Commit 306cdcc7 authored by Krasimir Angelov's avatar Krasimir Angelov

Update policy for seat_usage_controller#show to match API

Update policy check from `authorize_admin_group` to
`authorize_admin_group_member`, in order to match API -
https://gitlab.com/gitlab-org/gitlab/-/blob/cb26a88c1852289bb19b11a8231610e0c2c72a49/ee/lib/ee/api/members.rb#L69.

https://gitlab.com/gitlab-org/gitlab/-/issues/262877
parent 32d81c90
# frozen_string_literal: true
class Groups::SeatUsageController < Groups::ApplicationController
before_action :authorize_admin_group!
before_action :authorize_admin_group_member!
before_action :verify_namespace_plan_check_enabled
layout "group_settings"
......
......@@ -36,10 +36,10 @@ RSpec.describe Groups::SeatUsageController do
group.add_developer(user)
end
it 'renders 404 when user is not an owner' do
it 'renders 403 when user is not an owner' do
get_show
is_expected.to have_gitlab_http_status(:not_found)
is_expected.to have_gitlab_http_status(:forbidden)
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment