diff options
Diffstat (limited to 'spec/services/users/refresh_authorized_projects_service_spec.rb')
-rw-r--r-- | spec/services/users/refresh_authorized_projects_service_spec.rb | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/spec/services/users/refresh_authorized_projects_service_spec.rb b/spec/services/users/refresh_authorized_projects_service_spec.rb index b19374ef1a2..39fae22c623 100644 --- a/spec/services/users/refresh_authorized_projects_service_spec.rb +++ b/spec/services/users/refresh_authorized_projects_service_spec.rb @@ -115,6 +115,36 @@ describe Users::RefreshAuthorizedProjectsService do expect(user.authorized_projects_populated).to eq(true) end + + context 'when the group has special chars in its path' do + let(:user1) { create(:user) } + let(:group1) { create(:group, name: 'demo', path: 'demo') } + let(:nested_group1) { create(:group, name: 'nest', path: 'nest', parent: group1) } + let!(:project1) { create(:empty_project, group: nested_group1) } + + let(:user2) { create(:user) } + let(:group2) { create(:group, name: '____', path: '____') } + let(:nested_group2) { create(:group, name: 'test', path: 'test', parent: group2) } + let!(:project2) { create(:empty_project, group: nested_group2) } + + before do + group1.add_master(user1) + group2.add_master(user2) + + Users::RefreshAuthorizedProjectsService.new(user1).execute + Users::RefreshAuthorizedProjectsService.new(user2).execute + end + + it "it doesn't give authorization to foreign projects" do + expect(user1.authorized_projects).not_to include(project2) + expect(user2.authorized_projects).not_to include(project1) + end + + it 'only gives authorization to the right projects' do + expect(user1.authorized_projects).to match_array([project1]) + expect(user2.authorized_projects).to match_array([project2]) + end + end end describe '#fresh_access_levels_per_project' do |