Add test scenario for downloading archives and making sure that the user can only download his/her data

Per issue in https://gitlab.com/gitlab-org/gitlab-ce/issues/45689 This should be automated via API clients

Steps

  • User of a public repository named "user1/download-test" selects "Download as .zip". /user1/download-test/-/archive/master/download-test-master.zip
  • Before any new changes are made to "user1/download-test", user2 requests "Download zip" from "/user2/download-test". They receive the contents of the .zip produced from "/user1/download-test". /user2/download-test/-/archive/master/download-test-master.zip
  • User2 requests "Download as .tar.gz" of "/user2/download-test". /user1/download-test/-/archive/master/download-test-master.tar.gz

Pseudo code

  • Instantiate ApiClient1 and log in as USER1
  • Instantiate ApiClient2 and log in as USER2
  • From ApiClient1 call endpoint to download repo as .zip for USER1 data
  • From ApiClient2 call endpoint to download repo as .zip for USER2 data
  • Verify that data requested from USER1 contains only USER1 data and data requested from USER2 contains only USER2 data

/cc @grzesiek @rymai @godfat @markglenfletcher @stanhu

Edited by Mek Stittri