diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-11-26 15:02:08 +0300 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-11-26 15:02:08 +0300 |
| commit | ccb32647be0f8cb9f10377e230457cbf6dec3408 (patch) | |
| tree | 13d37ccb412caa55ab77570161f275e3b9e274e5 /spec | |
| parent | 83e8f432e03fee659c3ac0bd718f40dff0bf8e45 (diff) | |
| parent | b3076997eb00021004063cf552fb07bbd117e81a (diff) | |
Merge branch 'security-ag-cycle-analytics-guest-permissions-12-5' into '12-5-stable'
Prevent guests from seeing commits for cycle analytics
See merge request gitlab/gitlabhq!3534
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/features/cycle_analytics_spec.rb | 10 | ||||
| -rw-r--r-- | spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb | 23 |
2 files changed, 32 insertions, 1 deletions
diff --git a/spec/features/cycle_analytics_spec.rb b/spec/features/cycle_analytics_spec.rb index 0fc4841ee0e..e9751aa2e72 100644 --- a/spec/features/cycle_analytics_spec.rb +++ b/spec/features/cycle_analytics_spec.rb @@ -112,6 +112,10 @@ describe 'Cycle Analytics', :js do wait_for_requests end + it 'does not show the commit stats' do + expect(page).to have_no_selector(:xpath, commits_counter_selector) + end + it 'needs permissions to see restricted stages' do expect(find('.stage-events')).to have_content(issue.title) @@ -127,8 +131,12 @@ describe 'Cycle Analytics', :js do find(:xpath, "//p[contains(text(),'New Issue')]/preceding-sibling::h3") end + def commits_counter_selector + "//p[contains(text(),'Commits')]/preceding-sibling::h3" + end + def commits_counter - find(:xpath, "//p[contains(text(),'Commits')]/preceding-sibling::h3") + find(:xpath, commits_counter_selector) end def deploys_counter diff --git a/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb b/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb index 8f9dac6d281..94edef20296 100644 --- a/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb +++ b/spec/lib/gitlab/cycle_analytics/stage_summary_spec.rb @@ -6,6 +6,11 @@ describe Gitlab::CycleAnalytics::StageSummary do let(:project) { create(:project, :repository) } let(:options) { { from: 1.day.ago, current_user: user } } let(:user) { create(:user, :admin) } + + before do + project.add_maintainer(user) + end + let(:stage_summary) { described_class.new(project, options).data } describe "#new_issues" do @@ -86,6 +91,24 @@ describe Gitlab::CycleAnalytics::StageSummary do expect(subject).to eq(2) end end + + context 'when a guest user is signed in' do + let(:guest_user) { create(:user) } + + before do + project.add_guest(guest_user) + options.merge!({ current_user: guest_user }) + end + + it 'does not include commit stats' do + data = described_class.new(project, options).data + expect(includes_commits?(data)).to be_falsy + end + + def includes_commits?(data) + data.any? { |h| h["title"] == 'Commits' } + end + end end describe "#deploys" do |