diff options
author | Robert Speicher <rspeicher@gmail.com> | 2017-12-14 13:32:55 -0600 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2017-12-19 15:45:08 -0600 |
commit | 3e4b45fc216875ff25647675d92448a53a740d9b (patch) | |
tree | 836b9459d674c2aa0c34e63ed3f4c55999729d1f /spec/services/quick_actions/interpret_service_spec.rb | |
parent | 8d0ad36bcfc0ef95ee9a116604ba1516367dbb27 (diff) | |
download | gitlab-ce-3e4b45fc216875ff25647675d92448a53a740d9b.tar.gz |
Only include the user's ID in the time_spent command's update hash
Previously, this would include the entire User record in the update
hash, which was rendered in the response using `to_json`, erroneously
exposing every attribute of that record, including their (now removed)
private token.
Now we only include the user ID, and perform the lookup on-demand.
Diffstat (limited to 'spec/services/quick_actions/interpret_service_spec.rb')
-rw-r--r-- | spec/services/quick_actions/interpret_service_spec.rb | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/spec/services/quick_actions/interpret_service_spec.rb b/spec/services/quick_actions/interpret_service_spec.rb index c35177f6ebc..eb46480fa54 100644 --- a/spec/services/quick_actions/interpret_service_spec.rb +++ b/spec/services/quick_actions/interpret_service_spec.rb @@ -209,7 +209,7 @@ describe QuickActions::InterpretService do expect(updates).to eq(spend_time: { duration: 3600, - user: developer, + user_id: developer.id, spent_at: DateTime.now.to_date }) end @@ -221,7 +221,7 @@ describe QuickActions::InterpretService do expect(updates).to eq(spend_time: { duration: -1800, - user: developer, + user_id: developer.id, spent_at: DateTime.now.to_date }) end @@ -233,7 +233,7 @@ describe QuickActions::InterpretService do expect(updates).to eq(spend_time: { duration: 1800, - user: developer, + user_id: developer.id, spent_at: Date.parse(date) }) end @@ -267,7 +267,7 @@ describe QuickActions::InterpretService do it 'populates spend_time: :reset if content contains /remove_time_spent' do _, updates = service.execute(content, issuable) - expect(updates).to eq(spend_time: { duration: :reset, user: developer }) + expect(updates).to eq(spend_time: { duration: :reset, user_id: developer.id }) end end |