'rails_helper'
describe GroupsController do
- describe 'GET index' do
+ let(:user) { create(:user) }
+ let(:group) { create(:group) }
+ let(:project) { create(:project, namespace: group) }
+ let!(:group_member) { create(:group_member, group: group, user: user) }
+
+ describe 'GET #index' do
context 'as a user' do
it 'redirects to Groups Dashboard' do
- sign_in(create(:user))
+ sign_in(user)
get :index
@@ -20,4 +25,54 @@ describe GroupsController do
end
end
end
+
+ describe 'GET #issues' do
+ let(:issue_1) { create(:issue, project: project) }
+ let(:issue_2) { create(:issue, project: project) }
+
+ before do
+ create_list(:upvote_note, 3, project: project, noteable: issue_2)
+ create_list(:upvote_note, 2, project: project, noteable: issue_1)
+ create_list(:downvote_note, 2, project: project, noteable: issue_2)
+
+ sign_in(user)
+ end
+
+ context 'sorting by votes' do
+ it 'sorts most popular issues' do
+ get :issues, id: group.to_param, sort: 'upvotes_desc'
+ expect(assigns(:issues)).to eq [issue_2, issue_1]
+ end
+
+ it 'sorts least popular issues' do
+ get :issues, id: group.to_param, sort: 'downvotes_desc'
+ expect(assigns(:issues)).to eq [issue_2, issue_1]
+ end
+ end
+ end
+
+ describe 'GET #merge_requests' do
+ let(:merge_request_1) { create(:merge_request, source_project: project) }
+ let(:merge_request_2) { create(:merge_request, :simple, source_project: project) }
+
+ before do
+ create_list(:upvote_note, 3, project: project, noteable: merge_request_2)
+ create_list(:upvote_note, 2, project: project, noteable: merge_request_1)
+ create_list(:downvote_note, 2, project: project, noteable: merge_request_2)
+
+ sign_in(user)
+ end
+
+ context 'sorting by votes' do
+ it 'sorts most popular merge requests' do
+ get :merge_requests, id: group.to_param, sort: 'upvotes_desc'
+ expect(assigns(:merge_requests)).to eq [merge_request_2, merge_request_1]
+ end
+
+ it 'sorts least popular merge requests' do
+ get :merge_requests, id: group.to_param, sort: 'downvotes_desc'
+ expect(assigns(:merge_requests)).to eq [merge_request_2, merge_request_1]
+ end
+ end
+ end
end
diff --git a/spec/controllers/namespaces_controller_spec.rb b/spec/controllers/namespaces_controller_spec.rb
index 77436958711..27e9afe582e 100644
--- a/spec/controllers/namespaces_controller_spec.rb
+++ b/spec/controllers/namespaces_controller_spec.rb
@@ -15,14 +15,9 @@ describe NamespacesController do
end
context "when the namespace belongs to a group" do
- let!(:group) { create(:group) }
- let!(:project) { create(:project, namespace: group) }
-
- context "when the group has public projects" do
- before do
- project.update_attribute(:visibility_level, Project::PUBLIC)
- end
+ let!(:group) { create(:group) }
+ context "when the group is public" do
context "when not signed in" do
it "redirects to the group's page" do
get :show, id: group.path
@@ -44,27 +39,31 @@ describe NamespacesController do
end
end
- context "when the project doesn't have public projects" do
+ context "when the group is private" do
+ before do
+ group.update_attribute(:visibility_level, Group::PRIVATE)
+ end
+
context "when not signed in" do
- it "does not redirect to the sign in page" do
+ it "redirects to the sign in page" do
get :show, id: group.path
- expect(response).not_to redirect_to(new_user_session_path)
+ expect(response).to redirect_to(new_user_session_path)
end
end
+
context "when signed in" do
before do
sign_in(user)
end
- context "when the user has access to the project" do
+ context "when the user has access to the group" do
before do
- project.team << [user, :master]
