From 43fba7f0c518942d060e7a7dd9f7ec3065ac1f69 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Tue, 28 Oct 2014 16:00:03 +0200
Subject: [PATCH] Add failing test that should be green after group members api
 get fixed

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 spec/requests/api/groups_spec.rb | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb
index 42ccad71aaf..f56caeaf5ad 100644
--- a/spec/requests/api/groups_spec.rb
+++ b/spec/requests/api/groups_spec.rb
@@ -220,13 +220,27 @@ describe API::API, api: true  do
 
       context "when a member of the group" do
         it "should return ok and add new member" do
-          count_before=group_no_members.group_members.count
           new_user = create(:user)
-          post api("/groups/#{group_no_members.id}/members", owner), user_id: new_user.id, access_level: GroupMember::MASTER
+
+          expect {
+            post api("/groups/#{group_no_members.id}/members", owner),
+              user_id: new_user.id, access_level: GroupMember::MASTER
+          }.to change { group_no_members.members.count }.by(1)
+
           response.status.should == 201
           json_response['name'].should == new_user.name
           json_response['access_level'].should == GroupMember::MASTER
-          group_no_members.group_members.count.should == count_before + 1
+        end
+
+        it "should not allow guest to modify group members" do
+          new_user = create(:user)
+
+          expect {
+            post api("/groups/#{group_with_members.id}/members", guest),
+            user_id: new_user.id, access_level: GroupMember::MASTER
+          }.not_to change { group_with_members.members.count }
+
+          response.status.should == 403
         end
 
         it "should return error if member already exists" do
-- 
GitLab