diff options
author | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-06-06 16:13:31 -0300 |
---|---|---|
committer | Douglas Barbosa Alexandre <dbalexandre@gmail.com> | 2016-06-13 19:32:00 -0300 |
commit | b56c45675019baaaf47615d51c08d5caa0734ad3 (patch) | |
tree | b933c21ab49a745a6839aa1127c237ffe7a3a3fb /spec/lib/gitlab/project_search_results_spec.rb | |
parent | af8500f43010f42176b2ec1814f0fe7248258b05 (diff) | |
download | gitlab-ce-b56c45675019baaaf47615d51c08d5caa0734ad3.tar.gz |
Project members with guest role can't access confidential issues
Diffstat (limited to 'spec/lib/gitlab/project_search_results_spec.rb')
-rw-r--r-- | spec/lib/gitlab/project_search_results_spec.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/lib/gitlab/project_search_results_spec.rb b/spec/lib/gitlab/project_search_results_spec.rb index db0ff95b4f5..270b89972d7 100644 --- a/spec/lib/gitlab/project_search_results_spec.rb +++ b/spec/lib/gitlab/project_search_results_spec.rb @@ -43,6 +43,18 @@ describe Gitlab::ProjectSearchResults, lib: true do expect(results.issues_count).to eq 1 end + it 'should not list project confidential issues for project members with guest role' do + project.team << [member, :guest] + + results = described_class.new(member, project, query) + issues = results.objects('issues') + + expect(issues).to include issue + expect(issues).not_to include security_issue_1 + expect(issues).not_to include security_issue_2 + expect(results.issues_count).to eq 1 + end + it 'should list project confidential issues for author' do results = described_class.new(author, project, query) issues = results.objects('issues') |