diff options
author | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-12-11 14:52:22 +0000 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2019-01-21 08:46:11 +0100 |
commit | 9ec860ea05d5c74387cbff4593ca76072a38ad5f (patch) | |
tree | 178afe23115bc2b5866cffe86cfb70c367b808b5 /spec/models/user_spec.rb | |
parent | 49efb57914b7daac651e0b3fbeb850584be66ce7 (diff) | |
download | gitlab-ce-9ec860ea05d5c74387cbff4593ca76072a38ad5f.tar.gz |
Group Guests are no longer able to see merge requests
Group guests will only be displayed merge requests to
projects they have a access level to, higher than Reporter.
Visible projects will still display the merge requests to Guests
Diffstat (limited to 'spec/models/user_spec.rb')
-rw-r--r-- | spec/models/user_spec.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 33842e74b92..78477ab0a5a 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -1997,6 +1997,33 @@ describe User do expect(subject).to include(accessible) expect(subject).not_to include(other) end + + context 'with min_access_level' do + let!(:user) { create(:user) } + let!(:project) { create(:project, :private, namespace: user.namespace) } + + before do + project.add_developer(user) + end + + subject { Project.where("EXISTS (?)", user.authorizations_for_projects(min_access_level: min_access_level)) } + + context 'when developer access' do + let(:min_access_level) { Gitlab::Access::DEVELOPER } + + it 'includes projects a user has access to' do + expect(subject).to include(project) + end + end + + context 'when owner access' do + let(:min_access_level) { Gitlab::Access::OWNER } + + it 'does not include projects with higher access level' do + expect(subject).not_to include(project) + end + end + end end describe '#authorized_projects', :delete do |