7 files changed, 65 insertions, 8 deletions

diff --git a/spec/services/groups/create_service_spec.rb b/spec/services/groups/create_service_spec.rb
index 71a0b8e2a12..14717a7455d 100644
--- a/spec/services/groups/create_service_spec.rb
+++ b/spec/services/groups/create_service_spec.rb
@@ -1,11 +1,12 @@
 require 'spec_helper'
 
-describe Groups::CreateService, services: true do
-  let!(:user)         { create(:user) }
+describe Groups::CreateService, '#execute', services: true do
+  let!(:user) { create(:user) }
   let!(:group_params) { { path: "group_path", visibility_level: Gitlab::VisibilityLevel::PUBLIC } }
 
-  describe "execute" do
-    let!(:service) { described_class.new(user, group_params ) }
+  describe 'visibility level restrictions' do
+    let!(:service) { described_class.new(user, group_params) }
+
     subject { service.execute }
 
     context "create groups without restricted visibility level" do
@@ -14,7 +15,29 @@ describe Groups::CreateService, services: true do
 
     context "cannot create group with restricted visibility level" do
       before { allow_any_instance_of(ApplicationSetting).to receive(:restricted_visibility_levels).and_return([Gitlab::VisibilityLevel::PUBLIC]) }
+
       it { is_expected.not_to be_persisted }
     end
   end
+
+  describe 'creating subgroup' do
+    let!(:group) { create(:group) }
+    let!(:service) { described_class.new(user, group_params.merge(parent_id: group.id)) }
+
+    subject { service.execute }
+
+    context 'as group owner' do
+      before { group.add_owner(user) }
+
+      it { is_expected.to be_persisted }
+    end
+
+    context 'as guest' do
+      it 'does not save group and returns an error' do
+        is_expected.not_to be_persisted
+        expect(subject.errors[:parent_id].first).to eq('manage access required to create subgroup')
+        expect(subject.parent_id).to be_nil
+      end
+    end
+  end
 end
diff --git a/spec/services/issuable/bulk_update_service_spec.rb b/spec/services/issuable/bulk_update_service_spec.rb
index 5f3020b6525..0475f38fe5e 100644
--- a/spec/services/issuable/bulk_update_service_spec.rb
+++ b/spec/services/issuable/bulk_update_service_spec.rb
@@ -52,7 +52,10 @@ describe Issuable::BulkUpdateService, services: true do
 
     context 'when the new assignee ID is a valid user' do
       it 'succeeds' do
-        result = bulk_update(issue, assignee_id: create(:user).id)
+        new_assignee = create(:user)
+        project.team << [new_assignee, :developer]
+
+        result = bulk_update(issue, assignee_id: new_assignee.id)
 
         expect(result[:success]).to be_truthy
         expect(result[:count]).to eq(1)
@@ -60,15 +63,16 @@ describe Issuable::BulkUpdateService, services: true do
 
       it 'updates the assignee to the use ID passed' do
         assignee = create(:user)
+        project.team << [assignee, :developer]
 
         expect { bulk_update(issue, assignee_id: assignee.id) }
           .to change { issue.reload.assignee }.from(user).to(assignee)
       end
     end
 
-    context 'when the new assignee ID is -1' do
-      it 'unassigns the issues' do
-        expect { bulk_update(issue, assignee_id: -1) }
+    context "when the new assignee ID is #{IssuableFinder::NONE}" do
+      it "unassigns the issues" do
+        expect { bulk_update(issue, assignee_id: IssuableFinder::NONE) }
           .to change { issue.reload.assignee }.to(nil)
       end
     end
diff --git a/spec/services/issues/create_service_spec.rb b/spec/services/issues/create_service_spec.rb
index 8bde61ee336..ac3834c32ff 100644
--- a/spec/services/issues/create_service_spec.rb
+++ b/spec/services/issues/create_service_spec.rb
@@ -135,6 +135,8 @@ describe Issues::CreateService, services: true do
       end
     end
 
+    it_behaves_like 'issuable create service'
+
     it_behaves_like 'new issuable record that supports slash commands'
 
     context 'for a merge request' do
diff --git a/spec/services/issues/update_service_spec.rb b/spec/services/issues/update_service_spec.rb
index eafbea46905..d83b09fd32c 100644
--- a/spec/services/issues/update_service_spec.rb
+++ b/spec/services/issues/update_service_spec.rb
@@ -142,6 +142,17 @@ describe Issues::UpdateService, services: true do
 
         update_issue(confidential: true)
       end
+
+      it 'does not update assignee_id with unauthorized users' do
+        project.update(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+        update_issue(confidential: true)
+        non_member        = create(:user)
+        original_assignee = issue.assignee
+
+        update_issue(assignee_id: non_member.id)
+
+        expect(issue.reload.assignee_id).to eq(original_assignee.id)
+      end
     end
 
     context 'todos' do
diff --git a/spec/services/merge_requests/create_service_spec.rb b/spec/services/merge_requests/create_service_spec.rb
index b8142889075..673c0bd6c9c 100644
--- a/spec/services/merge_requests/create_service_spec.rb
+++ b/spec/services/merge_requests/create_service_spec.rb
@@ -84,6 +84,8 @@ describe MergeRequests::CreateService, services: true do
       end
     end
 
+    it_behaves_like 'issuable create service'
+
     context 'while saving references to issues that the created merge request closes' do
       let(:first_issue) { create(:issue, project: project) }
       let(:second_issue) { create(:issue, project: project) }
diff --git a/spec/services/notes/slash_commands_service_spec.rb b/spec/services/notes/slash_commands_service_spec.rb
index d1099884a02..960b5cd5e6f 100644
--- a/spec/services/notes/slash_commands_service_spec.rb
+++ b/spec/services/notes/slash_commands_service_spec.rb
@@ -5,6 +5,8 @@ describe Notes::SlashCommandsService, services: true do
     let(:project) { create(:empty_project) }
     let(:master) { create(:user).tap { |u| project.team << [u, :master] } }
     let(:assignee) { create(:user) }
+
+    before { project.team << [assignee, :master] }
   end
 
   shared_examples 'note on noteable that does not support slash commands' do
diff --git a/spec/services/projects/fork_service_spec.rb b/spec/services/projects/fork_service_spec.rb
index 64d15c0523c..8e614211116 100644
--- a/spec/services/projects/fork_service_spec.rb
+++ b/spec/services/projects/fork_service_spec.rb
@@ -5,10 +5,12 @@ describe Projects::ForkService, services: true do
     before do
       @from_namespace = create(:namespace)
       @from_user = create(:user, namespace: @from_namespace )
+      avatar = fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png")
       @from_project = create(:project,
                              creator_id: @from_user.id,
                              namespace: @from_namespace,
                              star_count: 107,
+                             avatar: avatar,
                              description: 'wow such project')
       @to_namespace = create(:namespace)
       @to_user = create(:user, namespace: @to_namespace)
@@ -36,6 +38,17 @@ describe Projects::ForkService, services: true do
         it { expect(to_project.namespace).to eq(@to_user.namespace) }
         it { expect(to_project.star_count).to be_zero }
         it { expect(to_project.description).to eq(@from_project.description) }
+        it { expect(to_project.avatar.file).to be_exists }
+
+        # This test is here because we had a bug where the from-project lost its
+        # avatar after being forked.
+        # https://gitlab.com/gitlab-org/gitlab-ce/issues/26158
+        it "after forking the from-project still has its avatar" do
+          # If we do not fork the project first we cannot detect the bug.
+          expect(to_project).to be_persisted
+
+          expect(@from_project.avatar.file).to be_exists
+        end
       end
     end