Add latest changes from gitlab-org/gitlab@15-8-stable-eev15.8.0-rc42

1 files changed, 30 insertions, 0 deletions

diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb
index 741a0db3009..c21e1244402 100644
--- a/spec/policies/merge_request_policy_spec.rb
+++ b/spec/policies/merge_request_policy_spec.rb
@@ -461,4 +461,34 @@ RSpec.describe MergeRequestPolicy do
       end
     end
   end
+
+  context 'when the author of the merge request is banned', feature_category: :insider_threat do
+    let_it_be(:user) { create(:user) }
+    let_it_be(:admin) { create(:user, :admin) }
+    let_it_be(:author) { create(:user, :banned) }
+    let_it_be(:project) { create(:project, :public) }
+    let_it_be(:hidden_merge_request) { create(:merge_request, source_project: project, author: author) }
+
+    it 'does not allow non-admin user to read the merge_request' do
+      expect(permissions(user, hidden_merge_request)).not_to be_allowed(:read_merge_request)
+    end
+
+    it 'allows admin to read the merge_request', :enable_admin_mode do
+      expect(permissions(admin, hidden_merge_request)).to be_allowed(:read_merge_request)
+    end
+
+    context 'when the `hide_merge_requests_from_banned_users` feature flag is disabled' do
+      before do
+        stub_feature_flags(hide_merge_requests_from_banned_users: false)
+      end
+
+      it 'allows non-admin users to read the merge_request' do
+        expect(permissions(user, hidden_merge_request)).to be_allowed(:read_merge_request)
+      end
+
+      it 'allows admin users to read the merge_request', :enable_admin_mode do
+        expect(permissions(admin, hidden_merge_request)).to be_allowed(:read_merge_request)
+      end
+    end
+  end
 end