diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2022-05-02 21:12:53 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2022-05-02 21:12:53 +0000 |
commit | 2bdcc43491635132fdab4e4eadb7e62b731140ea (patch) | |
tree | b61b0ceb52da5d5ea36c13370fb87f09c7db6ffe /spec/requests/api/markdown_spec.rb | |
parent | 7bc34aad19503153d8d9b849006e59b43a1eda5b (diff) | |
parent | 1390b6e51192c50ebf55378fc183cbd4ddf94ab0 (diff) | |
download | gitlab-ce-14-8-stable.tar.gz |
Merge remote-tracking branch 'dev/14-8-stable' into 14-8-stable14-8-stable
Diffstat (limited to 'spec/requests/api/markdown_spec.rb')
-rw-r--r-- | spec/requests/api/markdown_spec.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/spec/requests/api/markdown_spec.rb b/spec/requests/api/markdown_spec.rb index 0488bce4663..47e1f007daa 100644 --- a/spec/requests/api/markdown_spec.rb +++ b/spec/requests/api/markdown_spec.rb @@ -156,6 +156,46 @@ RSpec.describe API::Markdown do end end end + + context 'with a public project and issues only for team members' do + let(:public_project) do + create(:project, :public).tap do |project| + project.project_feature.update_attribute(:issues_access_level, ProjectFeature::PRIVATE) + end + end + + let(:issue) { create(:issue, project: public_project, title: 'Team only title') } + let(:text) { "#{issue.to_reference}" } + let(:params) { { text: text, gfm: true, project: public_project.full_path } } + + shared_examples 'user without proper access' do + it 'does not render the title' do + expect(response).to have_gitlab_http_status(:created) + expect(json_response["html"]).not_to include('Team only title') + end + end + + context 'when not logged in' do + let(:user) { } + + it_behaves_like 'user without proper access' + end + + context 'when logged in as user without access' do + let(:user) { create(:user) } + + it_behaves_like 'user without proper access' + end + + context 'when logged in as author' do + let(:user) { issue.author } + + it 'renders the title or link' do + expect(response).to have_gitlab_http_status(:created) + expect(json_response["html"]).to include('Team only title') + end + end + end end end end |