BigW Consortium Gitlab

groups_spec.rb 7.61 KB
Newer Older
1 2
require 'spec_helper'

3
describe API::API, api: true  do
4 5
  include ApiHelpers

6
  let(:user1) { create(:user, can_create_group: false) }
Izaak Alpert committed
7
  let(:user2) { create(:user) }
8
  let(:user3) { create(:user) }
9
  let(:admin) { create(:admin) }
10 11
  let(:avatar_file_path) { File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') }
  let!(:group1) { create(:group, avatar: File.open(avatar_file_path)) }
12
  let!(:group2) { create(:group) }
13 14
  let!(:project1) { create(:project, namespace: group1) }
  let!(:project2) { create(:project, namespace: group2) }
15 16 17 18 19

  before do
    group1.add_owner(user1)
    group2.add_owner(user2)
  end
20 21 22 23 24

  describe "GET /groups" do
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/groups")
25
        expect(response.status).to eq(401)
26 27 28 29 30 31
      end
    end

    context "when authenticated as user" do
      it "normal user: should return an array of groups of user1" do
        get api("/groups", user1)
32 33 34 35
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.length).to eq(1)
        expect(json_response.first['name']).to eq(group1.name)
36 37
      end
    end
38

39 40 41
    context "when authenticated as  admin" do
      it "admin: should return an array of all groups" do
        get api("/groups", admin)
42 43 44
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.length).to eq(2)
45 46 47
      end
    end
  end
48

49 50 51 52
  describe "GET /groups/:id" do
    context "when authenticated as user" do
      it "should return one of user1's groups" do
        get api("/groups/#{group1.id}", user1)
53
        expect(response.status).to eq(200)
54 55
        json_response['name'] == group1.name
      end
56

57 58
      it "should not return a non existing group" do
        get api("/groups/1328", user1)
59
        expect(response.status).to eq(404)
60
      end
61

62 63
      it "should not return a group not attached to user1" do
        get api("/groups/#{group2.id}", user1)
64
        expect(response.status).to eq(403)
65 66
      end
    end
67

68 69 70
    context "when authenticated as admin" do
      it "should return any existing group" do
        get api("/groups/#{group2.id}", admin)
71
        expect(response.status).to eq(200)
72
        expect(json_response['name']).to eq(group2.name)
73
      end
74

75 76
      it "should not return a non existing group" do
        get api("/groups/1328", admin)
77
        expect(response.status).to eq(404)
78 79
      end
    end
80 81 82 83

    context 'when using group path in URL' do
      it 'should return any existing group' do
        get api("/groups/#{group1.path}", admin)
84
        expect(response.status).to eq(200)
85
        expect(json_response['name']).to eq(group1.name)
86 87 88 89
      end

      it 'should not return a non existing group' do
        get api('/groups/unknown', admin)
90
        expect(response.status).to eq(404)
91 92 93 94
      end

      it 'should not return a group not attached to user1' do
        get api("/groups/#{group2.path}", user1)
95
        expect(response.status).to eq(403)
96 97
      end
    end
98
  end
99

100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152
  describe "GET /groups/:id/projects" do
    context "when authenticated as user" do
      it "should return the group's projects" do
        get api("/groups/#{group1.id}/projects", user1)
        expect(response.status).to eq(200)
        expect(json_response.length).to eq(1)
        expect(json_response.first['name']).to eq(project1.name)
      end

      it "should not return a non existing group" do
        get api("/groups/1328/projects", user1)
        expect(response.status).to eq(404)
      end

      it "should not return a group not attached to user1" do
        get api("/groups/#{group2.id}/projects", user1)
        expect(response.status).to eq(403)
      end
    end

    context "when authenticated as admin" do
      it "should return any existing group" do
        get api("/groups/#{group2.id}/projects", admin)
        expect(response.status).to eq(200)
        expect(json_response.length).to eq(1)
        expect(json_response.first['name']).to eq(project2.name)
      end

      it "should not return a non existing group" do
        get api("/groups/1328/projects", admin)
        expect(response.status).to eq(404)
      end
    end

    context 'when using group path in URL' do
      it 'should return any existing group' do
        get api("/groups/#{group1.path}/projects", admin)
        expect(response.status).to eq(200)
        expect(json_response.first['name']).to eq(project1.name)
      end

      it 'should not return a non existing group' do
        get api('/groups/unknown/projects', admin)
        expect(response.status).to eq(404)
      end

      it 'should not return a group not attached to user1' do
        get api("/groups/#{group2.path}/projects", user1)
        expect(response.status).to eq(403)
      end
    end
  end

153
  describe "POST /groups" do
154
    context "when authenticated as user without group permissions" do
155 156
      it "should not create group" do
        post api("/groups", user1), attributes_for(:group)
157
        expect(response.status).to eq(403)
158 159
      end
    end
160

161
    context "when authenticated as user with group permissions" do
162
      it "should create group" do
163
        post api("/groups", user3), attributes_for(:group)
164
        expect(response.status).to eq(201)
165
      end
166 167

      it "should not create group, duplicate" do
168
        post api("/groups", user3), { name: 'Duplicate Test', path: group2.path }
169 170
        expect(response.status).to eq(400)
        expect(response.message).to eq("Bad Request")
171
      end
172 173

      it "should return 400 bad request error if name not given" do
174
        post api("/groups", user3), { path: group2.path }
175
        expect(response.status).to eq(400)
176 177 178
      end

      it "should return 400 bad request error if path not given" do
179
        post api("/groups", user3), { name: 'test' }
180
        expect(response.status).to eq(400)
181
      end
182 183
    end
  end
Angus MacArthur committed
184

185 186 187 188
  describe "DELETE /groups/:id" do
    context "when authenticated as user" do
      it "should remove group" do
        delete api("/groups/#{group1.id}", user1)
189
        expect(response.status).to eq(200)
190 191 192
      end

      it "should not remove a group if not an owner" do
193
        user4 = create(:user)
194
        group1.add_master(user4)
195
        delete api("/groups/#{group1.id}", user3)
196
        expect(response.status).to eq(403)
197 198 199 200
      end

      it "should not remove a non existing group" do
        delete api("/groups/1328", user1)
201
        expect(response.status).to eq(404)
202 203 204 205
      end

      it "should not remove a group not attached to user1" do
        delete api("/groups/#{group2.id}", user1)
206
        expect(response.status).to eq(403)
207 208 209 210 211 212
      end
    end

    context "when authenticated as admin" do
      it "should remove any existing group" do
        delete api("/groups/#{group2.id}", admin)
213
        expect(response.status).to eq(200)
214 215 216 217
      end

      it "should not remove a non existing group" do
        delete api("/groups/1328", admin)
218
        expect(response.status).to eq(404)
219 220 221 222
      end
    end
  end

Angus MacArthur committed
223 224 225
  describe "POST /groups/:id/projects/:project_id" do
    let(:project) { create(:project) }
    before(:each) do
226 227
      allow_any_instance_of(Projects::TransferService).
        to receive(:execute).and_return(true)
228
      allow(Project).to receive(:find).and_return(project)
Angus MacArthur committed
229 230 231 232 233
    end

    context "when authenticated as user" do
      it "should not transfer project to group" do
        post api("/groups/#{group1.id}/projects/#{project.id}", user2)
234
        expect(response.status).to eq(403)
Angus MacArthur committed
235 236 237 238 239 240
      end
    end

    context "when authenticated as admin" do
      it "should transfer project to group" do
        post api("/groups/#{group1.id}/projects/#{project.id}", admin)
241
        expect(response.status).to eq(201)
Angus MacArthur committed
242 243 244
      end
    end
  end
245
end