diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-14 12:08:01 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-14 12:08:01 +0300 |
| commit | af60c8a79f77c8230292a133fb9d09dab5cd5cd3 (patch) | |
| tree | 7db57df336144ae99b2e299e467b6c75f3356daf /spec/policies | |
| parent | b747a99e48ac36c351ec6f4329b8e5f75d5ed253 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
| -rw-r--r-- | spec/policies/issue_policy_spec.rb | 37 | ||||
| -rw-r--r-- | spec/policies/note_policy_spec.rb | 29 |
2 files changed, 63 insertions, 3 deletions
diff --git a/spec/policies/issue_policy_spec.rb b/spec/policies/issue_policy_spec.rb index 8371b5685ed..905ef591b53 100644 --- a/spec/policies/issue_policy_spec.rb +++ b/spec/policies/issue_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe IssuePolicy do +RSpec.describe IssuePolicy, feature_category: :team_planning do include_context 'ProjectPolicyTable context' include ExternalAuthorizationServiceHelpers include ProjectHelpers @@ -13,6 +13,8 @@ RSpec.describe IssuePolicy do let(:author) { create(:user) } let(:assignee) { create(:user) } let(:reporter) { create(:user) } + let(:maintainer) { create(:user) } + let(:owner) { create(:user) } let(:group) { create(:group, :public) } let(:reporter_from_group_link) { create(:user) } let(:non_member) { create(:user) } @@ -198,6 +200,8 @@ RSpec.describe IssuePolicy do before do project.add_guest(guest) project.add_reporter(reporter) + project.add_maintainer(maintainer) + project.add_owner(owner) group.add_reporter(reporter_from_group_link) @@ -413,6 +417,37 @@ RSpec.describe IssuePolicy do expect(permissions(admin, hidden_issue)).to be_allowed(:read_issue) end end + + context 'when accounting for notes widget' do + let(:policy) { described_class.new(reporter, note) } + + before do + widgets_per_type = WorkItems::Type::WIDGETS_FOR_TYPE.dup + widgets_per_type[:task] = [::WorkItems::Widgets::Description] + stub_const('WorkItems::Type::WIDGETS_FOR_TYPE', widgets_per_type) + end + + context 'and notes widget is disabled for task' do + let(:task) { create(:work_item, :task, project: project) } + + it 'does not allow accessing notes' do + # if notes widget is disabled not even maintainer can access notes + expect(permissions(maintainer, task)).to be_disallowed(:create_note, :read_note, :mark_note_as_confidential, :read_internal_note) + expect(permissions(admin, task)).to be_disallowed(:create_note, :read_note, :read_internal_note, :mark_note_as_confidential, :set_note_created_at) + end + end + + context 'and notes widget is enabled for issue' do + it 'allows accessing notes' do + # with notes widget enabled, even guests can access notes + expect(permissions(guest, issue)).to be_allowed(:create_note, :read_note) + expect(permissions(guest, issue)).to be_disallowed(:read_internal_note, :mark_note_as_confidential, :set_note_created_at) + expect(permissions(reporter, issue)).to be_allowed(:create_note, :read_note, :read_internal_note, :mark_note_as_confidential) + expect(permissions(maintainer, issue)).to be_allowed(:create_note, :read_note, :read_internal_note, :mark_note_as_confidential) + expect(permissions(owner, issue)).to be_allowed(:create_note, :read_note, :read_internal_note, :mark_note_as_confidential, :set_note_created_at) + end + end + end end context 'with external authorization enabled' do diff --git a/spec/policies/note_policy_spec.rb b/spec/policies/note_policy_spec.rb index 6a261b4ff5b..dcfc398806a 100644 --- a/spec/policies/note_policy_spec.rb +++ b/spec/policies/note_policy_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe NotePolicy do +RSpec.describe NotePolicy, feature_category: :team_planning do describe '#rules', :aggregate_failures do let(:user) { create(:user) } let(:project) { create(:project, :public) } @@ -255,6 +255,31 @@ RSpec.describe NotePolicy do it_behaves_like 'user can read the note' end + + context 'when notes widget is disabled for task' do + let(:policy) { described_class.new(developer, note) } + + before do + widgets_per_type = WorkItems::Type::WIDGETS_FOR_TYPE.dup + widgets_per_type[:task] = [::WorkItems::Widgets::Description] + stub_const('WorkItems::Type::WIDGETS_FOR_TYPE', widgets_per_type) + end + + context 'when noteable is task' do + let(:noteable) { create(:work_item, :task, project: project) } + let(:note) { create(:note, system: true, noteable: noteable, author: user, project: project) } + + it_behaves_like 'user cannot read or act on the note' + end + + context 'when noteable is issue' do + let(:noteable) { create(:work_item, :issue, project: project) } + let(:note) { create(:note, system: true, noteable: noteable, author: user, project: project) } + + it_behaves_like 'user can read the note' + it_behaves_like 'user can act on the note' + end + end end context 'when it is a system note referencing a confidential issue' do @@ -313,7 +338,7 @@ RSpec.describe NotePolicy do end it 'does not allow guests to read confidential notes and replies' do - expect(permissions(guest, confidential_note)).to be_disallowed(:read_note, :admin_note, :reposition_note, :resolve_note, :award_emoji, :mark_note_as_confidential) + expect(permissions(guest, confidential_note)).to be_disallowed(:read_note, :read_internal_note, :admin_note, :reposition_note, :resolve_note, :award_emoji, :mark_note_as_confidential) end it 'allows reporter to read all notes but not resolve and admin them' do |