1 files changed, 42 insertions, 4 deletions

diff --git a/spec/requests/api/version_spec.rb b/spec/requests/api/version_spec.rb
index e2117ca45ee..7d81170687a 100644
--- a/spec/requests/api/version_spec.rb
+++ b/spec/requests/api/version_spec.rb
@@ -12,17 +12,55 @@ describe API::Version do
       end
     end
 
-    context 'when authenticated' do
+    context 'when authenticated as user' do
       let(:user) { create(:user) }
 
       it 'returns the version information' do
         get api('/version', user)
 
-        expect(response).to have_gitlab_http_status(200)
-        expect(json_response['version']).to eq(Gitlab::VERSION)
-        expect(json_response['revision']).to eq(Gitlab.revision)
+        expect_version
       end
     end
+
+    context 'when authenticated with token' do
+      let(:personal_access_token) { create(:personal_access_token, scopes: scopes) }
+
+      context 'with api scope' do
+        let(:scopes) { %i(api) }
+
+        it 'returns the version information' do
+          get api('/version', personal_access_token: personal_access_token)
+
+          expect_version
+        end
+      end
+
+      context 'with read_user scope' do
+        let(:scopes) { %i(read_user) }
+
+        it 'returns the version information' do
+          get api('/version', personal_access_token: personal_access_token)
+
+          expect_version
+        end
+      end
+
+      context 'with neither api nor read_user scope' do
+        let(:scopes) { %i(read_repository) }
+
+        it 'returns authorization error' do
+          get api('/version', personal_access_token: personal_access_token)
+
+          expect(response).to have_gitlab_http_status(403)
+        end
+      end
+    end
+
+    def expect_version
+      expect(response).to have_gitlab_http_status(200)
+      expect(json_response['version']).to eq(Gitlab::VERSION)
+      expect(json_response['revision']).to eq(Gitlab.revision)
+    end
   end
 
   context 'with graphql enabled' do