Backport https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/1942

author: Lin Jen-Shin <godfat@godfat.org> 2017-06-06 21:42:45 +0800
committer: Lin Jen-Shin <godfat@godfat.org> 2017-06-06 21:42:45 +0800
commit: d919f924bf32220237c389dc913093efead8928c (patch)
tree: beb756b9eecc2b3eaa78a4fd302bb50aa0cc2d7f /spec/requests
parent: 34f925fe0bebdc7212c1c960678114a4e44828ef (diff)
download: gitlab-ce-d919f924bf32220237c389dc913093efead8928c.tar.gz
1 files changed, 9 insertions, 4 deletions
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index 1c33b8f9502..358cc784afe 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -426,9 +426,14 @@ describe API::Users do
       expect(user.reload.email).not_to eq('invalid email')
     end
 
-    it "is not available for non admin users" do
-      put api("/users/#{user.id}", user), attributes_for(:user)
-      expect(response).to have_http_status(403)
+    context 'when the current user is not an admin' do
+      it "is not available" do
+        expect do
+          put api("/users/#{user.id}", user), attributes_for(:user)
+        end.not_to change { user.reload.attributes }
+
+        expect(response).to have_http_status(403)
+      end
     end
 
     it "returns 404 for non-existing user" do
@@ -649,7 +654,7 @@ describe API::Users do
       end
 
       it "returns a 404 for invalid ID" do
-        put api("/users/ASDF/emails", admin)
+        get api("/users/ASDF/emails", admin)
 
         expect(response).to have_http_status(404)
       end
author	Lin Jen-Shin <godfat@godfat.org>	2017-06-06 21:42:45 +0800
committer	Lin Jen-Shin <godfat@godfat.org>	2017-06-06 21:42:45 +0800
commit	d919f924bf32220237c389dc913093efead8928c (patch)
tree	beb756b9eecc2b3eaa78a4fd302bb50aa0cc2d7f /spec/requests
parent	34f925fe0bebdc7212c1c960678114a4e44828ef (diff)
download	gitlab-ce-d919f924bf32220237c389dc913093efead8928c.tar.gz