summaryrefslogtreecommitdiff
path: root/spec/requests/api/group_members_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/api/group_members_spec.rb')
-rw-r--r--spec/requests/api/group_members_spec.rb199
1 files changed, 0 insertions, 199 deletions
diff --git a/spec/requests/api/group_members_spec.rb b/spec/requests/api/group_members_spec.rb
deleted file mode 100644
index 52f9e7d4681..00000000000
--- a/spec/requests/api/group_members_spec.rb
+++ /dev/null
@@ -1,199 +0,0 @@
-require 'spec_helper'
-
-describe API::API, api: true do
- include ApiHelpers
-
- let(:owner) { create(:user) }
- let(:reporter) { create(:user) }
- let(:developer) { create(:user) }
- let(:master) { create(:user) }
- let(:guest) { create(:user) }
- let(:stranger) { create(:user) }
-
- let!(:group_with_members) do
- group = create(:group, :private)
- group.add_users([reporter.id], GroupMember::REPORTER)
- group.add_users([developer.id], GroupMember::DEVELOPER)
- group.add_users([master.id], GroupMember::MASTER)
- group.add_users([guest.id], GroupMember::GUEST)
- group
- end
-
- let!(:group_no_members) { create(:group) }
-
- before do
- group_with_members.add_owner owner
- group_no_members.add_owner owner
- end
-
- describe "GET /groups/:id/members" do
- context "when authenticated as user that is part or the group" do
- it "each user: should return an array of members groups of group3" do
- [owner, master, developer, reporter, guest].each do |user|
- get api("/groups/#{group_with_members.id}/members", user)
- expect(response).to have_http_status(200)
- expect(json_response).to be_an Array
- expect(json_response.size).to eq(5)
- expect(json_response.find { |e| e['id'] == owner.id }['access_level']).to eq(GroupMember::OWNER)
- expect(json_response.find { |e| e['id'] == reporter.id }['access_level']).to eq(GroupMember::REPORTER)
- expect(json_response.find { |e| e['id'] == developer.id }['access_level']).to eq(GroupMember::DEVELOPER)
- expect(json_response.find { |e| e['id'] == master.id }['access_level']).to eq(GroupMember::MASTER)
- expect(json_response.find { |e| e['id'] == guest.id }['access_level']).to eq(GroupMember::GUEST)
- end
- end
-
- it 'users not part of the group should get access error' do
- get api("/groups/#{group_with_members.id}/members", stranger)
-
- expect(response).to have_http_status(404)
- end
- end
- end
-
- describe "POST /groups/:id/members" do
- context "when not a member of the group" do
- it "should not add guest as member of group_no_members when adding being done by person outside the group" do
- post api("/groups/#{group_no_members.id}/members", reporter), user_id: guest.id, access_level: GroupMember::MASTER
- expect(response).to have_http_status(403)
- end
- end
-
- context "when a member of the group" do
- it "should return ok and add new member" do
- new_user = create(:user)
-
- expect do
- post api("/groups/#{group_no_members.id}/members", owner), user_id: new_user.id, access_level: GroupMember::MASTER
- end.to change { group_no_members.members.count }.by(1)
-
- expect(response).to have_http_status(201)
- expect(json_response['name']).to eq(new_user.name)
- expect(json_response['access_level']).to eq(GroupMember::MASTER)
- end
-
- it "should not allow guest to modify group members" do
- new_user = create(:user)
-
- expect do
- post api("/groups/#{group_with_members.id}/members", guest), user_id: new_user.id, access_level: GroupMember::MASTER
- end.not_to change { group_with_members.members.count }
-
- expect(response).to have_http_status(403)
- end
-
- it "should return error if member already exists" do
- post api("/groups/#{group_with_members.id}/members", owner), user_id: master.id, access_level: GroupMember::MASTER
- expect(response).to have_http_status(409)
- end
-
- it "should return a 400 error when user id is not given" do
- post api("/groups/#{group_no_members.id}/members", owner), access_level: GroupMember::MASTER
- expect(response).to have_http_status(400)
- end
-
- it "should return a 400 error when access level is not given" do
- post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id
- expect(response).to have_http_status(400)
- end
-
- it "should return a 422 error when access level is not known" do
- post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id, access_level: 1234
- expect(response).to have_http_status(422)
- end
- end
- end
-
- describe 'PUT /groups/:id/members/:user_id' do
- context 'when not a member of the group' do
- it 'should return a 409 error if the user is not a group member' do
- put(
- api("/groups/#{group_no_members.id}/members/#{developer.id}",
- owner), access_level: GroupMember::MASTER
- )
- expect(response).to have_http_status(404)
- end
- end
-
- context 'when a member of the group' do
- it 'should return ok and update member access level' do
- put(
- api("/groups/#{group_with_members.id}/members/#{reporter.id}",
- owner),
- access_level: GroupMember::MASTER
- )
-
- expect(response).to have_http_status(200)
-
- get api("/groups/#{group_with_members.id}/members", owner)
- json_reporter = json_response.find do |e|
- e['id'] == reporter.id
- end
-
- expect(json_reporter['access_level']).to eq(GroupMember::MASTER)
- end
-
- it 'should not allow guest to modify group members' do
- put(
- api("/groups/#{group_with_members.id}/members/#{developer.id}",
- guest),
- access_level: GroupMember::MASTER
- )
-
- expect(response).to have_http_status(403)
-
- get api("/groups/#{group_with_members.id}/members", owner)
- json_developer = json_response.find do |e|
- e['id'] == developer.id
- end
-
- expect(json_developer['access_level']).to eq(GroupMember::DEVELOPER)
- end
-
- it 'should return a 400 error when access level is not given' do
- put(
- api("/groups/#{group_with_members.id}/members/#{master.id}", owner)
- )
- expect(response).to have_http_status(400)
- end
-
- it 'should return a 422 error when access level is not known' do
- put(
- api("/groups/#{group_with_members.id}/members/#{master.id}", owner),
- access_level: 1234
- )
- expect(response).to have_http_status(422)
- end
- end
- end
-
- describe 'DELETE /groups/:id/members/:user_id' do
- context 'when not a member of the group' do
- it "should not delete guest's membership of group_with_members" do
- random_user = create(:user)
- delete api("/groups/#{group_with_members.id}/members/#{owner.id}", random_user)
-
- expect(response).to have_http_status(404)
- end
- end
-
- context "when a member of the group" do
- it "should delete guest's membership of group" do
- expect do
- delete api("/groups/#{group_with_members.id}/members/#{guest.id}", owner)
- end.to change { group_with_members.members.count }.by(-1)
-
- expect(response).to have_http_status(200)
- end
-
- it "should return a 404 error when user id is not known" do
- delete api("/groups/#{group_with_members.id}/members/1328", owner)
- expect(response).to have_http_status(404)
- end
-
- it "should not allow guest to modify group members" do
- delete api("/groups/#{group_with_members.id}/members/#{master.id}", guest)
- expect(response).to have_http_status(403)
- end
- end
- end
-end
View Lorry Controller Status