Commit 118e1791 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Fix VulnerabilitiesController authorization for new action spec

parent d800938c
...@@ -18,27 +18,33 @@ RSpec.describe Projects::Security::VulnerabilitiesController do ...@@ -18,27 +18,33 @@ RSpec.describe Projects::Security::VulnerabilitiesController do
describe 'GET #new' do describe 'GET #new' do
let(:request_new_vulnerability_page) { get :new, params: { namespace_id: project.namespace, project_id: project } } let(:request_new_vulnerability_page) { get :new, params: { namespace_id: project.namespace, project_id: project } }
before do
allow(controller).to receive(:can?).and_call_original
allow(controller).to receive(:can?).with(controller.current_user, :create_vulnerability, an_instance_of(Project)).and_return(can_create_vulnerability)
end
include_context '"Security & Compliance" permissions' do include_context '"Security & Compliance" permissions' do
let(:valid_request) { request_new_vulnerability_page } let(:valid_request) { request_new_vulnerability_page }
let(:can_create_vulnerability) { true }
end end
it 'renders the add new finding page' do context 'when user can create vulnerability' do
request_new_vulnerability_page let(:can_create_vulnerability) { true }
expect(response).to have_gitlab_http_status(:ok) it 'renders the add new finding page' do
request_new_vulnerability_page
expect(response).to have_gitlab_http_status(:ok)
end
end end
context 'when user can not create vulnerability' do context 'when user can not create vulnerability' do
before do let(:can_create_vulnerability) { false }
guest = create(:user)
project.add_guest(guest)
sign_in(guest)
end
it 'renders a 403' do it 'renders 404 page not found' do
request_new_vulnerability_page request_new_vulnerability_page
expect(response).to have_gitlab_http_status(:forbidden) expect(response).to have_gitlab_http_status(:not_found)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment