diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-04 19:53:44 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-12-04 19:53:44 +0300 |
commit | 4e3a54f835daa49bf784d6e6ad91e90116a24dc8 (patch) | |
tree | 8e1f7be7a80da2de02b2da0ed88f81b2f6b6de8c /spec/requests/api/graphql/user | |
parent | aefe6486cf0d193067112b90145083d73b96bfef (diff) |
Add latest changes from gitlab-org/security/gitlab@13-6-stable-ee
Diffstat (limited to 'spec/requests/api/graphql/user')
-rw-r--r-- | spec/requests/api/graphql/user/starred_projects_query_spec.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/spec/requests/api/graphql/user/starred_projects_query_spec.rb b/spec/requests/api/graphql/user/starred_projects_query_spec.rb index 8a1bd3d172f..b098058a735 100644 --- a/spec/requests/api/graphql/user/starred_projects_query_spec.rb +++ b/spec/requests/api/graphql/user/starred_projects_query_spec.rb @@ -70,4 +70,31 @@ RSpec.describe 'Getting starredProjects of the user' do ) end end + + context 'the user has a private profile' do + before do + user.update!(private_profile: true) + post_graphql(query, current_user: current_user) + end + + context 'the current user does not have access to view the private profile of the user' do + let(:current_user) { create(:user) } + + it 'finds no projects' do + expect(starred_projects).to be_empty + end + end + + context 'the current user has access to view the private profile of the user' do + let(:current_user) { create(:admin) } + + it 'finds all projects starred by the user, which the current user has access to' do + expect(starred_projects).to contain_exactly( + a_hash_including('id' => global_id_of(project_a)), + a_hash_including('id' => global_id_of(project_b)), + a_hash_including('id' => global_id_of(project_c)) + ) + end + end + end end |