diff options
| author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-09-26 16:53:23 +0300 |
|---|---|---|
| committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-09-26 16:53:23 +0300 |
| commit | f15977b0458bbb43964cdb476b00cde01b94260f (patch) | |
| tree | 9ea16b83b65bacaa1c06f533a65c196f8e5bc09f /spec | |
| parent | 020df25cd84acd8baa1f61be8f32153a7928336b (diff) | |
| parent | a4e04c4c64dd6523643197eb50eb3e8c9d2cbf42 (diff) | |
Merge branch 'security-64938-dont-disclose-path-12-3-ce' into '12-3-stable'
Redirect user to root path after unsubscribing from private resource
See merge request gitlab/gitlabhq!3423
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/controllers/sent_notifications_controller_spec.rb | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/spec/controllers/sent_notifications_controller_spec.rb b/spec/controllers/sent_notifications_controller_spec.rb index fafcd6927cd..0e634d8ba99 100644 --- a/spec/controllers/sent_notifications_controller_spec.rb +++ b/spec/controllers/sent_notifications_controller_spec.rb @@ -208,6 +208,35 @@ describe SentNotificationsController do .to redirect_to(project_merge_request_path(project, merge_request)) end end + + context 'when project is private' do + context 'and user does not have access' do + let(:noteable) { issue } + let(:target_project) { private_project } + + before do + get(:unsubscribe, params: { id: sent_notification.reply_key }) + end + + it 'unsubscribes user and redirects to root path' do + expect(response).to redirect_to(root_path) + end + end + + context 'and user has access' do + let(:noteable) { issue } + let(:target_project) { private_project } + + before do + private_project.add_developer(user) + get(:unsubscribe, params: { id: sent_notification.reply_key }) + end + + it 'unsubscribes user and redirects to issue path' do + expect(response).to redirect_to(project_issue_path(private_project, issue)) + end + end + end end end end |