post_process markdown redered by API

author: Brett Walker <bwalker@gitlab.com> 2018-09-19 14:58:43 -0500
committer: Brett Walker <bwalker@gitlab.com> 2018-09-29 11:29:32 -0500
commit: 829c9c65f9b730b3ecad7d3ba222e3dcd6489b85 (patch)
tree: 2a9ce8bd65b2bc8291b7c5e63f746c39034ae288 /spec/requests/api/markdown_spec.rb
parent: e5d3a75aac4f0bb287699b21f3a56b8bfe499665 (diff)
download: gitlab-ce-829c9c65f9b730b3ecad7d3ba222e3dcd6489b85.tar.gz
1 files changed, 46 insertions, 0 deletions
diff --git a/spec/requests/api/markdown_spec.rb b/spec/requests/api/markdown_spec.rb
index a55796cf343..e369c1435f0 100644
--- a/spec/requests/api/markdown_spec.rb
+++ b/spec/requests/api/markdown_spec.rb
@@ -106,6 +106,52 @@ describe API::Markdown do
                                         .and include("#1</a>")
           end
         end
+
+        context 'with a public project and confidential issue' do
+          let(:public_project)     { create(:project, :public) }
+          let(:confidential_issue) { create(:issue, :confidential, project: public_project, title: 'Confidential title') }
+
+          let(:text)   { ":tada: Hello world! :100: #{confidential_issue.to_reference}" }
+          let(:params) { { text: text, gfm: true, project: public_project.full_path } }
+
+          shared_examples 'user without proper access' do
+            it 'does not render the title or link' do
+              expect(response).to have_http_status(201)
+              expect(json_response["html"]).not_to include('Confidential title')
+              expect(json_response["html"]).not_to include('<a href=')
+              expect(json_response["html"]).to include('Hello world!')
+                                          .and include('data-name="tada"')
+                                          .and include('data-name="100"')
+                                          .and include('#1</p>')
+            end
+          end
+
+          context 'when not logged in' do
+            let(:user) { }
+
+            it_behaves_like 'user without proper access'
+          end
+
+          context 'when logged in as user without access' do
+            let(:user) { create(:user) }
+
+            it_behaves_like 'user without proper access'
+          end
+
+          context 'when logged in as author' do
+            let(:user) { confidential_issue.author }
+
+            it 'renders the title or link' do
+              expect(response).to have_http_status(201)
+              expect(json_response["html"]).to include('Confidential title')
+              expect(json_response["html"]).to include('Hello world!')
+                                          .and include('data-name="tada"')
+                                          .and include('data-name="100"')
+                                          .and include("<a href=\"#{IssuesHelper.url_for_issue(confidential_issue.iid, public_project)}\"")
+                                          .and include("#1</a>")
+            end
+          end
+        end
       end
     end
   end
author	Brett Walker <bwalker@gitlab.com>	2018-09-19 14:58:43 -0500
committer	Brett Walker <bwalker@gitlab.com>	2018-09-29 11:29:32 -0500
commit	829c9c65f9b730b3ecad7d3ba222e3dcd6489b85 (patch)
tree	2a9ce8bd65b2bc8291b7c5e63f746c39034ae288 /spec/requests/api/markdown_spec.rb
parent	e5d3a75aac4f0bb287699b21f3a56b8bfe499665 (diff)
download	gitlab-ce-829c9c65f9b730b3ecad7d3ba222e3dcd6489b85.tar.gz