spec/controllers/projects/boards_controller_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Projects::BoardsController do
  let_it_be(:project) { create(:project) }
  let_it_be(:user)    { create(:user) }

  before_all do
    project.add_maintainer(user)
  end

  before do
    sign_in(user)
  end

  describe 'GET index' do
    it 'creates a new project board when project does not have one' do
      expect { list_boards }.to change(project.boards, :count).by(1)
    end

    it 'renders template' do
      list_boards

      expect(response).to render_template :index
      expect(response.media_type).to eq 'text/html'
    end

    context 'when there are recently visited boards' do
      let_it_be(:boards) { create_list(:board, 3, resource_parent: project) }

      before_all do
        visit_board(boards[2], Time.current + 1.minute)
        visit_board(boards[0], Time.current + 2.minutes)
        visit_board(boards[1], Time.current + 5.minutes)
      end

      it 'redirects to latest visited board' do
        list_boards

        expect(response).to redirect_to(
          namespace_project_board_path(namespace_id: project.namespace, project_id: project, id: boards[1].id)
        )
      end

      def visit_board(board, time)
        create(:board_project_recent_visit, project: project, board: board, user: user, updated_at: time)
      end
    end

    context 'with unauthorized user' do
      before do
        expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
        allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
        allow(Ability).to receive(:allowed?).with(user, :read_issue_board, project).and_return(false)
      end

      it 'returns a not found 404 response' do
        list_boards

        expect(response).to have_gitlab_http_status(:not_found)
        expect(response.media_type).to eq 'text/html'
      end
    end

    context 'when user is signed out' do
      let(:project) { create(:project, :public) }

      it 'renders template' do
        sign_out(user)

        board = create(:board, project: project)
        create(:board_project_recent_visit, project: board.project, board: board, user: user)

        list_boards

        expect(response).to render_template :index
        expect(response.media_type).to eq 'text/html'
      end
    end

    context 'issues are disabled' do
      let(:project) { create(:project, :issues_disabled) }

      it 'returns a not found 404 response' do
        list_boards

        expect(response).to have_gitlab_http_status(:not_found)
      end
    end

    it_behaves_like 'unauthorized when external service denies access' do
      subject { list_boards }
    end

    def list_boards
      get :index, params: {
                    namespace_id: project.namespace,
                    project_id: project
                  }
    end
  end

  describe 'GET show' do
    let_it_be(:board) { create(:board, project: project) }

    context 'when format is HTML' do
      it 'renders template' do
        expect { read_board board: board }.to change(BoardProjectRecentVisit, :count).by(1)

        expect(response).to render_template :show
        expect(response.media_type).to eq 'text/html'
      end

      context 'with unauthorized user' do
        before do
          expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
          allow(Ability).to receive(:allowed?).with(user, :read_issue_board, project).and_return(false)
        end

        it 'returns a not found 404 response' do
          read_board board: board

          expect(response).to have_gitlab_http_status(:not_found)
          expect(response.media_type).to eq 'text/html'
        end
      end

      context 'when user is signed out' do
        let(:public_board) { create(:board, project: create(:project, :public)) }

        it 'does not save visit' do
          sign_out(user)

          expect { read_board board: public_board }.to change(BoardProjectRecentVisit, :count).by(0)

          expect(response).to render_template :show
          expect(response.media_type).to eq 'text/html'
        end
      end
    end

    context 'when board does not belong to project' do
      it 'returns a not found 404 response' do
        another_board = create(:board)

        get :show, params: { namespace_id: project.namespace, project_id: project, id: another_board.to_param }

        expect(response).to have_gitlab_http_status(:not_found)
      end
    end

    def read_board(board:)
      get :show, params: { namespace_id: board.project.namespace, project_id: board.project, id: board.to_param }
    end
  end
end