diff options
author | Alexandru Croitor <acroitor@gitlab.com> | 2019-09-06 21:46:51 +0300 |
---|---|---|
committer | Yorick Peterse <yorick@yorickpeterse.com> | 2019-09-30 14:22:05 +0200 |
commit | 010e3c5ed41db96f68549e01373a9aacadd995d7 (patch) | |
tree | f82e0aa53e8c923fc7e8800adb66b6ec3c8d1db0 /spec/controllers/projects/milestones_controller_spec.rb | |
parent | 306fed6afd35a0ff164fde50f57f7cd662912c32 (diff) | |
download | gitlab-ce-010e3c5ed41db96f68549e01373a9aacadd995d7.tar.gz |
Display only participants that user has permission to see
Diffstat (limited to 'spec/controllers/projects/milestones_controller_spec.rb')
-rw-r--r-- | spec/controllers/projects/milestones_controller_spec.rb | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/spec/controllers/projects/milestones_controller_spec.rb b/spec/controllers/projects/milestones_controller_spec.rb index cbf9d437909..a3f55c1eed0 100644 --- a/spec/controllers/projects/milestones_controller_spec.rb +++ b/spec/controllers/projects/milestones_controller_spec.rb @@ -244,4 +244,45 @@ describe Projects::MilestonesController do end end end + + context '#participants' do + render_views + + context "when guest user" do + let(:issue_assignee) { create(:user) } + let(:guest_user) { create(:user) } + + before do + project.add_guest(guest_user) + sign_in(guest_user) + issue.update(assignee_ids: issue_assignee.id) + end + + context "when issue is not confidential" do + it 'shows milestone participants' do + params = { namespace_id: project.namespace.id, project_id: project.id, id: milestone.iid, format: :json } + get :participants, params: params + + expect(response).to have_gitlab_http_status(200) + expect(response.content_type).to eq 'application/json' + expect(json_response['html']).to include(issue_assignee.name) + end + end + + context "when issue is confidential" do + before do + issue.update(confidential: true) + end + + it 'shows no milestone participants' do + params = { namespace_id: project.namespace.id, project_id: project.id, id: milestone.iid, format: :json } + get :participants, params: params + + expect(response).to have_gitlab_http_status(200) + expect(response.content_type).to eq 'application/json' + expect(json_response['html']).not_to include(issue_assignee.name) + end + end + end + end end |