diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-30 02:49:08 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-30 02:49:18 +0300 |
commit | 38dadcee569adfbbb1c9dc99634bba4e9a9128bc (patch) | |
tree | 32661c6c5a8585196d1c84b7f4efcdc166cb8240 /spec/services | |
parent | 05bbfffcd3692a70849628ff36ecb8eeac4902af (diff) |
Add latest changes from gitlab-org/security/gitlab@15-9-stable-ee
Diffstat (limited to 'spec/services')
-rw-r--r-- | spec/services/merge_requests/push_options_handler_service_spec.rb | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/spec/services/merge_requests/push_options_handler_service_spec.rb b/spec/services/merge_requests/push_options_handler_service_spec.rb index 251bf6f0d9d..03f3d56cdd2 100644 --- a/spec/services/merge_requests/push_options_handler_service_spec.rb +++ b/spec/services/merge_requests/push_options_handler_service_spec.rb @@ -861,6 +861,21 @@ RSpec.describe MergeRequests::PushOptionsHandlerService do end end + describe 'when user does not have access to target project' do + let(:push_options) { { create: true, target: 'my-branch' } } + let(:changes) { default_branch_changes } + + before do + allow(user1).to receive(:can?).with(:read_code, project).and_return(false) + end + + it 'records an error', :sidekiq_inline do + service.execute + + expect(service.errors).to eq(["User access was denied"]) + end + end + describe 'when MRs are not enabled' do let(:project) { create(:project, :public, :repository).tap { |pr| pr.add_developer(user1) } } let(:push_options) { { create: true } } |