+ group.add_developer(user)
end
context "when the user is blocked" do
before do
user.block
- project.team << [user, :master]
end
it "redirects to the sign in page" do
@@ -83,11 +82,11 @@ describe NamespacesController do
end
end
- context "when the user doesn't have access to the project" do
- it "redirects to the group's page" do
+ context "when the user doesn't have access to the group" do
+ it "responds with status 404" do
get :show, id: group.path
- expect(response).to redirect_to(group_path(group))
+ expect(response.status).to eq(404)
end
end
end
diff --git a/spec/controllers/projects/avatars_controller_spec.rb b/spec/controllers/projects/avatars_controller_spec.rb
index e79b46a3504..4d724ca9ed0 100644
--- a/spec/controllers/projects/avatars_controller_spec.rb
+++ b/spec/controllers/projects/avatars_controller_spec.rb
@@ -6,7 +6,7 @@ describe Projects::AvatarsController do
before do
sign_in(user)
- project.team << [user, :developer]
+ project.team << [user, :master]
controller.instance_variable_set(:@project, project)
end
diff --git a/spec/controllers/projects/branches_controller_spec.rb b/spec/controllers/projects/branches_controller_spec.rb
index 8e06d4bdc77..98ae424ed7c 100644
--- a/spec/controllers/projects/branches_controller_spec.rb
+++ b/spec/controllers/projects/branches_controller_spec.rb
@@ -17,49 +17,79 @@ describe Projects::BranchesController do
describe "POST create" do
render_views
- before do
- post :create,
- namespace_id: project.namespace.to_param,
- project_id: project.to_param,
- branch_name: branch,
- ref: ref
- end
+ context "on creation of a new branch" do
+ before do
+ post :create,
+ namespace_id: project.namespace.to_param,
+ project_id: project.to_param,
+ branch_name: branch,
+ ref: ref
+ end
- context "valid branch name, valid source" do
- let(:branch) { "merge_branch" }
- let(:ref) { "master" }
- it 'redirects' do
- expect(subject).
- to redirect_to("/#{project.path_with_namespace}/tree/merge_branch")
+ context "valid branch name, valid source" do
+ let(:branch) { "merge_branch" }
+ let(:ref) { "master" }
+ it 'redirects' do
+ expect(subject).
+ to redirect_to("/#{project.path_with_namespace}/tree/merge_branch")
+ end
+ end
+
+ context "invalid branch name, valid ref" do
+ let(:branch) { "<script>alert('merge');</script>" }
+ let(:ref) { "master" }
+ it 'redirects' do
+ expect(subject).
+ to redirect_to("/#{project.path_with_namespace}/tree/alert('merge');")
+ end
+ end
+
+ context "valid branch name, invalid ref" do
+ let(:branch) { "merge_branch" }
+ let(:ref) { "<script>alert('ref');</script>" }
+ it { is_expected.to render_template('new') }
+ end
+
+ context "invalid branch name, invalid ref" do
+ let(:branch) { "<script>alert('merge');</script>" }
+ let(:ref) { "<script>alert('ref');</script>" }
+ it { is_expected.to render_template('new') }
+ end
+
+ context "valid branch name with encoded slashes" do
+ let(:branch) { "feature%2Ftest" }
+ let(:ref) { "<script>alert('ref');</script>" }
+ it { is_expected.to render_template('new') }
+ it { project.repository.branch_names.include?('feature/test') }
end
end
- context "invalid branch name, valid ref" do
- let(:branch) { "<script>alert('merge');</script>" }
- let(:ref) { "master" }
+ describe "created from the new branch button on issues" do
+ let(:branch) { "1-feature-branch" }
+ let!(:issue) { create(:issue, project: project) }
+
+
it 'redirects' do
+ post :create,
+ namespace_id: project.namespace.to_param,
+ project_id: project.to_param,
+ branch_name: branch,
+ issue_iid: issue.iid
+
expect(subject).
