diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-02-06 15:04:14 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-02-06 15:04:14 +0300 |
commit | ec45122c098726cb88ee4c7c3523caaf7a5a54c8 (patch) | |
tree | 5c5c10ed077af64deed43b4d21345659fa7bcdb8 /spec | |
parent | 4e24db32cd6269d22ee1df8a3d57c47ff25ac864 (diff) | |
parent | b6a437313d9869836417dfafb84b62077873fbe0 (diff) |
Merge dev.gitlab.org master into GitLab.com master
Diffstat (limited to 'spec')
-rw-r--r-- | spec/requests/api/releases_spec.rb | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb index 811e23fb854..1f317971a66 100644 --- a/spec/requests/api/releases_spec.rb +++ b/spec/requests/api/releases_spec.rb @@ -127,6 +127,31 @@ describe API::Releases do .to match_array(release.sources.map(&:url)) end + context "when release description contains confidential issue's link" do + let(:confidential_issue) do + create(:issue, + :confidential, + project: project, + title: 'A vulnerability') + end + + let!(:release) do + create(:release, + project: project, + tag: 'v0.1', + sha: commit.id, + author: maintainer, + description: "This is confidential #{confidential_issue.to_reference}") + end + + it "does not expose confidential issue's title" do + get api("/projects/#{project.id}/releases/v0.1", maintainer) + + expect(json_response['description_html']).to include(confidential_issue.to_reference) + expect(json_response['description_html']).not_to include('A vulnerability') + end + end + context 'when release has link asset' do let!(:link) do create(:release_link, |