summaryrefslogtreecommitdiff
path: root/spec/finders
diff options
context:
space:
mode:
authorDouglas Barbosa Alexandre <dbalexandre@gmail.com>2016-06-14 14:37:41 -0300
committerDouglas Barbosa Alexandre <dbalexandre@gmail.com>2016-06-14 17:51:17 -0300
commit2d29ca85e86e6865f08540d351902641a0d0b4d5 (patch)
tree47c4d0de5a3576d452838ffcb51f9395dab0fc10 /spec/finders
parentc6ed8edf8e29ca37f64df07602f13fc7a34abf58 (diff)
downloadgitlab-ce-2d29ca85e86e6865f08540d351902641a0d0b4d5.tar.gz
Fix notes on confidential issues through JSON to users without access
Diffstat (limited to 'spec/finders')
-rw-r--r--spec/finders/notes_finder_spec.rb16
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/finders/notes_finder_spec.rb b/spec/finders/notes_finder_spec.rb
index c83824b900d..639b28d49ee 100644
--- a/spec/finders/notes_finder_spec.rb
+++ b/spec/finders/notes_finder_spec.rb
@@ -34,5 +34,21 @@ describe NotesFinder do
notes = NotesFinder.new.execute(project, user, params)
expect(notes).to eq([note1])
end
+
+ context 'confidential issue notes' do
+ let(:confidential_issue) { create(:issue, :confidential, project: project, author: user) }
+ let!(:confidential_note) { create(:note, noteable: confidential_issue, project: confidential_issue.project) }
+
+ let(:params) { { target_id: confidential_issue.id, target_type: 'issue', last_fetched_at: 1.hour.ago.to_i } }
+
+ it 'returns notes if user can see the issue' do
+ expect(NotesFinder.new.execute(project, user, params)).to eq([confidential_note])
+ end
+
+ it 'raises an error if user can not see the issue' do
+ user = create(:user)
+ expect { NotesFinder.new.execute(project, user, params) }.to raise_error(ActiveRecord::RecordNotFound)
+ end
+ end
end
end