Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/finders/notes_finder_spec.rb
diff options
context:
space:
mode:
authorDouglas Barbosa Alexandre <dbalexandre@gmail.com>2016-06-15 04:13:58 +0300
committerDouglas Barbosa Alexandre <dbalexandre@gmail.com>2016-06-15 04:13:58 +0300
commit7b4e0739e6834cfe192012059163af523dcae798 (patch)
treeca6d847c11a589bf41a8f3a06cecca8b2c8cfc8d /spec/finders/notes_finder_spec.rb
parente7a8fe07ea8a1dca711274e85630a0cf2107b3cc (diff)
Project members with guest role can't access notes on confidential issues
Diffstat (limited to 'spec/finders/notes_finder_spec.rb')
-rw-r--r--spec/finders/notes_finder_spec.rb7
1 files changed, 7 insertions, 0 deletions
diff --git a/spec/finders/notes_finder_spec.rb b/spec/finders/notes_finder_spec.rb
index 639b28d49ee..1bd354815e4 100644
--- a/spec/finders/notes_finder_spec.rb
+++ b/spec/finders/notes_finder_spec.rb
@@ -49,6 +49,13 @@ describe NotesFinder do
user = create(:user)
expect { NotesFinder.new.execute(project, user, params) }.to raise_error(ActiveRecord::RecordNotFound)
end
+
+ it 'raises an error for project members with guest role' do
+ user = create(:user)
+ project.team << [user, :guest]
+
+ expect { NotesFinder.new.execute(project, user, params) }.to raise_error(ActiveRecord::RecordNotFound)
+ end
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 23:01:02 +0300