diff options
author | Lin Jen-Shin <godfat@godfat.org> | 2016-05-18 17:57:14 -0500 |
---|---|---|
committer | Lin Jen-Shin <godfat@godfat.org> | 2016-05-18 17:57:14 -0500 |
commit | a7c823a5730fade9d8cc2c992c0f80cc12b1c0a7 (patch) | |
tree | d081264973aa7764359114c1de72b32d700bb63a | |
parent | e7a6d17b2b9a3a1b1cae0733da46ddedfe2dc3b1 (diff) | |
download | gitlab-ce-a7c823a5730fade9d8cc2c992c0f80cc12b1c0a7.tar.gz |
Give ProjectNotFound when the project is not readable
-rw-r--r-- | lib/gitlab/email/handler.rb | 2 | ||||
-rw-r--r-- | lib/gitlab/email/handler/create_issue.rb | 3 | ||||
-rw-r--r-- | spec/lib/gitlab/email/receiver_spec.rb | 4 |
3 files changed, 3 insertions, 6 deletions
diff --git a/lib/gitlab/email/handler.rb b/lib/gitlab/email/handler.rb index 55fbee276b8..56d848cdd7b 100644 --- a/lib/gitlab/email/handler.rb +++ b/lib/gitlab/email/handler.rb @@ -25,7 +25,7 @@ module Gitlab def validate_permission!(permission) raise UserNotFoundError unless author raise UserBlockedError if author.blocked? - # TODO: Give project not found error if author cannot read project + raise ProjectNotFound unless author.can?(:read_project, project) raise UserNotAuthorizedError unless author.can?(permission, project) end diff --git a/lib/gitlab/email/handler/create_issue.rb b/lib/gitlab/email/handler/create_issue.rb index 24f8f59900d..8829fbb0e49 100644 --- a/lib/gitlab/email/handler/create_issue.rb +++ b/lib/gitlab/email/handler/create_issue.rb @@ -10,9 +10,6 @@ module Gitlab end def execute - # Must be private project without access - raise ProjectNotFound unless author.can?(:read_project, project) - validate_permission!(:create_issue) validate_authentication_token! diff --git a/spec/lib/gitlab/email/receiver_spec.rb b/spec/lib/gitlab/email/receiver_spec.rb index 58c525f4048..a9b93044a08 100644 --- a/spec/lib/gitlab/email/receiver_spec.rb +++ b/spec/lib/gitlab/email/receiver_spec.rb @@ -88,8 +88,8 @@ describe Gitlab::Email::Receiver, lib: true do project.update_attribute(:visibility_level, Project::PRIVATE) end - it "raises a UserNotAuthorizedError" do - expect { receiver.execute }.to raise_error(Gitlab::Email::UserNotAuthorizedError) + it "raises a ProjectNotFound" do + expect { receiver.execute }.to raise_error(Gitlab::Email::ProjectNotFound) end end |