Project members with guest role can't access confidential issues

author: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-06-06 16:13:31 -0300
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-06-13 19:32:00 -0300
commit: b56c45675019baaaf47615d51c08d5caa0734ad3 (patch)
tree: b933c21ab49a745a6839aa1127c237ffe7a3a3fb /spec/lib/gitlab/project_search_results_spec.rb
parent: af8500f43010f42176b2ec1814f0fe7248258b05 (diff)
download: gitlab-ce-b56c45675019baaaf47615d51c08d5caa0734ad3.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/lib/gitlab/project_search_results_spec.rb b/spec/lib/gitlab/project_search_results_spec.rb
index db0ff95b4f5..270b89972d7 100644
--- a/spec/lib/gitlab/project_search_results_spec.rb
+++ b/spec/lib/gitlab/project_search_results_spec.rb
@@ -43,6 +43,18 @@ describe Gitlab::ProjectSearchResults, lib: true do
       expect(results.issues_count).to eq 1
     end
 
+    it 'should not list project confidential issues for project members with guest role' do
+      project.team << [member, :guest]
+
+      results = described_class.new(member, project, query)
+      issues = results.objects('issues')
+
+      expect(issues).to include issue
+      expect(issues).not_to include security_issue_1
+      expect(issues).not_to include security_issue_2
+      expect(results.issues_count).to eq 1
+    end
+
     it 'should list project confidential issues for author' do
       results = described_class.new(author, project, query)
       issues = results.objects('issues')
author	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-06-06 16:13:31 -0300
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-06-13 19:32:00 -0300
commit	b56c45675019baaaf47615d51c08d5caa0734ad3 (patch)
tree	b933c21ab49a745a6839aa1127c237ffe7a3a3fb /spec/lib/gitlab/project_search_results_spec.rb
parent	af8500f43010f42176b2ec1814f0fe7248258b05 (diff)
download	gitlab-ce-b56c45675019baaaf47615d51c08d5caa0734ad3.tar.gz