diff options
| author | Sean McGivern <sean@mcgivern.me.uk> | 2018-04-05 17:06:05 +0000 |
|---|---|---|
| committer | Sean McGivern <sean@mcgivern.me.uk> | 2018-04-05 17:06:05 +0000 |
| commit | f103475766fecc6e6fdf996e9cfaaa41e795962f (patch) | |
| tree | 01143342ee8aa80a6d0c238854cc229d8cd2a1fb | |
| parent | 9685ab323ef9c3138734de6df456afcc9bd7463e (diff) | |
| parent | 07f516d167b935acce6289a656872bad9a88b0ac (diff) | |
| download | gitlab-ce-f103475766fecc6e6fdf996e9cfaaa41e795962f.tar.gz | |
Merge branch 'osw-44295-adjust-authorization-for-discussions-show' into 'master'
Adjust 404's for LegacyDiffNote discussion rendering
Closes #44295
See merge request gitlab-org/gitlab-ce!18201
3 files changed, 54 insertions, 2 deletions
diff --git a/app/controllers/projects/discussions_controller.rb b/app/controllers/projects/discussions_controller.rb index 7bc16214010..8e86af43fee 100644 --- a/app/controllers/projects/discussions_controller.rb +++ b/app/controllers/projects/discussions_controller.rb @@ -4,8 +4,8 @@ class Projects::DiscussionsController < Projects::ApplicationController before_action :check_merge_requests_available! before_action :merge_request - before_action :discussion - before_action :authorize_resolve_discussion! + before_action :discussion, only: [:resolve, :unresolve] + before_action :authorize_resolve_discussion!, only: [:resolve, :unresolve] def resolve Discussions::ResolveService.new(project, current_user, merge_request: merge_request).execute(discussion) diff --git a/changelogs/unreleased/osw-44295-adjust-authorization-for-discussions-show.yml b/changelogs/unreleased/osw-44295-adjust-authorization-for-discussions-show.yml new file mode 100644 index 00000000000..978c5468bb1 --- /dev/null +++ b/changelogs/unreleased/osw-44295-adjust-authorization-for-discussions-show.yml @@ -0,0 +1,5 @@ +--- +title: Adjust 404's for LegacyDiffNote discussion rendering +merge_request: 18201 +author: +type: fixed diff --git a/spec/controllers/projects/discussions_controller_spec.rb b/spec/controllers/projects/discussions_controller_spec.rb index fcb0c2f28c8..53647749a60 100644 --- a/spec/controllers/projects/discussions_controller_spec.rb +++ b/spec/controllers/projects/discussions_controller_spec.rb @@ -16,6 +16,53 @@ describe Projects::DiscussionsController do } end + describe 'GET show' do + before do + sign_in user + end + + context 'when user is not authorized to read the MR' do + it 'returns 404' do + get :show, request_params, format: :json + + expect(response).to have_gitlab_http_status(404) + end + end + + context 'when user is authorized to read the MR' do + before do + project.add_reporter(user) + end + + it 'returns status 200' do + get :show, request_params, format: :json + + expect(response).to have_gitlab_http_status(200) + end + + it 'returns status 404 if MR does not exists' do + merge_request.destroy! + + get :show, request_params, format: :json + + expect(response).to have_gitlab_http_status(404) + end + end + + context 'when user is authorized but note is LegacyDiffNote' do + before do + project.add_developer(user) + note.update!(type: 'LegacyDiffNote') + end + + it 'returns status 200' do + get :show, request_params, format: :json + + expect(response).to have_gitlab_http_status(200) + end + end + end + describe 'POST resolve' do before do sign_in user |