Fix visibility of private project snippets for members when searching

1 files changed, 30 insertions, 8 deletions

diff --git a/spec/services/search/snippet_service_spec.rb b/spec/services/search/snippet_service_spec.rb
index 85721b61cff..14f3301d9f4 100644
--- a/spec/services/search/snippet_service_spec.rb
+++ b/spec/services/search/snippet_service_spec.rb
@@ -2,35 +2,57 @@ require 'spec_helper'
 
 describe Search::SnippetService, services: true do
   let(:author) { create(:author) }
-  let(:internal_user) { create(:user) }
+  let(:project) { create(:empty_project) }
 
   let!(:public_snippet)   { create(:snippet, :public, content: 'password: XXX') }
   let!(:internal_snippet) { create(:snippet, :internal, content: 'password: XXX') }
   let!(:private_snippet)  { create(:snippet, :private, content: 'password: XXX', author: author) }
 
+  let!(:project_public_snippet)   { create(:snippet, :public, project: project, content: 'password: XXX') }
+  let!(:project_internal_snippet) { create(:snippet, :internal, project: project, content: 'password: XXX') }
+  let!(:project_private_snippet)  { create(:snippet, :private, project: project, content: 'password: XXX') }
+
   describe '#execute' do
     context 'unauthenticated' do
-      it 'should return public snippets only' do
+      it 'returns public snippets only' do
         search = described_class.new(nil, search: 'password')
         results = search.execute
 
-        expect(results.objects('snippet_blobs')).to match_array [public_snippet]
+        expect(results.objects('snippet_blobs')).to match_array [public_snippet, project_public_snippet]
       end
     end
 
     context 'authenticated' do
-      it 'should return only public & internal snippets' do
-        search = described_class.new(internal_user, search: 'password')
+      it 'returns only public & internal snippets for regular users' do
+        user = create(:user)
+        search = described_class.new(user, search: 'password')
+        results = search.execute
+
+        expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, project_public_snippet, project_internal_snippet]
+      end
+
+      it 'returns public, internal snippets and project private snippets for project members' do
+        member = create(:user)
+        project.team << [member, :developer]
+        search = described_class.new(member, search: 'password')
         results = search.execute
 
-        expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet]
+        expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, project_public_snippet, project_internal_snippet, project_private_snippet]
       end
 
-      it 'should return public, internal and private snippets for author' do
+      it 'returns public, internal and private snippets where user is the author' do
         search = described_class.new(author, search: 'password')
         results = search.execute
 
-        expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, private_snippet]
+        expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, private_snippet, project_public_snippet, project_internal_snippet]
+      end
+
+      it 'returns all snippets when user is admin' do
+        admin = create(:admin)
+        search = described_class.new(admin, search: 'password')
+        results = search.execute
+
+        expect(results.objects('snippet_blobs')).to match_array [public_snippet, internal_snippet, private_snippet, project_public_snippet, project_internal_snippet, project_private_snippet]
       end
     end
   end