Refactor NPM specs for audit endpoints
What does this MR do and why?
Similar to:
This refactors the RSpec table in the shared example for NPM audit requests
The RSpec table tests too many permutations, many of which are redundant. In this MR, we extract the essential test cases:
- Unauthenticated requests should be rejected with
:unauthorizedstatus - If request forwarding is enabled, respond with a redirect
- If request forwarding is disabled:
- for group or instance scope - reject the request
- for project scope
- if user is guest, and project is private - reject the request
- otherwise, accept the request
- Happy paths for each authentication method
It might be easier to see which parts of the RSpec table have been extracted to which contexts by reviewing the changes commit by commit.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
NA. Only specs are changed in this MR.
How to set up and validate locally
NA. Only specs are changed in this MR.
Related to #471721
Edited by Radamanthus Batnag