- to redirect_to("/#{project.path_with_namespace}/tree/alert('merge');")
+ to redirect_to("/#{project.path_with_namespace}/tree/1-feature-branch")
end
- end
- context "valid branch name, invalid ref" do
- let(:branch) { "merge_branch" }
- let(:ref) { "<script>alert('ref');</script>" }
- it { is_expected.to render_template('new') }
- end
+ it 'posts a system note' do
+ expect(SystemNoteService).to receive(:new_issue_branch).with(issue, project, user, "1-feature-branch")
- context "invalid branch name, invalid ref" do
- let(:branch) { "<script>alert('merge');</script>" }
- let(:ref) { "<script>alert('ref');</script>" }
- it { is_expected.to render_template('new') }
- end
+ post :create,
+ namespace_id: project.namespace.to_param,
+ project_id: project.to_param,
+ branch_name: branch,
+ issue_iid: issue.iid
+ end
- context "valid branch name with encoded slashes" do
- let(:branch) { "feature%2Ftest" }
- let(:ref) { "<script>alert('ref');</script>" }
- it { is_expected.to render_template('new') }
- it { project.repository.branch_names.include?('feature/test')}
end
end
diff --git a/spec/controllers/projects/compare_controller_spec.rb b/spec/controllers/projects/compare_controller_spec.rb
index be19f1abc53..788a609ee40 100644
--- a/spec/controllers/projects/compare_controller_spec.rb
+++ b/spec/controllers/projects/compare_controller_spec.rb
@@ -19,7 +19,7 @@ describe Projects::CompareController do
to: ref_to)
expect(response).to be_success
- expect(assigns(:diffs).length).to be >= 1
+ expect(assigns(:diffs).first).to_not be_nil
expect(assigns(:commits).length).to be >= 1
end
@@ -32,10 +32,10 @@ describe Projects::CompareController do
w: 1)
expect(response).to be_success
- expect(assigns(:diffs).length).to be >= 1
+ expect(assigns(:diffs).first).to_not be_nil
expect(assigns(:commits).length).to be >= 1
# without whitespace option, there are more than 2 diff_splits
- diff_splits = assigns(:diffs)[0].diff.split("\n")
+ diff_splits = assigns(:diffs).first.diff.split("\n")
expect(diff_splits.length).to be <= 2
end
@@ -48,7 +48,7 @@ describe Projects::CompareController do
to: ref_to)
expect(response).to be_success
- expect(assigns(:diffs)).to eq([])
+ expect(assigns(:diffs).to_a).to eq([])
expect(assigns(:commits)).to eq([])
end
diff --git a/spec/controllers/projects/forks_controller_spec.rb b/spec/controllers/projects/forks_controller_spec.rb
new file mode 100644
index 00000000000..70ed8f3a62e
--- /dev/null
+++ b/spec/controllers/projects/forks_controller_spec.rb
@@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe Projects::ForksController do
+ let(:user) { create(:user) }
+ let(:project) { create(:project, :public) }
+ let(:forked_project) { Projects::ForkService.new(project, user).execute }
+ let(:group) { create(:group, owner: forked_project.creator) }
+
+ describe 'GET index' do
+ def get_forks
+ get :index,
+ namespace_id: project.namespace.to_param,
+ project_id: project.to_param
+ end
+
+ context 'when fork is public' do
+ before { forked_project.update_attribute(:visibility_level, Project::PUBLIC) }
+
+ it 'should be visible for non logged in users' do
+ get_forks
+
+ expect(assigns[:forks]).to be_present
+ end
+ end
+
+ context 'when fork is private' do
+ before do
+ forked_project.update_attributes(visibility_level: Project::PRIVATE, group: group)
+ end
+
+ it 'should not be visible for non logged in users' do
+ get_forks
+
+ expect(assigns[:forks]).to be_blank
+ end
+
+ context 'when user is logged in' do
+ before { sign_in(project.creator) }
+
+ context 'when user is not a Project member neither a group member' do
+ it 'should not see the Project listed' do
+ get_forks
+
+ expect(assigns[:forks]).to be_blank
+ end
+ end
+
+ context 'when user is a member of the Project' do
+ before { forked_project.team << [project.creator, :developer] }
+
+ it 'should see the project listed' do
+ get_forks
+
+ expect(assigns[:forks]).to be_present
+ end
+ end
+
+ context 'when user is a member of the Group' do
+ before { forked_project.group.add_developer(project.creator) }
+
+ it 'should see the project listed' do
+ get_forks
+
+ expect(assigns[:forks]).to be_present
+ end
+ end
+
+ end
+ end
+ end
+
+end
