diff options
| author | Eugenia Grieff <egrieff@gitlab.com> | 2019-09-12 17:14:43 +0100 |
|---|---|---|
| committer | Eugenia Grieff <egrieff@gitlab.com> | 2019-10-22 17:00:56 +0100 |
| commit | 6ff7788d4cb6fcfec1ec1a2e9d42c04a0eb31891 (patch) | |
| tree | bd20d9fb6af0c7652a6db3b112a731f5abeee514 /spec/finders | |
| parent | 6653aab95dfdfd260e8814e7499cc2345f451f99 (diff) | |
| download | gitlab-ce-6ff7788d4cb6fcfec1ec1a2e9d42c04a0eb31891.tar.gz | |
Fix labels finder to filter visible issuables
Use project scopes to filter project labels
Add changelog file
Check issuables visibility in LabelsFinder
Add specs for issuables visibility cases
Rename Project method to reuse in LabelsFinder
Remove commented code
Improve changelog title
Diffstat (limited to 'spec/finders')
| -rw-r--r-- | spec/finders/labels_finder_spec.rb | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/spec/finders/labels_finder_spec.rb b/spec/finders/labels_finder_spec.rb index 2681f098fec..7590c399cf9 100644 --- a/spec/finders/labels_finder_spec.rb +++ b/spec/finders/labels_finder_spec.rb @@ -128,6 +128,89 @@ describe LabelsFinder do expect(finder.execute).to eq [private_subgroup_label_1] end end + + context 'when including labels from group projects with limited visibility' do + let(:finder) { described_class.new(user, group_id: group_4.id) } + let(:group_4) { create(:group) } + let(:limited_visibility_project) { create(:project, :public, group: group_4) } + let(:visible_project) { create(:project, :public, group: group_4) } + let!(:group_label_1) { create(:group_label, group: group_4) } + let!(:limited_visibility_label) { create(:label, project: limited_visibility_project) } + let!(:visible_label) { create(:label, project: visible_project) } + + shared_examples 'with full visibility' do + it 'returns all projects labels' do + expect(finder.execute).to eq [group_label_1, limited_visibility_label, visible_label] + end + end + + shared_examples 'with limited visibility' do + it 'returns only authorized projects labels' do + expect(finder.execute).to eq [group_label_1, visible_label] + end + end + + context 'when merge requests and issues are not visible for non members' do + before do + limited_visibility_project.project_feature.update!( + merge_requests_access_level: ProjectFeature::PRIVATE, + issues_access_level: ProjectFeature::PRIVATE + ) + end + + context 'when user is not a group member' do + it_behaves_like 'with limited visibility' + end + + context 'when user is a group member' do + before do + group_4.add_developer(user) + end + + it_behaves_like 'with full visibility' + end + end + + context 'when merge requests are not visible for non members' do + before do + limited_visibility_project.project_feature.update!( + merge_requests_access_level: ProjectFeature::PRIVATE + ) + end + + context 'when user is not a group member' do + it_behaves_like 'with full visibility' + end + + context 'when user is a group member' do + before do + group_4.add_developer(user) + end + + it_behaves_like 'with full visibility' + end + end + + context 'when issues are not visible for non members' do + before do + limited_visibility_project.project_feature.update!( + issues_access_level: ProjectFeature::PRIVATE + ) + end + + context 'when user is not a group member' do + it_behaves_like 'with full visibility' + end + + context 'when user is a group member' do + before do + group_4.add_developer(user) + end + + it_behaves_like 'with full visibility' + end + end + end end context 'filtering by project_id' do |