Adding controller spect to ensure permissions are enforced

722a3829 · Darby Frey · 117ee702 · 722a3829 · 722a3829 · 722a3829
Commit 722a3829 authored Mar 02, 2022 by Darby Frey
4 changed files
--- a/app/assets/javascripts/ci_secure_files/components/secure_files_list.vue
+++ b/app/assets/javascripts/ci_secure_files/components/secure_files_list.vue
@@ -21,6 +21,11 @@ export default {
      next: __('Next'),
      prev: __('Prev'),
    },
+    title: __('Secure Files'),
+    overviewMessage: __(
+      'Use Secure Files to store files used by your pipelines such as Android keystores, or Apple provisioning profiles and signing certificates.',
+    ),
+    moreInformation: __('More information'),
  },
  data() {
    return {
@@ -74,16 +79,14 @@ export default {
 <template>
  <div>
-    <h1 data-testid="title" class="gl-font-size-h1 gl-mt-3 gl-mb-0">{{ __('Secure Files') }}</h1>
+    <h1 data-testid="title" class="gl-font-size-h1 gl-mt-3 gl-mb-0">{{ $options.i18n.title }}</h1>
    <p>
      <span data-testid="info-message" class="gl-mr-2">
-        {{
+        {{ $options.i18n.overviewMessage }}
-          __(
+        <gl-link :href="$options.docsLink" target="_blank">{{
-            'Use Secure Files to store files used by your pipelines such as Android keystores, or Apple provisioning profiles and signing certificates.',
+          $options.i18n.moreInformation
-          )
+        }}</gl-link>
-        }}
-        <gl-link :href="$options.docsLink" target="_blank">{{ __('More information') }}</gl-link>
      </span>
    </p>

--- a/app/views/projects/ci/secure_files/show.html.haml
+++ b/app/views/projects/ci/secure_files/show.html.haml
 - @content_class = "limit-container-width"
- page_title s_('Pipelines|Secure Files')
+- page_title s_('Secure Files')
 #js-ci-secure-files{ data: { project_id: @project.id } }
--- a/spec/controllers/projects/ci/secure_files_controller_spec.rb
+++ b/spec/controllers/projects/ci/secure_files_controller_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe Projects::Ci::SecureFilesController do
+  let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:user) { create(:user) }
+  subject(:show_request) { get :show, params: { namespace_id: project.namespace, project_id: project } }
+  before do
+    sign_in(user)
+  end
+  describe 'GET #show' do
+    context 'with enough privileges' do
+      before do
+        project.add_developer(user)
+        show_request
+      end
+      it { expect(response).to have_gitlab_http_status(:ok) }
+      it 'renders show page' do
+        expect(response).to render_template :show
+      end
+    end
+    context 'without enough privileges' do
+      before do
+        project.add_reporter(user)
+        show_request
+      end
+      it 'responds with 404' do
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+  end
+end
--- a/spec/frontend/ci_secure_files/components/secure_files_list_spec.js
+++ b/spec/frontend/ci_secure_files/components/secure_files_list_spec.js
@@ -4,6 +4,7 @@ import { mount } from '@vue/test-utils';
 import axios from '~/lib/utils/axios_utils';
 import SecureFilesList from '~/ci_secure_files/components/secure_files_list.vue';
 import TimeAgoTooltip from '~/vue_shared/components/time_ago_tooltip.vue';
+import waitForPromises from 'helpers/wait_for_promises';
 import { secureFiles } from '../mock_data';
@@ -52,7 +53,7 @@ describe('SecureFilesList', () => {
      mock.onGet(expectedUrl).reply(200, secureFiles);
      createWrapper();
-      await axios.waitForAll();
+      await waitForPromises();
    });
    it('displays a table with expected headers', () => {
@@ -79,7 +80,7 @@ describe('SecureFilesList', () => {
      mock.onGet(expectedUrl).reply(200, []);
      createWrapper();
-      await axios.waitForAll();
+      await waitForPromises();
    });
    it('displays a table with expected headers', () => {
@@ -100,7 +101,7 @@ describe('SecureFilesList', () => {
      mock.onGet(expectedUrl).reply(200, secureFiles, { 'x-total': 30 });
      createWrapper();
-      await axios.waitForAll();
+      await waitForPromises();
      expect(findPagination().exists()).toBe(true);
    });
@@ -110,7 +111,7 @@ describe('SecureFilesList', () => {
      mock.onGet(expectedUrl).reply(200, secureFiles, { 'x-total': 20 });
      createWrapper();
-      await axios.waitForAll();
+      await waitForPromises();
      expect(findPagination().exists()).toBe(false);
    });
@@ -130,7 +131,7 @@ describe('SecureFilesList', () => {
      mock.onGet(expectedUrl).reply(200, secureFiles);
      createWrapper();
-      await axios.waitForAll();
+      await waitForPromises();
      expect(findLoadingIcon().exists()).toBe(false);
    });