summaryrefslogtreecommitdiff
path: root/spec/controllers/search_controller_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/controllers/search_controller_spec.rb')
-rw-r--r--spec/controllers/search_controller_spec.rb61
1 files changed, 61 insertions, 0 deletions
diff --git a/spec/controllers/search_controller_spec.rb b/spec/controllers/search_controller_spec.rb
new file mode 100644
index 00000000000..b7bb9290712
--- /dev/null
+++ b/spec/controllers/search_controller_spec.rb
@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+describe SearchController do
+ let(:user) { create(:user) }
+ let(:project) { create(:empty_project, :public) }
+
+ before do
+ sign_in(user)
+ end
+
+ it 'finds issue comments' do
+ project = create(:empty_project, :public)
+ note = create(:note_on_issue, project: project)
+
+ get :show, project_id: project.id, scope: 'notes', search: note.note
+
+ expect(assigns[:search_objects].first).to eq note
+ end
+
+ context 'on restricted projects' do
+ context 'when signed out' do
+ before { sign_out(user) }
+
+ it "doesn't expose comments on issues" do
+ project = create(:empty_project, :public, issues_access_level: ProjectFeature::PRIVATE)
+ note = create(:note_on_issue, project: project)
+
+ get :show, project_id: project.id, scope: 'notes', search: note.note
+
+ expect(assigns[:search_objects].count).to eq(0)
+ end
+ end
+
+ it "doesn't expose comments on issues" do
+ project = create(:empty_project, :public, issues_access_level: ProjectFeature::PRIVATE)
+ note = create(:note_on_issue, project: project)
+
+ get :show, project_id: project.id, scope: 'notes', search: note.note
+
+ expect(assigns[:search_objects].count).to eq(0)
+ end
+
+ it "doesn't expose comments on merge_requests" do
+ project = create(:empty_project, :public, merge_requests_access_level: ProjectFeature::PRIVATE)
+ note = create(:note_on_merge_request, project: project)
+
+ get :show, project_id: project.id, scope: 'notes', search: note.note
+
+ expect(assigns[:search_objects].count).to eq(0)
+ end
+
+ it "doesn't expose comments on snippets" do
+ project = create(:empty_project, :public, snippets_access_level: ProjectFeature::PRIVATE)
+ note = create(:note_on_project_snippet, project: project)
+
+ get :show, project_id: project.id, scope: 'notes', search: note.note
+
+ expect(assigns[:search_objects].count).to eq(0)
+ end
+ end
+end
View Lorry Controller Status