Merge branch '54385-board-policy-ce' into 'master'

Backport of 54385-board-policy Closes #54385 See merge request gitlab-org/gitlab-ce!24475
author: Rémy Coutable <remy@rymai.me> 2019-01-24 11:52:10 +0000
committer: Rémy Coutable <remy@rymai.me> 2019-01-24 11:52:10 +0000
commit: 8ea0bbb0000c25e02c1459ceb51d683f8cf338e8 (patch)
tree: 2a7dfb51e090264a2ebd7ce37191df331f574d2a /spec/controllers
parent: c665e6eb406388f7f57966f9f066b78ef061d898 (diff)
parent: 54994762ffd45e55cc9c000fbfb382382c69ad5d (diff)
download: gitlab-ce-8ea0bbb0000c25e02c1459ceb51d683f8cf338e8.tar.gz
2 files changed, 5 insertions, 12 deletions
diff --git a/spec/controllers/boards/issues_controller_spec.rb b/spec/controllers/boards/issues_controller_spec.rb
index 8657fc2ebc0..725ea2bf1ab 100644
--- a/spec/controllers/boards/issues_controller_spec.rb
+++ b/spec/controllers/boards/issues_controller_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Boards::IssuesController do
-  let(:project) { create(:project) }
+  let(:project) { create(:project, :private) }
   let(:board)   { create(:board, project: project) }
   let(:user)    { create(:user) }
   let(:guest)   { create(:user) }
@@ -127,14 +127,10 @@ describe Boards::IssuesController do
     end
 
     context 'with unauthorized user' do
-      before do
-        allow(Ability).to receive(:allowed?).and_call_original
-        allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
-        allow(Ability).to receive(:allowed?).with(user, :read_issue, project).and_return(false)
-      end
+      let(:unauth_user) { create(:user) }
 
       it 'returns a forbidden 403 response' do
-        list_issues user: user, board: board, list: list2
+        list_issues user: unauth_user, board: board, list: list2
 
         expect(response).to have_gitlab_http_status(403)
       end
diff --git a/spec/controllers/boards/lists_controller_spec.rb b/spec/controllers/boards/lists_controller_spec.rb
index 70033857168..e5b8aa2e678 100644
--- a/spec/controllers/boards/lists_controller_spec.rb
+++ b/spec/controllers/boards/lists_controller_spec.rb
@@ -31,13 +31,10 @@ describe Boards::ListsController do
     end
 
     context 'with unauthorized user' do
-      before do
-        allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
-        allow(Ability).to receive(:allowed?).with(user, :read_list, project).and_return(false)
-      end
+      let(:unauth_user) { create(:user) }
 
       it 'returns a forbidden 403 response' do
-        read_board_list user: user, board: board
+        read_board_list user: unauth_user, board: board
 
         expect(response).to have_gitlab_http_status(403)
       end
author	Rémy Coutable <remy@rymai.me>	2019-01-24 11:52:10 +0000
committer	Rémy Coutable <remy@rymai.me>	2019-01-24 11:52:10 +0000
commit	8ea0bbb0000c25e02c1459ceb51d683f8cf338e8 (patch)
tree	2a7dfb51e090264a2ebd7ce37191df331f574d2a /spec/controllers
parent	c665e6eb406388f7f57966f9f066b78ef061d898 (diff)
parent	54994762ffd45e55cc9c000fbfb382382c69ad5d (diff)
download	gitlab-ce-8ea0bbb0000c25e02c1459ceb51d683f8cf338e8.tar.gz