summaryrefslogtreecommitdiff
path: root/spec
diff options
context:
space:
mode:
Diffstat (limited to 'spec')
-rw-r--r--spec/controllers/projects/boards_controller_spec.rb66
1 files changed, 48 insertions, 18 deletions
diff --git a/spec/controllers/projects/boards_controller_spec.rb b/spec/controllers/projects/boards_controller_spec.rb
index 4d765229bde..509f19ed030 100644
--- a/spec/controllers/projects/boards_controller_spec.rb
+++ b/spec/controllers/projects/boards_controller_spec.rb
@@ -27,6 +27,20 @@ describe Projects::BoardsController do
expect(response).to render_template :index
expect(response.content_type).to eq 'text/html'
end
+
+ context 'with unauthorized user' do
+ before do
+ allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+ allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+ end
+
+ it 'returns a not found 404 response' do
+ list_boards
+
+ expect(response).to have_gitlab_http_status(404)
+ expect(response.content_type).to eq 'text/html'
+ end
+ end
end
context 'when format is JSON' do
@@ -40,18 +54,19 @@ describe Projects::BoardsController do
expect(response).to match_response_schema('boards')
expect(parsed_response.length).to eq 2
end
- end
- context 'with unauthorized user' do
- before do
- allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
- allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
- end
+ context 'with unauthorized user' do
+ before do
+ allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+ allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+ end
- it 'returns a not found 404 response' do
- list_boards
+ it 'returns a not found 404 response' do
+ list_boards format: :json
- expect(response).to have_gitlab_http_status(404)
+ expect(response).to have_gitlab_http_status(404)
+ expect(response.content_type).to eq 'application/json'
+ end
end
end
@@ -88,6 +103,20 @@ describe Projects::BoardsController do
expect(response).to render_template :show
expect(response.content_type).to eq 'text/html'
end
+
+ context 'with unauthorized user' do
+ before do
+ allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+ allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+ end
+
+ it 'returns a not found 404 response' do
+ read_board board: board
+
+ expect(response).to have_gitlab_http_status(404)
+ expect(response.content_type).to eq 'text/html'
+ end
+ end
end
context 'when format is JSON' do
@@ -96,18 +125,19 @@ describe Projects::BoardsController do
expect(response).to match_response_schema('board')
end
- end
- context 'with unauthorized user' do
- before do
- allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
- allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
- end
+ context 'with unauthorized user' do
+ before do
+ allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+ allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+ end
- it 'returns a not found 404 response' do
- read_board board: board
+ it 'returns a not found 404 response' do
+ read_board board: board, format: :json
- expect(response).to have_gitlab_http_status(404)
+ expect(response).to have_gitlab_http_status(404)
+ expect(response.content_type).to eq 'application/json'
+ end
end
end
View Lorry Controller Status