BigW Consortium Gitlab

project_members_controller_spec.rb 9.83 KB
Newer Older
1 2 3
require('spec_helper')

describe Projects::ProjectMembersController do
4
  let(:user) { create(:user) }
5
  let(:project) { create(:empty_project, :public, :access_requestable) }
6 7

  describe 'GET index' do
8
    it 'should have the settings/members address with a 302 status code' do
9
      get :index, namespace_id: project.namespace, project_id: project
10

11
      expect(response).to have_http_status(302)
12
      expect(response.location).to include namespace_project_settings_members_path(project.namespace, project)
13 14
    end
  end
15

16
  describe 'POST create' do
17
    let(:project_user) { create(:user) }
18

19
    before { sign_in(user) }
20

21 22
    context 'when user does not have enough rights' do
      before { project.team << [user, :developer] }
23

24 25 26 27 28 29 30 31
      it 'returns 404' do
        post :create, namespace_id: project.namespace,
                      project_id: project,
                      user_ids: project_user.id,
                      access_level: Gitlab::Access::GUEST

        expect(response).to have_http_status(404)
        expect(project.users).not_to include project_user
32
      end
33 34 35 36 37 38 39 40 41 42 43 44 45 46
    end

    context 'when user has enough rights' do
      before { project.team << [user, :master] }

      it 'adds user to members' do
        expect_any_instance_of(Members::CreateService).to receive(:execute).and_return(true)

        post :create, namespace_id: project.namespace,
                      project_id: project,
                      user_ids: project_user.id,
                      access_level: Gitlab::Access::GUEST

        expect(response).to set_flash.to 'Users were successfully added.'
47
        expect(response).to redirect_to(namespace_project_settings_members_path(project.namespace, project))
48 49 50 51 52 53 54 55 56
      end

      it 'adds no user to members' do
        expect_any_instance_of(Members::CreateService).to receive(:execute).and_return(false)

        post :create, namespace_id: project.namespace,
                      project_id: project,
                      user_ids: '',
                      access_level: Gitlab::Access::GUEST
57

58
        expect(response).to set_flash.to 'No users or groups specified.'
59
        expect(response).to redirect_to(namespace_project_settings_members_path(project.namespace, project))
60 61 62 63
      end
    end
  end

64 65 66 67
  describe 'DELETE destroy' do
    let(:member) { create(:project_member, :developer, project: project) }

    before { sign_in(user) }
68 69 70 71 72 73 74

    context 'when member is not found' do
      it 'returns 404' do
        delete :destroy, namespace_id: project.namespace,
                         project_id: project,
                         id: 42

75
        expect(response).to have_http_status(404)
76 77 78 79 80
      end
    end

    context 'when member is found' do
      context 'when user does not have enough rights' do
81
        before { project.team << [user, :developer] }
82 83 84 85 86 87

        it 'returns 404' do
          delete :destroy, namespace_id: project.namespace,
                           project_id: project,
                           id: member

88
          expect(response).to have_http_status(404)
89
          expect(project.members).to include member
90 91 92 93
        end
      end

      context 'when user has enough rights' do
94
        before { project.team << [user, :master] }
95 96 97 98 99 100 101

        it '[HTML] removes user from members' do
          delete :destroy, namespace_id: project.namespace,
                           project_id: project,
                           id: member

          expect(response).to redirect_to(
102
            namespace_project_settings_members_path(project.namespace, project)
103
          )
104
          expect(project.members).not_to include member
105 106 107 108 109 110 111 112
        end

        it '[JS] removes user from members' do
          xhr :delete, :destroy, namespace_id: project.namespace,
                                 project_id: project,
                                 id: member

          expect(response).to be_success
113
          expect(project.members).not_to include member
114 115 116 117 118
        end
      end
    end
  end

119 120
  describe 'DELETE leave' do
    before { sign_in(user) }
121 122

    context 'when member is not found' do
123
      it 'returns 404' do
124 125 126
        delete :leave, namespace_id: project.namespace,
                       project_id: project

127
        expect(response).to have_http_status(404)
128 129 130 131 132
      end
    end

    context 'when member is found' do
      context 'and is not an owner' do
133
        before { project.team << [user, :developer] }
134 135 136 137 138

        it 'removes user from members' do
          delete :leave, namespace_id: project.namespace,
                         project_id: project

139
          expect(response).to set_flash.to "You left the \"#{project.human_name}\" project."
140 141 142 143 144 145
          expect(response).to redirect_to(dashboard_projects_path)
          expect(project.users).not_to include user
        end
      end

      context 'and is an owner' do
146 147 148
        let(:project) { create(:project, namespace: user.namespace) }

        before { project.team << [user, :master] }
149

150
        it 'cannot remove himself from the project' do
151 152 153
          delete :leave, namespace_id: project.namespace,
                         project_id: project

154
          expect(response).to have_http_status(403)
155 156 157 158
        end
      end

      context 'and is a requester' do
159
        before { project.request_access(user) }
160 161 162 163 164

        it 'removes user from members' do
          delete :leave, namespace_id: project.namespace,
                         project_id: project

165
          expect(response).to set_flash.to 'Your access request to the project has been withdrawn.'
166
          expect(response).to redirect_to(namespace_project_path(project.namespace, project))
167
          expect(project.requesters).to be_empty
168 169 170 171 172 173
          expect(project.users).not_to include user
        end
      end
    end
  end

174 175
  describe 'POST request_access' do
    before { sign_in(user) }
176 177 178 179 180 181 182 183 184

    it 'creates a new ProjectMember that is not a team member' do
      post :request_access, namespace_id: project.namespace,
                            project_id: project

      expect(response).to set_flash.to 'Your request for access has been queued for review.'
      expect(response).to redirect_to(
        namespace_project_path(project.namespace, project)
      )
185
      expect(project.requesters.exists?(user_id: user)).to be_truthy
186 187 188 189
      expect(project.users).not_to include user
    end
  end

190 191 192 193
  describe 'POST approve' do
    let(:member) { create(:project_member, :access_request, project: project) }

    before { sign_in(user) }
194 195 196

    context 'when member is not found' do
      it 'returns 404' do
197
        post :approve_access_request, namespace_id: project.namespace,
198 199
                                      project_id: project,
                                      id: 42
200

201
        expect(response).to have_http_status(404)
202 203 204 205 206
      end
    end

    context 'when member is found' do
      context 'when user does not have enough rights' do
207
        before { project.team << [user, :developer] }
208 209

        it 'returns 404' do
210
          post :approve_access_request, namespace_id: project.namespace,
211 212
                                        project_id: project,
                                        id: member
213

214
          expect(response).to have_http_status(404)
215
          expect(project.members).not_to include member
216 217 218 219
        end
      end

      context 'when user has enough rights' do
220
        before { project.team << [user, :master] }
221 222

        it 'adds user to members' do
223
          post :approve_access_request, namespace_id: project.namespace,
224 225
                                        project_id: project,
                                        id: member
226 227 228 229

          expect(response).to redirect_to(
            namespace_project_project_members_path(project.namespace, project)
          )
230
          expect(project.members).to include member
231 232 233 234
        end
      end
    end
  end
235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261

  describe 'POST apply_import' do
    let(:another_project) { create(:project, :private) }
    let(:member) { create(:user) }

    before do
      project.team << [user, :master]
      another_project.team << [member, :guest]
      sign_in(user)
    end

    shared_context 'import applied' do
      before do
        post(:apply_import, namespace_id: project.namespace,
                            project_id: project,
                            source_project_id: another_project.id)
      end
    end

    context 'when user can access source project members' do
      before { another_project.team << [user, :guest] }
      include_context 'import applied'

      it 'imports source project members' do
        expect(project.team_members).to include member
        expect(response).to set_flash.to 'Successfully imported'
        expect(response).to redirect_to(
262
          namespace_project_settings_members_path(project.namespace, project)
263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278
        )
      end
    end

    context 'when user is not member of a source project' do
      include_context 'import applied'

      it 'does not import team members' do
        expect(project.team_members).not_to include member
      end

      it 'responds with not found' do
        expect(response.status).to eq 404
      end
    end
  end
279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314

  describe 'POST create' do
    let(:stranger) { create(:user) }

    context 'when creating owner' do
      before do
        project.team << [user, :master]
        sign_in(user)
      end

      it 'does not create a member' do
        expect do
          post :create, user_ids: stranger.id,
                        namespace_id: project.namespace,
                        access_level: Member::OWNER,
                        project_id: project
        end.to change { project.members.count }.by(0)
      end
    end

    context 'when create master' do
      before do
        project.team << [user, :master]
        sign_in(user)
      end

      it 'creates a member' do
        expect do
          post :create, user_ids: stranger.id,
                        namespace_id: project.namespace,
                        access_level: Member::MASTER,
                        project_id: project
        end.to change { project.members.count }.by(1)
      end
    end
  end
315
end