diff options
author | Douwe Maan <douwe@gitlab.com> | 2015-06-18 11:43:32 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-06-18 11:43:32 +0000 |
commit | 0e615a486398166956ac612e1558abd1d44e1f8f (patch) | |
tree | b9f4ce97b1efd94acedf72732b1a5319f372d6b7 /spec | |
parent | ffe130d857dbf450d696c0341f03b413a3114d3c (diff) | |
parent | 07efb17e10fe26a01b60d8441868f9fbda0768f2 (diff) | |
download | gitlab-ce-0e615a486398166956ac612e1558abd1d44e1f8f.tar.gz |
Merge branch 'fix-labels-permisssion-check' into 'master'
Fix 403 Access Denied error messages when accessing Labels section in a project
This would occur if the project's issues or merge requests features were disabled. The change in 9bcd36396b9 caused `can?(current_user, :read_merge_request, project)` to be false if the merge request feature were disabled, so `authorize_labels!` needs to be changed accordingly.
Closes #1813
See merge request !836
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/application_controller_spec.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 186239d3096..55851befc8c 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -30,4 +30,44 @@ describe ApplicationController do controller.send(:check_password_expiration) end end + + describe 'check labels authorization' do + let(:project) { create(:project) } + let(:user) { create(:user) } + let(:controller) { ApplicationController.new } + + before do + project.team << [user, :guest] + allow(controller).to receive(:current_user).and_return(user) + allow(controller).to receive(:project).and_return(project) + end + + it 'should succeed if issues and MRs are enabled' do + project.issues_enabled = true + project.merge_requests_enabled = true + controller.send(:authorize_read_label!) + expect(response.status).to eq(200) + end + + it 'should succeed if issues are enabled, MRs are disabled' do + project.issues_enabled = true + project.merge_requests_enabled = false + controller.send(:authorize_read_label!) + expect(response.status).to eq(200) + end + + it 'should succeed if issues are disabled, MRs are enabled' do + project.issues_enabled = false + project.merge_requests_enabled = true + controller.send(:authorize_read_label!) + expect(response.status).to eq(200) + end + + it 'should fail if issues and MRs are disabled' do + project.issues_enabled = false + project.merge_requests_enabled = false + expect(controller).to receive(:access_denied!) + controller.send(:authorize_read_label!) + end + end end |