groups_spec.rb 5.63 KB
Newer Older
1 2
require 'spec_helper'

Jeroen van Baarsen's avatar
Jeroen van Baarsen committed
3
describe API::API, api: true  do
4 5
  include ApiHelpers

6
  let(:user1) { create(:user, can_create_group: false) }
Izaak Alpert's avatar
Izaak Alpert committed
7
  let(:user2) { create(:user) }
8
  let(:user3) { create(:user) }
9
  let(:admin) { create(:admin) }
10 11 12 13 14 15 16
  let!(:group1) { create(:group) }
  let!(:group2) { create(:group) }

  before do
    group1.add_owner(user1)
    group2.add_owner(user2)
  end
17 18 19 20 21

  describe "GET /groups" do
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/groups")
22
        expect(response.status).to eq(401)
23 24 25 26 27 28
      end
    end

    context "when authenticated as user" do
      it "normal user: should return an array of groups of user1" do
        get api("/groups", user1)
29 30 31 32
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.length).to eq(1)
        expect(json_response.first['name']).to eq(group1.name)
33 34
      end
    end
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
35

36 37 38
    context "when authenticated as  admin" do
      it "admin: should return an array of all groups" do
        get api("/groups", admin)
39 40 41
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.length).to eq(2)
42 43 44
      end
    end
  end
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
45

46 47 48 49
  describe "GET /groups/:id" do
    context "when authenticated as user" do
      it "should return one of user1's groups" do
        get api("/groups/#{group1.id}", user1)
50
        expect(response.status).to eq(200)
51 52
        json_response['name'] == group1.name
      end
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
53

54 55
      it "should not return a non existing group" do
        get api("/groups/1328", user1)
56
        expect(response.status).to eq(404)
57
      end
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
58

59 60
      it "should not return a group not attached to user1" do
        get api("/groups/#{group2.id}", user1)
61
        expect(response.status).to eq(403)
62 63
      end
    end
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
64

65 66 67
    context "when authenticated as admin" do
      it "should return any existing group" do
        get api("/groups/#{group2.id}", admin)
68
        expect(response.status).to eq(200)
69 70
        json_response['name'] == group2.name
      end
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
71

72 73
      it "should not return a non existing group" do
        get api("/groups/1328", admin)
74
        expect(response.status).to eq(404)
75 76
      end
    end
77 78 79 80

    context 'when using group path in URL' do
      it 'should return any existing group' do
        get api("/groups/#{group1.path}", admin)
81
        expect(response.status).to eq(200)
82 83 84 85 86
        json_response['name'] == group2.name
      end

      it 'should not return a non existing group' do
        get api('/groups/unknown', admin)
87
        expect(response.status).to eq(404)
88 89 90 91
      end

      it 'should not return a group not attached to user1' do
        get api("/groups/#{group2.path}", user1)
92
        expect(response.status).to eq(403)
93 94
      end
    end
95
  end
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
96

97
  describe "POST /groups" do
98
    context "when authenticated as user without group permissions" do
99 100
      it "should not create group" do
        post api("/groups", user1), attributes_for(:group)
101
        expect(response.status).to eq(403)
102 103
      end
    end
Andrey Kumanyaev's avatar
Andrey Kumanyaev committed
104

105
    context "when authenticated as user with group permissions" do
106
      it "should create group" do
107
        post api("/groups", user3), attributes_for(:group)
108
        expect(response.status).to eq(201)
109
      end
110 111

      it "should not create group, duplicate" do
112
        post api("/groups", user3), { name: 'Duplicate Test', path: group2.path }
113 114
        expect(response.status).to eq(400)
        expect(response.message).to eq("Bad Request")
115
      end
116 117

      it "should return 400 bad request error if name not given" do
118
        post api("/groups", user3), { path: group2.path }
119
        expect(response.status).to eq(400)
120 121 122
      end

      it "should return 400 bad request error if path not given" do
123
        post api("/groups", user3), { name: 'test' }
124
        expect(response.status).to eq(400)
125
      end
126 127
    end
  end
Angus MacArthur's avatar
Angus MacArthur committed
128

Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
129 130 131 132
  describe "DELETE /groups/:id" do
    context "when authenticated as user" do
      it "should remove group" do
        delete api("/groups/#{group1.id}", user1)
133
        expect(response.status).to eq(200)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
134 135 136
      end

      it "should not remove a group if not an owner" do
137 138
        user4 = create(:user)
        group1.add_user(user4, Gitlab::Access::MASTER)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
139
        delete api("/groups/#{group1.id}", user3)
140
        expect(response.status).to eq(403)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
141 142 143 144
      end

      it "should not remove a non existing group" do
        delete api("/groups/1328", user1)
145
        expect(response.status).to eq(404)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
146 147 148 149
      end

      it "should not remove a group not attached to user1" do
        delete api("/groups/#{group2.id}", user1)
150
        expect(response.status).to eq(403)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
151 152 153 154 155 156
      end
    end

    context "when authenticated as admin" do
      it "should remove any existing group" do
        delete api("/groups/#{group2.id}", admin)
157
        expect(response.status).to eq(200)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
158 159 160 161
      end

      it "should not remove a non existing group" do
        delete api("/groups/1328", admin)
162
        expect(response.status).to eq(404)
Dmitriy Zaporozhets's avatar
Dmitriy Zaporozhets committed
163 164 165 166
      end
    end
  end

Angus MacArthur's avatar
Angus MacArthur committed
167 168 169
  describe "POST /groups/:id/projects/:project_id" do
    let(:project) { create(:project) }
    before(:each) do
170 171
      allow_any_instance_of(Projects::TransferService).
        to receive(:execute).and_return(true)
172
      allow(Project).to receive(:find).and_return(project)
Angus MacArthur's avatar
Angus MacArthur committed
173 174 175 176 177
    end

    context "when authenticated as user" do
      it "should not transfer project to group" do
        post api("/groups/#{group1.id}/projects/#{project.id}", user2)
178
        expect(response.status).to eq(403)
Angus MacArthur's avatar
Angus MacArthur committed
179 180 181 182 183 184
      end
    end

    context "when authenticated as admin" do
      it "should transfer project to group" do
        post api("/groups/#{group1.id}/projects/#{project.id}", admin)
185
        expect(response.status).to eq(201)
Angus MacArthur's avatar
Angus MacArthur committed
186 187 188
      end
    end
  end
189
end