1 files changed, 66 insertions, 0 deletions

diff --git a/spec/requests/api/pipelines_spec.rb b/spec/requests/api/pipelines_spec.rb
index 9fed07cae82..0d46463312b 100644
--- a/spec/requests/api/pipelines_spec.rb
+++ b/spec/requests/api/pipelines_spec.rb
@@ -445,6 +445,72 @@ describe API::Pipelines do
     end
   end
 
+  describe 'GET /projects/:id/pipelines/:pipeline_id/variables' do
+    subject { get api("/projects/#{project.id}/pipelines/#{pipeline.id}/variables", api_user) }
+
+    let(:api_user) { user }
+
+    context 'user is a mantainer' do
+      it 'returns pipeline variables empty' do
+        subject
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(json_response).to be_empty
+      end
+
+      context 'with variables' do
+        let!(:variable) { create(:ci_pipeline_variable, pipeline: pipeline, key: 'foo', value: 'bar') }
+
+        it 'returns pipeline variables' do
+          subject
+
+          expect(response).to have_gitlab_http_status(200)
+          expect(json_response).to contain_exactly({ "key" => "foo", "value" => "bar" })
+        end
+      end
+    end
+
+    context 'user is a developer' do
+      let(:pipeline_owner_user) { create(:user) }
+      let(:pipeline) { create(:ci_empty_pipeline, project: project, user: pipeline_owner_user) }
+
+      before do
+        project.add_developer(api_user)
+      end
+
+      context 'pipeline created by the developer user' do
+        let(:api_user) { pipeline_owner_user }
+        let!(:variable) { create(:ci_pipeline_variable, pipeline: pipeline, key: 'foo', value: 'bar') }
+
+        it 'returns pipeline variables' do
+          subject
+
+          expect(response).to have_gitlab_http_status(200)
+          expect(json_response).to contain_exactly({ "key" => "foo", "value" => "bar" })
+        end
+      end
+
+      context 'pipeline created is not created by the developer user' do
+        let(:api_user) { create(:user) }
+
+        it 'should not return pipeline variables' do
+          subject
+
+          expect(response).to have_gitlab_http_status(403)
+        end
+      end
+    end
+
+    context 'user is not a project member' do
+      it 'should not return pipeline variables' do
+        get api("/projects/#{project.id}/pipelines/#{pipeline.id}/variables", non_member)
+
+        expect(response).to have_gitlab_http_status(404)
+        expect(json_response['message']).to eq '404 Project Not Found'
+      end
+    end
+  end
+
   describe 'DELETE /projects/:id/pipelines/:pipeline_id' do
     context 'authorized user' do
       let(:owner) { project.owner }