diff options
| author | Sean McGivern <sean@mcgivern.me.uk> | 2016-10-28 12:08:30 +0000 |
|---|---|---|
| committer | Sean McGivern <sean@mcgivern.me.uk> | 2016-10-28 12:08:30 +0000 |
| commit | 8487af81db7a2d490cbdd3ae16e87c44df883396 (patch) | |
| tree | c8ae57716a1198c701b17c48657745f58629e984 /spec | |
| parent | 4370d68f034f66f8f0243d1de7f4c9c0330a3b79 (diff) | |
| parent | 587ee5fb80a21cda277240811372d7b694290592 (diff) | |
| download | gitlab-ce-8487af81db7a2d490cbdd3ae16e87c44df883396.tar.gz | |
Merge branch 'bugfix/dragging_milestones' into 'master'
Stop unauthorized users dragging on milestone page
Closes #13670
See merge request !7113
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/features/milestones/milestones_spec.rb | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/spec/features/milestones/milestones_spec.rb b/spec/features/milestones/milestones_spec.rb new file mode 100644 index 00000000000..8b603f51545 --- /dev/null +++ b/spec/features/milestones/milestones_spec.rb @@ -0,0 +1,86 @@ +require 'rails_helper' + +describe 'Milestone draggable', feature: true, js: true do + let(:milestone) { create(:milestone, project: project, title: 8.14) } + let(:project) { create(:empty_project, :public) } + let(:user) { create(:user) } + + context 'issues' do + let(:issue) { page.find_by_id('issues-list-unassigned').find('li') } + let(:issue_target) { page.find_by_id('issues-list-ongoing') } + + it 'does not allow guest to drag issue' do + create_and_drag_issue + + expect(issue_target).not_to have_selector('.issuable-row') + end + + it 'does not allow authorized user to drag issue' do + login_as(user) + create_and_drag_issue + + expect(issue_target).not_to have_selector('.issuable-row') + end + + it 'allows author to drag issue' do + login_as(user) + create_and_drag_issue(author: user) + + expect(issue_target).to have_selector('.issuable-row') + end + + it 'allows admin to drag issue' do + login_as(:admin) + create_and_drag_issue + + expect(issue_target).to have_selector('.issuable-row') + end + end + + context 'merge requests' do + let(:merge_request) { page.find_by_id('merge_requests-list-unassigned').find('li') } + let(:merge_request_target) { page.find_by_id('merge_requests-list-ongoing') } + + it 'does not allow guest to drag merge request' do + create_and_drag_merge_request + + expect(merge_request_target).not_to have_selector('.issuable-row') + end + + it 'does not allow authorized user to drag merge request' do + login_as(user) + create_and_drag_merge_request + + expect(merge_request_target).not_to have_selector('.issuable-row') + end + + it 'allows author to drag merge request' do + login_as(user) + create_and_drag_merge_request(author: user) + + expect(merge_request_target).to have_selector('.issuable-row') + end + + it 'allows admin to drag merge request' do + login_as(:admin) + create_and_drag_merge_request + + expect(merge_request_target).to have_selector('.issuable-row') + end + end + + def create_and_drag_issue(params = {}) + create(:issue, params.merge(title: 'Foo', project: project, milestone: milestone)) + + visit namespace_project_milestone_path(project.namespace, project, milestone) + issue.drag_to(issue_target) + end + + def create_and_drag_merge_request(params = {}) + create(:merge_request, params.merge(title: 'Foo', source_project: project, target_project: project, milestone: milestone)) + + visit namespace_project_milestone_path(project.namespace, project, milestone) + page.find("a[href='#tab-merge-requests']").click + merge_request.drag_to(merge_request_target) + end +end |