diff options
author | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 18:36:59 +0000 |
---|---|---|
committer | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 19:07:15 -0500 |
commit | 1be0174b6aaab1c0cfe86a8b1c91b8ea6fa3db72 (patch) | |
tree | 1004efdbf23a8dfedbcfc08786f5afa1fcc09dd4 /spec/controllers/dashboard | |
parent | 3881285c2b901cfeac58b5e6bdf54ec7bd46612f (diff) | |
download | gitlab-ce-1be0174b6aaab1c0cfe86a8b1c91b8ea6fa3db72.tar.gz |
Merge branch 'security-private-group' into 'master'
[master] Fixed read private group names
See merge request gitlab/gitlabhq!2589
Diffstat (limited to 'spec/controllers/dashboard')
-rw-r--r-- | spec/controllers/dashboard/todos_controller_spec.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/spec/controllers/dashboard/todos_controller_spec.rb b/spec/controllers/dashboard/todos_controller_spec.rb index b4a731fd3a3..e2c799f5205 100644 --- a/spec/controllers/dashboard/todos_controller_spec.rb +++ b/spec/controllers/dashboard/todos_controller_spec.rb @@ -42,6 +42,16 @@ describe Dashboard::TodosController do end end + context 'group authorization' do + it 'renders 404 when user does not have read access on given group' do + unauthorized_group = create(:group, :private) + + get :index, group_id: unauthorized_group.id + + expect(response).to have_gitlab_http_status(404) + end + end + context 'when using pagination' do let(:last_page) { user.todos.page.total_pages } let!(:issues) { create_list(:issue, 3, project: project, assignees: [user]) } |