Test to check a user must be part of the team to see project.

A user must be part of the team to see a protected project. A test is given to check that a 404 error is returned if the user can not see the project.

Test to check a user must be part of the team to see project.
A user must be part of the team to see a protected project. A test is given to check that a 404 error is returned if the user can not see the project.
Sebastian Ziebell
1 parent a534c9b7
Showing 1 changed file with 6 additions and 0 deletions Show diff stats
spec/requests/api/projects_spec.rb
@@ -89,6 +89,12 @@ describe Gitlab::API do
       response.status.should == 404
       json_response['message'].should == '404 Not Found'
     end
+
+    it "should return a 404 error if user is not a member" do
+      other_user = create(:user)
+      get api("/projects/#{project.id}", other_user)
+      response.status.should == 404
+    end
   end
   describe "GET /projects/:id/repository/branches" do
	@@ -89,6 +89,12 @@ describe Gitlab::API do		@@ -89,6 +89,12 @@ describe Gitlab::API do
89	response.status.should == 404	89	response.status.should == 404
90	json_response['message'].should == '404 Not Found'	90	json_response['message'].should == '404 Not Found'
91	end	91	end
		92	+
		93	+ it "should return a 404 error if user is not a member" do
		94	+ other_user = create(:user)
		95	+ get api("/projects/#{project.id}", other_user)
		96	+ response.status.should == 404
		97	+ end
92	end	98	end
93		99
94	describe "GET /projects/:id/repository/branches" do	100	describe "GET /projects/:id/repository/branches" do