adds fix for security issue when annonymous user does not have access to repository we now display the activity feed instead of the readme23990-project-show-error-when-empty-repo

author: tiagonbotelho <tiagonbotelho@hotmail.com> 2016-11-16 18:20:05 +0000
committer: tiagonbotelho <tiagonbotelho@hotmail.com> 2016-11-17 12:42:21 +0000
commit: f0ed5fea81b537ae6c0262ed8f6249b47acafcdf (patch)
tree: 080519a566112e60fab728d9ff914d04040375d9 /spec/helpers/preferences_helper_spec.rb
parent: c9d93f645aed1fbb9196616afb0110a585882fc1 (diff)
download: gitlab-ce-f0ed5fea81b537ae6c0262ed8f6249b47acafcdf.tar.gz
1 files changed, 29 insertions, 7 deletions
diff --git a/spec/helpers/preferences_helper_spec.rb b/spec/helpers/preferences_helper_spec.rb
index 02b464f7e07..77841e85223 100644
--- a/spec/helpers/preferences_helper_spec.rb
+++ b/spec/helpers/preferences_helper_spec.rb
@@ -86,21 +86,43 @@ describe PreferencesHelper do
     end
   end
 
-  describe 'default_project_view' do
+  describe '#default_project_view' do
     context 'user not signed in' do
       before do
-        @project = create(:project)
+        helper.instance_variable_set(:@project, project)
         stub_user
       end
 
-      it 'returns readme view if repository is not empty' do
-        expect(helper.default_project_view).to eq('readme')
+      context 'when repository is empty' do
+        let(:project) { create(:project_empty_repo, :public) }
+
+        it 'returns activity if user has repository access' do
+          allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(true)
+
+          expect(helper.default_project_view).to eq('activity')
+        end
+
+        it 'returns activity if user does not have repository access' do
+          allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(false)
+
+          expect(helper.default_project_view).to eq('activity')
+        end
       end
 
-      it 'returns activity if repository is empty' do
-        expect(@project).to receive(:empty_repo?).and_return(true)
+      context 'when repository is not empty' do
+        let(:project) { create(:project, :public) }
+
+        it 'returns readme if user has repository access' do
+          allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(true)
+
+          expect(helper.default_project_view).to eq('readme')
+        end
+
+        it 'returns activity if user does not have repository access' do
+          allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(false)
 
-        expect(helper.default_project_view).to eq('empty')
+          expect(helper.default_project_view).to eq('activity')
+        end
       end
     end
   end
author	tiagonbotelho <tiagonbotelho@hotmail.com>	2016-11-16 18:20:05 +0000
committer	tiagonbotelho <tiagonbotelho@hotmail.com>	2016-11-17 12:42:21 +0000
commit	f0ed5fea81b537ae6c0262ed8f6249b47acafcdf (patch)
tree	080519a566112e60fab728d9ff914d04040375d9 /spec/helpers/preferences_helper_spec.rb
parent	c9d93f645aed1fbb9196616afb0110a585882fc1 (diff)
download	gitlab-ce-f0ed5fea81b537ae6c0262ed8f6249b47acafcdf.tar.gz