summaryrefslogtreecommitdiff
path: root/spec/requests/api/project_packages_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/api/project_packages_spec.rb')
-rw-r--r--spec/requests/api/project_packages_spec.rb76
1 files changed, 74 insertions, 2 deletions
diff --git a/spec/requests/api/project_packages_spec.rb b/spec/requests/api/project_packages_spec.rb
index 5f4b8899a33..7a05da8e13f 100644
--- a/spec/requests/api/project_packages_spec.rb
+++ b/spec/requests/api/project_packages_spec.rb
@@ -86,6 +86,18 @@ RSpec.describe API::ProjectPackages do
expect(json_response).to include(a_hash_including('_links' => a_hash_including('web_path' => include(nested_project.namespace.full_path))))
end
end
+
+ context 'with JOB-TOKEN auth' do
+ let(:job) { create(:ci_build, :running, user: user) }
+
+ subject { get api(url, job_token: job.token) }
+
+ it_behaves_like 'returns packages', :project, :maintainer
+ it_behaves_like 'returns packages', :project, :developer
+ it_behaves_like 'returns packages', :project, :reporter
+ it_behaves_like 'returns packages', :project, :no_type
+ it_behaves_like 'returns packages', :project, :guest
+ end
end
context 'project is private' do
@@ -116,6 +128,19 @@ RSpec.describe API::ProjectPackages do
end
end
end
+
+ context 'with JOB-TOKEN auth' do
+ let(:job) { create(:ci_build, :running, user: user) }
+
+ subject { get api(url, job_token: job.token) }
+
+ it_behaves_like 'returns packages', :project, :maintainer
+ it_behaves_like 'returns packages', :project, :developer
+ it_behaves_like 'returns packages', :project, :reporter
+ it_behaves_like 'rejects packages access', :project, :no_type, :not_found
+ # TODO uncomment when https://gitlab.com/gitlab-org/gitlab/-/issues/370998 is resolved
+ # it_behaves_like 'rejects packages access', :project, :guest, :not_found
+ end
end
context 'with pagination params' do
@@ -177,6 +202,8 @@ RSpec.describe API::ProjectPackages do
end
describe 'GET /projects/:id/packages/:package_id' do
+ let(:single_package_schema) { 'public_api/v4/packages/package' }
+
subject { get api(package_url, user) }
shared_examples 'no destroy url' do
@@ -217,7 +244,7 @@ RSpec.describe API::ProjectPackages do
subject
expect(response).to have_gitlab_http_status(:ok)
- expect(response).to match_response_schema('public_api/v4/packages/package')
+ expect(response).to match_response_schema(single_package_schema)
end
it 'returns 404 when the package does not exist' do
@@ -233,6 +260,18 @@ RSpec.describe API::ProjectPackages do
end
it_behaves_like 'no destroy url'
+
+ context 'with JOB-TOKEN auth' do
+ let(:job) { create(:ci_build, :running, user: user) }
+
+ subject { get api(package_url, job_token: job.token) }
+
+ it_behaves_like 'returns package', :project, :maintainer
+ it_behaves_like 'returns package', :project, :developer
+ it_behaves_like 'returns package', :project, :reporter
+ it_behaves_like 'returns package', :project, :no_type
+ it_behaves_like 'returns package', :project, :guest
+ end
end
context 'project is private' do
@@ -259,7 +298,7 @@ RSpec.describe API::ProjectPackages do
subject
expect(response).to have_gitlab_http_status(:ok)
- expect(response).to match_response_schema('public_api/v4/packages/package')
+ expect(response).to match_response_schema(single_package_schema)
end
it_behaves_like 'no destroy url'
@@ -273,6 +312,19 @@ RSpec.describe API::ProjectPackages do
it_behaves_like 'destroy url'
end
+ context 'with JOB-TOKEN auth' do
+ let(:job) { create(:ci_build, :running, user: user) }
+
+ subject { get api(package_url, job_token: job.token) }
+
+ it_behaves_like 'returns package', :project, :maintainer
+ it_behaves_like 'returns package', :project, :developer
+ it_behaves_like 'returns package', :project, :reporter
+ # TODO uncomment when https://gitlab.com/gitlab-org/gitlab/-/issues/370998 is resolved
+ # it_behaves_like 'rejects packages access', :project, :guest, :not_found
+ it_behaves_like 'rejects packages access', :project, :no_type, :not_found
+ end
+
context 'with pipeline' do
let!(:package1) { create(:npm_package, :with_build, project: project) }
@@ -355,6 +407,26 @@ RSpec.describe API::ProjectPackages do
expect(response).to have_gitlab_http_status(:no_content)
end
+
+ context 'with JOB-TOKEN auth' do
+ let(:job) { create(:ci_build, :running, user: user) }
+
+ it 'returns 403 for a user without enough permissions' do
+ project.add_developer(user)
+
+ expect { delete api(package_url, job_token: job.token) }.not_to change { ::Packages::Package.pending_destruction.count }
+
+ expect(response).to have_gitlab_http_status(:forbidden)
+ end
+
+ it 'returns 204' do
+ project.add_maintainer(user)
+
+ expect { delete api(package_url, job_token: job.token) }.to change { ::Packages::Package.pending_destruction.count }.by(1)
+
+ expect(response).to have_gitlab_http_status(:no_content)
+ end
+ end
end
context 'with a maven package' do
View Lorry Controller Status