summaryrefslogtreecommitdiff
path: root/spec/policies
diff options
context:
space:
mode:
authorFelipe Artur <felipefac@gmail.com>2016-09-19 17:21:58 -0300
committerFelipe Artur <felipefac@gmail.com>2016-09-20 14:57:23 -0300
commit98559adf710eb2142ba072f2ac91a1db9d0578cf (patch)
tree9db944764db755077e98f90ca5872907fec8fc70 /spec/policies
parentfe084819b4c0aa83ec80b5915e7b3f444b693e9f (diff)
downloadgitlab-ce-98559adf710eb2142ba072f2ac91a1db9d0578cf.tar.gz
Test if issue authors can access private projects
Diffstat (limited to 'spec/policies')
-rw-r--r--spec/policies/project_policy_spec.rb13
1 files changed, 13 insertions, 0 deletions
diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb
index eda1cafd65e..a7a06744428 100644
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -33,4 +33,17 @@ describe ProjectPolicy, models: true do
it 'returns increasing permissions for each level' do
expect(users_permissions).to eq(users_permissions.sort.uniq)
end
+
+ it 'does not include the read_issue permission when the issue author is not a member of the private project' do
+ project = create(:project, :private)
+ issue = create(:issue, project: project)
+ user = issue.author
+
+ expect(project.team.member?(issue.author)).to eq(false)
+
+ expect(BasePolicy.class_for(project).abilities(user, project).can_set).
+ not_to include(:read_issue)
+
+ expect(Ability.allowed?(user, :read_issue, project)).to be_falsy
+ end
end