Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/finders/user_recent_events_finder_spec.rb
diff options
context:
space:
mode:
authorBob Van Landuyt <bob@vanlanduyt.co>2018-12-07 20:09:00 +0300
committerBob Van Landuyt <bob@vanlanduyt.co>2018-12-17 20:47:53 +0300
commit28acd2b087d5b80cd89354d58f937aed0f4928cb (patch)
tree0eda3c8ee7be722d51a390c750f1fd39dd88276b /spec/finders/user_recent_events_finder_spec.rb
parent75262862c434a98b9183a4a63f3ad86dec52b079 (diff)
Hide confidential events in ruby
We're filtering the events using `Event#visible_to_user?`. At most we're loading 100 events at once. Pagination is also dealt with in the finder, but the resulting array is wrapped in a `Kaminari.paginate_array` so the API's pagination helpers keep working. We're passing the total count into that paginatable array, which would include confidential events. But we're not disclosing anything.
Diffstat (limited to 'spec/finders/user_recent_events_finder_spec.rb')
-rw-r--r--spec/finders/user_recent_events_finder_spec.rb3
1 files changed, 2 insertions, 1 deletions
diff --git a/spec/finders/user_recent_events_finder_spec.rb b/spec/finders/user_recent_events_finder_spec.rb
index c5fcd68eb4c..5ebceeb7586 100644
--- a/spec/finders/user_recent_events_finder_spec.rb
+++ b/spec/finders/user_recent_events_finder_spec.rb
@@ -29,8 +29,9 @@ describe UserRecentEventsFinder do
end
it 'does not include the events if the user cannot read cross project' do
- expect(Ability).to receive(:allowed?).and_call_original
+ allow(Ability).to receive(:allowed?).and_call_original
expect(Ability).to receive(:allowed?).with(current_user, :read_cross_project) { false }
+
expect(finder.execute).to be_empty
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-01 00:00:43 +0300