diff --git a/spec/controllers/projects/imports_controller_spec.rb b/spec/controllers/projects/imports_controller_spec.rb
index 0147bd2b953..2acbba469e3 100644
--- a/spec/controllers/projects/imports_controller_spec.rb
+++ b/spec/controllers/projects/imports_controller_spec.rb
@@ -19,7 +19,7 @@ describe Projects::ImportsController do
end
it 'sets flash.now if params is present' do
- get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { notice_now: 'Started' }
+ get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { to: '/', notice_now: 'Started' }
expect(flash.now[:notice]).to eq 'Started'
end
@@ -45,7 +45,7 @@ describe Projects::ImportsController do
end
it 'sets flash.now if params is present' do
- get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { notice_now: 'In progress' }
+ get :show, namespace_id: project.namespace.to_param, project_id: project.to_param, continue: { to: '/', notice_now: 'In progress' }
expect(flash.now[:notice]).to eq 'In progress'
end
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb
index 76d56bc989d..d6e4cd71ce6 100644
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@@ -1,16 +1,16 @@
require('spec_helper')
describe Projects::IssuesController do
- let(:project) { create(:project) }
+ let(:project) { create(:project_empty_repo) }
let(:user) { create(:user) }
- let(:issue) { create(:issue, project: project) }
-
- before do
- sign_in(user)
- project.team << [user, :developer]
- end
+ let(:issue) { create(:issue, project: project) }
describe "GET #index" do
+ before do
+ sign_in(user)
+ project.team << [user, :developer]
+ end
+
it "returns index" do
get :index, namespace_id: project.namespace.path, project_id: project.path
@@ -38,6 +38,177 @@ describe Projects::IssuesController do
get :index, namespace_id: project.namespace.path, project_id: project.path
expect(response.status).to eq(404)
end
+ end
+
+ describe 'Confidential Issues' do
+ let(:project) { create(:project_empty_repo, :public) }
+ let(:assignee) { create(:assignee) }
+ let(:author) { create(:user) }
+ let(:non_member) { create(:user) }
+ let(:member) { create(:user) }
+ let(:admin) { create(:admin) }
+ let!(:issue) { create(:issue, project: project) }
+ let!(:unescaped_parameter_value) { create(:issue, :confidential, project: project, author: author) }
+ let!(:request_forgery_timing_attack) { create(:issue, :confidential, project: project, assignee: assignee) }
+
+ describe 'GET #index' do
+ it 'should not list confidential issues for guests' do
+ sign_out(:user)
+ get_issues
+
+ expect(assigns(:issues)).to eq [issue]
+ end
+
+ it 'should not list confidential issues for non project members' do
+ sign_in(non_member)
+ get_issues
+
+ expect(assigns(:issues)).to eq [issue]
+ end
+
+ it 'should list confidential issues for author' do
+ sign_in(author)
+ get_issues
+
+ expect(assigns(:issues)).to include unescaped_parameter_value
+ expect(assigns(:issues)).not_to include request_forgery_timing_attack
+ end
+
+ it 'should list confidential issues for assignee' do
+ sign_in(assignee)
+ get_issues
+
+ expect(assigns(:issues)).not_to include unescaped_parameter_value
+ expect(assigns(:issues)).to include request_forgery_timing_attack
+ end
+
+ it 'should list confidential issues for project members' do
+ sign_in(member)
+ project.team << [member, :developer]
+
+ get_issues
+
+ expect(assigns(:issues)).to include unescaped_parameter_value
+ expect(assigns(:issues)).to include request_forgery_timing_attack
+ end
+
+ it 'should list confidential issues for admin' do
+ sign_in(admin)
+ get_issues
+
+ expect(assigns(:issues)).to include unescaped_parameter_value
+ expect(assigns(:issues)).to include request_forgery_timing_attack
+ end
+
+ def get_issues
+ get :index,
+ namespace_id: project.namespace.to_param,
+ project_id: project.to_param
+ end
+ end
+
+ shared_examples_for 'restricted action' do |http_status|
+ it 'returns 404 for guests' do
+ sign_out :user
+ go(id: unescaped_parameter_value.to_param)
+
+ expect(response).to have_http_status :not_found
+ end
+
+ it 'returns 404 for non project members' do
+ sign_in(non_member)
+ go(id: unescaped_parameter_value.to_param)
+
+ expect(response).to have_http_status :not_found
+ end
+
+ it "returns #{http_status[:success]} for author" do
+ sign_in(author)
+ go(id: unescaped_parameter_value.to_param)
+
+ expect(response).to have_http_status http_status[:success]
+ end
+
+ it "returns #{http_status[:success]} for assignee" do
+ sign_in(assignee)
+ go(id: request_forgery_timing_attack.to_param)
+
+ expect(response).to have_http_status http_status[:success]
+ end
+
+ it "returns #{http_status[:success]} for project members" do
+ sign_in(member)
+ project.team << [member, :developer]
+ go(id: unescaped_parameter_value.to_param)
+
+ expect(response).to have_http_status http_status[:success]
+ end
+
+ it "returns #{http_status[:success]} for admin" do
+ sign_in(admin)
+ go(id: unescaped_parameter_value.to_param)
+
+ expect(response).to have_http_status http_status[:success]
+ end
+ end
+
+ describe 'GET #show' do
+ it_behaves_like 'restricted action', success: 200
+
+ def go(id:)
+ get :show,
+ namespace_id: project.namespace.to_param,
+ project_id: project.to_param,
+ id: id
+ end
+ end
+
+ describe 'GET #edit' do
+ it_behaves_like 'restricted action', success: 200
+ def go(id:)
+ get :edit,
+ namespace_id: project.namespace.to_param,
+ project_id: project.to_param,
+ id: id
+ end
+ end
+
+ describe 'PUT #update' do
+ it_behaves_like 'restricted action', success: 302
+
+ def go(id:)
+ put :update,
+ namespace_id: project.namespace.to_param,
+ project_id: project.to_param,
+ id: id,
+ issue: { title: 'New title' }
+ end
+ end
+ end
+
+ describe "DELETE #destroy" do
+ context "when the user is a developer" do
+ before { sign_in(user) }
+ it "rejects a developer to destroy an issue" do
+ delete :destroy, namespace_id: project.namespace.path, project_id: project.path, id: issue.iid
+ expect(response.status).to eq(404)
+ end
+ end
+
+ context "when the user is owner" do
+ let(:owner) { create(:user) }
+ let(:namespace) { create(:namespace, owner: owner) }
+ let(:project) { create(:project, namespace: namespace) }
+
+ before { sign_in(owner) }
+
+ it "deletes the issue" do
+ delete :destroy, namespace_id: project.namespace.path, project_id: project.path, id: issue.iid
+
+ expect(response.status).to eq(302)
+ expect(controller).to set_flash[:notice].to(/The issue was successfully deleted\./).now
+ end
+ end
end
end
diff --git a/spec/controllers/projects/merge_requests_controller_spec.rb b/spec/controllers/projects/merge_requests_controller_spec.rb
index e82fe26c7a6..c5b034dc064 100644
--- a/spec/controllers/projects/merge_requests_controller_spec.rb
+++ b/spec/controllers/projects/merge_requests_controller_spec.rb
@@ -157,6 +157,29 @@ describe Projects::MergeRequestsController do
end
end
+ describe "DELETE #destroy" do
+ it "denies access to users unless they're admin or project owner" do
+ delete :destroy, namespace_id: project.namespace.path, project_id: project.path, id: merge_request.iid
+
+ expect(response.status).to eq(404)
+ end
+
+ context "when the user is owner" do
+ let(:owner) { create(:user) }
+ let(:namespace) { create(:namespace, owner: owner) }
+ let(:project) { create(:project, namespace: namespace) }
+
+ before { sign_in owner }
+
+ it "deletes the merge request" do
+ delete :destroy, namespace_id: project.namespace.path, project_id: project.path, id: merge_request.iid
+
+ expect(response.status).to eq(302)
+ expect(controller).to set_flash[:notice].to(/The merge request was successfully deleted\./).now
+ end
+ end
+ end
+
describe 'GET diffs' do
def go(format: 'html')
get :diffs,
diff --git a/spec/controllers/projects/repositories_controller_spec.rb b/spec/controllers/projects/repositories_controller_spec.rb
index 09ec4f18f9d..0ddbec9eac2 100644
--- a/spec/controllers/projects/repositories_controller_spec.rb
+++ b/spec/controllers/projects/repositories_controller_spec.rb
@@ -2,30 +2,41 @@ require "spec_helper"
describe Projects::RepositoriesController do
let(:project) { create(:project) }
- let(:user) { create(:user) }
describe "GET archive" do
- before do
- sign_in(user)
- project.team << [user, :developer]
- end
-
- it "uses Gitlab::Workhorse" do
- expect(Gitlab::Workhorse).to receive(:send_git_archive).with(project, "master", "zip")
+ context 'as a guest' do
+ it 'responds with redirect in correct format' do
+ get :archive, namespace_id: project.namespace.path, project_id: project.path, format: "zip"
