Project members with guest role can't access confidential issues

author: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-06-06 16:13:31 -0300
committer: Douglas Barbosa Alexandre <dbalexandre@gmail.com> 2016-06-13 19:32:00 -0300
commit: b56c45675019baaaf47615d51c08d5caa0734ad3 (patch)
tree: b933c21ab49a745a6839aa1127c237ffe7a3a3fb /spec/services/projects
parent: af8500f43010f42176b2ec1814f0fe7248258b05 (diff)
download: gitlab-ce-b56c45675019baaaf47615d51c08d5caa0734ad3.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/services/projects/autocomplete_service_spec.rb b/spec/services/projects/autocomplete_service_spec.rb
index 6108c26a78b..0971fec2e9f 100644
--- a/spec/services/projects/autocomplete_service_spec.rb
+++ b/spec/services/projects/autocomplete_service_spec.rb
@@ -33,6 +33,18 @@ describe Projects::AutocompleteService, services: true do
         expect(issues.count).to eq 1
       end
 
+      it 'should not list project confidential issues for project members with guest role' do
+        project.team << [member, :guest]
+
+        autocomplete = described_class.new(project, non_member)
+        issues = autocomplete.issues.map(&:iid)
+
+        expect(issues).to include issue.iid
+        expect(issues).not_to include security_issue_1.iid
+        expect(issues).not_to include security_issue_2.iid
+        expect(issues.count).to eq 1
+      end
+
       it 'should list project confidential issues for author' do
         autocomplete = described_class.new(project, author)
         issues = autocomplete.issues.map(&:iid)
author	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-06-06 16:13:31 -0300
committer	Douglas Barbosa Alexandre <dbalexandre@gmail.com>	2016-06-13 19:32:00 -0300
commit	b56c45675019baaaf47615d51c08d5caa0734ad3 (patch)
tree	b933c21ab49a745a6839aa1127c237ffe7a3a3fb /spec/services/projects
parent	af8500f43010f42176b2ec1814f0fe7248258b05 (diff)
download	gitlab-ce-b56c45675019baaaf47615d51c08d5caa0734ad3.tar.gz