root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
gitlab-ce/spec/requests/api/user_teams_spec.rb

361 lines
13 KiB
Ruby
Raw Blame History

require 'spec_helper'
describe API::API do
include ApiHelpers
# Create test objects
let(:user1) { create(:user) }
let(:user2) { create(:user) }
let(:admin) { create(:admin) }
let!(:group1) { create(:group, owner: user1) }
let!(:group2) { create(:group, owner: user2) }
let(:user_team1) { create(:user_team, owner: user1) }
let(:user_team2) { create(:user_team, owner: user2) }
let!(:project1) { create(:project, creator_id: admin.id) }
let!(:project2) { create(:project, creator_id: admin.id) }
before {
# Add members to teams
user_team1.add_member(user1, UsersProject::MASTER, false)
user_team2.add_member(user2, UsersProject::MASTER, false)
# Add projects to teams
user_team1.assign_to_projects([project1.id], UsersProject::MASTER)
user_team2.assign_to_projects([project2.id], UsersProject::MASTER)
}
describe "GET /user_teams" do
context "when unauthenticated" do
it "should return authentication error" do
get api("/user_teams")
response.status.should == 401
end
end
context "when authenticated as user" do
it "normal user: should return an array of user_teams of user1" do
get api("/user_teams", user1)
response.status.should == 200
json_response.should be_an Array
json_response.length.should == 1
json_response.first['name'].should == user_team1.name
end
end
context "when authenticated as admin" do
it "admin: should return an array of all user_teams" do
get api("/user_teams", admin)
response.status.should == 200
json_response.should be_an Array
json_response.length.should == 2
end
end
end
describe "GET /user_teams/:id" do
context "when authenticated as user" do
it "should return one of user1's user_teams" do
get api("/user_teams/#{user_team1.id}", user1)
response.status.should == 200
json_response['name'] == user_team1.name
end
it "should not return a non existing team" do
get api("/user_teams/1328", user1)
response.status.should == 404
end
it "should not return a user_team not attached to user1" do
get api("/user_teams/#{user_team2.id}", user1)
response.status.should == 404
end
end
context "when authenticated as admin" do
it "should return any existing user_team" do
get api("/user_teams/#{user_team2.id}", admin)
response.status.should == 200
json_response['name'].should == user_team2.name
end
it "should not return a non existing user_team" do
get api("/user_teams/1328", admin)
response.status.should == 404
end
end
end
describe "POST /user_teams" do
context "when authenticated as user" do
it "should not create user_team" do
count_before=UserTeam.count
post api("/user_teams", user1), attributes_for(:user_team)
response.status.should == 403
UserTeam.count.should == count_before
end
end
context "when authenticated as admin" do
it "should create user_team" do
count_before=UserTeam.count
post api("/user_teams", admin), attributes_for(:user_team)
response.status.should == 201
UserTeam.count.should == count_before + 1
end
it "should not create user_team, duplicate" do
post api("/user_teams", admin), {:name => "Duplicate Test", :path => user_team2.path}
response.status.should == 404
end
it "should return 400 bad request error if name not given" do
post api("/user_teams", admin), {:path => user_team2.path}
response.status.should == 400
end
it "should return 400 bad request error if path not given" do
post api("/user_teams", admin), {:name => 'test'}
response.status.should == 400
end
end
end
# Members
describe "GET /user_teams/:id/members" do
context "when authenticated as user" do
it "should return user1 as member of user1's user_teams" do
get api("/user_teams/#{user_team1.id}/members", user1)
response.status.should == 200
json_response.first['name'].should == user1.name
json_response.first['access_level'].should == UsersProject::MASTER
end
end
context "when authenticated as admin" do
it "should return member of any existing user_team" do
get api("/user_teams/#{user_team2.id}/members", admin)
response.status.should == 200
json_response.first['name'].should == user2.name
json_response.first['access_level'].should == UsersProject::MASTER
end
end
end
describe "POST /user_teams/:id/members" do
context "when authenticated as user" do
it "should not add user2 as member of user_team1" do
post api("/user_teams/#{user_team1.id}/members", user1), user_id: user2.id, access_level: UsersProject::MASTER
response.status.should == 403
end
end
context "when authenticated as admin" do
it "should return ok and add new member" do
count_before=user_team1.user_team_user_relationships.count
post api("/user_teams/#{user_team1.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER
response.status.should == 201
json_response['name'].should == user2.name
json_response['access_level'].should == UsersProject::MASTER
user_team1.user_team_user_relationships.count.should == count_before + 1
end
it "should return ok if member already exists" do
post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER
response.status.should == 409
end
it "should return a 400 error when user id is not given" do
post api("/user_teams/#{user_team2.id}/members", admin), access_level: UsersProject::MASTER
response.status.should == 400
end
it "should return a 400 error when access level is not given" do
post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id
response.status.should == 400
end
it "should return a 422 error when access level is not known" do
post api("/user_teams/#{user_team2.id}/members", admin), user_id: user1.id, access_level: 1234
response.status.should == 422
end
end
end
# Get single member
describe "GET /user_teams/:id/members/:user_id" do
context "when authenticated as member" do
it "should show user1's membership of user_team1" do
get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1)
response.status.should == 200
