diff options
author | Rémy Coutable <remy@rymai.me> | 2016-08-09 17:51:40 +0200 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2016-08-13 00:06:11 +0200 |
commit | a54fdc384fee9daeab1b9fb638dae5dce4e4be15 (patch) | |
tree | faa881a6d0bfcb490f6c6655de9967265f1d3083 /spec/services/issues | |
parent | 0eea8c885743575b0e93a98846b3663e9903aa66 (diff) | |
download | gitlab-ce-a54fdc384fee9daeab1b9fb638dae5dce4e4be15.tar.gz |
Enforce permissions in `{Issues,MergeRequests}::{Close,Reopen}Service`
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'spec/services/issues')
-rw-r--r-- | spec/services/issues/close_service_spec.rb | 18 | ||||
-rw-r--r-- | spec/services/issues/reopen_service_spec.rb | 25 |
2 files changed, 41 insertions, 2 deletions
diff --git a/spec/services/issues/close_service_spec.rb b/spec/services/issues/close_service_spec.rb index 1318607a388..aff022a573e 100644 --- a/spec/services/issues/close_service_spec.rb +++ b/spec/services/issues/close_service_spec.rb @@ -3,6 +3,7 @@ require 'spec_helper' describe Issues::CloseService, services: true do let(:user) { create(:user) } let(:user2) { create(:user) } + let(:guest) { create(:user) } let(:issue) { create(:issue, assignee: user2) } let(:project) { issue.project } let!(:todo) { create(:todo, :assigned, user: user, project: project, target: issue, author: user2) } @@ -10,13 +11,14 @@ describe Issues::CloseService, services: true do before do project.team << [user, :master] project.team << [user2, :developer] + project.team << [guest, :guest] end describe '#execute' do context "valid params" do before do perform_enqueued_jobs do - @issue = Issues::CloseService.new(project, user, {}).execute(issue) + @issue = described_class.new(project, user, {}).execute(issue) end end @@ -39,10 +41,22 @@ describe Issues::CloseService, services: true do end end + context 'current user is not authorized to close issue' do + before do + perform_enqueued_jobs do + @issue = described_class.new(project, guest).execute(issue) + end + end + + it 'does not close the issue' do + expect(@issue).to be_open + end + end + context "external issue tracker" do before do allow(project).to receive(:default_issues_tracker?).and_return(false) - @issue = Issues::CloseService.new(project, user, {}).execute(issue) + @issue = described_class.new(project, user, {}).execute(issue) end it { expect(@issue).to be_valid } diff --git a/spec/services/issues/reopen_service_spec.rb b/spec/services/issues/reopen_service_spec.rb new file mode 100644 index 00000000000..34a89fcd4e1 --- /dev/null +++ b/spec/services/issues/reopen_service_spec.rb @@ -0,0 +1,25 @@ +require 'spec_helper' + +describe Issues::ReopenService, services: true do + let(:guest) { create(:user) } + let(:issue) { create(:issue, :closed) } + let(:project) { issue.project } + + before do + project.team << [guest, :guest] + end + + describe '#execute' do + context 'current user is not authorized to reopen issue' do + before do + perform_enqueued_jobs do + @issue = described_class.new(project, guest).execute(issue) + end + end + + it 'does not reopen the issue' do + expect(@issue).to be_closed + end + end + end +end |