Merge branch 'dry-api-user-block-specs' into 'master'

Use named subject for block specs See merge request gitlab-org/gitlab!69416

Merge branch 'dry-api-user-block-specs' into 'master'
Use named subject for block specs See merge request gitlab-org/gitlab!69416
7a2191d5 · Dmitriy Zaporozhets (DZ) · a1c7cced · 44cf8f5c · 7a2191d5
Commit 7a2191d5 authored Sep 08, 2021 by Dmitriy Zaporozhets (DZ)
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 35 deletions

spec/requests/api/users_spec.rb spec/requests/api/users_spec.rb +56 -35

No files found.
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -14,6 +14,7 @@ RSpec.describe API::Users do
  let(:private_user) { create(:user, private_profile: true) }
  let(:deactivated_user) { create(:user, state: 'deactivated') }
  let(:banned_user) { create(:user, :banned) }
+  let(:internal_user) { create(:user, :bot) }

  context 'admin notes' do
    let_it_be(:admin) { create(:admin, note: '2019-10-06 | 2FA added | user requested | www.gitlab.com') }
@@ -2869,53 +2870,73 @@ RSpec.describe API::Users do
    end
  end

-  describe 'POST /users/:id/block' do
-    let(:blocked_user) { create(:user, state: 'blocked') }
+  describe 'POST /users/:id/block', :aggregate_failures do
+    context 'when admin' do
+      subject(:block_user) { post api("/users/#{user_id}/block", admin) }

-    it 'blocks existing user' do
-      post api("/users/#{user.id}/block", admin)
+      context 'with an existing user' do
+        let(:user_id) { user.id }

-      aggregate_failures do
-        expect(response).to have_gitlab_http_status(:created)
-        expect(response.body).to eq('true')
-        expect(user.reload.state).to eq('blocked')
+        it 'blocks existing user' do
+          block_user
+
+          expect(response).to have_gitlab_http_status(:created)
+          expect(response.body).to eq('true')
+          expect(user.reload.state).to eq('blocked')
+        end
      end
-    end

-    it 'does not re-block ldap blocked users' do
-      post api("/users/#{ldap_blocked_user.id}/block", admin)
-      expect(response).to have_gitlab_http_status(:forbidden)
-      expect(ldap_blocked_user.reload.state).to eq('ldap_blocked')
-    end
+      context 'with an ldap blocked user' do
+        let(:user_id) { ldap_blocked_user.id }

-    it 'does not be available for non admin users' do
-      post api("/users/#{user.id}/block", user)
-      expect(response).to have_gitlab_http_status(:forbidden)
-      expect(user.reload.state).to eq('active')
-    end
+        it 'does not re-block ldap blocked users' do
+          block_user

-    it 'returns a 404 error if user id not found' do
-      post api('/users/0/block', admin)
-      expect(response).to have_gitlab_http_status(:not_found)
-      expect(json_response['message']).to eq('404 User Not Found')
-    end
+          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(ldap_blocked_user.reload.state).to eq('ldap_blocked')
+        end
+      end

-    it 'returns a 403 error if user is internal' do
-      internal_user = create(:user, :bot)
+      context 'with a non existent user' do
+        let(:user_id) { non_existing_record_id }

-      post api("/users/#{internal_user.id}/block", admin)
+        it 'does not block non existent user, returns 404' do
+          block_user

-      expect(response).to have_gitlab_http_status(:forbidden)
-      expect(json_response['message']).to eq('An internal user cannot be blocked')
-    end
+          expect(response).to have_gitlab_http_status(:not_found)
+          expect(json_response['message']).to eq('404 User Not Found')
+        end
+      end

-    it 'returns a 201 if user is already blocked' do
-      post api("/users/#{blocked_user.id}/block", admin)
+      context 'with an internal user' do
+        let(:user_id) { internal_user.id }

-      aggregate_failures do
-        expect(response).to have_gitlab_http_status(:created)
-        expect(response.body).to eq('null')
+        it 'does not block internal user, returns 403' do
+          block_user
+
+          expect(response).to have_gitlab_http_status(:forbidden)
+          expect(json_response['message']).to eq('An internal user cannot be blocked')
+        end
      end
+
+      context 'with a blocked user' do
+        let(:blocked_user) { create(:user, state: 'blocked') }
+        let(:user_id) { blocked_user.id }
+
+        it 'returns a 201 if user is already blocked' do
+          block_user
+
+          expect(response).to have_gitlab_http_status(:created)
+          expect(response.body).to eq('null')
+        end
+      end
+    end
+
+    it 'is not available for non admin users' do
+      post api("/users/#{user.id}/block", user)
+
+      expect(response).to have_gitlab_http_status(:forbidden)
+      expect(user.reload.state).to eq('active')
    end
  end