diff options
| author | Felipe Artur <felipefac@gmail.com> | 2018-12-11 16:15:10 -0200 |
|---|---|---|
| committer | Felipe Artur <felipefac@gmail.com> | 2018-12-14 10:38:52 -0200 |
| commit | 1653f7b1c68b2ea7da8df84ed459b9578e3dff8f (patch) | |
| tree | 9e55514e5682aa8799469286265b3e51af84b003 /spec/services/members | |
| parent | cc7353523bc1d19054769d7a0a61b0cb7f6ce4e3 (diff) | |
| download | gitlab-ce-1653f7b1c68b2ea7da8df84ed459b9578e3dff8f.tar.gz | |
Delete confidential issue todos for guests
Fix leaking information of confidential issues on TODOs
when user is downgraded to guest access.
Diffstat (limited to 'spec/services/members')
| -rw-r--r-- | spec/services/members/destroy_service_spec.rb | 2 | ||||
| -rw-r--r-- | spec/services/members/update_service_spec.rb | 17 |
2 files changed, 18 insertions, 1 deletions
diff --git a/spec/services/members/destroy_service_spec.rb b/spec/services/members/destroy_service_spec.rb index 0a5220c7c61..5aa7165e135 100644 --- a/spec/services/members/destroy_service_spec.rb +++ b/spec/services/members/destroy_service_spec.rb @@ -22,7 +22,7 @@ describe Members::DestroyService do shared_examples 'a service destroying a member' do before do type = member.is_a?(GroupMember) ? 'Group' : 'Project' - expect(TodosDestroyer::EntityLeaveWorker).to receive(:perform_in).with(1.hour, member.user_id, member.source_id, type) + expect(TodosDestroyer::EntityLeaveWorker).to receive(:perform_in).with(Todo::WAIT_FOR_DELETE, member.user_id, member.source_id, type) end it 'destroys the member' do diff --git a/spec/services/members/update_service_spec.rb b/spec/services/members/update_service_spec.rb index 6d19a95ffeb..599ed39ca37 100644 --- a/spec/services/members/update_service_spec.rb +++ b/spec/services/members/update_service_spec.rb @@ -20,11 +20,28 @@ describe Members::UpdateService do shared_examples 'a service updating a member' do it 'updates the member' do + expect(TodosDestroyer::EntityLeaveWorker).not_to receive(:perform_in).with(Todo::WAIT_FOR_DELETE, member.user_id, member.source_id, source.class.name) + updated_member = described_class.new(current_user, params).execute(member, permission: permission) expect(updated_member).to be_valid expect(updated_member.access_level).to eq(Gitlab::Access::MAINTAINER) end + + context 'when member is downgraded to guest' do + let(:params) do + { access_level: Gitlab::Access::GUEST } + end + + it 'schedules to delete confidential todos' do + expect(TodosDestroyer::EntityLeaveWorker).to receive(:perform_in).with(Todo::WAIT_FOR_DELETE, member.user_id, member.source_id, source.class.name).once + + updated_member = described_class.new(current_user, params).execute(member, permission: permission) + + expect(updated_member).to be_valid + expect(updated_member.access_level).to eq(Gitlab::Access::GUEST) + end + end end before do |