diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-06-03 12:34:07 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-06-03 12:34:07 +0000 |
commit | 38e4977dc7931aea13f496cafd3ed7d15d5ec93e (patch) | |
tree | dea9ebb60dbdab61dd5933cc4405353704356306 /spec/models | |
parent | 5dc6c8f2d08534281b0e1adf404af0e8642eb407 (diff) | |
parent | b70b43d07ec27c6410e4a8d7ad417662a8823f8f (diff) | |
download | gitlab-ce-38e4977dc7931aea13f496cafd3ed7d15d5ec93e.tar.gz |
Merge branch 'security-fix_milestones_search_api_leak' into 'master'
Resolve: Milestones leaked via search API
Closes #2822
See merge request gitlab/gitlabhq!2997
Diffstat (limited to 'spec/models')
-rw-r--r-- | spec/models/project_spec.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 08662231fdf..6401704367e 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -3170,6 +3170,23 @@ describe Project do end end + describe '.ids_with_milestone_available_for' do + let!(:user) { create(:user) } + + it 'returns project ids with milestones available for user' do + project_1 = create(:project, :public, :merge_requests_disabled, :issues_disabled) + project_2 = create(:project, :public, :merge_requests_disabled) + project_3 = create(:project, :public, :issues_disabled) + project_4 = create(:project, :public) + project_4.project_feature.update(issues_access_level: ProjectFeature::PRIVATE, merge_requests_access_level: ProjectFeature::PRIVATE ) + + project_ids = described_class.ids_with_milestone_available_for(user).pluck(:id) + + expect(project_ids).to include(project_2.id, project_3.id) + expect(project_ids).not_to include(project_1.id, project_4.id) + end + end + describe '.with_feature_available_for_user' do let(:user) { create(:user) } let(:feature) { MergeRequest } |