json_response['name'].should == user1.name
json_response['access_level'].should == UsersProject::MASTER
end
it "should show that user2 is not member of user_team1" do
get api("/user_teams/#{user_team1.id}/members/#{user2.id}", user1)
response.status.should == 404
end
end
context "when authenticated as non-member" do
it "should not show user1's membership of user_team1" do
get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user2)
response.status.should == 404
end
end
context "when authenticated as admin" do
it "should show user1's membership of user_team1" do
get api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin)
response.status.should == 200
json_response['name'].should == user1.name
json_response['access_level'].should == UsersProject::MASTER
end
it "should return a 404 error when user id is not known" do
get api("/user_teams/#{user_team2.id}/members/1328", admin)
response.status.should == 404
end
end
end
describe "DELETE /user_teams/:id/members/:user_id" do
context "when authenticated as user" do
it "should not delete user1's membership of user_team1" do
delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1)
response.status.should == 403
end
end
context "when authenticated as admin" do
it "should delete user1's membership of user_team1" do
count_before=user_team1.user_team_user_relationships.count
delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin)
response.status.should == 200
user_team1.user_team_user_relationships.count.should == count_before - 1
end
it "should return a 404 error when user id is not known" do
delete api("/user_teams/#{user_team2.id}/members/1328", admin)
response.status.should == 404
end
end
end
# Projects
describe "GET /user_teams/:id/projects" do
context "when authenticated as user" do
it "should return project1 as assigned to user_team1 as member user1" do
get api("/user_teams/#{user_team1.id}/projects", user1)
response.status.should == 200
json_response.first['name'].should == project1.name
json_response.length.should == user_team1.user_team_project_relationships.count
end
end
context "when authenticated as admin" do
it "should return project2 as assigned to user_team2 as non-member, but admin" do
get api("/user_teams/#{user_team2.id}/projects", admin)
response.status.should == 200
json_response.first['name'].should == project2.name
json_response.first['greatest_access_level'].should == UsersProject::MASTER
end
end
end
describe "POST /user_teams/:id/projects" do
context "when authenticated as admin" do
it "should return ok and add new project" do
count_before=user_team1.user_team_project_relationships.count
post api("/user_teams/#{user_team1.id}/projects", admin),
project_id: project2.id,
greatest_access_level: UsersProject::MASTER
response.status.should == 201
json_response['name'].should == project2.name
json_response['greatest_access_level'].should == UsersProject::MASTER
user_team1.user_team_project_relationships.count.should == count_before + 1
end
it "should return ok if project already exists" do
post api("/user_teams/#{user_team2.id}/projects", admin),
project_id: project2.id,
greatest_access_level: UsersProject::MASTER
response.status.should == 409
end
it "should return a 400 error when project id is not given" do
post api("/user_teams/#{user_team2.id}/projects", admin), greatest_access_level: UsersProject::MASTER
response.status.should == 400
end
it "should return a 400 error when access level is not given" do
post api("/user_teams/#{user_team2.id}/projects", admin), project_id: project2.id
response.status.should == 400
end
it "should return a 422 error when access level is not known" do
post api("/user_teams/#{user_team2.id}/projects", admin),
project_id: project2.id,
greatest_access_level: 1234
response.status.should == 422
end
end
end
describe "GET /user_teams/:id/projects/:project_id" do
context "when authenticated as member" do
it "should show project1's assignment to user_team1" do
get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user1)
response.status.should == 200
json_response['name'].should == project1.name
json_response['greatest_access_level'].should == UsersProject::MASTER
end
it "should show project2's is not assigned to user_team1" do
get api("/user_teams/#{user_team1.id}/projects/#{project2.id}", user1)
response.status.should == 404
end
end
context "when authenticated as non-member" do
it "should not show project1's assignment to user_team1" do
get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user2)
response.status.should == 404
end
end
context "when authenticated as admin" do
it "should show project1's assignment to user_team1" do
get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin)
response.status.should == 200
json_response['name'].should == project1.name
json_response['greatest_access_level'].should == UsersProject::MASTER
end
it "should return a 404 error when project id is not known" do
get api("/user_teams/#{user_team2.id}/projects/1328", admin)
response.status.should == 404
end
end
end
describe "DELETE /user_teams/:id/projects/:project_id" do
context "when authenticated as user" do
it "should not delete project1's assignment to user_team2" do
delete api("/user_teams/#{user_team2.id}/projects/#{project1.id}", user1)
response.status.should == 403
end
end
context "when authenticated as admin" do
it "should delete project1's assignment to user_team1" do
count_before=user_team1.user_team_project_relationships.count
delete api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin)
response.status.should == 200
user_team1.user_team_project_relationships.count.should == count_before - 1
end
it "should return a 404 error when project id is not known" do
delete api("/user_teams/#{user_team2.id}/projects/1328", admin)
response.status.should == 404
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink