diff options
Diffstat (limited to 'spec/requests/api/projects_spec.rb')
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 64 |
1 files changed, 58 insertions, 6 deletions
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 028fe94..ffcf638 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -92,6 +92,12 @@ describe API::API do post api("/projects/non-existant-id/jobs"), options response.status.should == 404 end + + it "non-manager is not authorized" do + User.any_instance.stub(:can_manage_project?).and_return(false) + post api("/projects/#{project.id}/jobs"), options + response.status.should == 401 + end end end @@ -139,6 +145,12 @@ describe API::API do post api("/projects/non-existant-id/deploy_jobs"), options response.status.should == 404 end + + it "non-manager is not authorized" do + User.any_instance.stub(:can_manage_project?).and_return(false) + post api("/projects/#{project.id}/deploy_jobs"), options + response.status.should == 401 + end end end @@ -204,12 +216,9 @@ describe API::API do end it "should delete a project job" do - post api("/projects/#{project.id}/jobs"), options - response.status.should == 201 - json_response["name"].should == job_info[:name] - json_response["commands"].should == job_info[:commands] - job_id = json_response["id"] - delete api("/projects/#{project.id}/jobs/#{job_id}"), options + job = FactoryGirl.create(:job, project: project) + + delete api("/projects/#{project.id}/jobs/#{job.id}"), options response.status.should == 200 end @@ -222,6 +231,15 @@ describe API::API do delete api("/projects/#{project.id}/jobs/non-existant-job-id"), options response.status.should == 404 end + + it "non-manager is not authorized" do + User.any_instance.stub(:can_manage_project?).and_return(false) + job = FactoryGirl.create(:job, project: project) + + delete api("/projects/#{project.id}/jobs/#{job.id}"), options + + response.status.should == 401 + end end describe "POST /projects/:project_id/webhooks" do @@ -245,6 +263,11 @@ describe API::API do response.status.should == 404 end + it "non-manager is not authorized" do + User.any_instance.stub(:can_manage_project?).and_return(false) + post api("/projects/#{project.id}/webhooks"), options + response.status.should == 401 + end end context "Invalid Webhook URL" do @@ -305,6 +328,12 @@ describe API::API do put api("/projects/non-existant-id"), options response.status.should == 404 end + + it "non-manager is not authorized" do + User.any_instance.stub(:can_manage_project?).and_return(false) + put api("/projects/#{project.id}"), options + response.status.should == 401 + end end describe "DELETE /projects/:id" do @@ -316,6 +345,17 @@ describe API::API do expect { project.reload }.to raise_error end + + it "non-manager is not authorized" do + User.any_instance.stub(:can_manage_project?).and_return(false) + delete api("/projects/#{project.id}"), options + response.status.should == 401 + end + + it "is getting not found error" do + delete api("/projects/not-existing_id"), options + response.status.should == 404 + end end describe "POST /projects" do @@ -372,6 +412,12 @@ describe API::API do post api("/projects/non-existing/runners/#{runner.id}"), options response.status.should == 404 end + + it "non-manager is not authorized" do + User.any_instance.stub(:can_manage_project?).and_return(false) + post api("/projects/#{project.id}/runners/#{runner.id}"), options + response.status.should == 401 + end end describe "DELETE /projects/:id/runners/:id" do @@ -390,6 +436,12 @@ describe API::API do project.reload project.runners.should be_empty end + + it "non-manager is not authorized" do + User.any_instance.stub(:can_manage_project?).and_return(false) + post api("/projects/#{project.id}/runners/#{runner.id}"), options + response.status.should == 401 + end end end end |