diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-14 18:08:04 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-14 18:08:04 +0300 |
commit | 8c4225a66b12683bcf1bba9bb9328fcf65395b6d (patch) | |
tree | d3b583abd26fcbbcbf0db828aee2b940414e1649 /spec/policies | |
parent | 075c890053f626018ba680e4da21a93743acb244 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/merge_request_policy_spec.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/policies/merge_request_policy_spec.rb b/spec/policies/merge_request_policy_spec.rb index 741a0db3009..6c19590fcce 100644 --- a/spec/policies/merge_request_policy_spec.rb +++ b/spec/policies/merge_request_policy_spec.rb @@ -461,4 +461,20 @@ RSpec.describe MergeRequestPolicy do end end end + + context 'when the author of the merge request is banned' do + let_it_be(:user) { create(:user) } + let_it_be(:admin) { create(:user, :admin) } + let_it_be(:author) { create(:user, :banned) } + let_it_be(:project) { create(:project, :public) } + let_it_be(:hidden_merge_request) { create(:merge_request, source_project: project, author: author) } + + it 'does not allow non-admin user to read the merge_request' do + expect(permissions(user, hidden_merge_request)).not_to be_allowed(:read_merge_request) + end + + it 'allows admin to read the merge_request', :enable_admin_mode do + expect(permissions(admin, hidden_merge_request)).to be_allowed(:read_merge_request) + end + end end |