diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 13:52:06 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 14:04:51 +0000 |
commit | eb9d835f5935926572ba1b69af3b980e41a86b32 (patch) | |
tree | 18746d1429e1b6c92780958bb38ac5b5eadd1890 /spec | |
parent | 69f173ceab50896de90ec19e2f82e9b3ce609aa4 (diff) | |
download | gitlab-ce-eb9d835f5935926572ba1b69af3b980e41a86b32.tar.gz |
Merge branch 'security-contributed-projects-11-6' into 'security-11-6'
[11.6] Contributed projects info is still visible even user enable private profile
See merge request gitlab/gitlabhq!2765
(cherry picked from commit dfc0edd52628ba86578f1b6645575049b9db1058)
7502af85 Fix contributed projects finder shown private info
06aadabb Use old spec syntax
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/users_controller_spec.rb | 32 | ||||
-rw-r--r-- | spec/finders/contributed_projects_finder_spec.rb | 12 |
2 files changed, 44 insertions, 0 deletions
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index fe438e71e9e..1a084b375ec 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -206,6 +206,38 @@ describe UsersController do end end + describe 'GET #contributed' do + let(:project) { create(:project, :public) } + let(:current_user) { create(:user) } + + before do + sign_in(current_user) + + project.add_developer(public_user) + project.add_developer(private_user) + end + + context 'with public profile' do + it 'renders contributed projects' do + create(:push_event, project: project, author: public_user) + + get :contributed, username: public_user.username + + expect(assigns[:contributed_projects]).not_to be_empty + end + end + + context 'with private profile' do + it 'does not render contributed projects' do + create(:push_event, project: project, author: private_user) + + get :contributed, username: private_user.username + + expect(assigns[:contributed_projects]).to be_empty + end + end + end + describe 'GET #snippets' do before do sign_in(user) diff --git a/spec/finders/contributed_projects_finder_spec.rb b/spec/finders/contributed_projects_finder_spec.rb index 81fb4e3561c..ee84fd067d4 100644 --- a/spec/finders/contributed_projects_finder_spec.rb +++ b/spec/finders/contributed_projects_finder_spec.rb @@ -31,4 +31,16 @@ describe ContributedProjectsFinder do it { is_expected.to match_array([private_project, internal_project, public_project]) } end + + context 'user with private profile' do + it 'does not return contributed projects' do + private_user = create(:user, private_profile: true) + public_project.add_maintainer(private_user) + create(:push_event, project: public_project, author: private_user) + + projects = described_class.new(private_user).execute(current_user) + + expect(projects).to be_empty + end + end end |