- get :archive, namespace_id: project.namespace.path, project_id: project.path, ref: "master", format: "zip"
+ expect(response.content_type).to start_with 'text/html'
+ expect(response).to be_redirect
+ end
end
- context "when the service raises an error" do
+ context 'as a user' do
+ let(:user) { create(:user) }
before do
- allow(Gitlab::Workhorse).to receive(:send_git_archive).and_raise("Archive failed")
+ project.team << [user, :developer]
+ sign_in(user)
end
+ it "uses Gitlab::Workhorse" do
+ expect(Gitlab::Workhorse).to receive(:send_git_archive).with(project, "master", "zip")
- it "renders Not Found" do
get :archive, namespace_id: project.namespace.path, project_id: project.path, ref: "master", format: "zip"
+ end
+
+ context "when the service raises an error" do
+
+ before do
+ allow(Gitlab::Workhorse).to receive(:send_git_archive).and_raise("Archive failed")
+ end
+
+ it "renders Not Found" do
+ get :archive, namespace_id: project.namespace.path, project_id: project.path, ref: "master", format: "zip"
- expect(response.status).to eq(404)
+ expect(response.status).to eq(404)
+ end
end
end
end
diff --git a/spec/controllers/projects/snippets_controller_spec.rb b/spec/controllers/projects/snippets_controller_spec.rb
new file mode 100644
index 00000000000..0f32a30f18b
--- /dev/null
+++ b/spec/controllers/projects/snippets_controller_spec.rb
@@ -0,0 +1,107 @@
+require 'spec_helper'
+
+describe Projects::SnippetsController do
+ let(:project) { create(:project_empty_repo, :public, snippets_enabled: true) }
+ let(:user) { create(:user) }
+ let(:user2) { create(:user) }
+
+ before do
+ project.team << [user, :master]
+ project.team << [user2, :master]
+ end
+
+ describe 'GET #index' do
+ context 'when the project snippet is private' do
+ let!(:project_snippet) { create(:project_snippet, :private, project: project, author: user) }
+
+ context 'when anonymous' do
+ it 'does not include the private snippet' do
+ get :index, namespace_id: project.namespace.path, project_id: project.path
+
+ expect(assigns(:snippets)).not_to include(project_snippet)
+ expect(response.status).to eq(200)
+ end
+ end
+
+ context 'when signed in as the author' do
+ before { sign_in(user) }
+
+ it 'renders the snippet' do
+ get :index, namespace_id: project.namespace.path, project_id: project.path
+
+ expect(assigns(:snippets)).to include(project_snippet)
+ expect(response.status).to eq(200)
+ end
+ end
+
+ context 'when signed in as a project member' do
+ before { sign_in(user2) }
+
+ it 'renders the snippet' do
+ get :index, namespace_id: project.namespace.path, project_id: project.path
+
+ expect(assigns(:snippets)).to include(project_snippet)
+ expect(response.status).to eq(200)
+ end
+ end
+ end
+ end
+
+ %w[show raw].each do |action|
+ describe "GET ##{action}" do
+ context 'when the project snippet is private' do
+ let(:project_snippet) { create(:project_snippet, :private, project: project, author: user) }
+
+ context 'when anonymous' do
+ it 'responds with status 404' do
+ get action, namespace_id: project.namespace.path, project_id: project.path, id: project_snippet.to_param
+
+ expect(response.status).to eq(404)
+ end
+ end
+
+ context 'when signed in as the author' do
+ before { sign_in(user) }
+
+ it 'renders the snippet' do
+ get action, namespace_id: project.namespace.path, project_id: project.path, id: project_snippet.to_param
+
+ expect(assigns(:snippet)).to eq(project_snippet)
+ expect(response.status).to eq(200)
+ end
+ end
+
+ context 'when signed in as a project member' do
+ before { sign_in(user2) }
+
+ it 'renders the snippet' do
+ get action, namespace_id: project.namespace.path, project_id: project.path, id: project_snippet.to_param
+
+ expect(assigns(:snippet)).to eq(project_snippet)
+ expect(response.status).to eq(200)
+ end
+ end
+ end
+
+ context 'when the project snippet does not exist' do
+ context 'when anonymous' do
+ it 'responds with status 404' do
+ get action, namespace_id: project.namespace.path, project_id: project.path, id: 42
+
+ expect(response.status).to eq(404)
+ end
+ end
+
+ context 'when signed in' do
+ before { sign_in(user) }
+
+ it 'responds with status 404' do
+ get action, namespace_id: project.namespace.path, project_id: project.path, id: 42
+
