diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-12 09:11:31 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-10-12 09:11:31 +0300 |
commit | acc3d48da4fa0dcd2f2c8500c7cb7cc5c957300f (patch) | |
tree | d3e22e382039cc800ac1840b51f5d79333566950 /spec/finders | |
parent | 129d7ea3db19359600b5e03f0070b8be831b3fee (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/finders')
-rw-r--r-- | spec/finders/snippets_finder_spec.rb | 48 |
1 files changed, 45 insertions, 3 deletions
diff --git a/spec/finders/snippets_finder_spec.rb b/spec/finders/snippets_finder_spec.rb index a5cd90b444e..716eee5c9ac 100644 --- a/spec/finders/snippets_finder_spec.rb +++ b/spec/finders/snippets_finder_spec.rb @@ -112,9 +112,7 @@ RSpec.describe SnippetsFinder do expect(snippets).to contain_exactly(private_personal_snippet, internal_personal_snippet, public_personal_snippet) end - it 'returns all snippets (everything) for an admin when all_available="true" passed in' do - allow(admin).to receive(:can_read_all_resources?).and_return(true) - + it 'returns all snippets (everything) for an admin when all_available="true" passed in', :enable_admin_mode do snippets = described_class.new(admin, author: user, all_available: true).execute expect(snippets).to contain_exactly( @@ -326,6 +324,50 @@ RSpec.describe SnippetsFinder do end end + context 'filtering for snippets authored by banned users', feature_category: :insider_threat do + let_it_be(:banned_user) { create(:user, :banned) } + + let_it_be(:banned_public_personal_snippet) { create(:personal_snippet, :public, author: banned_user) } + let_it_be(:banned_public_project_snippet) { create(:project_snippet, :public, project: project, author: banned_user) } + + it 'returns banned snippets for admins when in admin mode', :enable_admin_mode do + snippets = described_class.new( + admin, + ids: [banned_public_personal_snippet.id, banned_public_project_snippet.id] + ).execute + + expect(snippets).to contain_exactly( + banned_public_personal_snippet, banned_public_project_snippet + ) + end + + it 'does not return banned snippets for non-admin users' do + snippets = described_class.new( + user, + ids: [banned_public_personal_snippet.id, banned_public_project_snippet.id] + ).execute + + expect(snippets).to be_empty + end + + context 'when hide_snippets_of_banned_users feature flag is off' do + before do + stub_feature_flags(hide_snippets_of_banned_users: false) + end + + it 'returns banned snippets for non-admin users' do + snippets = described_class.new( + user, + ids: [banned_public_personal_snippet.id, banned_public_project_snippet.id] + ).execute + + expect(snippets).to contain_exactly( + banned_public_personal_snippet, banned_public_project_snippet + ) + end + end + end + context 'when the user cannot read cross project' do before do allow(Ability).to receive(:allowed?).and_call_original |