Skip to content

G
gitlab-ce
Commit f51afbf1 authored by Avielle Wolfe's avatar Avielle Wolfe Committed by Avielle Wolfe
Browse files
Options

Move group specific tests back to group spec 

Access to these endpoints is controlled by the
Group::Security::ApplicationController, so these specs
shouldn't be shared.
parent 567bfb5e
Show whitespace changes
Inline Side-by-side
Showing with 222 additions and 278 deletions
ee/spec/controllers/groups/security/vulnerabilities_controller_spec.rb
View file @ f51afbf1
......@@ -3,5 +3,50 @@
require 'spec_helper'
describe Groups::Security::VulnerabilitiesController do
let(:group) { create(:group) }
let(:user) { create(:user) }
it_behaves_like ::EE::VulnerabilitiesActions
before do
sign_in(user)
end
describe 'access for all actions' do
context 'when security dashboard feature is disabled' do
it 'returns 404' do
stub_licensed_features(security_dashboard: false)
get :index, params: { group_id: group }, format: :json
expect(response).to have_gitlab_http_status(404)
end
end
context 'when security dashboard feature is enabled' do
before do
stub_licensed_features(security_dashboard: true)
end
context 'when user has guest access' do
it 'denies access' do
group.add_guest(user)
get :index, params: { group_id: group }, format: :json
expect(response).to have_gitlab_http_status(403)
end
end
context 'when user has developer access' do
it 'grants access' do
group.add_developer(user)
get :index, params: { group_id: group }, format: :json
expect(response).to have_gitlab_http_status(200)
end
end
end
end
end
ee/spec/support/shared_examples/controllers/concerns/ee/vulnerabilities_actions_shared_examples.rb
View file @ f51afbf1
......@@ -14,46 +14,15 @@ shared_examples ::EE::VulnerabilitiesActions do
let(:projects) { [project_dev, project_guest, project_other] }
before do
group.add_developer(user)
sign_in(user)
stub_licensed_features(security_dashboard: true)
end
describe 'GET index.json' do
subject { get :index, params: { group_id: group }, format: :json }
context 'when security dashboard feature is disabled' do
before do
stub_licensed_features(security_dashboard: false)
end
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(404)
end
end
context 'when security dashboard feature is enabled' do
before do
stub_licensed_features(security_dashboard: true)
end
context 'when user has guest access' do
before do
group.add_guest(user)
end
it 'returns 403' do
subject
expect(response).to have_gitlab_http_status(403)
end
end
context 'when user has developer access' do
before do
group.add_developer(user)
end
context 'when no page request' do
before do
projects.each do |project|
......@@ -61,7 +30,7 @@ shared_examples ::EE::VulnerabilitiesActions do
end
end
it "returns a list of vulnerabilities" do
it 'returns a list of vulnerabilities' do
subject
expect(response).to have_gitlab_http_status(200)
......@@ -78,7 +47,7 @@ shared_examples ::EE::VulnerabilitiesActions do
end
end
it "returns a list of vulnerabilities" do
it 'returns a list of vulnerabilities for the requested page' do
get :index, params: { group_id: group, page: 2 }, format: :json
expect(response).to have_gitlab_http_status(200)
......@@ -161,28 +130,11 @@ shared_examples ::EE::VulnerabilitiesActions do
end
end
end
end
end
describe 'GET summary.json' do
subject { get :summary, params: { group_id: group }, format: :json }
context 'when security dashboard feature is disabled' do
before do
stub_licensed_features(security_dashboard: false)
end
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(404)
end
end
context 'when security dashboard feature is enabled' do
before do
stub_licensed_features(security_dashboard: true)
pipeline = create(:ci_pipeline, :success, project: project_dev)
create_list(:vulnerabilities_occurrence, 3,
......@@ -201,23 +153,6 @@ shared_examples ::EE::VulnerabilitiesActions do
pipelines: [pipeline], project: project_other, report_type: :dast, severity: :low)
end
context 'when user has guest access' do
before do
group.add_guest(user)
end
it 'returns 403' do
subject
expect(response).to have_gitlab_http_status(403)
end
end
context 'when user has developer access' do
before do
group.add_developer(user)
end
it 'returns vulnerabilities counts for all report types' do
subject
......@@ -242,28 +177,11 @@ shared_examples ::EE::VulnerabilitiesActions do
end
end
end
end
end
describe 'GET history.json' do
subject { get :history, params: { group_id: group }, format: :json }
context 'when security dashboard feature is disabled' do
before do
stub_licensed_features(security_dashboard: false)
end
it 'returns 404' do
subject
expect(response).to have_gitlab_http_status(404)
end
end
context 'when security dashboard feature is enabled' do
before do
stub_licensed_features(security_dashboard: true)
travel_to(Time.zone.parse('2018-11-10')) do
pipeline_1 = create(:ci_pipeline, :success, project: project_dev)
pipeline_2 = create(:ci_pipeline, :success, project: project_dev)
......@@ -298,23 +216,6 @@ shared_examples ::EE::VulnerabilitiesActions do
end
end
context 'when user has guest access' do
before do
group.add_guest(user)
end
it 'returns 403' do
subject
expect(response).to have_gitlab_http_status(403)
end
end
context 'when user has developer access' do
before do
group.add_developer(user)
end
it 'returns vulnerability history within last 90 days' do
travel_to(Time.zone.parse('2019-02-10')) do
subject
......@@ -365,6 +266,4 @@ shared_examples ::EE::VulnerabilitiesActions do
expect(response).to match_response_schema('vulnerabilities/history', dir: 'ee')
end
end
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7