Redirect user to root path after unsubscribing from private resource

If user unsubsrcribes from a resource that they no longer have
access to they should not be revealed the resource path, but be
redirected to app root instead.

https://gitlab.com/gitlab-org/gitlab-ce/issues/64938

1 files changed, 29 insertions, 0 deletions

diff --git a/spec/controllers/sent_notifications_controller_spec.rb b/spec/controllers/sent_notifications_controller_spec.rb
index 89857a9d21b..52ede54a22b 100644
--- a/spec/controllers/sent_notifications_controller_spec.rb
+++ b/spec/controllers/sent_notifications_controller_spec.rb
@@ -208,6 +208,35 @@ describe SentNotificationsController do
             .to redirect_to(project_merge_request_path(project, merge_request))
         end
       end
+
+      context 'when project is private' do
+        context 'and user does not have access' do
+          let(:noteable) { issue }
+          let(:target_project) { private_project }
+
+          before do
+            get(:unsubscribe, params: { id: sent_notification.reply_key })
+          end
+
+          it 'unsubscribes user and redirects to root path' do
+            expect(response).to redirect_to(root_path)
+          end
+        end
+
+        context 'and user has access' do
+          let(:noteable) { issue }
+          let(:target_project) { private_project }
+
+          before do
+            private_project.add_developer(user)
+            get(:unsubscribe, params: { id: sent_notification.reply_key })
+          end
+
+          it 'unsubscribes user and redirects to issue path' do
+            expect(response).to redirect_to(project_issue_path(private_project, issue))
+          end
+        end
+      end
     end
   end
 end