diff options
Diffstat (limited to 'spec/features/projects/settings/access_tokens_spec.rb')
-rw-r--r-- | spec/features/projects/settings/access_tokens_spec.rb | 106 |
1 files changed, 104 insertions, 2 deletions
diff --git a/spec/features/projects/settings/access_tokens_spec.rb b/spec/features/projects/settings/access_tokens_spec.rb index 45fe19deb8e..8083c851bb7 100644 --- a/spec/features/projects/settings/access_tokens_spec.rb +++ b/spec/features/projects/settings/access_tokens_spec.rb @@ -5,7 +5,8 @@ require 'spec_helper' RSpec.describe 'Project > Settings > Access Tokens', :js do let_it_be(:user) { create(:user) } let_it_be(:bot_user) { create(:user, :project_bot) } - let_it_be(:project) { create(:project) } + let_it_be(:group) { create(:group) } + let_it_be(:project) { create(:project, group: group) } before_all do project.add_maintainer(user) @@ -33,6 +34,18 @@ RSpec.describe 'Project > Settings > Access Tokens', :js do find('#created-personal-access-token').value end + context 'when user is not a project maintainer' do + before do + project.add_developer(user) + end + + it 'does not show project access token page' do + visit project_settings_access_tokens_path(project) + + expect(page).to have_content("Page Not Found") + end + end + describe 'token creation' do it 'allows creation of a project access token' do name = 'My project access token' @@ -57,6 +70,81 @@ RSpec.describe 'Project > Settings > Access Tokens', :js do expect(active_project_access_tokens).to have_text('read_api') expect(created_project_access_token).not_to be_empty end + + context 'when token creation is not allowed' do + before do + group.namespace_settings.update_column(:resource_access_token_creation_allowed, false) + end + + it 'does not show project access token creation form' do + visit project_settings_access_tokens_path(project) + + expect(page).not_to have_selector('#new_project_access_token') + end + + it 'shows project access token creation disabled text' do + visit project_settings_access_tokens_path(project) + + expect(page).to have_text('Project access token creation is disabled in this group. You can still use and manage existing tokens.') + end + + context 'with a project in a personal namespace' do + let(:personal_project) { create(:project) } + + before do + personal_project.add_maintainer(user) + end + + it 'shows project access token creation form and text' do + visit project_settings_access_tokens_path(personal_project) + + expect(page).to have_selector('#new_project_access_token') + expect(page).to have_text('You can generate an access token scoped to this project for each application to use the GitLab API.') + end + end + + context 'group settings link' do + context 'when user is not a group owner' do + before do + group.add_developer(user) + end + + it 'does not show group settings link' do + visit project_settings_access_tokens_path(project) + + expect(page).not_to have_link('group settings', href: edit_group_path(group)) + end + end + + context 'with nested groups' do + let(:subgroup) { create(:group, parent: group) } + + context 'when user is not a top level group owner' do + before do + subgroup.add_owner(user) + end + + it 'does not show group settings link' do + visit project_settings_access_tokens_path(project) + + expect(page).not_to have_link('group settings', href: edit_group_path(group)) + end + end + end + + context 'when user is a group owner' do + before do + group.add_owner(user) + end + + it 'shows group settings link' do + visit project_settings_access_tokens_path(project) + + expect(page).to have_link('group settings', href: edit_group_path(group)) + end + end + end + end end describe 'active tokens' do @@ -83,11 +171,25 @@ RSpec.describe 'Project > Settings > Access Tokens', :js do end it 'removes expired tokens from active section' do - project_access_token.update(expires_at: 5.days.ago) + project_access_token.update!(expires_at: 5.days.ago) visit project_settings_access_tokens_path(project) expect(page).to have_selector('.settings-message') expect(no_project_access_tokens_message).to have_text(no_active_tokens_text) end + + context 'when resource access token creation is not allowed' do + before do + group.namespace_settings.update_column(:resource_access_token_creation_allowed, false) + end + + it 'allows revocation of an active token' do + visit project_settings_access_tokens_path(project) + accept_confirm { click_on 'Revoke' } + + expect(page).to have_selector('.settings-message') + expect(no_project_access_tokens_message).to have_text(no_active_tokens_text) + end + end end end |