summaryrefslogtreecommitdiff
path: root/spec/controllers/boards
diff options
context:
space:
mode:
authorMario de la Ossa <mariodelaossa@gmail.com>2019-01-17 11:40:37 -0600
committerMario de la Ossa <mariodelaossa@gmail.com>2019-01-18 12:43:46 -0600
commit54994762ffd45e55cc9c000fbfb382382c69ad5d (patch)
tree1613e95fcae03b3ee8e4ad99be7b2bfefccd4023 /spec/controllers/boards
parentc46b8e968ba926745418738cb8855f0ca23b97cd (diff)
downloadgitlab-ce-54994762ffd45e55cc9c000fbfb382382c69ad5d.tar.gz
Backport of 54385-board-policy
Diffstat (limited to 'spec/controllers/boards')
-rw-r--r--spec/controllers/boards/issues_controller_spec.rb10
-rw-r--r--spec/controllers/boards/lists_controller_spec.rb7
2 files changed, 5 insertions, 12 deletions
diff --git a/spec/controllers/boards/issues_controller_spec.rb b/spec/controllers/boards/issues_controller_spec.rb
index 8657fc2ebc0..725ea2bf1ab 100644
--- a/spec/controllers/boards/issues_controller_spec.rb
+++ b/spec/controllers/boards/issues_controller_spec.rb
@@ -1,7 +1,7 @@
require 'spec_helper'
describe Boards::IssuesController do
- let(:project) { create(:project) }
+ let(:project) { create(:project, :private) }
let(:board) { create(:board, project: project) }
let(:user) { create(:user) }
let(:guest) { create(:user) }
@@ -127,14 +127,10 @@ describe Boards::IssuesController do
end
context 'with unauthorized user' do
- before do
- allow(Ability).to receive(:allowed?).and_call_original
- allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
- allow(Ability).to receive(:allowed?).with(user, :read_issue, project).and_return(false)
- end
+ let(:unauth_user) { create(:user) }
it 'returns a forbidden 403 response' do
- list_issues user: user, board: board, list: list2
+ list_issues user: unauth_user, board: board, list: list2
expect(response).to have_gitlab_http_status(403)
end
diff --git a/spec/controllers/boards/lists_controller_spec.rb b/spec/controllers/boards/lists_controller_spec.rb
index 70033857168..e5b8aa2e678 100644
--- a/spec/controllers/boards/lists_controller_spec.rb
+++ b/spec/controllers/boards/lists_controller_spec.rb
@@ -31,13 +31,10 @@ describe Boards::ListsController do
end
context 'with unauthorized user' do
- before do
- allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
- allow(Ability).to receive(:allowed?).with(user, :read_list, project).and_return(false)
- end
+ let(:unauth_user) { create(:user) }
it 'returns a forbidden 403 response' do
- read_board_list user: user, board: board
+ read_board_list user: unauth_user, board: board
expect(response).to have_gitlab_http_status(403)
end