diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-06-14 21:29:29 +0000 |
|---|---|---|
| committer | Robert Speicher <robert@gitlab.com> | 2016-06-14 21:29:29 +0000 |
| commit | e7a8fe07ea8a1dca711274e85630a0cf2107b3cc (patch) | |
| tree | aeef339596ef226fbb56eecdddc591699163eeb9 /spec | |
| parent | c6ed8edf8e29ca37f64df07602f13fc7a34abf58 (diff) | |
| parent | 7ae0df8faeeabbcfb07d9f834c132ad5c56c7f74 (diff) | |
| download | gitlab-ce-e7a8fe07ea8a1dca711274e85630a0cf2107b3cc.tar.gz | |
Merge branch '18535-confidential-issue-notes' into 'master'
Only show notes through JSON on confidential issues that the user has access to
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18535
See merge request !1970
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/finders/notes_finder_spec.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/finders/notes_finder_spec.rb b/spec/finders/notes_finder_spec.rb index c83824b900d..639b28d49ee 100644 --- a/spec/finders/notes_finder_spec.rb +++ b/spec/finders/notes_finder_spec.rb @@ -34,5 +34,21 @@ describe NotesFinder do notes = NotesFinder.new.execute(project, user, params) expect(notes).to eq([note1]) end + + context 'confidential issue notes' do + let(:confidential_issue) { create(:issue, :confidential, project: project, author: user) } + let!(:confidential_note) { create(:note, noteable: confidential_issue, project: confidential_issue.project) } + + let(:params) { { target_id: confidential_issue.id, target_type: 'issue', last_fetched_at: 1.hour.ago.to_i } } + + it 'returns notes if user can see the issue' do + expect(NotesFinder.new.execute(project, user, params)).to eq([confidential_note]) + end + + it 'raises an error if user can not see the issue' do + user = create(:user) + expect { NotesFinder.new.execute(project, user, params) }.to raise_error(ActiveRecord::RecordNotFound) + end + end end end |