1 files changed, 18 insertions, 3 deletions

diff --git a/spec/graphql/mutations/issues/set_confidential_spec.rb b/spec/graphql/mutations/issues/set_confidential_spec.rb
index 820f9aa5e17..0b2fc0ecb93 100644
--- a/spec/graphql/mutations/issues/set_confidential_spec.rb
+++ b/spec/graphql/mutations/issues/set_confidential_spec.rb
@@ -3,7 +3,8 @@
 require 'spec_helper'
 
 RSpec.describe Mutations::Issues::SetConfidential do
-  let(:issue) { create(:issue) }
+  let(:project) { create(:project, :private) }
+  let(:issue) { create(:issue, project: project, assignees: [user]) }
   let(:user) { create(:user) }
 
   subject(:mutation) { described_class.new(object: nil, context: { current_user: user }, field: nil) }
@@ -14,7 +15,7 @@ RSpec.describe Mutations::Issues::SetConfidential do
     let(:confidential) { true }
     let(:mutated_issue) { subject[:issue] }
 
-    subject { mutation.resolve(project_path: issue.project.full_path, iid: issue.iid, confidential: confidential) }
+    subject { mutation.resolve(project_path: project.full_path, iid: issue.iid, confidential: confidential) }
 
     it 'raises an error if the resource is not accessible to the user' do
       expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
@@ -22,7 +23,7 @@ RSpec.describe Mutations::Issues::SetConfidential do
 
     context 'when the user can update the issue' do
       before do
-        issue.project.add_developer(user)
+        project.add_developer(user)
       end
 
       it 'returns the issue as confidential' do
@@ -39,5 +40,19 @@ RSpec.describe Mutations::Issues::SetConfidential do
         end
       end
     end
+
+    context 'when guest user is an assignee' do
+      let(:project) { create(:project, :public) }
+
+      before do
+        project.add_guest(user)
+      end
+
+      it 'does not change issue confidentiality' do
+        expect(mutated_issue).to eq(issue)
+        expect(mutated_issue.confidential).to be_falsey
+        expect(subject[:errors]).to be_empty
+      end
+    end
   end
 end