summaryrefslogtreecommitdiff
path: root/spec/requests/api/issues_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/api/issues_spec.rb')
-rw-r--r--spec/requests/api/issues_spec.rb25
1 files changed, 24 insertions, 1 deletions
diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb
index bb926172593..59e557c5b2a 100644
--- a/spec/requests/api/issues_spec.rb
+++ b/spec/requests/api/issues_spec.rb
@@ -5,6 +5,7 @@ describe API::API, api: true do
let(:user) { create(:user) }
let(:user2) { create(:user) }
let(:non_member) { create(:user) }
+ let(:guest) { create(:user) }
let(:author) { create(:author) }
let(:assignee) { create(:assignee) }
let(:admin) { create(:user, :admin) }
@@ -41,7 +42,10 @@ describe API::API, api: true do
end
let!(:note) { create(:note_on_issue, author: user, project: project, noteable: issue) }
- before { project.team << [user, :reporter] }
+ before do
+ project.team << [user, :reporter]
+ project.team << [guest, :guest]
+ end
describe "GET /issues" do
context "when unauthenticated" do
@@ -144,6 +148,14 @@ describe API::API, api: true do
expect(json_response.first['title']).to eq(issue.title)
end
+ it 'should return project issues without confidential issues for project members with guest role' do
+ get api("#{base_url}/issues", guest)
+ expect(response.status).to eq(200)
+ expect(json_response).to be_an Array
+ expect(json_response.length).to eq(2)
+ expect(json_response.first['title']).to eq(issue.title)
+ end
+
it 'should return project confidential issues for author' do
get api("#{base_url}/issues", author)
expect(response.status).to eq(200)
@@ -278,6 +290,11 @@ describe API::API, api: true do
expect(response.status).to eq(404)
end
+ it "should return 404 for project members with guest role" do
+ get api("/projects/#{project.id}/issues/#{confidential_issue.id}", guest)
+ expect(response.status).to eq(404)
+ end
+
it "should return confidential issue for project members" do
get api("/projects/#{project.id}/issues/#{confidential_issue.id}", user)
expect(response.status).to eq(200)
@@ -413,6 +430,12 @@ describe API::API, api: true do
expect(response.status).to eq(403)
end
+ it "should return 403 for project members with guest role" do
+ put api("/projects/#{project.id}/issues/#{confidential_issue.id}", guest),
+ title: 'updated title'
+ expect(response.status).to eq(403)
+ end
+
it "should update a confidential issue for project members" do
put api("/projects/#{project.id}/issues/#{confidential_issue.id}", user),
title: 'updated title'
View Lorry Controller Status