From 7c4205e3ecd711ae1d6439ddc6fd134eceb94346 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 25 Feb 2022 16:29:56 +0000 Subject: Add latest changes from gitlab-org/security/gitlab@14-7-stable-ee --- spec/lib/banzai/filter/math_filter_spec.rb | 8 ++++++++ spec/services/members/create_service_spec.rb | 24 +++++++++++++++++++++--- 2 files changed, 29 insertions(+), 3 deletions(-) (limited to 'spec') diff --git a/spec/lib/banzai/filter/math_filter_spec.rb b/spec/lib/banzai/filter/math_filter_spec.rb index 6d22fa3a001..128f8532d39 100644 --- a/spec/lib/banzai/filter/math_filter_spec.rb +++ b/spec/lib/banzai/filter/math_filter_spec.rb @@ -126,4 +126,12 @@ RSpec.describe Banzai::Filter::MathFilter do expect(before.to_s).to eq '$' expect(after.to_s).to eq '$' end + + it 'limits how many elements can be marked as math' do + stub_const('Banzai::Filter::MathFilter::RENDER_NODES_LIMIT', 2) + + doc = filter('$2+2$ + $3+3$ + $4+4$') + + expect(doc.search('.js-render-math').count).to eq(2) + end end diff --git a/spec/services/members/create_service_spec.rb b/spec/services/members/create_service_spec.rb index 13f56fe7458..00ad7e9f02b 100644 --- a/spec/services/members/create_service_spec.rb +++ b/spec/services/members/create_service_spec.rb @@ -11,19 +11,37 @@ RSpec.describe Members::CreateService, :aggregate_failures, :clean_gitlab_redis_ let(:additional_params) { { invite_source: '_invite_source_' } } let(:params) { { user_ids: user_ids, access_level: access_level }.merge(additional_params) } + let(:current_user) { user } - subject(:execute_service) { described_class.new(user, params.merge({ source: source })).execute } + subject(:execute_service) { described_class.new(current_user, params.merge({ source: source })).execute } before do - if source.is_a?(Project) + case source + when Project source.add_maintainer(user) OnboardingProgress.onboard(source.namespace) - else + when Group source.add_owner(user) OnboardingProgress.onboard(source) end end + context 'when the current user does not have permission to create members' do + let(:current_user) { create(:user) } + + it 'raises a Gitlab::Access::AccessDeniedError' do + expect { execute_service }.to raise_error(Gitlab::Access::AccessDeniedError) + end + end + + context 'when passing an invalid source' do + let_it_be(:source) { Object.new } + + it 'raises a RuntimeError' do + expect { execute_service }.to raise_error(RuntimeError, 'Unknown source type: Object!') + end + end + context 'when passing valid parameters' do it 'adds a user to members' do expect(execute_service[:status]).to eq(:success) -- cgit v1.2.1