blob: c19a752b07b542fe2a07fd6f3f1d2b7c83828c29 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# frozen_string_literal: true
require 'spec_helper'
describe GraphqlController do
before do
stub_feature_flags(graphql: true)
end
describe 'POST #execute' do
context 'when user is logged in' do
let(:user) { create(:user) }
before do
sign_in(user)
end
it 'returns 200 when user can access API' do
post :execute
expect(response).to have_gitlab_http_status(200)
end
it 'returns access denied template when user cannot access API' do
# User cannot access API in a couple of cases
# * When user is internal(like ghost users)
# * When user is blocked
expect(Ability).to receive(:allowed?).with(user, :access_api, :global).and_return(false)
post :execute
expect(response.status).to eq(403)
expect(response).to render_template('errors/access_denied')
end
end
context 'when user is not logged in' do
it 'returns 200' do
post :execute
expect(response).to have_gitlab_http_status(200)
end
end
end
end
|