+ expect(response.status).to eq(404)
+ end
+ end
+ end
+ end
+ end
+end
diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb
index 6eee4dfe229..1893e946f5c 100644
--- a/spec/controllers/projects_controller_spec.rb
+++ b/spec/controllers/projects_controller_spec.rb
@@ -9,19 +9,6 @@ describe ProjectsController do
describe "GET show" do
- context "when requested by `go get`" do
- render_views
-
- it "renders the go-import meta tag" do
- get :show, "go-get" => "1", namespace_id: "bogus_namespace", id: "bogus_project"
-
- expect(response.body).to include("name='go-import'")
-
- content = "localhost/bogus_namespace/bogus_project git http://localhost/bogus_namespace/bogus_project.git"
- expect(response.body).to include("content='#{content}'")
- end
- end
-
context "rendering default project view" do
render_views
diff --git a/spec/controllers/root_controller_spec.rb b/spec/controllers/root_controller_spec.rb
index 5a104ae7c99..b14d275f7fa 100644
--- a/spec/controllers/root_controller_spec.rb
+++ b/spec/controllers/root_controller_spec.rb
@@ -43,6 +43,28 @@ describe RootController do
end
end
+ context 'who has customized their dashboard setting for groups' do
+ before do
+ user.update_attribute(:dashboard, 'groups')
+ end
+
+ it 'redirects to their group list' do
+ get :index
+ expect(response).to redirect_to dashboard_groups_path
+ end
+ end
+
+ context 'who has customized their dashboard setting for todos' do
+ before do
+ user.update_attribute(:dashboard, 'todos')
+ end
+
+ it 'redirects to their todo list' do
+ get :index
+ expect(response).to redirect_to dashboard_todos_path
+ end
+ end
+
context 'who uses the default dashboard setting' do
it 'renders the default dashboard' do
get :index
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index af5d043cf02..73858e6f063 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -30,7 +30,7 @@ describe UploadsController do
end
end
end
-
+
context "when not signed in" do
it "responds with status 200" do
get :show, model: "user", mounted_as: "avatar", id: user.id, filename: "image.png"
@@ -126,14 +126,9 @@ describe UploadsController do
end
context "when viewing a group avatar" do
- let!(:group) { create(:group, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
- let!(:project) { create(:project, namespace: group) }
-
- context "when the group has public projects" do
- before do
- project.update_attribute(:visibility_level, Project::PUBLIC)
- end
+ let!(:group) { create(:group, avatar: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")) }
+ context "when the group is public" do
context "when not signed in" do
it "responds with status 200" do
get :show, model: "group", mounted_as: "avatar", id: group.id, filename: "image.png"
@@ -155,7 +150,11 @@ describe UploadsController do
end
end
- context "when the project doesn't have public projects" do
+ context "when the group is private" do
+ before do
+ group.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PRIVATE)
+ end
+
context "when signed in" do
before do
sign_in(user)
@@ -163,13 +162,12 @@ describe UploadsController do
context "when the user has access to the project" do
before do
- project.team << [user, :master]
+ group.add_developer(user)
end
context "when the user is blocked" do
before do
user.block
- project.team << [user, :master]
end
it "redirects to the sign in page" do
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 104a5f50143..7337ff58be1 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -41,6 +41,7 @@ describe UsersController do
end
describe 'GET #calendar' do
+
it 'renders calendar' do
sign_in(user)
@@ -48,6 +49,23 @@ describe UsersController do
expect(response).to render_template('calendar')
end
+
+ context 'forked project' do
+ let!(:project) { create(:project) }
+ let!(:forked_project) { Projects::ForkService.new(project, user).execute }
+
+ before do
+ sign_in(user)
+ project.team << [user, :developer]
+ EventCreateService.new.push(project, user, [])
+ EventCreateService.new.push(forked_project, user, [])
+ end
+
+ it 'includes forked projects' do
+ get :calendar, username: user.username
+ expect(assigns(:contributions_calendar).projects.count).to eq(2)
+ end
+ end
end
describe 'GET #calendar_activities' do
View Lorry Controller Status