Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-12-14 18:08:04 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-12-14 18:08:04 +0300
commit: 8c4225a66b12683bcf1bba9bb9328fcf65395b6d (patch)
tree: d3b583abd26fcbbcbf0db828aee2b940414e1649 /spec/policies
parent: 075c890053f626018ba680e4da21a93743acb244 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb
index 741a0db3009..6c19590fcce 100644
--- a/spec/policies/merge_request_policy_spec.rb
+++ b/spec/policies/merge_request_policy_spec.rb
@@ -461,4 +461,20 @@ RSpec.describe MergeRequestPolicy do
       end
     end
   end
+
+  context 'when the author of the merge request is banned' do
+    let_it_be(:user) { create(:user) }
+    let_it_be(:admin) { create(:user, :admin) }
+    let_it_be(:author) { create(:user, :banned) }
+    let_it_be(:project) { create(:project, :public) }
+    let_it_be(:hidden_merge_request) { create(:merge_request, source_project: project, author: author) }
+
+    it 'does not allow non-admin user to read the merge_request' do
+      expect(permissions(user, hidden_merge_request)).not_to be_allowed(:read_merge_request)
+    end
+
+    it 'allows admin to read the merge_request', :enable_admin_mode do
+      expect(permissions(admin, hidden_merge_request)).to be_allowed(:read_merge_request)
+    end
+  end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-12-14 18:08:04 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-12-14 18:08:04 +0300
commit	8c4225a66b12683bcf1bba9bb9328fcf65395b6d (patch)
tree	d3b583abd26fcbbcbf0db828aee2b940414e1649 /spec/policies
parent	075c890053f626018ba680e4da21a93743acb244 (diff)