diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-30 21:08:47 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-30 21:08:47 +0000 |
commit | c8f773a8593926f4f2dec6f446a3b3e59e9c9909 (patch) | |
tree | 4e5ea1d3b861ff99015f6112da567de7873868aa /spec/controllers/groups_controller_spec.rb | |
parent | 929b887e5391dea7cb53b88b77b9a35351c87d99 (diff) | |
download | gitlab-ce-c8f773a8593926f4f2dec6f446a3b3e59e9c9909.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/controllers/groups_controller_spec.rb')
-rw-r--r-- | spec/controllers/groups_controller_spec.rb | 37 |
1 files changed, 31 insertions, 6 deletions
diff --git a/spec/controllers/groups_controller_spec.rb b/spec/controllers/groups_controller_spec.rb index 3399ad563a1..07b82bdff04 100644 --- a/spec/controllers/groups_controller_spec.rb +++ b/spec/controllers/groups_controller_spec.rb @@ -47,7 +47,7 @@ describe GroupsController do it 'assigns events for all the projects in the group', :sidekiq_might_not_need_inline do subject - expect(assigns(:events)).to contain_exactly(event) + expect(assigns(:events).map(&:id)).to contain_exactly(event.id) end end end @@ -119,12 +119,12 @@ describe GroupsController do describe 'GET #activity' do render_views - before do - sign_in(user) - project - end - context 'as json' do + before do + sign_in(user) + project + end + it 'includes events from all projects in group and subgroups', :sidekiq_might_not_need_inline do 2.times do project = create(:project, group: group) @@ -141,6 +141,31 @@ describe GroupsController do expect(assigns(:projects).limit_value).to be_nil end end + + context 'when user has no permission to see the event' do + let(:user) { create(:user) } + let(:group) { create(:group) } + let(:project) { create(:project, group: group) } + + let(:project_with_restricted_access) do + create(:project, :public, issues_access_level: ProjectFeature::PRIVATE, group: group) + end + + before do + create(:event, project: project) + create(:event, :created, project: project_with_restricted_access, target: create(:issue)) + + group.add_guest(user) + + sign_in(user) + end + + it 'filters out invisible event' do + get :activity, params: { id: group.to_param }, format: :json + + expect(json_response['count']).to eq(1) + end + end end describe 'POST #create' do |