diff options
Diffstat (limited to 'spec/requests/api/invitations_spec.rb')
-rw-r--r-- | spec/requests/api/invitations_spec.rb | 112 |
1 files changed, 106 insertions, 6 deletions
diff --git a/spec/requests/api/invitations_spec.rb b/spec/requests/api/invitations_spec.rb index 2ea237469b1..98a7aa63b16 100644 --- a/spec/requests/api/invitations_spec.rb +++ b/spec/requests/api/invitations_spec.rb @@ -3,14 +3,14 @@ require 'spec_helper' RSpec.describe API::Invitations do - let(:maintainer) { create(:user, username: 'maintainer_user') } - let(:developer) { create(:user) } - let(:access_requester) { create(:user) } - let(:stranger) { create(:user) } + let_it_be(:maintainer) { create(:user, username: 'maintainer_user') } + let_it_be(:developer) { create(:user) } + let_it_be(:access_requester) { create(:user) } + let_it_be(:stranger) { create(:user) } let(:email) { 'email1@example.com' } let(:email2) { 'email2@example.com' } - let(:project) do + let_it_be(:project) do create(:project, :public, creator_id: maintainer.id, namespace: maintainer.namespace) do |project| project.add_developer(developer) project.add_maintainer(maintainer) @@ -18,7 +18,7 @@ RSpec.describe API::Invitations do end end - let!(:group) do + let_it_be(:group, reload: true) do create(:group, :public) do |group| group.add_developer(developer) group.add_owner(maintainer) @@ -374,4 +374,104 @@ RSpec.describe API::Invitations do let(:source) { group } end end + + shared_examples 'PUT /:source_type/:id/invitations/:email' do |source_type| + def update_api(source, user, email) + api("/#{source.model_name.plural}/#{source.id}/invitations/#{email}", user) + end + + context "with :source_type == #{source_type.pluralize}" do + let!(:invite) { invite_member_by_email(source, source_type, developer.email, maintainer) } + + it_behaves_like 'a 404 response when source is private' do + let(:route) do + put update_api(source, stranger, invite.invite_email), params: { access_level: Member::MAINTAINER } + end + end + + context 'when authenticated as a non-member or member with insufficient rights' do + %i[access_requester stranger].each do |type| + context "as a #{type}" do + it 'returns 403' do + user = public_send(type) + + put update_api(source, user, invite.invite_email), params: { access_level: Member::MAINTAINER } + + expect(response).to have_gitlab_http_status(:forbidden) + end + end + end + end + + context 'when authenticated as a maintainer/owner' do + context 'updating access level' do + it 'updates the invitation' do + put update_api(source, maintainer, invite.invite_email), params: { access_level: Member::MAINTAINER } + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['access_level']).to eq(Member::MAINTAINER) + expect(invite.reload.access_level).to eq(Member::MAINTAINER) + end + end + + it 'returns 409 if member does not exist' do + put update_api(source, maintainer, non_existing_record_id), params: { access_level: Member::MAINTAINER } + + expect(response).to have_gitlab_http_status(:not_found) + end + + it 'returns 400 when access_level is not given and there are no other params' do + put update_api(source, maintainer, invite.invite_email) + + expect(response).to have_gitlab_http_status(:bad_request) + end + + it 'returns 400 when access level is not valid' do + put update_api(source, maintainer, invite.invite_email), params: { access_level: non_existing_record_access_level } + + expect(response).to have_gitlab_http_status(:bad_request) + end + end + + context 'updating access expiry date' do + subject do + put update_api(source, maintainer, invite.invite_email), params: { expires_at: expires_at } + end + + context 'when set to a date in the past' do + let(:expires_at) { 2.days.ago.to_date } + + it 'does not update the member' do + subject + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['message']).to eq({ 'expires_at' => ['cannot be a date in the past'] }) + end + end + + context 'when set to a date in the future' do + let(:expires_at) { 2.days.from_now.to_date } + + it 'updates the member' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['expires_at']).to eq(expires_at.to_s) + end + end + end + end + end + + describe 'PUT /projects/:id/invitations' do + it_behaves_like 'PUT /:source_type/:id/invitations/:email', 'project' do + let(:source) { project } + end + end + + describe 'PUT /groups/:id/invitations' do + it_behaves_like 'PUT /:source_type/:id/invitations/:email', 'group' do + let(:source) { group } + end + end end |