diff options
author | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-12-07 18:48:38 +0300 |
---|---|---|
committer | Tiago Botelho <tiagonbotelho@hotmail.com> | 2018-12-19 13:56:11 +0300 |
commit | 52feca595a3311fc12a6f35191a24ff61c33e440 (patch) | |
tree | 5131015b5e30d3407211fb7431a0ad1ad95b7e48 /spec/services/issuable | |
parent | ffef28ccd6d37ade2c3ee3ca46679749f9cf09aa (diff) |
Adds validation to check if user can read project
An issuable should not be available to a user if the
project is not visible to that specific user
Diffstat (limited to 'spec/services/issuable')
-rw-r--r-- | spec/services/issuable/bulk_update_service_spec.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/spec/services/issuable/bulk_update_service_spec.rb b/spec/services/issuable/bulk_update_service_spec.rb index f0b0f7956ce..ca366cdf1df 100644 --- a/spec/services/issuable/bulk_update_service_spec.rb +++ b/spec/services/issuable/bulk_update_service_spec.rb @@ -28,6 +28,33 @@ describe Issuable::BulkUpdateService do expect(project.issues.opened).to be_empty expect(project.issues.closed).not_to be_empty end + + context 'when issue for a different project is created' do + let(:private_project) { create(:project, :private) } + let(:issue) { create(:issue, project: private_project, author: user) } + + context 'when user has access to the project' do + it 'closes all issues passed' do + private_project.add_maintainer(user) + + bulk_update(issues + [issue], state_event: 'close') + + expect(project.issues.opened).to be_empty + expect(project.issues.closed).not_to be_empty + expect(private_project.issues.closed).not_to be_empty + end + end + + context 'when user does not have access to project' do + it 'only closes all issues that the user has access to' do + bulk_update(issues + [issue], state_event: 'close') + + expect(project.issues.opened).to be_empty + expect(project.issues.closed).not_to be_empty + expect(private_project.issues.closed).to be_empty + end + end + end end describe 'reopen issues' do |