From 97bd349146bfb3acef77ec413cd0def552d00472 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20Coutable?= Date: Mon, 25 Apr 2016 11:49:52 +0200 Subject: Improve Milestones API specs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Rémy Coutable --- CHANGELOG | 2 -- spec/requests/api/milestones_spec.rb | 63 ++++++++++++++++-------------------- 2 files changed, 27 insertions(+), 38 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 4ce16b44493..2d1c561fb82 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,8 +8,6 @@ v 8.7.1 (unreleased) - Fix license detection to detect all license files, not only known licenses. !3878 - Use the `can?` helper instead of `current_user.can?`. !3882 - Prevent users from deleting Webhooks via API they do not own - - Use the `can?` helper instead of `current_user.can?` - - Filter confidential issues from milestones API if user does not have access v 8.7.0 - Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented diff --git a/spec/requests/api/milestones_spec.rb b/spec/requests/api/milestones_spec.rb index cb9c3dde5ee..241995041bb 100644 --- a/spec/requests/api/milestones_spec.rb +++ b/spec/requests/api/milestones_spec.rb @@ -140,43 +140,34 @@ describe API::API, api: true do get api("/projects/#{project.id}/milestones/#{milestone.id}/issues") expect(response.status).to eq(401) end - end - - describe 'confidential issues' do - it 'should return confidential issues to team members' do - public_project = create(:project, :public) - user = create(:user) - milestone = create(:milestone, project: public_project) - issue = create(:issue, project: public_project) - confidential_issue = create(:issue, confidential: true, project: public_project) - public_project.team << [user, :developer] - milestone.issues << issue - milestone.issues << confidential_issue - - get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user) - - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(2) - expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id) - end - - it 'should not return confidential issues to regular users' do - public_project = create(:project, :public) - normal_user = create(:user) - milestone = create(:milestone, project: public_project) - issue = create(:issue, project: public_project) - confidential_issue = create(:issue, confidential: true, project: public_project) - public_project.team << [user, :developer] - milestone.issues << issue - milestone.issues << confidential_issue - - get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", normal_user) - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(1) - expect(json_response.map { |issue| issue['id'] }).to include(issue.id) + describe 'confidential issues' do + let(:public_project) { create(:project, :public) } + let(:milestone) { create(:milestone, project: public_project) } + let(:issue) { create(:issue, project: public_project) } + let(:confidential_issue) { create(:issue, confidential: true, project: public_project) } + before do + public_project.team << [user, :developer] + milestone.issues << issue << confidential_issue + end + + it 'returns confidential issues to team members' do + get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user) + + expect(response.status).to eq(200) + expect(json_response).to be_an Array + expect(json_response.size).to eq(2) + expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id) + end + + it 'does not return confidential issues to regular users' do + get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", create(:user)) + + expect(response.status).to eq(200) + expect(json_response).to be_an Array + expect(json_response.size).to eq(1) + expect(json_response.map { |issue| issue['id'] }).to include(issue.id) + end end end end -- cgit v1.2.1