1 files changed, 79 insertions, 0 deletions

diff --git a/spec/support/shared_examples/lib/gitlab/project_search_results_shared_examples.rb b/spec/support/shared_examples/lib/gitlab/project_search_results_shared_examples.rb
new file mode 100644
index 00000000000..94ef41ce5a5
--- /dev/null
+++ b/spec/support/shared_examples/lib/gitlab/project_search_results_shared_examples.rb
@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples 'access restricted confidential issues' do
+  let(:query) { 'issue' }
+  let(:author) { create(:user) }
+  let(:assignee) { create(:user) }
+  let(:project) { create(:project, :internal) }
+
+  let!(:issue) { create(:issue, project: project, title: 'Issue 1') }
+  let!(:security_issue_1) { create(:issue, :confidential, project: project, title: 'Security issue 1', author: author) }
+  let!(:security_issue_2) { create(:issue, :confidential, title: 'Security issue 2', project: project, assignees: [assignee]) }
+
+  subject(:objects) do
+    described_class.new(user, query, project: project).objects('issues')
+  end
+
+  context 'when the user is non-member' do
+    let(:user) { create(:user) }
+
+    it 'does not list project confidential issues for non project members' do
+      expect(objects).to contain_exactly(issue)
+      expect(results.limited_issues_count).to eq 1
+    end
+  end
+
+  context 'when the member is guest' do
+    let(:user) do
+      create(:user) { |guest| project.add_guest(guest) }
+    end
+
+    it 'does not list project confidential issues for project members with guest role' do
+      expect(objects).to contain_exactly(issue)
+      expect(results.limited_issues_count).to eq 1
+    end
+  end
+
+  context 'when the user is the author' do
+    let(:user) { author }
+
+    it 'lists project confidential issues' do
+      expect(objects).to contain_exactly(issue,
+                                         security_issue_1)
+      expect(results.limited_issues_count).to eq 2
+    end
+  end
+
+  context 'when the user is the assignee' do
+    let(:user) { assignee }
+
+    it 'lists project confidential issues for assignee' do
+      expect(objects).to contain_exactly(issue,
+                                         security_issue_2)
+      expect(results.limited_issues_count).to eq 2
+    end
+  end
+
+  context 'when the user is a developper' do
+    let(:user) do
+      create(:user) { |user| project.add_developer(user) }
+    end
+
+    it 'lists project confidential issues' do
+      expect(objects).to contain_exactly(issue,
+                                         security_issue_1,
+                                         security_issue_2)
+      expect(results.limited_issues_count).to eq 3
+    end
+  end
+
+  context 'when the user is admin', :request_store do
+    let(:user) { create(:user, admin: true) }
+
+    it 'lists all project issues' do
+      expect(objects).to contain_exactly(issue,
+                                         security_issue_1,
+                                         security_issue_2)
+    end
+  end
+end