BigW Consortium Gitlab

groups_spec.rb 10.5 KB
Newer Older
1 2
require 'spec_helper'

3
describe API::API, api: true  do
4 5
  include ApiHelpers

6
  let(:user1) { create(:user, can_create_group: false) }
Izaak Alpert committed
7
  let(:user2) { create(:user) }
8
  let(:user3) { create(:user) }
9
  let(:admin) { create(:admin) }
10 11
  let(:avatar_file_path) { File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') }
  let!(:group1) { create(:group, avatar: File.open(avatar_file_path)) }
Douwe Maan committed
12
  let!(:group2) { create(:group, :private) }
13 14
  let!(:project1) { create(:project, namespace: group1) }
  let!(:project2) { create(:project, namespace: group2) }
15
  let!(:project3) { create(:project, namespace: group1, path: 'test', visibility_level: Gitlab::VisibilityLevel::PRIVATE) }
16 17 18 19 20

  before do
    group1.add_owner(user1)
    group2.add_owner(user2)
  end
21 22 23

  describe "GET /groups" do
    context "when unauthenticated" do
24
      it "returns authentication error" do
25
        get api("/groups")
26
        expect(response).to have_http_status(401)
27 28 29 30
      end
    end

    context "when authenticated as user" do
31
      it "normal user: returns an array of groups of user1" do
32
        get api("/groups", user1)
33
        expect(response).to have_http_status(200)
34 35 36
        expect(json_response).to be_an Array
        expect(json_response.length).to eq(1)
        expect(json_response.first['name']).to eq(group1.name)
37 38
      end
    end
39

40
    context "when authenticated as  admin" do
41
      it "admin: returns an array of all groups" do
42
        get api("/groups", admin)
43
        expect(response).to have_http_status(200)
44 45
        expect(json_response).to be_an Array
        expect(json_response.length).to eq(2)
46 47 48
      end
    end
  end
49

50 51
  describe "GET /groups/:id" do
    context "when authenticated as user" do
52 53 54 55
      it "returns one of user1's groups" do
        project = create(:project, namespace: group2, path: 'Foo')
        create(:project_group_link, project: project, group: group1)

56
        get api("/groups/#{group1.id}", user1)
57

58
        expect(response).to have_http_status(200)
59 60 61 62 63 64 65 66 67 68 69 70
        expect(json_response['id']).to eq(group1.id)
        expect(json_response['name']).to eq(group1.name)
        expect(json_response['path']).to eq(group1.path)
        expect(json_response['description']).to eq(group1.description)
        expect(json_response['visibility_level']).to eq(group1.visibility_level)
        expect(json_response['avatar_url']).to eq(group1.avatar_url)
        expect(json_response['web_url']).to eq(group1.web_url)
        expect(json_response['projects']).to be_an Array
        expect(json_response['projects'].length).to eq(2)
        expect(json_response['shared_projects']).to be_an Array
        expect(json_response['shared_projects'].length).to eq(1)
        expect(json_response['shared_projects'][0]['id']).to eq(project.id)
71
      end
72

73
      it "does not return a non existing group" do
74
        get api("/groups/1328", user1)
75
        expect(response).to have_http_status(404)
76
      end
77

78
      it "does not return a group not attached to user1" do
79
        get api("/groups/#{group2.id}", user1)
80

81
        expect(response).to have_http_status(404)
82 83
      end
    end
84

85
    context "when authenticated as admin" do
86
      it "returns any existing group" do
87
        get api("/groups/#{group2.id}", admin)
88
        expect(response).to have_http_status(200)
89
        expect(json_response['name']).to eq(group2.name)
90
      end
91

92
      it "does not return a non existing group" do
93
        get api("/groups/1328", admin)
94
        expect(response).to have_http_status(404)
95 96
      end
    end
97 98

    context 'when using group path in URL' do
99
      it 'returns any existing group' do
100
        get api("/groups/#{group1.path}", admin)
101
        expect(response).to have_http_status(200)
102
        expect(json_response['name']).to eq(group1.name)
103 104
      end

105
      it 'does not return a non existing group' do
106
        get api('/groups/unknown', admin)
107
        expect(response).to have_http_status(404)
108 109
      end

110
      it 'does not return a group not attached to user1' do
111
        get api("/groups/#{group2.path}", user1)
112

113
        expect(response).to have_http_status(404)
114 115
      end
    end
116
  end
117

118 119 120
  describe 'PUT /groups/:id' do
    let(:new_group_name) { 'New Group'}

121
    context 'when authenticated as the group owner' do
122 123 124
      it 'updates the group' do
        put api("/groups/#{group1.id}", user1), name: new_group_name

125
        expect(response).to have_http_status(200)
126 127 128 129 130 131
        expect(json_response['name']).to eq(new_group_name)
      end

      it 'returns 404 for a non existing group' do
        put api('/groups/1328', user1)

132
        expect(response).to have_http_status(404)
133 134 135
      end
    end

136
    context 'when authenticated as the admin' do
137 138 139
      it 'updates the group' do
        put api("/groups/#{group1.id}", admin), name: new_group_name

140
        expect(response).to have_http_status(200)
141 142 143 144
        expect(json_response['name']).to eq(new_group_name)
      end
    end

145 146
    context 'when authenticated as an user that can see the group' do
      it 'does not updates the group' do
147 148
        put api("/groups/#{group1.id}", user2), name: new_group_name

149
        expect(response).to have_http_status(403)
150 151
      end
    end
152 153

    context 'when authenticated as an user that cannot see the group' do
154
      it 'returns 404 when trying to update the group' do
155 156
        put api("/groups/#{group2.id}", user1), name: new_group_name

