BigW Consortium Gitlab

groups_spec.rb 5.73 KB
Newer Older
1 2
require 'spec_helper'

3
describe API::API, api: true  do
4 5
  include ApiHelpers

6
  let(:user1) { create(:user, can_create_group: false) }
Izaak Alpert committed
7
  let(:user2) { create(:user) }
8
  let(:user3) { create(:user) }
9
  let(:admin) { create(:admin) }
10 11
  let(:avatar_file_path) { File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') }
  let!(:group1) { create(:group, avatar: File.open(avatar_file_path)) }
12 13 14 15 16 17
  let!(:group2) { create(:group) }

  before do
    group1.add_owner(user1)
    group2.add_owner(user2)
  end
18 19 20 21 22

  describe "GET /groups" do
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/groups")
23
        expect(response.status).to eq(401)
24 25 26 27 28 29
      end
    end

    context "when authenticated as user" do
      it "normal user: should return an array of groups of user1" do
        get api("/groups", user1)
30 31 32 33
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.length).to eq(1)
        expect(json_response.first['name']).to eq(group1.name)
34 35
      end
    end
36

37 38 39
    context "when authenticated as  admin" do
      it "admin: should return an array of all groups" do
        get api("/groups", admin)
40 41 42
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.length).to eq(2)
43 44 45
      end
    end
  end
46

47 48 49 50
  describe "GET /groups/:id" do
    context "when authenticated as user" do
      it "should return one of user1's groups" do
        get api("/groups/#{group1.id}", user1)
51
        expect(response.status).to eq(200)
52 53
        json_response['name'] == group1.name
      end
54

55 56
      it "should not return a non existing group" do
        get api("/groups/1328", user1)
57
        expect(response.status).to eq(404)
58
      end
59

60 61
      it "should not return a group not attached to user1" do
        get api("/groups/#{group2.id}", user1)
62
        expect(response.status).to eq(403)
63 64
      end
    end
65

66 67 68
    context "when authenticated as admin" do
      it "should return any existing group" do
        get api("/groups/#{group2.id}", admin)
69
        expect(response.status).to eq(200)
70 71
        json_response['name'] == group2.name
      end
72

73 74
      it "should not return a non existing group" do
        get api("/groups/1328", admin)
75
        expect(response.status).to eq(404)
76 77
      end
    end
78 79 80 81

    context 'when using group path in URL' do
      it 'should return any existing group' do
        get api("/groups/#{group1.path}", admin)
82
        expect(response.status).to eq(200)
83 84 85 86 87
        json_response['name'] == group2.name
      end

      it 'should not return a non existing group' do
        get api('/groups/unknown', admin)
88
        expect(response.status).to eq(404)
89 90 91 92
      end

      it 'should not return a group not attached to user1' do
        get api("/groups/#{group2.path}", user1)
93
        expect(response.status).to eq(403)
94 95
      end
    end
96
  end
97

98
  describe "POST /groups" do
99
    context "when authenticated as user without group permissions" do
100 101
      it "should not create group" do
        post api("/groups", user1), attributes_for(:group)
102
        expect(response.status).to eq(403)
103 104
      end
    end
105

106
    context "when authenticated as user with group permissions" do
107
      it "should create group" do
108
        post api("/groups", user3), attributes_for(:group)
109
        expect(response.status).to eq(201)
110
      end
111 112

      it "should not create group, duplicate" do
113
        post api("/groups", user3), { name: 'Duplicate Test', path: group2.path }
114 115
        expect(response.status).to eq(400)
        expect(response.message).to eq("Bad Request")
116
      end
117 118

      it "should return 400 bad request error if name not given" do
119
        post api("/groups", user3), { path: group2.path }
120
        expect(response.status).to eq(400)
121 122 123
      end

      it "should return 400 bad request error if path not given" do
124
        post api("/groups", user3), { name: 'test' }
125
        expect(response.status).to eq(400)
126
      end
127 128
    end
  end
Angus MacArthur committed
129

130 131 132 133
  describe "DELETE /groups/:id" do
    context "when authenticated as user" do
      it "should remove group" do
        delete api("/groups/#{group1.id}", user1)
134
        expect(response.status).to eq(200)
135 136 137
      end

      it "should not remove a group if not an owner" do
138
        user4 = create(:user)
139
        group1.add_master(user4)
140
        delete api("/groups/#{group1.id}", user3)
141
        expect(response.status).to eq(403)
142 143 144 145
      end

      it "should not remove a non existing group" do
        delete api("/groups/1328", user1)
146
        expect(response.status).to eq(404)
147 148 149 150
      end

      it "should not remove a group not attached to user1" do
        delete api("/groups/#{group2.id}", user1)
151
        expect(response.status).to eq(403)
152 153 154 155 156 157
      end
    end

    context "when authenticated as admin" do
      it "should remove any existing group" do
        delete api("/groups/#{group2.id}", admin)
158
        expect(response.status).to eq(200)
159 160 161 162
      end

      it "should not remove a non existing group" do
        delete api("/groups/1328", admin)
163
        expect(response.status).to eq(404)
164 165 166 167
      end
    end
  end

Angus MacArthur committed
168 169 170
  describe "POST /groups/:id/projects/:project_id" do
    let(:project) { create(:project) }
    before(:each) do
171 172
      allow_any_instance_of(Projects::TransferService).
        to receive(:execute).and_return(true)
173
      allow(Project).to receive(:find).and_return(project)
Angus MacArthur committed
174 175 176 177 178
    end

    context "when authenticated as user" do
      it "should not transfer project to group" do
        post api("/groups/#{group1.id}/projects/#{project.id}", user2)
179
        expect(response.status).to eq(403)
Angus MacArthur committed
180 181 182 183 184 185
      end
    end

    context "when authenticated as admin" do
      it "should transfer project to group" do
        post api("/groups/#{group1.id}/projects/#{project.id}", admin)
186
        expect(response.status).to eq(201)
Angus MacArthur committed
187 188 189
      end
    end
  end
190
end