Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
232389f4
Commit
232389f4
authored
Aug 25, 2012
by
Robert Speicher
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Clean up request specs
parent
b2a5344a
Changes
6
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
191 additions
and
150 deletions
+191
-150
spec/requests/admin/security_spec.rb
spec/requests/admin/security_spec.rb
+15
-9
spec/requests/api/issues_spec.rb
spec/requests/api/issues_spec.rb
+7
-7
spec/requests/api/projects_spec.rb
spec/requests/api/projects_spec.rb
+16
-19
spec/requests/api/users_spec.rb
spec/requests/api/users_spec.rb
+4
-4
spec/requests/security/profile_access_spec.rb
spec/requests/security/profile_access_spec.rb
+18
-12
spec/requests/security/project_access_spec.rb
spec/requests/security/project_access_spec.rb
+131
-99
No files found.
spec/requests/admin/security_spec.rb
View file @
232389f4
...
...
@@ -2,20 +2,26 @@ require 'spec_helper'
describe
"Admin::Projects"
do
describe
"GET /admin/projects"
do
it
{
admin_projects_path
.
should
be_allowed_for
:admin
}
it
{
admin_projects_path
.
should
be_denied_for
:user
}
it
{
admin_projects_path
.
should
be_denied_for
:visitor
}
subject
{
admin_projects_path
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_denied_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /admin/users"
do
it
{
admin_users_path
.
should
be_allowed_for
:admin
}
it
{
admin_users_path
.
should
be_denied_for
:user
}
it
{
admin_users_path
.
should
be_denied_for
:visitor
}
subject
{
admin_users_path
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_denied_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /admin/hooks"
do
it
{
admin_hooks_path
.
should
be_allowed_for
:admin
}
it
{
admin_hooks_path
.
should
be_denied_for
:user
}
it
{
admin_hooks_path
.
should
be_denied_for
:visitor
}
subject
{
admin_hooks_path
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_denied_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
end
spec/requests/api/issues_spec.rb
View file @
232389f4
...
...
@@ -10,13 +10,13 @@ describe Gitlab::API do
describe
"GET /issues"
do
it
"should return authentication error"
do
get
"
#{
api_prefix
}
/issues"
get
api
(
"/issues"
)
response
.
status
.
should
==
401
end
describe
"authenticated GET /issues"
do
it
"should return an array of issues"
do
get
"
#{
api_prefix
}
/issues?private_token=
#{
user
.
private_token
}
"
get
api
(
"/issues"
,
user
)
response
.
status
.
should
==
200
json_response
.
should
be_an
Array
json_response
.
first
[
'title'
].
should
==
issue
.
title
...
...
@@ -26,7 +26,7 @@ describe Gitlab::API do
describe
"GET /projects/:id/issues"
do
it
"should return project issues"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/issues?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
/issues"
,
user
)
response
.
status
.
should
==
200
json_response
.
should
be_an
Array
json_response
.
first
[
'title'
].
should
==
issue
.
title
...
...
@@ -35,7 +35,7 @@ describe Gitlab::API do
describe
"GET /projects/:id/issues/:issue_id"
do
it
"should return a project issue by id"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/issues/
#{
issue
.
id
}
?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
/issues/
#{
issue
.
id
}
"
,
user
)
response
.
status
.
should
==
200
json_response
[
'title'
].
should
==
issue
.
title
end
...
...
@@ -43,7 +43,7 @@ describe Gitlab::API do
describe
"POST /projects/:id/issues"
do
it
"should create a new project issue"
do
post
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/issues?private_token=
#{
user
.
private_token
}
"
,
post
api
(
"/projects/
#{
project
.
code
}
/issues"
,
user
)
,
title:
'new issue'
,
labels:
'label, label2'
response
.
status
.
should
==
201
json_response
[
'title'
].
should
==
'new issue'
...
...
@@ -54,7 +54,7 @@ describe Gitlab::API do
describe
"PUT /projects/:id/issues/:issue_id"
do
it
"should update a project issue"
do
put
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/issues/
#{
issue
.
id
}
?private_token=
#{
user
.
private_token
}
"
,
put
api
(
"/projects/
#{
project
.
code
}
/issues/
#{
issue
.
id
}
"
,
user
)
,
title:
'updated title'
,
labels:
'label2'
,
closed:
1
response
.
status
.
should
==
200
json_response
[
'title'
].
should
==
'updated title'
...
...
@@ -66,7 +66,7 @@ describe Gitlab::API do
describe
"DELETE /projects/:id/issues/:issue_id"
do
it
"should delete a project issue"
do
expect
{
delete
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/issues/
#{
issue
.
id
}
?private_token=
#{
user
.
private_token
}
"
delete
api
(
"/projects/
#{
project
.
code
}
/issues/
#{
issue
.
id
}
"
,
user
)
}.
to
change
{
Issue
.
count
}.
by
(
-
1
)
end
end
...
...
spec/requests/api/projects_spec.rb
View file @
232389f4
...
...
@@ -10,13 +10,13 @@ describe Gitlab::API do
describe
"GET /projects"
do
it
"should return authentication error"
do
get
"
#{
api_prefix
}
/projects"
get
api
(
"/projects"
)
response
.
status
.
should
==
401
end
describe
"authenticated GET /projects"
do
it
"should return an array of projects"
do
get
"
#{
api_prefix
}
/projects?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects"
,
user
)
response
.
status
.
should
==
200
json_response
.
should
be_an
Array
json_response
.
first
[
'name'
].
should
==
project
.
name
...
...
@@ -27,20 +27,20 @@ describe Gitlab::API do
describe
"GET /projects/:id"
do
it
"should return a project by id"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
id
}
?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
id
}
"
,
user
)
response
.
status
.
should
==
200
json_response
[
'name'
].
should
==
project
.
name
json_response
[
'owner'
][
'email'
].
should
==
user
.
email
end
it
"should return a project by code name"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
"
,
user
)
response
.
status
.
should
==
200
json_response
[
'name'
].
should
==
project
.
name
end
it
"should return a 404 error if not found"
do
get
"
#{
api_prefix
}
/projects/42?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/42"
,
user
)
response
.
status
.
should
==
404
json_response
[
'message'
].
should
==
'404 Not found'
end
...
...
@@ -48,7 +48,7 @@ describe Gitlab::API do
describe
"GET /projects/:id/repository/branches"
do
it
"should return an array of project branches"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/repository/branches?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
/repository/branches"
,
user
)
response
.
status
.
should
==
200
json_response
.
should
be_an
Array
json_response
.
first
[
'name'
].
should
==
project
.
repo
.
heads
.
sort_by
(
&
:name
).
first
.
name
...
...
@@ -57,7 +57,7 @@ describe Gitlab::API do
describe
"GET /projects/:id/repository/branches/:branch"
do
it
"should return the branch information for a single branch"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/repository/branches/new_design?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
/repository/branches/new_design"
,
user
)
response
.
status
.
should
==
200
json_response
[
'name'
].
should
==
'new_design'
...
...
@@ -67,7 +67,7 @@ describe Gitlab::API do
describe
"GET /projects/:id/repository/tags"
do
it
"should return an array of project tags"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/repository/tags?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
/repository/tags"
,
user
)
response
.
status
.
should
==
200
json_response
.
should
be_an
Array
json_response
.
first
[
'name'
].
should
==
project
.
repo
.
tags
.
sort_by
(
&
:name
).
reverse
.
first
.
name
...
...
@@ -76,7 +76,7 @@ describe Gitlab::API do
describe
"GET /projects/:id/snippets/:snippet_id"
do
it
"should return a project snippet"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/snippets/
#{
snippet
.
id
}
?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
/snippets/
#{
snippet
.
id
}
"
,
user
)
response
.
status
.
should
==
200
json_response
[
'title'
].
should
==
snippet
.
title
end
...
...
@@ -84,7 +84,7 @@ describe Gitlab::API do
describe
"POST /projects/:id/snippets"
do
it
"should create a new project snippet"
do
post
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/snippets?private_token=
#{
user
.
private_token
}
"
,
post
api
(
"/projects/
#{
project
.
code
}
/snippets"
,
user
)
,
title:
'api test'
,
file_name:
'sample.rb'
,
code:
'test'
response
.
status
.
should
==
201
json_response
[
'title'
].
should
==
'api test'
...
...
@@ -93,7 +93,7 @@ describe Gitlab::API do
describe
"PUT /projects/:id/snippets"
do
it
"should update an existing project snippet"
do
put
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/snippets/
#{
snippet
.
id
}
?private_token=
#{
user
.
private_token
}
"
,
put
api
(
"/projects/
#{
project
.
code
}
/snippets/
#{
snippet
.
id
}
"
,
user
)
,
code:
'updated code'
response
.
status
.
should
==
200
json_response
[
'title'
].
should
==
'example'
...
...
