diff options
Diffstat (limited to 'spec/requests')
-rw-r--r-- | spec/requests/api/users_spec.rb | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 5af56aa6f75..4438d3aab82 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -2100,6 +2100,83 @@ describe API::Users do end end + describe "GET /users/:id/memberships" do + let_it_be(:user) { create(:user) } + let_it_be(:project) { create(:project) } + let_it_be(:group) { create(:group) } + let(:requesting_user) { create(:user) } + + before_all do + project.add_guest(user) + group.add_guest(user) + end + + it "responses with 403" do + get api("/users/#{user.id}/memberships", requesting_user) + + expect(response).to have_gitlab_http_status(:forbidden) + end + + context 'requested by admin user' do + let(:requesting_user) { create(:user, :admin) } + + it "responses successfully" do + get api("/users/#{user.id}/memberships", requesting_user) + + aggregate_failures 'expect successful response including groups and projects' do + expect(response).to have_gitlab_http_status(:ok) + expect(response).to match_response_schema('public_api/v4/memberships') + expect(response).to include_pagination_headers + expect(json_response).to contain_exactly( + a_hash_including('source_type' => 'Project'), + a_hash_including('source_type' => 'Namespace') + ) + end + end + + it 'does not submit N+1 DB queries' do + # Avoid setup queries + get api("/users/#{user.id}/memberships", requesting_user) + + control = ActiveRecord::QueryRecorder.new do + get api("/users/#{user.id}/memberships", requesting_user) + end + + create_list(:project, 5).map { |project| project.add_guest(user) } + + expect do + get api("/users/#{user.id}/memberships", requesting_user) + end.not_to exceed_query_limit(control) + end + + context 'with type filter' do + it "only returns project memberships" do + get api("/users/#{user.id}/memberships?type=Project", requesting_user) + + aggregate_failures do + expect(json_response).to contain_exactly(a_hash_including('source_type' => 'Project')) + expect(json_response).not_to include(a_hash_including('source_type' => 'Namespace')) + end + end + + it "only returns group memberships" do + get api("/users/#{user.id}/memberships?type=Namespace", requesting_user) + + aggregate_failures do + expect(json_response).to contain_exactly(a_hash_including('source_type' => 'Namespace')) + expect(json_response).not_to include(a_hash_including('source_type' => 'Project')) + end + end + + it "recognizes unsupported types" do + get api("/users/#{user.id}/memberships?type=foo", requesting_user) + + expect(response).to have_gitlab_http_status(:bad_request) + end + end + end + end + context "user activities", :clean_gitlab_redis_shared_state do let!(:old_active_user) { create(:user, last_activity_on: Time.utc(2000, 1, 1)) } let!(:newly_active_user) { create(:user, last_activity_on: 2.days.ago.midday) } |