diff options
author | Felipe Artur <felipefac@gmail.com> | 2018-12-11 21:15:10 +0300 |
---|---|---|
committer | Felipe Artur <felipefac@gmail.com> | 2018-12-14 15:38:52 +0300 |
commit | 1653f7b1c68b2ea7da8df84ed459b9578e3dff8f (patch) | |
tree | 9e55514e5682aa8799469286265b3e51af84b003 /spec/services/members/update_service_spec.rb | |
parent | cc7353523bc1d19054769d7a0a61b0cb7f6ce4e3 (diff) |
Delete confidential issue todos for guests
Fix leaking information of confidential issues on TODOs
when user is downgraded to guest access.
Diffstat (limited to 'spec/services/members/update_service_spec.rb')
-rw-r--r-- | spec/services/members/update_service_spec.rb | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/spec/services/members/update_service_spec.rb b/spec/services/members/update_service_spec.rb index 6d19a95ffeb..599ed39ca37 100644 --- a/spec/services/members/update_service_spec.rb +++ b/spec/services/members/update_service_spec.rb @@ -20,11 +20,28 @@ describe Members::UpdateService do shared_examples 'a service updating a member' do it 'updates the member' do + expect(TodosDestroyer::EntityLeaveWorker).not_to receive(:perform_in).with(Todo::WAIT_FOR_DELETE, member.user_id, member.source_id, source.class.name) + updated_member = described_class.new(current_user, params).execute(member, permission: permission) expect(updated_member).to be_valid expect(updated_member.access_level).to eq(Gitlab::Access::MAINTAINER) end + + context 'when member is downgraded to guest' do + let(:params) do + { access_level: Gitlab::Access::GUEST } + end + + it 'schedules to delete confidential todos' do + expect(TodosDestroyer::EntityLeaveWorker).to receive(:perform_in).with(Todo::WAIT_FOR_DELETE, member.user_id, member.source_id, source.class.name).once + + updated_member = described_class.new(current_user, params).execute(member, permission: permission) + + expect(updated_member).to be_valid + expect(updated_member.access_level).to eq(Gitlab::Access::GUEST) + end + end end before do |