Commit 74d42e64 authored by Bob Van Landuyt's avatar Bob Van Landuyt

Merge branch 'fix_vulnerabilities_controller_specs' into 'master'

Fix VulnerabilitiesController authorization for new action spec

See merge request gitlab-org/gitlab!74787
parents 28bdff8c 4df61428
...@@ -18,27 +18,39 @@ RSpec.describe Projects::Security::VulnerabilitiesController do ...@@ -18,27 +18,39 @@ RSpec.describe Projects::Security::VulnerabilitiesController do
describe 'GET #new' do describe 'GET #new' do
let(:request_new_vulnerability_page) { get :new, params: { namespace_id: project.namespace, project_id: project } } let(:request_new_vulnerability_page) { get :new, params: { namespace_id: project.namespace, project_id: project } }
before do
allow(controller).to receive(:can?).and_call_original
allow(controller).to receive(:can?).with(controller.current_user, :create_vulnerability, project).and_return(can_create_vulnerability)
end
include_context '"Security & Compliance" permissions' do include_context '"Security & Compliance" permissions' do
let(:valid_request) { request_new_vulnerability_page } let(:valid_request) { request_new_vulnerability_page }
let(:can_create_vulnerability) { true }
end end
it 'checks if the user can create a vulnerability' do
request_new_vulnerability_page
expect(controller).to have_received(:can?).with(controller.current_user, :create_vulnerability, project)
end
context 'when user can create vulnerability' do
let(:can_create_vulnerability) { true }
it 'renders the add new finding page' do it 'renders the add new finding page' do
request_new_vulnerability_page request_new_vulnerability_page
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
end end
end
context 'when user can not create vulnerability' do context 'when user can not create vulnerability' do
before do let(:can_create_vulnerability) { false }
guest = create(:user)
project.add_guest(guest)
sign_in(guest)
end
it 'renders a 403' do it 'renders 404 page not found' do
request_new_vulnerability_page request_new_vulnerability_page
expect(response).to have_gitlab_http_status(:forbidden) expect(response).to have_gitlab_http_status(:not_found)
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment