diff options
author | Stan Hu <stanhu@gmail.com> | 2015-06-17 17:33:51 +0300 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2015-06-18 13:15:05 +0300 |
commit | 07efb17e10fe26a01b60d8441868f9fbda0768f2 (patch) | |
tree | 411620c7f3a9cdba8cb55d42ee75090dca812b3e /spec/controllers | |
parent | 89bcc1baf040e998730fa7c3e029daf9112321eb (diff) |
Fix 403 Access Denied error messages when accessing Labels section in a project that has MRs disabled but issues enabled
Closes #1813
Diffstat (limited to 'spec/controllers')
-rw-r--r-- | spec/controllers/application_controller_spec.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb index 186239d3096..55851befc8c 100644 --- a/spec/controllers/application_controller_spec.rb +++ b/spec/controllers/application_controller_spec.rb @@ -30,4 +30,44 @@ describe ApplicationController do controller.send(:check_password_expiration) end end + + describe 'check labels authorization' do + let(:project) { create(:project) } + let(:user) { create(:user) } + let(:controller) { ApplicationController.new } + + before do + project.team << [user, :guest] + allow(controller).to receive(:current_user).and_return(user) + allow(controller).to receive(:project).and_return(project) + end + + it 'should succeed if issues and MRs are enabled' do + project.issues_enabled = true + project.merge_requests_enabled = true + controller.send(:authorize_read_label!) + expect(response.status).to eq(200) + end + + it 'should succeed if issues are enabled, MRs are disabled' do + project.issues_enabled = true + project.merge_requests_enabled = false + controller.send(:authorize_read_label!) + expect(response.status).to eq(200) + end + + it 'should succeed if issues are disabled, MRs are enabled' do + project.issues_enabled = false + project.merge_requests_enabled = true + controller.send(:authorize_read_label!) + expect(response.status).to eq(200) + end + + it 'should fail if issues and MRs are disabled' do + project.issues_enabled = false + project.merge_requests_enabled = false + expect(controller).to receive(:access_denied!) + controller.send(:authorize_read_label!) + end + end end |