summaryrefslogtreecommitdiff
path: root/spec/services/personal_access_tokens/create_service_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/services/personal_access_tokens/create_service_spec.rb')
-rw-r--r--spec/services/personal_access_tokens/create_service_spec.rb66
1 files changed, 52 insertions, 14 deletions
diff --git a/spec/services/personal_access_tokens/create_service_spec.rb b/spec/services/personal_access_tokens/create_service_spec.rb
index 475ade95948..842bebd13a1 100644
--- a/spec/services/personal_access_tokens/create_service_spec.rb
+++ b/spec/services/personal_access_tokens/create_service_spec.rb
@@ -3,21 +3,59 @@
require 'spec_helper'
RSpec.describe PersonalAccessTokens::CreateService do
+ shared_examples_for 'a successfully created token' do
+ it 'creates personal access token record' do
+ expect(subject.success?).to be true
+ expect(token.name).to eq(params[:name])
+ expect(token.impersonation).to eq(params[:impersonation])
+ expect(token.scopes).to eq(params[:scopes])
+ expect(token.expires_at).to eq(params[:expires_at])
+ expect(token.user).to eq(user)
+ end
+
+ it 'logs the event' do
+ expect(Gitlab::AppLogger).to receive(:info).with(/PAT CREATION: created_by: '#{current_user.username}', created_for: '#{user.username}', token_id: '\d+'/)
+
+ subject
+ end
+ end
+
+ shared_examples_for 'an unsuccessfully created token' do
+ it { expect(subject.success?).to be false }
+ it { expect(subject.message).to eq('Not permitted to create') }
+ it { expect(token).to be_nil }
+ end
+
describe '#execute' do
- context 'with valid params' do
- it 'creates personal access token record' do
- user = create(:user)
- params = { name: 'Test token', impersonation: true, scopes: [:api], expires_at: Date.today + 1.month }
-
- response = described_class.new(user, params).execute
- personal_access_token = response.payload[:personal_access_token]
-
- expect(response.success?).to be true
- expect(personal_access_token.name).to eq(params[:name])
- expect(personal_access_token.impersonation).to eq(params[:impersonation])
- expect(personal_access_token.scopes).to eq(params[:scopes])
- expect(personal_access_token.expires_at).to eq(params[:expires_at])
- expect(personal_access_token.user).to eq(user)
+ subject { service.execute }
+
+ let(:current_user) { create(:user) }
+ let(:user) { create(:user) }
+ let(:params) { { name: 'Test token', impersonation: false, scopes: [:api], expires_at: Date.today + 1.month } }
+ let(:service) { described_class.new(current_user: current_user, target_user: user, params: params) }
+ let(:token) { subject.payload[:personal_access_token] }
+
+ context 'when current_user is an administrator' do
+ let(:current_user) { create(:admin) }
+
+ context 'when admin mode is enabled', :enable_admin_mode do
+ it_behaves_like 'a successfully created token'
+ end
+
+ context 'when admin mode is disabled' do
+ it_behaves_like 'an unsuccessfully created token'
+ end
+ end
+
+ context 'when current_user is not an administrator' do
+ context 'target_user is not the same as current_user' do
+ it_behaves_like 'an unsuccessfully created token'
+ end
+
+ context 'target_user is same as current_user' do
+ let(:current_user) { user }
+
+ it_behaves_like 'a successfully created token'
end
end
end
View Lorry Controller Status