2 files changed, 137 insertions, 4 deletions

diff --git a/spec/factories/ci/trigger_requests.rb b/spec/factories/ci/trigger_requests.rb
index db053c610cd..2c0d004d267 100644
--- a/spec/factories/ci/trigger_requests.rb
+++ b/spec/factories/ci/trigger_requests.rb
@@ -3,6 +3,8 @@
 FactoryGirl.define do
   factory :ci_trigger_request, class: Ci::TriggerRequest do
     factory :ci_trigger_request_with_variables do
+      trigger factory: :ci_trigger
+
       variables do
         {
           TRIGGER_KEY: 'TRIGGER_VALUE'
diff --git a/spec/requests/api/triggers_spec.rb b/spec/requests/api/triggers_spec.rb
index 314bd7ddc59..2a86b60bc4d 100644
--- a/spec/requests/api/triggers_spec.rb
+++ b/spec/requests/api/triggers_spec.rb
@@ -3,11 +3,19 @@ require 'spec_helper'
 describe API::API do
   include ApiHelpers
 
+  let(:user) { create(:user) }
+  let(:user2) { create(:user) }
+  let!(:trigger_token) { 'secure_token' }
+  let!(:trigger_token_2) { 'secure_token_2' }
+  let!(:project) { create(:project, creator_id: user.id) }
+  let!(:master) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) }
+  let!(:developer) { create(:project_member, user: user2, project: project, access_level: ProjectMember::DEVELOPER) }
+  let!(:trigger) { create(:ci_trigger, project: project, token: trigger_token) }
+  let!(:trigger2) { create(:ci_trigger, project: project, token: trigger_token_2) }
+  let!(:trigger_request) { create(:ci_trigger_request, trigger: trigger, created_at: '2015-01-01 12:13:14') }
+
   describe 'POST /projects/:project_id/trigger' do
-    let!(:trigger_token) { 'secure token' }
-    let!(:project) { FactoryGirl.create(:project) }
-    let!(:project2) { FactoryGirl.create(:empty_project) }
-    let!(:trigger) { FactoryGirl.create(:ci_trigger, project: project, token: trigger_token) }
+    let!(:project2) { create(:empty_project) }
     let(:options) do
       {
         token: trigger_token
@@ -77,4 +85,127 @@ describe API::API do
       end
     end
   end
+
+  describe 'GET /projects/:id/triggers' do
+    context 'authenticated user with valid permissions' do
+      it 'should return list of triggers' do
+        get api("/projects/#{project.id}/triggers", user)
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_a(Array)
+        expect(json_response[0]).to have_key('token')
+      end
+    end
+
+    context 'authenticated user with invalid permissions' do
+      it 'should not return triggers list' do
+        get api("/projects/#{project.id}/triggers", user2)
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'unauthenticated user' do
+      it 'should not return triggers list' do
+        get api("/projects/#{project.id}/triggers")
+
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+
+  describe 'GET /projects/:id/triggers/:token' do
+    context 'authenticated user with valid permissions' do
+      it 'should return trigger details' do
+        get api("/projects/#{project.id}/triggers/#{trigger.token}", user)
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_a(Hash)
+      end
+
+      it 'should respond with 404 Not Found if requesting non-existing trigger' do
+        get api("/projects/#{project.id}/triggers/abcdef012345", user)
+
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context 'authenticated user with invalid permissions' do
+      it 'should not return triggers list' do
+        get api("/projects/#{project.id}/triggers/#{trigger.token}", user2)
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'unauthenticated user' do
+      it 'should not return triggers list' do
+        get api("/projects/#{project.id}/triggers/#{trigger.token}")
+
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+
+  describe 'POST /projects/:id/triggers' do
+    context 'authenticated user with valid permissions' do
+      it 'should create trigger' do
+        expect do
+          post api("/projects/#{project.id}/triggers", user)
+        end.to change{project.triggers.count}.by(1)
+
+        expect(response.status).to eq(201)
+        expect(json_response).to be_a(Hash)
+      end
+    end
+
+    context 'authenticated user with invalid permissions' do
+      it 'should not create trigger' do
+        post api("/projects/#{project.id}/triggers", user2)
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'unauthenticated user' do
+      it 'should not create trigger' do
+        post api("/projects/#{project.id}/triggers")
+
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+
+  describe 'DELETE /projects/:id/triggers/:token' do
+    context 'authenticated user with valid permissions' do
+      it 'should delete trigger' do
+        expect do
+          delete api("/projects/#{project.id}/triggers/#{trigger.token}", user)
+        end.to change{project.triggers.count}.by(-1)
+        expect(response.status).to eq(200)
+      end
+
+      it 'should respond with 404 Not Found if requesting non-existing trigger' do
+        delete api("/projects/#{project.id}/triggers/abcdef012345", user)
+
+        expect(response.status).to eq(404)
+      end
+    end
+
+    context 'authenticated user with invalid permissions' do
+      it 'should not delete trigger' do
+        delete api("/projects/#{project.id}/triggers/#{trigger.token}", user2)
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'unauthenticated user' do
+      it 'should not delete trigger' do
+        delete api("/projects/#{project.id}/triggers/#{trigger.token}")
+
+        expect(response.status).to eq(401)
+      end
+    end
+  end
 end