diff options
Diffstat (limited to 'spec/support/shared_examples/resource_label_events_api.rb')
-rw-r--r-- | spec/support/shared_examples/resource_label_events_api.rb | 99 |
1 files changed, 77 insertions, 22 deletions
diff --git a/spec/support/shared_examples/resource_label_events_api.rb b/spec/support/shared_examples/resource_label_events_api.rb index 945cb8d9f2c..6622df78ee2 100644 --- a/spec/support/shared_examples/resource_label_events_api.rb +++ b/spec/support/shared_examples/resource_label_events_api.rb @@ -2,43 +2,98 @@ shared_examples 'resource_label_events API' do |parent_type, eventable_type, id_name| describe "GET /#{parent_type}/:id/#{eventable_type}/:noteable_id/resource_label_events" do - it "returns an array of resource label events" do - get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events", user) + context "with local label reference" do + let!(:event) { create_event(label) } - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.first['id']).to eq(event.id) - end + it "returns an array of resource label events" do + get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events", user) + + expect(response).to have_gitlab_http_status(200) + expect(response).to include_pagination_headers + expect(json_response).to be_an Array + expect(json_response.first['id']).to eq(event.id) + end + + it "returns a 404 error when eventable id not found" do + get api("/#{parent_type}/#{parent.id}/#{eventable_type}/12345/resource_label_events", user) + + expect(response).to have_gitlab_http_status(404) + end + + it "returns 404 when not authorized" do + parent.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) + private_user = create(:user) - it "returns a 404 error when eventable id not found" do - get api("/#{parent_type}/#{parent.id}/#{eventable_type}/12345/resource_label_events", user) + get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events", private_user) - expect(response).to have_gitlab_http_status(404) + expect(response).to have_gitlab_http_status(404) + end end - it "returns 404 when not authorized" do - parent.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) - private_user = create(:user) + context "with cross-project label reference" do + let(:private_project) { create(:project, :private) } + let(:project_label) { create(:label, project: private_project) } + let!(:event) { create_event(project_label) } - get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events", private_user) + it "returns cross references accessible by user" do + private_project.add_guest(user) - expect(response).to have_gitlab_http_status(404) + get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events", user) + + expect(json_response).to be_an Array + expect(json_response.first['id']).to eq(event.id) + end + + it "does not return cross references not accessible by user" do + get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events", user) + + expect(json_response).to be_an Array + expect(json_response).to eq [] + end end end describe "GET /#{parent_type}/:id/#{eventable_type}/:noteable_id/resource_label_events/:event_id" do - it "returns a resource label event by id" do - get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events/#{event.id}", user) + context "with local label reference" do + let!(:event) { create_event(label) } + + it "returns a resource label event by id" do + get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events/#{event.id}", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response['id']).to eq(event.id) + expect(response).to have_gitlab_http_status(200) + expect(json_response['id']).to eq(event.id) + end + + it "returns 404 when not authorized" do + parent.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) + private_user = create(:user) + + get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events/#{event.id}", private_user) + + expect(response).to have_gitlab_http_status(404) + end + + it "returns a 404 error if resource label event not found" do + get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events/12345", user) + + expect(response).to have_gitlab_http_status(404) + end end - it "returns a 404 error if resource label event not found" do - get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events/12345", user) + context "with cross-project label reference" do + let(:private_project) { create(:project, :private) } + let(:project_label) { create(:label, project: private_project) } + let!(:event) { create_event(project_label) } + + it "returns a 404 error if cross-reference project is not accessible" do + get api("/#{parent_type}/#{parent.id}/#{eventable_type}/#{eventable[id_name]}/resource_label_events/#{event.id}", user) - expect(response).to have_gitlab_http_status(404) + expect(response).to have_gitlab_http_status(404) + end end end + + def create_event(label) + create(:resource_label_event, eventable.class.name.underscore => eventable, label: label) + end end |