Merge branch 'security-56224' into 'master'

Fix related branches visible in issues for guests See merge request gitlab/gitlabhq!2996
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-04-02 07:48:30 +0000
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-04-02 07:48:30 +0000
commit: 3e4c2b0427d70e920758e9c8f71ac43060d8c509 (patch)
tree: 0ef4e37b03a2a4de81b240bd63c0d31fa1428dd7 /spec
parent: b122be5ed55e3898196fb21e47fff40eb7dd6e0c (diff)
parent: 727ec95528c3b928992406e570427728e7186fd4 (diff)
download: gitlab-ce-3e4c2b0427d70e920758e9c8f71ac43060d8c509.tar.gz
1 files changed, 35 insertions, 1 deletions
diff --git a/spec/features/issues/user_creates_branch_and_merge_request_spec.rb b/spec/features/issues/user_creates_branch_and_merge_request_spec.rb
index 693ad89069c..0a006011c89 100644
--- a/spec/features/issues/user_creates_branch_and_merge_request_spec.rb
+++ b/spec/features/issues/user_creates_branch_and_merge_request_spec.rb
@@ -1,6 +1,7 @@
 require 'rails_helper'
 
 describe 'User creates branch and merge request on issue page', :js do
+  let(:membership_level) { :developer }
   let(:user) { create(:user) }
   let!(:project) { create(:project, :repository) }
   let(:issue) { create(:issue, project: project, title: 'Cherry-Coloured Funk') }
@@ -17,7 +18,7 @@ describe 'User creates branch and merge request on issue page', :js do
 
   context 'when signed in' do
     before do
-      project.add_developer(user)
+      project.add_user(user, membership_level)
 
       sign_in(user)
     end
@@ -167,6 +168,39 @@ describe 'User creates branch and merge request on issue page', :js do
         expect(page).not_to have_css('.create-mr-dropdown-wrap')
       end
     end
+
+    context 'when related branch exists' do
+      let!(:project) { create(:project, :repository, :private) }
+      let(:branch_name) { "#{issue.iid}-foo" }
+
+      before do
+        project.repository.create_branch(branch_name, 'master')
+
+        visit project_issue_path(project, issue)
+      end
+
+      context 'when user is developer' do
+        it 'shows related branches' do
+          expect(page).to have_css('#related-branches')
+
+          wait_for_requests
+
+          expect(page).to have_content(branch_name)
+        end
+      end
+
+      context 'when user is guest' do
+        let(:membership_level) { :guest }
+
+        it 'does not show related branches' do
+          expect(page).not_to have_css('#related-branches')
+
+          wait_for_requests
+
+          expect(page).not_to have_content(branch_name)
+        end
+      end
+    end
   end
 
   private
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-04-02 07:48:30 +0000
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-04-02 07:48:30 +0000
commit	3e4c2b0427d70e920758e9c8f71ac43060d8c509 (patch)
tree	0ef4e37b03a2a4de81b240bd63c0d31fa1428dd7 /spec
parent	b122be5ed55e3898196fb21e47fff40eb7dd6e0c (diff)
parent	727ec95528c3b928992406e570427728e7186fd4 (diff)
download	gitlab-ce-3e4c2b0427d70e920758e9c8f71ac43060d8c509.tar.gz