diff options
Diffstat (limited to 'spec/requests/projects/merge_requests_controller_spec.rb')
| -rw-r--r-- | spec/requests/projects/merge_requests_controller_spec.rb | 76 |
1 files changed, 53 insertions, 23 deletions
diff --git a/spec/requests/projects/merge_requests_controller_spec.rb b/spec/requests/projects/merge_requests_controller_spec.rb index f5f8b5c2d83..f441438a95a 100644 --- a/spec/requests/projects/merge_requests_controller_spec.rb +++ b/spec/requests/projects/merge_requests_controller_spec.rb @@ -8,20 +8,65 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :source_code let_it_be(:user) { merge_request.author } describe 'GET #show' do - before do - login_as(user) + let_it_be(:group) { create(:group) } + let_it_be(:user) { create(:user) } + let_it_be(:project) { create(:project, :public, group: group) } + + let(:merge_request) { create :merge_request, source_project: project, author: user } + + context 'when logged in' do + before do + login_as(user) + end + + it_behaves_like "observability csp policy", described_class do + let(:tested_path) do + project_merge_request_path(project, merge_request) + end + end + end + + context 'when the author of the merge request is banned', feature_category: :insider_threat do + let_it_be(:user) { create(:user, :banned) } + + subject { response } + + before do + get project_merge_request_path(project, merge_request) + end + + it { is_expected.to have_gitlab_http_status(:not_found) } + end + end + + describe 'GET #index' do + let_it_be(:public_project) { create(:project, :public) } + + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do + let_it_be(:current_user) { user } + + before do + sign_in current_user + end + + def request + get project_merge_requests_path(public_project), params: { scope: 'all', search: 'test' } + end end - it_behaves_like "observability csp policy", described_class do - let(:tested_path) do - project_merge_request_path(project, merge_request) + it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit_unauthenticated do + def request + get project_merge_requests_path(public_project), params: { scope: 'all', search: 'test' } end end end describe 'GET #discussions' do let_it_be(:discussion) { create(:discussion_note_on_merge_request, noteable: merge_request, project: project) } - let_it_be(:discussion_reply) { create(:discussion_note_on_merge_request, noteable: merge_request, project: project, in_reply_to: discussion) } + let_it_be(:discussion_reply) do + create(:discussion_note_on_merge_request, noteable: merge_request, project: project, in_reply_to: discussion) + end + let_it_be(:state_event) { create(:resource_state_event, merge_request: merge_request) } let_it_be(:discussion_2) { create(:discussion_note_on_merge_request, noteable: merge_request, project: project) } let_it_be(:discussion_3) { create(:diff_note_on_merge_request, noteable: merge_request, project: project) } @@ -60,22 +105,6 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :source_code expect(discussions.count).to eq(1) expect(notes).to match([a_hash_including('id' => discussion_2.id.to_s)]) end - - context 'when paginated_mr_discussions is disabled' do - before do - stub_feature_flags(paginated_mr_discussions: false) - end - - it 'returns all discussions and ignores per_page param' do - get_discussions(per_page: 2) - - discussions = Gitlab::Json.parse(response.body) - notes = discussions.flat_map { |d| d['notes'] } - - expect(discussions.count).to eq(4) - expect(notes.count).to eq(5) - end - end end end @@ -91,7 +120,8 @@ RSpec.describe Projects::MergeRequestsController, feature_category: :source_code context 'when private project' do let_it_be(:private_project) { create(:project, :private) } - it_behaves_like 'authenticates sessionless user for the request spec', 'index atom', public_resource: false, ignore_metrics: true do + it_behaves_like 'authenticates sessionless user for the request spec', 'index atom', public_resource: false, + ignore_metrics: true do let(:url) { project_merge_requests_url(private_project, format: :atom) } before do |