From 872319738757edc0483346c75a2407f7019b963f Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Thu, 5 Dec 2019 12:07:43 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- spec/lib/api/entities/release_spec.rb | 40 +++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 spec/lib/api/entities/release_spec.rb (limited to 'spec/lib/api') diff --git a/spec/lib/api/entities/release_spec.rb b/spec/lib/api/entities/release_spec.rb new file mode 100644 index 00000000000..729a69347cb --- /dev/null +++ b/spec/lib/api/entities/release_spec.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe API::Entities::Release do + let_it_be(:project) { create(:project) } + let_it_be(:release) { create(:release, :with_evidence, project: project) } + let(:user) { create(:user) } + let(:entity) { described_class.new(release, current_user: user) } + + subject { entity.as_json } + + describe 'evidence' do + context 'when the current user can download code' do + it 'exposes the evidence sha and the json path' do + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?) + .with(user, :download_code, project).and_return(true) + + expect(subject[:evidence_sha]).to eq(release.evidence_sha) + expect(subject[:assets][:evidence_file_path]).to eq( + Gitlab::Routing.url_helpers.evidence_project_release_url(project, + release.tag, + format: :json) + ) + end + end + + context 'when the current user cannot download code' do + it 'does not expose any evidence data' do + allow(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?) + .with(user, :download_code, project).and_return(false) + + expect(subject.keys).not_to include(:evidence_sha) + expect(subject[:assets].keys).not_to include(:evidence_file_path) + end + end + end +end -- cgit v1.2.1