Commit 5575b24e authored by Peter Leitzen's avatar Peter Leitzen

Merge branch '217924_dry_up_vulnerability_exports_api_spec' into 'master'

Remove duplicated test cases for vulnerability exports API

Closes #217924

See merge request gitlab-org/gitlab!34920
parents 1edc7fdc 752d127c
......@@ -12,70 +12,10 @@ RSpec.describe API::VulnerabilityExports do
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, :with_vulnerability) }
describe 'POST /security/projects/:id/vulnerability_exports' do
shared_examples 'creating export for exportable' do
let(:format) { 'csv' }
let(:request_path) { "/security/projects/#{project.id}/vulnerability_exports" }
subject(:create_vulnerability_export) { post api(request_path, user), params: { export_format: format } }
context 'with an authorized user with proper permissions' do
before do
project.add_developer(user)
end
context 'when format is csv' do
it 'returns information about new vulnerability export' do
create_vulnerability_export
expect(response).to have_gitlab_http_status(:created)
expect(response).to match_response_schema('public_api/v4/vulnerability_export', dir: 'ee')
end
it 'schedules job for export' do
expect(::VulnerabilityExports::ExportWorker).to receive(:perform_async).with(anything)
create_vulnerability_export
end
end
context 'when format is invalid' do
let(:format) { 'invalid' }
it 'returns error message' do
create_vulnerability_export
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response).to eq('error' => 'export_format does not have a valid value')
end
it 'does not schedule a job for export' do
expect(::VulnerabilityExports::ExportWorker).not_to receive(:perform_async)
create_vulnerability_export
end
end
it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
end
describe 'permissions' do
it { expect { create_vulnerability_export }.to be_allowed_for(:admin) }
it { expect { create_vulnerability_export }.to be_allowed_for(:owner).of(project) }
it { expect { create_vulnerability_export }.to be_allowed_for(:maintainer).of(project) }
it { expect { create_vulnerability_export }.to be_allowed_for(:developer).of(project) }
it { expect { create_vulnerability_export }.to be_allowed_for(:auditor) }
it { expect { create_vulnerability_export }.to be_denied_for(:reporter).of(project) }
it { expect { create_vulnerability_export }.to be_denied_for(:guest).of(project) }
it { expect { create_vulnerability_export }.to be_denied_for(:anonymous) }
end
end
describe 'POST /security/groups/:id/vulnerability_exports' do
let_it_be(:group) { create(:group) }
let(:format) { 'csv' }
let(:request_path) { "/security/groups/#{group.id}/vulnerability_exports" }
let(:deny_setup) {}
let(:permission_setup) {}
subject(:create_vulnerability_export) { post api(request_path, user), params: { export_format: format } }
......@@ -92,6 +32,10 @@ RSpec.describe API::VulnerabilityExports do
context 'when the request fulfills the requirements' do
context 'when the user is not authorized to take the action' do
before do
deny_setup
end
it 'responds with 403 forbidden' do
create_vulnerability_export
......@@ -104,7 +48,7 @@ RSpec.describe API::VulnerabilityExports do
before do
allow(VulnerabilityExports::CreateService).to receive(:new).and_return(mock_service_object)
group.add_developer(user)
permission_setup
end
context 'when the export creation succeeds' do
......@@ -130,60 +74,49 @@ RSpec.describe API::VulnerabilityExports do
end
end
end
end
it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features' do
before do
permission_setup
end
describe 'POST /security/vulnerability_exports' do
let(:format) { 'csv' }
let(:request_path) { "/security/vulnerability_exports" }
subject(:create_vulnerability_export) { post api(request_path, user), params: { export_format: format } }
context 'when the request does not fulfill the requirements' do
let(:format) { 'exif' }
it 'responds with bad_request' do
create_vulnerability_export
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response).to eq('error' => 'export_format does not have a valid value')
end
end
context 'when the request fulfills the requirements' do
let(:mock_service_object) { instance_double(VulnerabilityExports::CreateService, execute: vulnerability_export) }
before do
allow(VulnerabilityExports::CreateService).to receive(:new).and_return(mock_service_object)
end
context 'when the export creation succeeds' do
let(:vulnerability_export) { create(:vulnerability_export) }
describe 'POST /security/projects/:id/vulnerability_exports' do
it_behaves_like 'creating export for exportable' do
let(:request_path) { "/security/projects/#{project.id}/vulnerability_exports" }
let(:deny_setup) { project.add_guest(user) }
let(:permission_setup) { project.add_developer(user) }
it 'returns information about new vulnerability export' do
create_vulnerability_export
describe 'permissions' do
it { expect { create_vulnerability_export }.to be_allowed_for(:admin) }
it { expect { create_vulnerability_export }.to be_allowed_for(:owner).of(project) }
it { expect { create_vulnerability_export }.to be_allowed_for(:maintainer).of(project) }
it { expect { create_vulnerability_export }.to be_allowed_for(:developer).of(project) }
it { expect { create_vulnerability_export }.to be_allowed_for(:auditor) }
expect(response).to have_gitlab_http_status(:created)
expect(response).to match_response_schema('public_api/v4/vulnerability_export', dir: 'ee')
it { expect { create_vulnerability_export }.to be_denied_for(:reporter).of(project) }
it { expect { create_vulnerability_export }.to be_denied_for(:guest).of(project) }
it { expect { create_vulnerability_export }.to be_denied_for(:anonymous) }
end
end
end
context 'when the export creation fails' do
let(:errors) { instance_double(ActiveModel::Errors, any?: true, messages: ['foo']) }
let(:vulnerability_export) { instance_double(Vulnerabilities::Export, persisted?: false, errors: errors) }
it 'returns the error message' do
create_vulnerability_export
describe 'POST /security/groups/:id/vulnerability_exports' do
let_it_be(:group) { create(:group) }
expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response).to eq('message' => ['foo'])
end
it_behaves_like 'creating export for exportable' do
let(:request_path) { "/security/groups/#{group.id}/vulnerability_exports" }
let(:permission_setup) { group.add_developer(user) }
end
end
it_behaves_like 'forbids access to vulnerability API endpoint in case of disabled features'
describe 'POST /security/vulnerability_exports' do
it_behaves_like 'creating export for exportable' do
let(:request_path) { "/security/vulnerability_exports" }
let(:deny_setup) { allow(InstanceSecurityDashboard).to receive(:new).and_return(nil) }
end
end
describe 'GET /security/vulnerability_exports/:id' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment