diff options
author | Felipe Artur <felipefac@gmail.com> | 2019-03-26 15:20:06 -0300 |
---|---|---|
committer | Felipe Artur <felipefac@gmail.com> | 2019-03-26 15:20:06 -0300 |
commit | fcc90a5a516e6e678db3820f75d57a841504c12e (patch) | |
tree | 9381bd4f9223f801b1a315791328c766ece326ac | |
parent | 02c167c66443871234b543188c1ca3e56a8fdb3b (diff) | |
download | gitlab-ce-issue_58547.tar.gz |
Improve specs and use 403 instead of 404 statusissue_58547
-rw-r--r-- | app/controllers/graphql_controller.rb | 2 | ||||
-rw-r--r-- | spec/controllers/graphql_controller_spec.rb | 9 |
2 files changed, 7 insertions, 4 deletions
diff --git a/app/controllers/graphql_controller.rb b/app/controllers/graphql_controller.rb index 6681182ba3e..7b5dc22815c 100644 --- a/app/controllers/graphql_controller.rb +++ b/app/controllers/graphql_controller.rb @@ -39,7 +39,7 @@ class GraphqlController < ApplicationController private def authorize_access_api! - render_404 unless can?(current_user, :access_api) + access_denied!("API not accessible for user.") unless can?(current_user, :access_api) end # Overridden from the ApplicationController to make the response look like diff --git a/spec/controllers/graphql_controller_spec.rb b/spec/controllers/graphql_controller_spec.rb index b071d01de5d..c19a752b07b 100644 --- a/spec/controllers/graphql_controller_spec.rb +++ b/spec/controllers/graphql_controller_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe GraphqlController do @@ -19,15 +21,16 @@ describe GraphqlController do expect(response).to have_gitlab_http_status(200) end - it 'returns 404 when user cannot access API' do + it 'returns access denied template when user cannot access API' do # User cannot access API in a couple of cases # * When user is internal(like ghost users) # * When user is blocked - allow(Ability).to receive(:allowed?).with(user, :access_api, :global).and_return(false) + expect(Ability).to receive(:allowed?).with(user, :access_api, :global).and_return(false) post :execute - expect(response).to have_gitlab_http_status(404) + expect(response.status).to eq(403) + expect(response).to render_template('errors/access_denied') end end |