...@@ -340,6 +340,40 @@ describe API::Releases do ...@@ -340,6 +340,40 @@ describe API::Releases do
expect(response).to have_gitlab_http_status(:ok) expect(response).to have_gitlab_http_status(:ok)
end end
context 'when release is associated to a milestone' do
let!(:release) do
create(:release, tag: 'v0.1', project: project, milestones: [milestone])
end
let(:milestone) { create(:milestone, project: project) }
it 'exposes milestones' do
get api("/projects/#{project.id}/releases/v0.1", non_project_member)
expect(json_response['milestones'].first['title']).to eq(milestone.title)
end
context 'when project restricts visibility of issues and merge requests' do
let!(:project) { create(:project, :repository, :public, :issues_private, :merge_requests_private) }
it 'does not expose milestones' do
get api("/projects/#{project.id}/releases/v0.1", non_project_member)
expect(json_response['milestones']).to be_nil
end
end
context 'when project restricts visibility of issues' do
let!(:project) { create(:project, :repository, :public, :issues_private) }
it 'exposes milestones' do
get api("/projects/#{project.id}/releases/v0.1", non_project_member)
expect(json_response['milestones'].first['title']).to eq(milestone.title)
end
end
end
end end
end end
end end
... ...
......
...@@ -6,6 +6,7 @@ describe API::Runners do ...@@ -6,6 +6,7 @@ describe API::Runners do
let(:admin) { create(:user, :admin) } let(:admin) { create(:user, :admin) }
let(:user) { create(:user) } let(:user) { create(:user) }
let(:user2) { create(:user) } let(:user2) { create(:user) }
let(:group_maintainer) { create(:user) }
let(:project) { create(:project, creator_id: user.id) } let(:project) { create(:project, creator_id: user.id) }
let(:project2) { create(:project, creator_id: user.id) } let(:project2) { create(:project, creator_id: user.id) }
...@@ -20,6 +21,7 @@ describe API::Runners do ...@@ -20,6 +21,7 @@ describe API::Runners do
before do before do
# Set project access for users # Set project access for users
create(:group_member, :maintainer, user: group_maintainer, group: group)
create(:project_member, :maintainer, user: user, project: project) create(:project_member, :maintainer, user: user, project: project)
create(:project_member, :maintainer, user: user, project: project2) create(:project_member, :maintainer, user: user, project: project2)
create(:project_member, :reporter, user: user2, project: project) create(:project_member, :reporter, user: user2, project: project)
...@@ -525,6 +527,20 @@ describe API::Runners do ...@@ -525,6 +527,20 @@ describe API::Runners do
end.to change { Ci::Runner.project_type.count }.by(-1) end.to change { Ci::Runner.project_type.count }.by(-1)
end end
it 'does not delete group runner with maintainer access' do
delete api("/runners/#{group_runner.id}", group_maintainer)
expect(response).to have_http_status(403)
end
it 'deletes group runner with owner access' do
expect do
delete api("/runners/#{group_runner.id}", user)
expect(response).to have_http_status(204)
end.to change { Ci::Runner.group_type.count }.by(-1)
end
it_behaves_like '412 response' do it_behaves_like '412 response' do
let(:request) { api("/runners/#{project_runner.id}", user) } let(:request) { api("/runners/#{project_runner.id}", user) }
end end
... ...
......