diff options
author | Sean McGivern <sean@gitlab.com> | 2018-01-05 20:55:37 +0300 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2018-01-17 04:04:38 +0300 |
commit | 3fc0564ae09a9edf87a71a8c85ff9bf8ad35121d (patch) | |
tree | 85ac8103dc85140d6a5e2d13b5949dd7f37cdd81 /spec/services/merge_requests/create_service_spec.rb | |
parent | 954a44574fd7a0be232a194d503032e16b8f3094 (diff) |
Merge branch '41567-projectfix' into 'security-10-3'
check project access on MR create
See merge request gitlab/gitlabhq!2273
(cherry picked from commit 1fe2325d6ef2bced4c5e97b57691c894f38b2834)
43e85f49 check project access on MR create
Diffstat (limited to 'spec/services/merge_requests/create_service_spec.rb')
-rw-r--r-- | spec/services/merge_requests/create_service_spec.rb | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/spec/services/merge_requests/create_service_spec.rb b/spec/services/merge_requests/create_service_spec.rb index dd8c803a2f7..5d226f34d2d 100644 --- a/spec/services/merge_requests/create_service_spec.rb +++ b/spec/services/merge_requests/create_service_spec.rb @@ -263,5 +263,66 @@ describe MergeRequests::CreateService do expect(issue_ids).to match_array([first_issue.id, second_issue.id]) end end + + context 'when source and target projects are different' do + let(:target_project) { create(:project) } + + let(:opts) do + { + title: 'Awesome merge_request', + source_branch: 'feature', + target_branch: 'master', + target_project_id: target_project.id + } + end + + context 'when user can not access source project' do + before do + target_project.add_developer(assignee) + target_project.add_master(user) + end + + it 'raises an error' do + expect { described_class.new(project, user, opts).execute } + .to raise_error Gitlab::Access::AccessDeniedError + end + end + + context 'when user can not access target project' do + before do + target_project.add_developer(assignee) + target_project.add_master(user) + end + + it 'raises an error' do + expect { described_class.new(project, user, opts).execute } + .to raise_error Gitlab::Access::AccessDeniedError + end + end + end + + context 'when user sets source project id' do + let(:another_project) { create(:project) } + + let(:opts) do + { + title: 'Awesome merge_request', + source_branch: 'feature', + target_branch: 'master', + source_project_id: another_project.id + } + end + + before do + project.add_developer(assignee) + project.add_master(user) + end + + it 'ignores source_project_id' do + merge_request = described_class.new(project, user, opts).execute + + expect(merge_request.source_project_id).to eq(project.id) + end + end end end |