diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-10 21:12:05 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-08-10 21:12:05 +0300 |
| commit | 2e2c1a521c03c8cd7ab57296016fee6350e29b07 (patch) | |
| tree | 26df83cd7566a6230d5218c446a213f02313314d /spec/requests | |
| parent | 0a412bceb98cd7acd46701d75dbad9683cb33baf (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/requests')
| -rw-r--r-- | spec/requests/api/issues/get_project_issues_spec.rb | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/spec/requests/api/issues/get_project_issues_spec.rb b/spec/requests/api/issues/get_project_issues_spec.rb index 346f8975835..ec6cc060c83 100644 --- a/spec/requests/api/issues/get_project_issues_spec.rb +++ b/spec/requests/api/issues/get_project_issues_spec.rb @@ -9,6 +9,8 @@ RSpec.describe API::Issues do create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace, merge_requests_access_level: ProjectFeature::PRIVATE) end + let_it_be(:group) { create(:group, :public) } + let(:user2) { create(:user) } let(:non_member) { create(:user) } let_it_be(:guest) { create(:user) } @@ -85,6 +87,8 @@ RSpec.describe API::Issues do end before_all do + group.add_reporter(user) + group.add_guest(guest) project.add_reporter(user) project.add_guest(guest) private_mrs_project.add_reporter(user) @@ -107,6 +111,22 @@ RSpec.describe API::Issues do end end + shared_examples 'returns project issues without confidential issues for guests' do + specify do + get api(api_url, guest) + + expect_paginated_array_response_contain_exactly(open_issue.id, closed_issue.id) + end + end + + shared_examples 'returns all project issues for reporters' do + specify do + get api(api_url, user) + + expect_paginated_array_response_contain_exactly(open_issue.id, confidential_issue.id, closed_issue.id) + end + end + describe "GET /projects/:id/issues" do let(:base_url) { "/projects/#{project.id}" } @@ -183,6 +203,30 @@ RSpec.describe API::Issues do end end + context 'when user is an inherited member from the group' do + let!(:open_issue) { create(:issue, project: group_project) } + let!(:confidential_issue) { create(:issue, :confidential, project: group_project) } + let!(:closed_issue) { create(:issue, state: :closed, project: group_project) } + + let!(:api_url) { "/projects/#{group_project.id}/issues" } + + context 'and group project is public and issues are private' do + let_it_be(:group_project) do + create(:project, :public, issues_access_level: ProjectFeature::PRIVATE, group: group) + end + + it_behaves_like 'returns project issues without confidential issues for guests' + it_behaves_like 'returns all project issues for reporters' + end + + context 'and group project is private' do + let_it_be(:group_project) { create(:project, :private, group: group) } + + it_behaves_like 'returns project issues without confidential issues for guests' + it_behaves_like 'returns all project issues for reporters' + end + end + it 'avoids N+1 queries' do get api("/projects/#{project.id}/issues", user) |