Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/features/groups/merge_requests_spec.rb
diff options
context:
space:
mode:
authorDouwe Maan <douwe@gitlab.com>2016-10-26 20:34:06 +0300
committerRémy Coutable <remy@rymai.me>2016-11-09 14:24:13 +0300
commit79d94b167999544086db235602a9213a2d37831e (patch)
tree624e3a4f8834f6d962d555686405c12e15d7ebeb /spec/features/groups/merge_requests_spec.rb
parentb77969ea39cc6425dcdab35d4239346ce9940279 (diff)
Merge branch '22481-honour-issue-visibility-for-groups' into 'security'
Honour issue and merge request visibility in their respective finders This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private". Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481 See merge request !2000
Diffstat (limited to 'spec/features/groups/merge_requests_spec.rb')
-rw-r--r--spec/features/groups/merge_requests_spec.rb8
1 files changed, 8 insertions, 0 deletions
diff --git a/spec/features/groups/merge_requests_spec.rb b/spec/features/groups/merge_requests_spec.rb
new file mode 100644
index 00000000000..a2791b57544
--- /dev/null
+++ b/spec/features/groups/merge_requests_spec.rb
@@ -0,0 +1,8 @@
+require 'spec_helper'
+
+feature 'Group merge requests page', feature: true do
+ let(:path) { merge_requests_group_path(group) }
+ let(:issuable) { create(:merge_request, source_project: project, target_project: project, title: "this is my created issuable")}
+
+ include_examples 'project features apply to issuables', MergeRequest
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-20 11:54:02 +0300