Merge branch 'security-2776-fix-add-reaction-permissions-11-7' into 'security-11-7'

[11.7] Revoke award_emoji permissions for confidential issues See merge request gitlab/gitlabhq!2849 (cherry picked from commit 0ead6f886e437d3a99c22e0adf85f768d8293cad) 0be8c4c9 Prevent award_emoji to notes not visible to user
author: Yorick Peterse <yorickpeterse@gmail.com> 2019-01-24 12:47:46 +0000
committer: Yorick Peterse <yorickpeterse@gmail.com> 2019-01-24 12:47:49 +0000
commit: d8c3e45ef0452bba9431a5e500cc254a4637724f (patch)
tree: 4e18889f71033dad4d4b190fef2e8fd4f984344f /spec
parent: 09c2d94f2b87f3c281d08c27af64bb217fb741ef (diff)
download: gitlab-ce-d8c3e45ef0452bba9431a5e500cc254a4637724f.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb
index 7e25c53e77c..0e848c74659 100644
--- a/spec/policies/note_policy_spec.rb
+++ b/spec/policies/note_policy_spec.rb
@@ -28,6 +28,7 @@ describe NotePolicy, mdoels: true do
           expect(policy).to be_disallowed(:admin_note)
           expect(policy).to be_disallowed(:resolve_note)
           expect(policy).to be_disallowed(:read_note)
+          expect(policy).to be_disallowed(:award_emoji)
         end
       end
 
@@ -40,6 +41,7 @@ describe NotePolicy, mdoels: true do
           expect(policy).to be_allowed(:admin_note)
           expect(policy).to be_allowed(:resolve_note)
           expect(policy).to be_allowed(:read_note)
+          expect(policy).to be_allowed(:award_emoji)
         end
       end
     end
author	Yorick Peterse <yorickpeterse@gmail.com>	2019-01-24 12:47:46 +0000
committer	Yorick Peterse <yorickpeterse@gmail.com>	2019-01-24 12:47:49 +0000
commit	d8c3e45ef0452bba9431a5e500cc254a4637724f (patch)
tree	4e18889f71033dad4d4b190fef2e8fd4f984344f /spec
parent	09c2d94f2b87f3c281d08c27af64bb217fb741ef (diff)
download	gitlab-ce-d8c3e45ef0452bba9431a5e500cc254a4637724f.tar.gz