Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/project_search_results_spec.rb
diff options
context:
space:
mode:
authorDouglas Barbosa Alexandre <dbalexandre@gmail.com>2016-06-06 22:13:31 +0300
committerDouglas Barbosa Alexandre <dbalexandre@gmail.com>2016-06-14 01:32:00 +0300
commitb56c45675019baaaf47615d51c08d5caa0734ad3 (patch)
treeb933c21ab49a745a6839aa1127c237ffe7a3a3fb /spec/lib/gitlab/project_search_results_spec.rb
parentaf8500f43010f42176b2ec1814f0fe7248258b05 (diff)
Project members with guest role can't access confidential issues
Diffstat (limited to 'spec/lib/gitlab/project_search_results_spec.rb')
-rw-r--r--spec/lib/gitlab/project_search_results_spec.rb12
1 files changed, 12 insertions, 0 deletions
diff --git a/spec/lib/gitlab/project_search_results_spec.rb b/spec/lib/gitlab/project_search_results_spec.rb
index db0ff95b4f5..270b89972d7 100644
--- a/spec/lib/gitlab/project_search_results_spec.rb
+++ b/spec/lib/gitlab/project_search_results_spec.rb
@@ -43,6 +43,18 @@ describe Gitlab::ProjectSearchResults, lib: true do
expect(results.issues_count).to eq 1
end
+ it 'should not list project confidential issues for project members with guest role' do
+ project.team << [member, :guest]
+
+ results = described_class.new(member, project, query)
+ issues = results.objects('issues')
+
+ expect(issues).to include issue
+ expect(issues).not_to include security_issue_1
+ expect(issues).not_to include security_issue_2
+ expect(results.issues_count).to eq 1
+ end
+
it 'should list project confidential issues for author' do
results = described_class.new(author, project, query)
issues = results.objects('issues')
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-15 14:20:20 +0300