@@ -104,34 +104,31 @@ describe Gitlab::API do
describe
"DELETE /projects/:id/snippets/:snippet_id"
do
it
"should delete existing project snippet"
do
expect
{
delete
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/snippets/
#{
snippet
.
id
}
?private_token=
#{
user
.
private_token
}
"
delete
api
(
"/projects/
#{
project
.
code
}
/snippets/
#{
snippet
.
id
}
"
,
user
)
}.
to
change
{
Snippet
.
count
}.
by
(
-
1
)
end
end
describe
"GET /projects/:id/snippets/:snippet_id/raw"
do
it
"should get a raw project snippet"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/snippets/
#{
snippet
.
id
}
/raw?private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
/snippets/
#{
snippet
.
id
}
/raw"
,
user
)
response
.
status
.
should
==
200
end
end
describe
"GET /projects/:id/:sha/blob"
do
it
"should get the raw file contents"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/repository/commits/master/blob?filepath=README.md&private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
/repository/commits/master/blob?filepath=README.md"
,
user
)
response
.
status
.
should
==
200
end
it
"should return 404 for invalid branch_name"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/repository/commits/invalid_branch_name/blob?filepath=README.md&private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
/repository/commits/invalid_branch_name/blob?filepath=README.md"
,
user
)
response
.
status
.
should
==
404
end
it
"should return 404 for invalid file"
do
get
"
#{
api_prefix
}
/projects/
#{
project
.
code
}
/repository/commits/master/blob?filepath=README.invalid&private_token=
#{
user
.
private_token
}
"
get
api
(
"/projects/
#{
project
.
code
}
/repository/commits/master/blob?filepath=README.invalid"
,
user
)
response
.
status
.
should
==
404
end
end
...
...
spec/requests/api/users_spec.rb
View file @
232389f4
...
...
@@ -7,13 +7,13 @@ describe Gitlab::API do
describe
"GET /users"
do
it
"should return authentication error"
do
get
"
#{
api_prefix
}
/users"
get
api
(
"/users"
)
response
.
status
.
should
==
401
end
describe
"authenticated GET /users"
do
it
"should return an array of users"
do
get
"
#{
api_prefix
}
/users?private_token=
#{
user
.
private_token
}
"
get
api
(
"/users"
,
user
)
response
.
status
.
should
==
200
json_response
.
should
be_an
Array
json_response
.
first
[
'email'
].
should
==
user
.
email
...
...
@@ -23,7 +23,7 @@ describe Gitlab::API do
describe
"GET /users/:id"
do
it
"should return a user by id"
do
get
"
#{
api_prefix
}
/users/
#{
user
.
id
}
?private_token=
#{
user
.
private_token
}
"
get
api
(
"/users/
#{
user
.
id
}
"
,
user
)
response
.
status
.
should
==
200
json_response
[
'email'
].
should
==
user
.
email
end
...
...
@@ -31,7 +31,7 @@ describe Gitlab::API do
describe
"GET /user"
do
it
"should return current user"
do
get
"
#{
api_prefix
}
/user?private_token=
#{
user
.
private_token
}
"
get
api
(
"/user"
,
user
)
response
.
status
.
should
==
200
json_response
[
'email'
].
should
==
user
.
email
end
...
...
spec/requests/security/profile_access_spec.rb
View file @
232389f4
...
...
@@ -11,24 +11,30 @@ describe "Users Security" do
end
describe
"GET /keys"
do
it
{
keys_path
.
should
be_allowed_for
@u1
}
it
{
keys_path
.
should
be_allowed_for
:admin
}
it
{
keys_path
.
should
be_allowed_for
:user
}
it
{
keys_path
.
should
be_denied_for
:visitor
}
subject
{
keys_path
}
it
{
should
be_allowed_for
@u1
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /profile"
do
it
{
profile_path
.
should
be_allowed_for
@u1
}
it
{
profile_path
.
should
be_allowed_for
:admin
}
it
{
profile_path
.
should
be_allowed_for
:user
}
it
{
profile_path
.
should
be_denied_for
:visitor
}
subject
{
profile_path
}
it
{
should
be_allowed_for
@u1
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
describe
"GET /profile/password"
do
it
{
profile_password_path
.
should
be_allowed_for
@u1
}
it
{
profile_password_path
.
should
be_allowed_for
:admin
}
it
{
profile_password_path
.
should
be_allowed_for
:user
}
it
{
profile_password_path
.
should
be_denied_for
:visitor
}
subject
{
profile_password_path
}
it
{
should
be_allowed_for
@u1
}
it
{
should
be_allowed_for
:admin
}
it
{
should
be_allowed_for
:user
}
it
{
should
be_denied_for
:visitor
}
end
end
end
spec/requests/security/project_access_spec.rb
View file @
232389f4
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment