Remove the `comment_personal_snippet` permission

This is now entirely handled by `create_note`: 1. Project snippets prevent `create_note`. 2. Uploads already only support routing for personal snippets. This simplifies some policies and access checks, too!
author: Sean McGivern <sean@gitlab.com> 2019-05-02 13:13:42 +0300
committer: Sean McGivern <sean@gitlab.com> 2019-05-02 13:13:42 +0300
commit: c1892f6c9000cacafae4f6c8992ba6c1128c8c95 (patch)
tree: 237c2955a1514b9be6b8b09c4bdb16323573641a /spec/routing
parent: acb55198b4a05a0b4ac2662bf68cfeb3d744ca01 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/spec/routing/uploads_routing_spec.rb b/spec/routing/uploads_routing_spec.rb
new file mode 100644
index 00000000000..6a041ffdd6c
--- /dev/null
+++ b/spec/routing/uploads_routing_spec.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Uploads', 'routing' do
+  it 'allows creating uploads for personal snippets' do
+    expect(post('/uploads/personal_snippet?id=1')).to route_to(
+      controller: 'uploads',
+      action: 'create',
+      model: 'personal_snippet',
+      id: '1'
+    )
+  end
+
+  it 'does not allow creating uploads for other models' do
+    UploadsController::MODEL_CLASSES.keys.compact.each do |model|
+      next if model == 'personal_snippet'
+
+      expect(post("/uploads/#{model}?id=1")).not_to be_routable
+    end
+  end
+end
author	Sean McGivern <sean@gitlab.com>	2019-05-02 13:13:42 +0300
committer	Sean McGivern <sean@gitlab.com>	2019-05-02 13:13:42 +0300
commit	c1892f6c9000cacafae4f6c8992ba6c1128c8c95 (patch)
tree	237c2955a1514b9be6b8b09c4bdb16323573641a /spec/routing
parent	acb55198b4a05a0b4ac2662bf68cfeb3d744ca01 (diff)