Test that users without permissions don't see project runners

2771c42e · Pedro Pombeiro · cb110c33 · 2771c42e
Commit 2771c42e authored Jan 20, 2022 by Pedro Pombeiro
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

spec/requests/api/graphql/ci/runner_spec.rb spec/requests/api/graphql/ci/runner_spec.rb +8 -0

No files found.
--- a/spec/requests/api/graphql/ci/runner_spec.rb
+++ b/spec/requests/api/graphql/ci/runner_spec.rb
@@ -25,6 +25,8 @@ RSpec.describe 'Query.runner(id)' do
           access_level: 0, tag_list: %w[tag1 tag2], run_untagged: true, executor_type: :shell)
  end

+  let_it_be(:active_project_runner) { create(:ci_runner, :project) }
+
  def get_runner(id)
    case id
    when :active_instance_runner
@@ -33,6 +35,8 @@ RSpec.describe 'Query.runner(id)' do
      inactive_instance_runner
    when :active_group_runner
      active_group_runner
+    when :active_project_runner
+      active_project_runner
    end
  end

@@ -381,6 +385,10 @@ RSpec.describe 'Query.runner(id)' do
    context 'on group runner' do
      it_behaves_like 'retrieval by unauthorized user', :active_group_runner
    end
+
+    context 'on project runner' do
+      it_behaves_like 'retrieval by unauthorized user', :active_project_runner
+    end
  end

  describe 'by non-admin user' do