Test to check a user must be part of the team to see project.

A user must be part of the team to see a protected project. A test is given to check that a 404 error is returned if the user can not see the project.
author: Sebastian Ziebell <sebastian.ziebell@asquera.de> 2013-02-06 16:45:38 +0100
committer: Sebastian Ziebell <sebastian.ziebell@asquera.de> 2013-02-06 17:11:01 +0100
commit: 5d8a99f10429168e6471fdd1843f5045a10a84b3 (patch)
tree: 89c22106d4e5a7eeaebeee1867135f17a6f70bbc
parent: a534c9b72d54729122a9ccfe4f43ce5bdaa9bed2 (diff)
download: gitlab-ce-5d8a99f10429168e6471fdd1843f5045a10a84b3.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index 8351b4bf8bb..b9f42acce04 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -89,6 +89,12 @@ describe Gitlab::API do
       response.status.should == 404
       json_response['message'].should == '404 Not Found'
     end
+
+    it "should return a 404 error if user is not a member" do
+      other_user = create(:user)
+      get api("/projects/#{project.id}", other_user)
+      response.status.should == 404
+    end
   end
 
   describe "GET /projects/:id/repository/branches" do
author	Sebastian Ziebell <sebastian.ziebell@asquera.de>	2013-02-06 16:45:38 +0100
committer	Sebastian Ziebell <sebastian.ziebell@asquera.de>	2013-02-06 17:11:01 +0100
commit	5d8a99f10429168e6471fdd1843f5045a10a84b3 (patch)
tree	89c22106d4e5a7eeaebeee1867135f17a6f70bbc
parent	a534c9b72d54729122a9ccfe4f43ce5bdaa9bed2 (diff)
download	gitlab-ce-5d8a99f10429168e6471fdd1843f5045a10a84b3.tar.gz