diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-12 21:10:45 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-12 21:10:45 +0300 |
commit | bf1990164b801489b4475504701eefb66146e724 (patch) | |
tree | b21f9118116f413cdbde621048bd9b93c1388424 /spec/policies | |
parent | dc250651ab26bf7bce9205d5fa4a45dd58e2df81 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/policies')
-rw-r--r-- | spec/policies/issue_policy_spec.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/spec/policies/issue_policy_spec.rb b/spec/policies/issue_policy_spec.rb index 8ff936d5a35..d62271eedf6 100644 --- a/spec/policies/issue_policy_spec.rb +++ b/spec/policies/issue_policy_spec.rb @@ -360,6 +360,21 @@ RSpec.describe IssuePolicy do expect(permissions(assignee, confidential_issue_no_assignee)).to be_disallowed(:read_issue, :read_issue_iid, :update_issue, :admin_issue, :set_issue_metadata) end end + + context 'with a hidden issue' do + let(:user) { create(:user) } + let(:banned_user) { create(:user, :banned) } + let(:admin) { create(:user, :admin)} + let(:hidden_issue) { create(:issue, project: project, author: banned_user) } + + it 'does not allow non-admin user to read the issue' do + expect(permissions(user, hidden_issue)).not_to be_allowed(:read_issue) + end + + it 'allows admin to read the issue', :enable_admin_mode do + expect(permissions(admin, hidden_issue)).to be_allowed(:read_issue) + end + end end context 'with external authorization enabled' do |