summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeinrich Lee Yu <hleeyu@gmail.com>2018-10-25 11:38:02 +0800
committerHeinrich Lee Yu <hleeyu@gmail.com>2018-10-26 10:27:25 +0800
commit2ba71571de1147e6b5e6e6f8c14b05d07c6050c2 (patch)
tree976f32acaeb013f011123e8286849af8b614f493
parent6dda85927d88461506e7255f5ba49bdeac33699e (diff)
downloadgitlab-ce-2ba71571de1147e6b5e6e6f8c14b05d07c6050c2.tar.gz
Simplify query and add tests for authorization change
Diffstat
-rw-r--r--app/controllers/concerns/boards_responses.rb10
-rw-r--r--spec/controllers/boards/issues_controller_spec.rb19
2 files changed, 18 insertions, 11 deletions
diff --git a/app/controllers/concerns/boards_responses.rb b/app/controllers/concerns/boards_responses.rb
index e6c54e688b6..3cdf4ddf8bb 100644
--- a/app/controllers/concerns/boards_responses.rb
+++ b/app/controllers/concerns/boards_responses.rb
@@ -50,14 +50,10 @@ module BoardsResponses
end
def authorize_create_issue
- board = board_parent.boards.find(issue_params[:board_id])
- list = board.lists.find(issue_params[:list_id])
+ list = List.find(issue_params[:list_id])
+ action = list.backlog? ? :create_issue : :admin_issue
- if list.backlog?
- authorize_action_for!(project, :create_issue)
- else
- authorize_action_for!(project, :admin_issue)
- end
+ authorize_action_for!(project, action)
end
def authorize_admin_list
diff --git a/spec/controllers/boards/issues_controller_spec.rb b/spec/controllers/boards/issues_controller_spec.rb
index c365988a100..98946e4287b 100644
--- a/spec/controllers/boards/issues_controller_spec.rb
+++ b/spec/controllers/boards/issues_controller_spec.rb
@@ -208,11 +208,22 @@ describe Boards::IssuesController do
end
end
- context 'with unauthorized user' do
- it 'returns a forbidden 403 response' do
- create_issue user: guest, board: board, list: list1, title: 'New issue'
+ context 'with guest user' do
+ context 'in open list' do
+ it 'returns a successful 200 response' do
+ open_list = board.lists.create(list_type: :backlog)
+ create_issue user: guest, board: board, list: open_list, title: 'New issue'
- expect(response).to have_gitlab_http_status(403)
+ expect(response).to have_gitlab_http_status(200)
+ end
+ end
+
+ context 'in label list' do
+ it 'returns a forbidden 403 response' do
+ create_issue user: guest, board: board, list: list1, title: 'New issue'
+
+ expect(response).to have_gitlab_http_status(403)
+ end
end
end
View Lorry Controller Status