variables_spec.rb 6.21 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
require 'spec_helper'

describe API::API, api: true do
  include ApiHelpers

  let(:user) { create(:user) }
  let(:user2) { create(:user) }
  let!(:project) { create(:project, creator_id: user.id) }
  let!(:master) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) }
  let!(:developer) { create(:project_member, user: user2, project: project, access_level: ProjectMember::DEVELOPER) }
  let!(:variable) { create(:ci_variable, project: project) }

  describe 'GET /projects/:id/variables' do
    context 'authorized user with proper permissions' do
      it 'should return project variables' do
        get api("/projects/#{project.id}/variables", user)

        expect(response.status).to eq(200)
        expect(json_response).to be_a(Array)
      end
    end

    context 'authorized user with invalid permissions' do
      it 'should not return project variables' do
        get api("/projects/#{project.id}/variables", user2)

        expect(response.status).to eq(403)
      end
    end

    context 'unauthorized user' do
      it 'should not return project variables' do
        get api("/projects/#{project.id}/variables")

        expect(response.status).to eq(401)
      end
    end
  end

  describe 'GET /projects/:id/variables/:variable_id' do
    context 'authorized user with proper permissions' do
      it 'should return project variable details when ID is used as :variable_id' do
43
        get api("/projects/#{project.id}/variables/#{variable.id}", user)
44 45

        expect(response.status).to eq(200)
46 47
        expect(json_response['key']).to eq(variable.key)
        expect(json_response['value']).to eq(variable.value)
48 49 50
      end

      it 'should return project variable details when `key` is used as :variable_id' do
51
        get api("/projects/#{project.id}/variables/#{variable.key}", user)
52 53

        expect(response.status).to eq(200)
54 55
        expect(json_response['id']).to eq(variable.id)
        expect(json_response['value']).to eq(variable.value)
56
      end
57 58 59 60 61 62

      it 'should responde with 404 Not Found if requesting non-existing variable' do
        get api("/projects/#{project.id}/variables/9999", user)

        expect(response.status).to eq(404)
      end
63 64 65 66
    end

    context 'authorized user with invalid permissions' do
      it 'should not return project variable details' do
67
        get api("/projects/#{project.id}/variables/#{variable.id}", user2)
68 69 70 71 72 73 74

        expect(response.status).to eq(403)
      end
    end

    context 'unauthorized user' do
      it 'should not return project variable details' do
75 76 77 78 79 80 81
        get api("/projects/#{project.id}/variables/#{variable.id}")

        expect(response.status).to eq(401)
      end
    end
  end

82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119
  describe 'POST /projects/:id/variables' do
    context 'authorized user with proper permissions' do
      it 'should create variable' do
        expect do
          post api("/projects/#{project.id}/variables", user), key: 'TEST_VARIABLE_2', value: 'VALUE_2'
        end.to change{project.variables.count}.by(1)

        expect(response.status).to eq(201)
        expect(json_response['key']).to eq('TEST_VARIABLE_2')
        expect(json_response['value']).to eq('VALUE_2')
      end

      it 'should not allow to duplicate variable key' do
        expect do
          post api("/projects/#{project.id}/variables", user), key: 'TEST_VARIABLE_1', value: 'VALUE_2'
        end.to change{project.variables.count}.by(0)

        expect(response.status).to eq(400)
      end
    end

    context 'authorized user with invalid permissions' do
      it 'should not create variable' do
        post api("/projects/#{project.id}/variables", user2)

        expect(response.status).to eq(403)
      end
    end

    context 'unauthorized user' do
      it 'should not create variable' do
        post api("/projects/#{project.id}/variables")

        expect(response.status).to eq(401)
      end
    end
  end

120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136
  describe 'PUT /projects/:id/variables/:variable_id' do
    context 'authorized user with proper permissions' do
      it 'should update variable data' do
        initial_variable = project.variables.first
        key_before = initial_variable.key
        value_before = initial_variable.value

        put api("/projects/#{project.id}/variables/#{variable.id}", user), key: 'TEST_VARIABLE_1_UP', value: 'VALUE_1_UP'

        updated_variable = project.variables.first

        expect(response.status).to eq(200)
        expect(key_before).to eq(variable.key)
        expect(value_before).to eq(variable.value)
        expect(updated_variable.key).to eq('TEST_VARIABLE_1_UP')
        expect(updated_variable.value).to eq('VALUE_1_UP')
      end
137 138 139 140 141 142

      it 'should responde with 404 Not Found if requesting non-existing variable' do
        put api("/projects/#{project.id}/variables/9999", user)

        expect(response.status).to eq(404)
      end
143 144 145 146 147 148 149 150 151 152 153
    end

    context 'authorized user with invalid permissions' do
      it 'should not update variable' do
        put api("/projects/#{project.id}/variables/#{variable.id}", user2)

        expect(response.status).to eq(403)
      end
    end

    context 'unauthorized user' do
154
      it 'should not update variable' do
155
        put api("/projects/#{project.id}/variables/#{variable.id}")
156 157 158 159 160

        expect(response.status).to eq(401)
      end
    end
  end
161 162 163 164 165 166 167 168 169

  describe 'DELETE /projects/:id/variables/:variable_id' do
    context 'authorized user with proper permissions' do
      it 'should delete variable' do
        expect do
          delete api("/projects/#{project.id}/variables/#{variable.id}", user)
        end.to change{project.variables.count}.by(-1)
        expect(response.status).to eq(200)
      end
170 171 172 173 174 175

      it 'should responde with 404 Not Found if requesting non-existing variable' do
        delete api("/projects/#{project.id}/variables/9999", user)

        expect(response.status).to eq(404)
      end
176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193
    end

    context 'authorized user with invalid permissions' do
      it 'should not delete variable' do
        delete api("/projects/#{project.id}/variables/#{variable.id}", user2)

        expect(response.status).to eq(403)
      end
    end

    context 'unauthorized user' do
      it 'should not delete variable' do
        delete api("/projects/#{project.id}/variables/#{variable.id}")

        expect(response.status).to eq(401)
      end
    end
  end
194
end