1 files changed, 33 insertions, 22 deletions

diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 877bde3b9a6..2dc7be22f8f 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -16,38 +16,44 @@ describe API::Users do
       it "returns authorization error when the `username` parameter is not passed" do
         get api("/users")
 
-        expect(response).to have_http_status(403)
+        expect(response).to have_gitlab_http_status(403)
       end
 
       it "returns the user when a valid `username` parameter is passed" do
-        user = create(:user)
-
         get api("/users"), username: user.username
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(json_response).to be_an Array
         expect(json_response.size).to eq(1)
         expect(json_response[0]['id']).to eq(user.id)
         expect(json_response[0]['username']).to eq(user.username)
       end
 
-      it "returns authorization error when the `username` parameter refers to an inaccessible user" do
-        user = create(:user)
-
-        stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
-
-        get api("/users"), username: user.username
-
-        expect(response).to have_http_status(403)
-      end
-
       it "returns an empty response when an invalid `username` parameter is passed" do
         get api("/users"), username: 'invalid'
 
-        expect(response).to have_http_status(200)
+        expect(response).to have_gitlab_http_status(200)
         expect(json_response).to be_an Array
         expect(json_response.size).to eq(0)
       end
+
+      context "when public level is restricted" do
+        before do
+          stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+        end
+
+        it "returns authorization error when the `username` parameter refers to an inaccessible user" do
+          get api("/users"), username: user.username
+
+          expect(response).to have_gitlab_http_status(403)
+        end
+
+        it "returns authorization error when the `username` parameter is not passed" do
+          get api("/users")
+
+          expect(response).to have_gitlab_http_status(403)
+        end
+      end
     end
 
     context "when authenticated" do
@@ -55,17 +61,22 @@ describe API::Users do
       context "when public level is restricted" do
         before do
           stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
-          allow_any_instance_of(API::Helpers).to receive(:authenticate!).and_return(true)
         end
 
-        it "renders 403" do
-          get api("/users")
-          expect(response).to have_http_status(403)
+        context 'when authenticate as a regular user' do
+          it "renders 200" do
+            get api("/users", user)
+
+            expect(response).to have_gitlab_http_status(200)
+          end
         end
 
-        it "renders 404" do
-          get api("/users/#{user.id}")
-          expect(response).to have_http_status(404)
+        context 'when authenticate as an admin' do
+          it "renders 200" do
+            get api("/users", admin)
+
+            expect(response).to have_gitlab_http_status(200)
+          end
         end
       end