Commit 752d127c authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Remove duplicated test cases for vulnerability exports API

parent ecfc5247
...@@ -12,70 +12,10 @@ RSpec.describe API::VulnerabilityExports do ...@@ -12,70 +12,10 @@ RSpec.describe API::VulnerabilityExports do
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :with_vulnerability) } let_it_be(:project) { create(:project, :with_vulnerability) }
describe 'POST /security/projects/:id/vulnerability_exports' do shared_examples 'creating export for exportable' do
let(:format) { 'csv' }
let(:request_path) { "/security/projects/#{project.id}/vulnerability_exports" }
subject(:create_vulnerability_export) { post api(request_path, user), params: { export_format: format } }
context 'with an authorized user with proper permissions' do
before do
project.add_developer(user)
end
context 'when format is csv' do
it 'returns information about new vulnerability export' do
create_vulnerability_export
expect(response).to have_gitlab_http_status(:created)
expect(response).to match_response_schema('public_api/v4/vulnerability_export', dir: 'ee')
end
it 'schedules job for export' do
expect(::VulnerabilityExports::ExportWorker).to receive(:perform_async).with(anything)
create_vulnerability_export
end
end
context 'when format is invalid' do
let(:format) { 'invalid' }
it 'returns error message' do
create_vulnerability_export
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response).to eq('error' => 'export_format does not have a valid value')
end
it 'does not schedule a job for export' do
expect(::VulnerabilityExports::ExportWorker).not_to receive(:perform_async)
create_vulnerability_export
end
end
it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
end
describe 'permissions' do
it { expect { create_vulnerability_export }.to be_allowed_for(:admin) }
it { expect { create_vulnerability_export }.to be_allowed_for(:owner).of(project) }
it { expect { create_vulnerability_export }.to be_allowed_for(:maintainer).of(project) }
it { expect { create_vulnerability_export }.to be_allowed_for(:developer).of(project) }
it { expect { create_vulnerability_export }.to be_allowed_for(:auditor) }
it { expect { create_vulnerability_export }.to be_denied_for(:reporter).of(project) }
it { expect { create_vulnerability_export }.to be_denied_for(:guest).of(project) }
it { expect { create_vulnerability_export }.to be_denied_for(:anonymous) }
end
end
describe 'POST /security/groups/:id/vulnerability_exports' do
let_it_be(:group) { create(:group) }
let(:format) { 'csv' } let(:format) { 'csv' }
let(:request_path) { "/security/groups/#{group.id}/vulnerability_exports" } let(:deny_setup) {}
let(:permission_setup) {}
subject(:create_vulnerability_export) { post api(request_path, user), params: { export_format: format } } subject(:create_vulnerability_export) { post api(request_path, user), params: { export_format: format } }
...@@ -92,6 +32,10 @@ RSpec.describe API::VulnerabilityExports do ...@@ -92,6 +32,10 @@ RSpec.describe API::VulnerabilityExports do
context 'when the request fulfills the requirements' do context 'when the request fulfills the requirements' do
context 'when the user is not authorized to take the action' do context 'when the user is not authorized to take the action' do
before do
deny_setup
end
it 'responds with 403 forbidden' do it 'responds with 403 forbidden' do
create_vulnerability_export create_vulnerability_export
...@@ -104,7 +48,7 @@ RSpec.describe API::VulnerabilityExports do ...@@ -104,7 +48,7 @@ RSpec.describe API::VulnerabilityExports do
before do before do
allow(VulnerabilityExports::CreateService).to receive(:new).and_return(mock_service_object) allow(VulnerabilityExports::CreateService).to receive(:new).and_return(mock_service_object)
group.add_developer(user) permission_setup
end end
context 'when the export creation succeeds' do context 'when the export creation succeeds' do
...@@ -130,60 +74,49 @@ RSpec.describe API::VulnerabilityExports do ...@@ -130,60 +74,49 @@ RSpec.describe API::VulnerabilityExports do
end end
end end
end end
end
it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
end
describe 'POST /security/vulnerability_exports' do
let(:format) { 'csv' }
let(:request_path) { "/security/vulnerability_exports" }
subject(:create_vulnerability_export) { post api(request_path, user), params: { export_format: format } }
context 'when the request does not fulfill the requirements' do
let(:format) { 'exif' }
it 'responds with bad_request' do it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features' do
create_vulnerability_export before do
permission_setup
expect(response).to have_gitlab_http_status(:bad_request) end
expect(json_response).to eq('error' => 'export_format does not have a valid value')
end end
end end
end
context 'when the request fulfills the requirements' do describe 'POST /security/projects/:id/vulnerability_exports' do
let(:mock_service_object) { instance_double(VulnerabilityExports::CreateService, execute: vulnerability_export) } it_behaves_like 'creating export for exportable' do
let(:request_path) { "/security/projects/#{project.id}/vulnerability_exports" }
before do let(:deny_setup) { project.add_guest(user) }
allow(VulnerabilityExports::CreateService).to receive(:new).and_return(mock_service_object) let(:permission_setup) { project.add_developer(user) }
end
describe 'permissions' do
context 'when the export creation succeeds' do it { expect { create_vulnerability_export }.to be_allowed_for(:admin) }
let(:vulnerability_export) { create(:vulnerability_export) } it { expect { create_vulnerability_export }.to be_allowed_for(:owner).of(project) }
it { expect { create_vulnerability_export }.to be_allowed_for(:maintainer).of(project) }
it 'returns information about new vulnerability export' do it { expect { create_vulnerability_export }.to be_allowed_for(:developer).of(project) }
create_vulnerability_export it { expect { create_vulnerability_export }.to be_allowed_for(:auditor) }
expect(response).to have_gitlab_http_status(:created) it { expect { create_vulnerability_export }.to be_denied_for(:reporter).of(project) }
expect(response).to match_response_schema('public_api/v4/vulnerability_export', dir: 'ee') it { expect { create_vulnerability_export }.to be_denied_for(:guest).of(project) }
end it { expect { create_vulnerability_export }.to be_denied_for(:anonymous) }
end end
end
end
context 'when the export creation fails' do describe 'POST /security/groups/:id/vulnerability_exports' do
let(:errors) { instance_double(ActiveModel::Errors, any?: true, messages: ['foo']) } let_it_be(:group) { create(:group) }
let(:vulnerability_export) { instance_double(Vulnerabilities::Export, persisted?: false, errors: errors) }
it 'returns the error message' do
create_vulnerability_export
expect(response).to have_gitlab_http_status(:bad_request) it_behaves_like 'creating export for exportable' do
expect(json_response).to eq('message' => ['foo']) let(:request_path) { "/security/groups/#{group.id}/vulnerability_exports" }
end let(:permission_setup) { group.add_developer(user) }
end
end end
end
it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features' describe 'POST /security/vulnerability_exports' do
it_behaves_like 'creating export for exportable' do
let(:request_path) { "/security/vulnerability_exports" }
let(:deny_setup) { allow(InstanceSecurityDashboard).to receive(:new).and_return(nil) }
end
end end
describe 'GET /security/vulnerability_exports/:id' do describe 'GET /security/vulnerability_exports/:id' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment