Fix VulnerabilitiesController authorization for new action spec

118e1791 · Mehmet Emin INAC · d800938c · 118e1791
Commit 118e1791 authored Nov 18, 2021 by Mehmet Emin INAC
Show whitespace changes
Inline Side-by-side

Showing with 16 additions and 10 deletions

ee/spec/controllers/projects/security/vulnerabilities_controller_spec.rb ...lers/projects/security/vulnerabilities_controller_spec.rb +16 -10

No files found.
--- a/ee/spec/controllers/projects/security/vulnerabilities_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/vulnerabilities_controller_spec.rb
@@ -18,27 +18,33 @@ RSpec.describe Projects::Security::VulnerabilitiesController do
  describe 'GET #new' do
    let(:request_new_vulnerability_page) { get :new, params: { namespace_id: project.namespace, project_id: project } }

+    before do
+      allow(controller).to receive(:can?).and_call_original
+      allow(controller).to receive(:can?).with(controller.current_user, :create_vulnerability, an_instance_of(Project)).and_return(can_create_vulnerability)
+    end
+
    include_context '"Security & Compliance" permissions' do
      let(:valid_request) { request_new_vulnerability_page }
+      let(:can_create_vulnerability) { true }
    end

+    context 'when user can create vulnerability' do
+      let(:can_create_vulnerability) { true }
+
      it 'renders the add new finding page' do
        request_new_vulnerability_page

        expect(response).to have_gitlab_http_status(:ok)
      end
+    end

    context 'when user can not create vulnerability' do
-      before do
-        guest = create(:user)
-        project.add_guest(guest)
-        sign_in(guest)
-      end
+      let(:can_create_vulnerability) { false }

-      it 'renders a 403' do
+      it 'renders 404 page not found' do
        request_new_vulnerability_page

-        expect(response).to have_gitlab_http_status(:forbidden)
+        expect(response).to have_gitlab_http_status(:not_found)
      end
    end
  end