157
        expect(response).to have_http_status(404)
158 159
      end
    end
160 161
  end

162 163
  describe "GET /groups/:id/projects" do
    context "when authenticated as user" do
164
      it "returns the group's projects" do
165
        get api("/groups/#{group1.id}/projects", user1)
166

167
        expect(response).to have_http_status(200)
168 169 170
        expect(json_response.length).to eq(2)
        project_names = json_response.map { |proj| proj['name' ] }
        expect(project_names).to match_array([project1.name, project3.name])
171 172
      end

173
      it "does not return a non existing group" do
174
        get api("/groups/1328/projects", user1)
175
        expect(response).to have_http_status(404)
176 177
      end

178
      it "does not return a group not attached to user1" do
179
        get api("/groups/#{group2.id}/projects", user1)
180

181
        expect(response).to have_http_status(404)
182
      end
183 184 185 186 187 188

      it "should only return projects to which user has access" do
        project3.team << [user3, :developer]

        get api("/groups/#{group1.id}/projects", user3)

189
        expect(response).to have_http_status(200)
190 191 192
        expect(json_response.length).to eq(1)
        expect(json_response.first['name']).to eq(project3.name)
      end
193 194 195 196 197
    end

    context "when authenticated as admin" do
      it "should return any existing group" do
        get api("/groups/#{group2.id}/projects", admin)
198
        expect(response).to have_http_status(200)
199 200 201 202 203 204
        expect(json_response.length).to eq(1)
        expect(json_response.first['name']).to eq(project2.name)
      end

      it "should not return a non existing group" do
        get api("/groups/1328/projects", admin)
205
        expect(response).to have_http_status(404)
206 207 208 209 210 211
      end
    end

    context 'when using group path in URL' do
      it 'should return any existing group' do
        get api("/groups/#{group1.path}/projects", admin)
212

213
        expect(response).to have_http_status(200)
214 215
        project_names = json_response.map { |proj| proj['name' ] }
        expect(project_names).to match_array([project1.name, project3.name])
216 217
      end

218
      it 'does not return a non existing group' do
219
        get api('/groups/unknown/projects', admin)
220
        expect(response).to have_http_status(404)
221 222
      end

223
      it 'does not return a group not attached to user1' do
224
        get api("/groups/#{group2.path}/projects", user1)
225

226
        expect(response).to have_http_status(404)
227 228 229 230
      end
    end
  end

231
  describe "POST /groups" do
232
    context "when authenticated as user without group permissions" do
233
      it "does not create group" do
234
        post api("/groups", user1), attributes_for(:group)
235
        expect(response).to have_http_status(403)
236 237
      end
    end
238

239
    context "when authenticated as user with group permissions" do
240
      it "creates group" do
241
        post api("/groups", user3), attributes_for(:group)
242
        expect(response).to have_http_status(201)
243
      end
244

245
      it "does not create group, duplicate" do
246
        post api("/groups", user3), { name: 'Duplicate Test', path: group2.path }
247
        expect(response).to have_http_status(400)
248
        expect(response.message).to eq("Bad Request")
249
      end
250

251
      it "returns 400 bad request error if name not given" do
252
        post api("/groups", user3), { path: group2.path }
253
        expect(response).to have_http_status(400)
254 255
      end

256
      it "returns 400 bad request error if path not given" do
257
        post api("/groups", user3), { name: 'test' }
258
        expect(response).to have_http_status(400)
259
      end
260 261
    end
  end
Angus MacArthur committed
262

263 264
  describe "DELETE /groups/:id" do
    context "when authenticated as user" do
265
      it "removes group" do
266
        delete api("/groups/#{group1.id}", user1)
267
        expect(response).to have_http_status(200)
268 269
      end

270
      it "does not remove a group if not an owner" do
271
        user4 = create(:user)
272
        group1.add_master(user4)
273
        delete api("/groups/#{group1.id}", user3)
274
        expect(response).to have_http_status(403)
275 276
      end

277
      it "does not remove a non existing group" do
278
        delete api("/groups/1328", user1)
279
        expect(response).to have_http_status(404)
280 281
      end

282
      it "does not remove a group not attached to user1" do
283
        delete api("/groups/#{group2.id}", user1)
284

285
        expect(response).to have_http_status(404)
286 287 288 289
      end
    end

    context "when authenticated as admin" do
290
      it "removes any existing group" do
291
        delete api("/groups/#{group2.id}", admin)
292
        expect(response).to have_http_status(200)
293 294
      end

295
      it "does not remove a non existing group" do
296
        delete api("/groups/1328", admin)
297
        expect(response).to have_http_status(404)
298 299 300 301
      end
    end
  end

Angus MacArthur committed
302 303 304
  describe "POST /groups/:id/projects/:project_id" do
    let(:project) { create(:project) }
    before(:each) do
305 306
      allow_any_instance_of(Projects::TransferService).
        to receive(:execute).and_return(true)
307
      allow(Project).to receive(:find).and_return(project)
Angus MacArthur committed
308 309 310
    end

    context "when authenticated as user" do
311
      it "does not transfer project to group" do
Angus MacArthur committed
312
        post api("/groups/#{group1.id}/projects/#{project.id}", user2)
313
        expect(response).to have_http_status(403)
Angus MacArthur committed
314 315 316 317
      end
    end

    context "when authenticated as admin" do
318
      it "transfers project to group" do
Angus MacArthur committed
319
        post api("/groups/#{group1.id}/projects/#{project.id}", admin)
320
        expect(response).to have_http_status(201)
Angus MacArthur committed
321 322 323
      end
    end
  end
324
end