diff options
| author | Sean McGivern <sean@gitlab.com> | 2016-06-27 13:24:08 +0100 |
|---|---|---|
| committer | Sean McGivern <sean@gitlab.com> | 2016-06-30 16:36:10 +0100 |
| commit | db0d3fc3e96e5f2b0f642ea3240d5265c3ee659c (patch) | |
| tree | 9968e5fca41afd4ceb9857283cf47963d26088a4 /spec/models | |
| parent | 293cf09056250c975c2b221f348b629b6d424b71 (diff) | |
| download | gitlab-ce-db0d3fc3e96e5f2b0f642ea3240d5265c3ee659c.tar.gz | |
Ensure logged-out users can't see private refs
Diffstat (limited to 'spec/models')
| -rw-r--r-- | spec/models/concerns/mentionable_spec.rb | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/spec/models/concerns/mentionable_spec.rb b/spec/models/concerns/mentionable_spec.rb index cb33edde820..0344dae8b5d 100644 --- a/spec/models/concerns/mentionable_spec.rb +++ b/spec/models/concerns/mentionable_spec.rb @@ -29,6 +29,43 @@ describe Issue, "Mentionable" do it { is_expected.not_to include(user2) } end + describe '#referenced_mentionables' do + context 'with an issue on a private project' do + let(:project) { create(:empty_project, :public) } + let(:issue) { create(:issue, project: project) } + let(:public_issue) { create(:issue, project: project) } + let(:private_project) { create(:empty_project, :private) } + let(:private_issue) { create(:issue, project: private_project) } + let(:user) { create(:user) } + + def referenced_issues(current_user) + text = "#{private_issue.to_reference(project)} and #{public_issue.to_reference}" + + issue.referenced_mentionables(current_user, text) + end + + context 'when the current user can see the issue' do + before { private_project.team << [user, Gitlab::Access::DEVELOPER] } + + it 'includes the reference' do + expect(referenced_issues(user)).to contain_exactly(private_issue, public_issue) + end + end + + context 'when the current user cannot see the issue' do + it 'does not include the reference' do + expect(referenced_issues(user)).to contain_exactly(public_issue) + end + end + + context 'when there is no current user' do + it 'does not include the reference' do + expect(referenced_issues(nil)).to contain_exactly(public_issue) + end + end + end + end + describe '#create_cross_references!' do let(:project) { create(:project) } let(:author) { double('author') } |