diff options
author | John Jarvis <jarv@gitlab.com> | 2019-01-01 20:38:39 +0000 |
---|---|---|
committer | John Jarvis <jarv@gitlab.com> | 2019-01-01 20:38:39 +0000 |
commit | 0058c97a1b564b7050e17bbf015ca2482f04657f (patch) | |
tree | 36a5ab5cde0320d2d864c39b210350a8d1fa3471 /spec/controllers | |
parent | e4dabec82a8f375389b9bb52b8fe6b1ac304d74e (diff) | |
parent | 8772bdabb2f48e9868971d8349f6e36985bffec0 (diff) | |
download | gitlab-ce-0058c97a1b564b7050e17bbf015ca2482f04657f.tar.gz |
Merge branch 'security-refs-available-to-project-guest' into 'master'
[master] Project guests no longer are able to see refs page
See merge request gitlab/gitlabhq!2685
Diffstat (limited to 'spec/controllers')
-rw-r--r-- | spec/controllers/projects_controller_spec.rb | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/spec/controllers/projects_controller_spec.rb b/spec/controllers/projects_controller_spec.rb index ea067a01295..4747d837273 100644 --- a/spec/controllers/projects_controller_spec.rb +++ b/spec/controllers/projects_controller_spec.rb @@ -621,10 +621,10 @@ describe ProjectsController do end describe "GET refs" do - let(:public_project) { create(:project, :public, :repository) } + let(:project) { create(:project, :public, :repository) } it 'gets a list of branches and tags' do - get :refs, params: { namespace_id: public_project.namespace, id: public_project, sort: 'updated_desc' } + get :refs, params: { namespace_id: project.namespace, id: project, sort: 'updated_desc' } parsed_body = JSON.parse(response.body) expect(parsed_body['Branches']).to include('master') @@ -634,7 +634,7 @@ describe ProjectsController do end it "gets a list of branches, tags and commits" do - get :refs, params: { namespace_id: public_project.namespace, id: public_project, ref: "123456" } + get :refs, params: { namespace_id: project.namespace, id: project, ref: "123456" } parsed_body = JSON.parse(response.body) expect(parsed_body["Branches"]).to include("master") @@ -649,7 +649,7 @@ describe ProjectsController do end it "gets a list of branches, tags and commits" do - get :refs, params: { namespace_id: public_project.namespace, id: public_project, ref: "123456" } + get :refs, params: { namespace_id: project.namespace, id: project, ref: "123456" } parsed_body = JSON.parse(response.body) expect(parsed_body["Branches"]).to include("master") @@ -657,6 +657,22 @@ describe ProjectsController do expect(parsed_body["Commits"]).to include("123456") end end + + context 'when private project' do + let(:project) { create(:project, :repository) } + + context 'as a guest' do + it 'renders forbidden' do + user = create(:user) + project.add_guest(user) + + sign_in(user) + get :refs, namespace_id: project.namespace, id: project + + expect(response).to have_gitlab_http_status(404) + end + end + end end describe 'POST #preview_markdown' do |