diff options
author | Alexandru Croitor <acroitor@gitlab.com> | 2019-09-10 15:30:07 +0300 |
---|---|---|
committer | Alexandru Croitor <acroitor@gitlab.com> | 2019-09-20 10:38:14 +0300 |
commit | f991af9a16ab9da6b47ca6082de37acfb4f538d0 (patch) | |
tree | 27b9b420a4ee3f05decd8066afc1fb43a9cde91c /spec | |
parent | 2e08a701343f471170a854e0ab7fbd92e60d7d85 (diff) | |
download | gitlab-ce-f991af9a16ab9da6b47ca6082de37acfb4f538d0.tar.gz |
Redirect user to root path after unsubscribing from private resource
If user unsubsrcribes from a resource that they no longer have
access to they should not be revealed the resource path, but be
redirected to app root instead.
https://gitlab.com/gitlab-org/gitlab-ce/issues/64938
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/sent_notifications_controller_spec.rb | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/spec/controllers/sent_notifications_controller_spec.rb b/spec/controllers/sent_notifications_controller_spec.rb index 89857a9d21b..52ede54a22b 100644 --- a/spec/controllers/sent_notifications_controller_spec.rb +++ b/spec/controllers/sent_notifications_controller_spec.rb @@ -208,6 +208,35 @@ describe SentNotificationsController do .to redirect_to(project_merge_request_path(project, merge_request)) end end + + context 'when project is private' do + context 'and user does not have access' do + let(:noteable) { issue } + let(:target_project) { private_project } + + before do + get(:unsubscribe, params: { id: sent_notification.reply_key }) + end + + it 'unsubscribes user and redirects to root path' do + expect(response).to redirect_to(root_path) + end + end + + context 'and user has access' do + let(:noteable) { issue } + let(:target_project) { private_project } + + before do + private_project.add_developer(user) + get(:unsubscribe, params: { id: sent_notification.reply_key }) + end + + it 'unsubscribes user and redirects to issue path' do + expect(response).to redirect_to(project_issue_path(private_project, issue)) + end + end + end end end end |