Improve Milestones API specs

Signed-off-by: Rémy Coutable <remy@rymai.me>

2 files changed, 27 insertions, 38 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 4ce16b44493..2d1c561fb82 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -8,8 +8,6 @@ v 8.7.1 (unreleased)
   - Fix license detection to detect all license files, not only known licenses. !3878
   - Use the `can?` helper instead of `current_user.can?`. !3882
   - Prevent users from deleting Webhooks via API they do not own
-  - Use the `can?` helper instead of `current_user.can?`
-  - Filter confidential issues from milestones API if user does not have access
 
 v 8.7.0
   - Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
diff --git a/spec/requests/api/milestones_spec.rb b/spec/requests/api/milestones_spec.rb
index cb9c3dde5ee..241995041bb 100644
--- a/spec/requests/api/milestones_spec.rb
+++ b/spec/requests/api/milestones_spec.rb
@@ -140,43 +140,34 @@ describe API::API, api: true  do
       get api("/projects/#{project.id}/milestones/#{milestone.id}/issues")
       expect(response.status).to eq(401)
     end
-  end
-
-  describe 'confidential issues' do
-    it 'should return confidential issues to team members' do
-      public_project = create(:project, :public)
-      user = create(:user)
-      milestone = create(:milestone, project: public_project)
-      issue = create(:issue, project: public_project)
-      confidential_issue = create(:issue, confidential: true, project: public_project)
-      public_project.team << [user, :developer]
-      milestone.issues << issue
-      milestone.issues << confidential_issue
-
-      get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user)
-
-      expect(response.status).to eq(200)
-      expect(json_response).to be_an Array
-      expect(json_response.size).to eq(2)
-      expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id)
-    end
-
-    it 'should not return confidential issues to regular users' do
-      public_project = create(:project, :public)
-      normal_user = create(:user)
-      milestone = create(:milestone, project: public_project)
-      issue = create(:issue, project: public_project)
-      confidential_issue = create(:issue, confidential: true, project: public_project)
-      public_project.team << [user, :developer]
-      milestone.issues << issue
-      milestone.issues << confidential_issue
-
-      get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", normal_user)
 
-      expect(response.status).to eq(200)
-      expect(json_response).to be_an Array
-      expect(json_response.size).to eq(1)
-      expect(json_response.map { |issue| issue['id'] }).to include(issue.id)
+    describe 'confidential issues' do
+      let(:public_project) { create(:project, :public) }
+      let(:milestone) { create(:milestone, project: public_project) }
+      let(:issue) { create(:issue, project: public_project) }
+      let(:confidential_issue) { create(:issue, confidential: true, project: public_project) }
+      before do
+        public_project.team << [user, :developer]
+        milestone.issues << issue << confidential_issue
+      end
+
+      it 'returns confidential issues to team members' do
+        get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user)
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_an Array
+        expect(json_response.size).to eq(2)
+        expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id)
+      end
+
+      it 'does not return confidential issues to regular users' do
+        get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", create(:user))
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_an Array
+        expect(json_response.size).to eq(1)
+        expect(json_response.map { |issue| issue['id'] }).to include(issue.id)
+      end
     end
   end
 end