diff options
author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-12-07 20:09:00 +0300 |
---|---|---|
committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-12-17 20:47:53 +0300 |
commit | 28acd2b087d5b80cd89354d58f937aed0f4928cb (patch) | |
tree | 0eda3c8ee7be722d51a390c750f1fd39dd88276b /spec/finders/user_recent_events_finder_spec.rb | |
parent | 75262862c434a98b9183a4a63f3ad86dec52b079 (diff) |
Hide confidential events in ruby
We're filtering the events using `Event#visible_to_user?`.
At most we're loading 100 events at once.
Pagination is also dealt with in the finder, but the resulting array
is wrapped in a `Kaminari.paginate_array` so the API's pagination
helpers keep working. We're passing the total count into that
paginatable array, which would include confidential events. But we're
not disclosing anything.
Diffstat (limited to 'spec/finders/user_recent_events_finder_spec.rb')
-rw-r--r-- | spec/finders/user_recent_events_finder_spec.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/spec/finders/user_recent_events_finder_spec.rb b/spec/finders/user_recent_events_finder_spec.rb index c5fcd68eb4c..5ebceeb7586 100644 --- a/spec/finders/user_recent_events_finder_spec.rb +++ b/spec/finders/user_recent_events_finder_spec.rb @@ -29,8 +29,9 @@ describe UserRecentEventsFinder do end it 'does not include the events if the user cannot read cross project' do - expect(Ability).to receive(:allowed?).and_call_original + allow(Ability).to receive(:allowed?).and_call_original expect(Ability).to receive(:allowed?).with(current_user, :read_cross_project) { false } + expect(finder.execute).to be_empty end end |