From d9ec830a8348fca93775c5f0b1f81a83e8c4f95a Mon Sep 17 00:00:00 2001
From: Sean McGivern <sean@gitlab.com>
Date: Tue, 25 Apr 2017 14:41:26 +0000
Subject: Merge branch 'snippets_visibility' into 'security'

Fix snippets visibility for show action - external users can not see internal snippets

See merge request !2087
---
 spec/features/snippets/internal_snippet_spec.rb | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 spec/features/snippets/internal_snippet_spec.rb

(limited to 'spec/features')

diff --git a/spec/features/snippets/internal_snippet_spec.rb b/spec/features/snippets/internal_snippet_spec.rb
new file mode 100644
index 00000000000..93382f4c359
--- /dev/null
+++ b/spec/features/snippets/internal_snippet_spec.rb
@@ -0,0 +1,23 @@
+require 'rails_helper'
+
+feature 'Internal Snippets', feature: true, js: true do
+  let(:internal_snippet) { create(:personal_snippet, :internal) }
+
+  describe 'normal user' do
+    before do
+      login_as :user
+    end
+
+    scenario 'sees internal snippets' do
+      visit snippet_path(internal_snippet)
+
+      expect(page).to have_content(internal_snippet.content)
+    end
+
+    scenario 'sees raw internal snippets' do
+      visit raw_snippet_path(internal_snippet)
+
+      expect(page).to have_content(internal_snippet.content)
+    end
+  end
+end
-- 
cgit v1.2.1