diff options
author | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-12-07 18:48:38 +0300 |
---|---|---|
committer | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-12-19 13:56:11 +0300 |
commit | 52feca595a3311fc12a6f35191a24ff61c33e440 (patch) | |
tree | 5131015b5e30d3407211fb7431a0ad1ad95b7e48 /spec/models/event_spec.rb | |
parent | ffef28ccd6d37ade2c3ee3ca46679749f9cf09aa (diff) |
Adds validation to check if user can read project
An issuable should not be available to a user if the
project is not visible to that specific user
Diffstat (limited to 'spec/models/event_spec.rb')
-rw-r--r-- | spec/models/event_spec.rb | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/spec/models/event_spec.rb b/spec/models/event_spec.rb index 81748681528..a64720f1876 100644 --- a/spec/models/event_spec.rb +++ b/spec/models/event_spec.rb @@ -243,6 +243,20 @@ describe Event do expect(event.visible_to_user?(admin)).to eq true end end + + context 'private project' do + let(:project) { create(:project, :private) } + let(:target) { note_on_issue } + + it do + expect(event.visible_to_user?(non_member)).to eq false + expect(event.visible_to_user?(author)).to eq false + expect(event.visible_to_user?(assignee)).to eq false + expect(event.visible_to_user?(member)).to eq true + expect(event.visible_to_user?(guest)).to eq true + expect(event.visible_to_user?(admin)).to eq true + end + end end context 'merge request diff note event' do @@ -265,8 +279,8 @@ describe Event do it do expect(event.visible_to_user?(non_member)).to eq false - expect(event.visible_to_user?(author)).to eq true - expect(event.visible_to_user?(assignee)).to eq true + expect(event.visible_to_user?(author)).to eq false + expect(event.visible_to_user?(assignee)).to eq false expect(event.visible_to_user?(member)).to eq true expect(event.visible_to_user?(guest)).to eq false expect(event.visible_to_user?(admin)).to eq true |