From e12f099f39ef8fb81f9b91612f8b35aefba7347c Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 3 Dec 2021 10:05:41 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@14-5-stable-ee --- spec/requests/api/lint_spec.rb | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'spec/requests') diff --git a/spec/requests/api/lint_spec.rb b/spec/requests/api/lint_spec.rb index ac30da99afe..0e83b964121 100644 --- a/spec/requests/api/lint_spec.rb +++ b/spec/requests/api/lint_spec.rb @@ -26,6 +26,35 @@ RSpec.describe API::Lint do expect(response).to have_gitlab_http_status(:ok) end end + + context 'when authenticated as external user' do + let(:project) { create(:project) } + let(:api_user) { create(:user, :external) } + + context 'when reporter in a project' do + before do + project.add_reporter(api_user) + end + + it 'returns authorization failure' do + post api('/ci/lint', api_user), params: { content: 'content' } + + expect(response).to have_gitlab_http_status(:unauthorized) + end + end + + context 'when developer in a project' do + before do + project.add_developer(api_user) + end + + it 'returns authorization success' do + post api('/ci/lint', api_user), params: { content: 'content' } + + expect(response).to have_gitlab_http_status(:ok) + end + end + end end context 'when signup is enabled and not limited' do -- cgit v1.2.1