summaryrefslogtreecommitdiff
path: root/spec/requests/api/users_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/api/users_spec.rb')
-rw-r--r--spec/requests/api/users_spec.rb84
1 files changed, 71 insertions, 13 deletions
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 1a6e7716b2f..9e317f3a7e9 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -1,6 +1,6 @@
require 'spec_helper'
-describe API::API, api: true do
+describe API::Users, api: true do
include ApiHelpers
let(:user) { create(:user) }
@@ -651,20 +651,78 @@ describe API::API, api: true do
end
describe "GET /user" do
- it "returns current user" do
- get api("/user", user)
- expect(response).to have_http_status(200)
- expect(json_response['email']).to eq(user.email)
- expect(json_response['is_admin']).to eq(user.is_admin?)
- expect(json_response['can_create_project']).to eq(user.can_create_project?)
- expect(json_response['can_create_group']).to eq(user.can_create_group?)
- expect(json_response['projects_limit']).to eq(user.projects_limit)
- expect(json_response['private_token']).to be_blank
+ let(:personal_access_token) { create(:personal_access_token, user: user).token }
+
+ context 'with regular user' do
+ context 'with personal access token' do
+ it 'returns 403 without private token when sudo is defined' do
+ get api("/user?private_token=#{personal_access_token}&sudo=123")
+
+ expect(response).to have_http_status(403)
+ end
+ end
+
+ context 'with private token' do
+ it 'returns 403 without private token when sudo defined' do
+ get api("/user?private_token=#{user.private_token}&sudo=123")
+
+ expect(response).to have_http_status(403)
+ end
+ end
+
+ it 'returns current user without private token when sudo not defined' do
+ get api("/user", user)
+
+ expect(response).to have_http_status(200)
+ expect(response).to match_response_schema('user/public')
+ expect(json_response['id']).to eq(user.id)
+ end
end
- it "returns 401 error if user is unauthenticated" do
- get api("/user")
- expect(response).to have_http_status(401)
+ context 'with admin' do
+ let(:admin_personal_access_token) { create(:personal_access_token, user: admin).token }
+
+ context 'with personal access token' do
+ it 'returns 403 without private token when sudo defined' do
+ get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}")
+
+ expect(response).to have_http_status(403)
+ end
+
+ it 'returns initial current user without private token when sudo not defined' do
+ get api("/user?private_token=#{admin_personal_access_token}")
+
+ expect(response).to have_http_status(200)
+ expect(response).to match_response_schema('user/public')
+ expect(json_response['id']).to eq(admin.id)
+ end
+ end
+
+ context 'with private token' do
+ it 'returns sudoed user with private token when sudo defined' do
+ get api("/user?private_token=#{admin.private_token}&sudo=#{user.id}")
+
+ expect(response).to have_http_status(200)
+ expect(response).to match_response_schema('user/login')
+ expect(json_response['id']).to eq(user.id)
+ end
+
+ it 'returns initial current user without private token when sudo not defined' do
+ get api("/user?private_token=#{admin.private_token}")
+
+ expect(response).to have_http_status(200)
+ expect(response).to match_response_schema('user/public')
+ expect(json_response['id']).to eq(admin.id)
+ end
+ end
+ end
+
+ context 'with unauthenticated user' do
+ it "returns 401 error if user is unauthenticated" do
+ get api("/user")
+
+ expect(response).to have_http_status(401)
+ end
end
end
View Lorry Controller Status