Commit ca40479c authored by Robert Schilling's avatar Robert Schilling

API: Avoid group leak while updating the group

parent b2f48d8c
...@@ -135,10 +135,10 @@ describe API::API, api: true do ...@@ -135,10 +135,10 @@ describe API::API, api: true do
end end
context 'when authenticated as an user that cannot see the group' do context 'when authenticated as an user that cannot see the group' do
it 'returns 403 when trying to update the group' do it 'returns 404 when trying to update the group' do
put api("/groups/#{group2.id}", user1), name: new_group_name put api("/groups/#{group2.id}", user1), name: new_group_name
expect(response.status).to eq(403) expect(response.status).to eq(404)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment