diff options
author | Robert Speicher <robert@gitlab.com> | 2017-09-27 19:39:45 +0000 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2017-10-15 22:32:03 -0700 |
commit | 1e554d0a9796954aa4c0e2dc54769c93a4d7ee75 (patch) | |
tree | 4dfc5fe1b49b1ab75622eb7081de07a6e1d22aad /spec | |
parent | 70a160ff1cb03594b5955b0168ef3b522f966dfd (diff) | |
download | gitlab-ce-1e554d0a9796954aa4c0e2dc54769c93a4d7ee75.tar.gz |
Merge branch 'port-ee-3435' into 'security-10-0'
[10.0 CE] Prevent "Related Issues" from leaking confidential issues
See merge request gitlab/gitlabhq!2193
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/projects/issues_controller_spec.rb | 17 | ||||
-rw-r--r-- | spec/services/system_note_service_spec.rb | 14 |
2 files changed, 9 insertions, 22 deletions
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index 053bd73fee3..e9cc398a98e 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -850,16 +850,17 @@ describe Projects::IssuesController do describe 'GET #discussions' do let!(:discussion) { create(:discussion_note_on_issue, noteable: issue, project: issue.project) } + context 'when authenticated' do + before do + project.add_developer(user) + sign_in(user) + end - before do - project.add_developer(user) - sign_in(user) - end - - it 'returns discussion json' do - get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid + it 'returns discussion json' do + get :discussions, namespace_id: project.namespace, project_id: project, id: issue.iid - expect(JSON.parse(response.body).first.keys).to match_array(%w[id reply_id expanded notes individual_note]) + expect(json_response.first.keys).to match_array(%w[id reply_id expanded notes individual_note]) + end end context 'with cross-reference system note', :request_store do diff --git a/spec/services/system_note_service_spec.rb b/spec/services/system_note_service_spec.rb index cd473c1f388..0a6ab455abe 100644 --- a/spec/services/system_note_service_spec.rb +++ b/spec/services/system_note_service_spec.rb @@ -502,20 +502,6 @@ describe SystemNoteService do end end - describe '.cross_reference?' do - it 'is truthy when text begins with expected text' do - expect(described_class.cross_reference?('mentioned in something')).to be_truthy - end - - it 'is truthy when text begins with legacy capitalized expected text' do - expect(described_class.cross_reference?('mentioned in something')).to be_truthy - end - - it 'is falsey when text does not begin with expected text' do - expect(described_class.cross_reference?('this is a note')).to be_falsey - end - end - describe '.cross_reference_disallowed?' do context 'when mentioner is not a MergeRequest' do it 'is falsey' do |