diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 12:47:46 +0000 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 12:47:49 +0000 |
commit | d8c3e45ef0452bba9431a5e500cc254a4637724f (patch) | |
tree | 4e18889f71033dad4d4b190fef2e8fd4f984344f /spec | |
parent | 09c2d94f2b87f3c281d08c27af64bb217fb741ef (diff) | |
download | gitlab-ce-d8c3e45ef0452bba9431a5e500cc254a4637724f.tar.gz |
Merge branch 'security-2776-fix-add-reaction-permissions-11-7' into 'security-11-7'
[11.7] Revoke award_emoji permissions for confidential issues
See merge request gitlab/gitlabhq!2849
(cherry picked from commit 0ead6f886e437d3a99c22e0adf85f768d8293cad)
0be8c4c9 Prevent award_emoji to notes not visible to user
Diffstat (limited to 'spec')
-rw-r--r-- | spec/policies/note_policy_spec.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb index 7e25c53e77c..0e848c74659 100644 --- a/spec/policies/note_policy_spec.rb +++ b/spec/policies/note_policy_spec.rb @@ -28,6 +28,7 @@ describe NotePolicy, mdoels: true do expect(policy).to be_disallowed(:admin_note) expect(policy).to be_disallowed(:resolve_note) expect(policy).to be_disallowed(:read_note) + expect(policy).to be_disallowed(:award_emoji) end end @@ -40,6 +41,7 @@ describe NotePolicy, mdoels: true do expect(policy).to be_allowed(:admin_note) expect(policy).to be_allowed(:resolve_note) expect(policy).to be_allowed(:read_note) + expect(policy).to be_allowed(:award_emoji) end end end |