1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe API::Entities::Release do
let_it_be(:project) { create(:project) }
let(:release) { create(:release, project: project) }
let(:evidence) { release.evidences.first }
let(:user) { create(:user) }
let(:entity) { described_class.new(release, current_user: user).as_json }
before do
::Releases::CreateEvidenceService.new(release).execute
end
describe 'evidences' do
context 'when the current user can download code' do
let(:entity_evidence) { entity[:evidences].first }
it 'exposes the evidence sha and the json path' do
allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?)
.with(user, :download_code, project).and_return(true)
expect(entity_evidence[:sha]).to eq(evidence.summary_sha)
expect(entity_evidence[:collected_at]).to eq(evidence.collected_at)
expect(entity_evidence[:filepath]).to eq(
Gitlab::Routing.url_helpers.namespace_project_evidence_url(
namespace_id: project.namespace,
project_id: project,
tag: release,
id: evidence.id,
format: :json))
end
end
context 'when the current user cannot download code' do
it 'does not expose any evidence data' do
allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?)
.with(user, :download_code, project).and_return(false)
expect(entity.keys).not_to include(:evidences)
end
end
end
describe 'description_html' do
let(:issue) { create(:issue, :confidential, project: project) }
let(:issue_path) { Gitlab::Routing.url_helpers.project_issue_path(project, issue) }
let(:issue_title) { 'title="%s"' % issue.title }
let(:release) { create(:release, project: project, description: "Now shipping #{issue.to_reference}") }
subject(:description_html) { entity.as_json['description_html'] }
it 'is inexistent' do
expect(description_html).to be_nil
end
context 'when remove_description_html_in_release_api feature flag is disabled' do
before do
stub_feature_flags(remove_description_html_in_release_api: false)
end
it 'renders special references if current user has access' do
project.add_reporter(user)
expect(description_html).to include(issue_path)
expect(description_html).to include(issue_title)
end
it 'does not render special references if current user has no access' do
project.add_guest(user)
expect(description_html).not_to include(issue_path)
expect(description_html).not_to include(issue_title)
end
end
context 'when remove_description_html_in_release_api_override feature flag is enabled' do
before do
stub_feature_flags(remove_description_html_in_release_api_override: project)
end
it 'renders special references if current user has access' do
project.add_reporter(user)
expect(description_html).to include(issue_path)
expect(description_html).to include(issue_title)
end
end
end
end
|
