spec/requests/api/v3/boards_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

require 'spec_helper'

describe API::V3::Boards do
  set(:user)        { create(:user) }
  set(:guest)       { create(:user) }
  set(:non_member)  { create(:user) }
  set(:project)    { create(:project, :public, creator_id: user.id, namespace: user.namespace ) }

  set(:dev_label) do
    create(:label, title: 'Development', color: '#FFAABB', project: project)
  end

  set(:test_label) do
    create(:label, title: 'Testing', color: '#FFAACC', project: project)
  end

  set(:dev_list) do
    create(:list, label: dev_label, position: 1)
  end

  set(:test_list) do
    create(:list, label: test_label, position: 2)
  end

  set(:board) do
    create(:board, project: project, lists: [dev_list, test_list])
  end

  before do
    project.add_reporter(user)
    project.add_guest(guest)
  end

  describe "GET /projects/:id/boards" do
    let(:base_url) { "/projects/#{project.id}/boards" }

    context "when unauthenticated" do
      it "returns authentication error" do
        get v3_api(base_url)

        expect(response).to have_gitlab_http_status(401)
      end
    end

    context "when authenticated" do
      it "returns the project issue board" do
        get v3_api(base_url, user)

        expect(response).to have_gitlab_http_status(200)
        expect(json_response).to be_an Array
        expect(json_response.length).to eq(1)
        expect(json_response.first['id']).to eq(board.id)
        expect(json_response.first['lists']).to be_an Array
        expect(json_response.first['lists'].length).to eq(2)
        expect(json_response.first['lists'].last).to have_key('position')
      end
    end
  end

  describe "GET /projects/:id/boards/:board_id/lists" do
    let(:base_url) { "/projects/#{project.id}/boards/#{board.id}/lists" }

    it 'returns issue board lists' do
      get v3_api(base_url, user)

      expect(response).to have_gitlab_http_status(200)
      expect(json_response).to be_an Array
      expect(json_response.length).to eq(2)
      expect(json_response.first['label']['name']).to eq(dev_label.title)
    end

    it 'returns 404 if board not found' do
      get v3_api("/projects/#{project.id}/boards/22343/lists", user)

      expect(response).to have_gitlab_http_status(404)
    end
  end

  describe "DELETE /projects/:id/board/lists/:list_id" do
    let(:base_url) { "/projects/#{project.id}/boards/#{board.id}/lists" }

    it "rejects a non member from deleting a list" do
      delete v3_api("#{base_url}/#{dev_list.id}", non_member)

      expect(response).to have_gitlab_http_status(403)
    end

    it "rejects a user with guest role from deleting a list" do
      delete v3_api("#{base_url}/#{dev_list.id}", guest)

      expect(response).to have_gitlab_http_status(403)
    end

    it "returns 404 error if list id not found" do
      delete v3_api("#{base_url}/44444", user)

      expect(response).to have_gitlab_http_status(404)
    end

    context "when the user is project owner" do
      set(:owner) { create(:user) }

      before do
        project.update(namespace: owner.namespace)
      end

      it "deletes the list if an admin requests it" do
        delete v3_api("#{base_url}/#{dev_list.id}", owner)

        expect(response).to have_gitlab_http_status(200)
      end
    end
  end
end