Per issue in https://gitlab.com/gitlab-org/gitlab-ce/issues/45689. This should be automated via Web UI first, then vis the public API, as a second iteration. **Steps** * User of a public repository named "user1/download-test" selects "Download as .zip". `/user1/download-test/-/archive/master/download-test-master.zip` * Before any new changes are made to "user1/download-test", user2 requests "Download zip" from "/user2/download-test". They receive the contents of the `.zip` produced from "/user1/download-test". `/user2/download-test/-/archive/master/download-test-master.zip` * User2 requests "Download as .tar.gz" of "/user2/download-test". `/user1/download-test/-/archive/master/download-test-master.tar.gz` **Pseudo code** - Instantiate `ApiClient1` and log in as `USER1` - Instantiate `ApiClient2` and log in as `USER2` - From `ApiClient1` call endpoint to download repo as .zip for `USER1` data - From `ApiClient2` call endpoint to download repo as .zip for `USER2` data - Verify that data requested from `USER1` contains only `USER1` data and data requested from `USER2` contains only `USER2` data