diff options
Diffstat (limited to 'spec/services/projects/update_service_spec.rb')
-rw-r--r-- | spec/services/projects/update_service_spec.rb | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/spec/services/projects/update_service_spec.rb b/spec/services/projects/update_service_spec.rb index 90eaea9c872..5ad30b58511 100644 --- a/spec/services/projects/update_service_spec.rb +++ b/spec/services/projects/update_service_spec.rb @@ -1,6 +1,9 @@ +# frozen_string_literal: true + require 'spec_helper' describe Projects::UpdateService do + include ExternalAuthorizationServiceHelpers include ProjectForksHelper let(:user) { create(:user) } @@ -361,6 +364,46 @@ describe Projects::UpdateService do call_service end end + + context 'with external authorization enabled' do + before do + enable_external_authorization_service_check + end + + it 'does not save the project with an error if the service denies access' do + expect(::Gitlab::ExternalAuthorization) + .to receive(:access_allowed?).with(user, 'new-label') { false } + + result = update_project(project, user, { external_authorization_classification_label: 'new-label' }) + + expect(result[:message]).to be_present + expect(result[:status]).to eq(:error) + end + + it 'saves the new label if the service allows access' do + expect(::Gitlab::ExternalAuthorization) + .to receive(:access_allowed?).with(user, 'new-label') { true } + + result = update_project(project, user, { external_authorization_classification_label: 'new-label' }) + + expect(result[:status]).to eq(:success) + expect(project.reload.external_authorization_classification_label).to eq('new-label') + end + + it 'checks the default label when the classification label was cleared' do + expect(::Gitlab::ExternalAuthorization) + .to receive(:access_allowed?).with(user, 'default_label') { true } + + update_project(project, user, { external_authorization_classification_label: '' }) + end + + it 'does not check the label when it does not change' do + expect(::Gitlab::ExternalAuthorization) + .not_to receive(:access_allowed?) + + update_project(project, user, { name: 'New name' }) + end + end end describe '#run_auto_devops_pipeline?' do @@ -397,6 +440,8 @@ describe Projects::UpdateService do context 'when auto devops is set to instance setting' do before do project.create_auto_devops!(enabled: nil) + project.reload + allow(project.auto_devops).to receive(:previous_changes).and_return('enabled' => true) end |