diff options
| author | tiagonbotelho <tiagonbotelho@hotmail.com> | 2016-11-16 21:20:05 +0300 |
|---|---|---|
| committer | tiagonbotelho <tiagonbotelho@hotmail.com> | 2016-11-17 15:42:21 +0300 |
| commit | f0ed5fea81b537ae6c0262ed8f6249b47acafcdf (patch) | |
| tree | 080519a566112e60fab728d9ff914d04040375d9 /spec/helpers | |
| parent | c9d93f645aed1fbb9196616afb0110a585882fc1 (diff) | |
adds fix for security issue when annonymous user does not have access to repository we now display the activity feed instead of the readme
Diffstat (limited to 'spec/helpers')
| -rw-r--r-- | spec/helpers/preferences_helper_spec.rb | 36 |
1 files changed, 29 insertions, 7 deletions
diff --git a/spec/helpers/preferences_helper_spec.rb b/spec/helpers/preferences_helper_spec.rb index 02b464f7e07..77841e85223 100644 --- a/spec/helpers/preferences_helper_spec.rb +++ b/spec/helpers/preferences_helper_spec.rb @@ -86,21 +86,43 @@ describe PreferencesHelper do end end - describe 'default_project_view' do + describe '#default_project_view' do context 'user not signed in' do before do - @project = create(:project) + helper.instance_variable_set(:@project, project) stub_user end - it 'returns readme view if repository is not empty' do - expect(helper.default_project_view).to eq('readme') + context 'when repository is empty' do + let(:project) { create(:project_empty_repo, :public) } + + it 'returns activity if user has repository access' do + allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(true) + + expect(helper.default_project_view).to eq('activity') + end + + it 'returns activity if user does not have repository access' do + allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(false) + + expect(helper.default_project_view).to eq('activity') + end end - it 'returns activity if repository is empty' do - expect(@project).to receive(:empty_repo?).and_return(true) + context 'when repository is not empty' do + let(:project) { create(:project, :public) } + + it 'returns readme if user has repository access' do + allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(true) + + expect(helper.default_project_view).to eq('readme') + end + + it 'returns activity if user does not have repository access' do + allow(helper).to receive(:can?).with(nil, :download_code, project).and_return(false) - expect(helper.default_project_view).to eq('empty') + expect(helper.default_project_view).to eq('activity') + end end end end |