diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-28 15:52:04 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-28 15:52:04 +0000 |
commit | 62f3248f57987c736a4b3ea39a042e8ab220e5c8 (patch) | |
tree | 9e64978e5d407079f07944ec799779debd566695 /spec/controllers/projects_controller_spec.rb | |
parent | 586bb7dc9629714cb1a46e358213063a6a48761b (diff) | |
download | gitlab-ce-62f3248f57987c736a4b3ea39a042e8ab220e5c8.tar.gz |
Add latest changes from gitlab-org/security/gitlab@12-5-stable-ee
Diffstat (limited to 'spec/controllers/projects_controller_spec.rb')
-rw-r--r-- | spec/controllers/projects_controller_spec.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index d16201fff5a..a5317e6b413 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -64,6 +64,46 @@ describe ProjectsController do end end + describe "GET #activity as JSON" do + render_views + + let(:project) { create(:project, :public, issues_access_level: ProjectFeature::PRIVATE) } + + before do + create(:event, :created, project: project, target: create(:issue)) + + sign_in(user) + + request.cookies[:event_filter] = 'all' + end + + context 'when user has permission to see the event' do + before do + project.add_developer(user) + end + + it 'returns count' do + get :activity, params: { namespace_id: project.namespace, id: project, format: :json } + + expect(json_response['count']).to eq(1) + end + end + + context 'when user has no permission to see the event' do + it 'filters out invisible event' do + get :activity, params: { namespace_id: project.namespace, id: project, format: :json } + + expect(json_response['html']).to eq("\n") + end + + it 'filters out invisible event when calculating the count' do + get :activity, params: { namespace_id: project.namespace, id: project, format: :json } + + expect(json_response['count']).to eq(0) + end + end + end + describe "GET show" do context "user not project member" do before do |