diff options
author | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:02 +0300 |
---|---|---|
committer | GitLab Release Tools Bot <robert+release-tools@gitlab.com> | 2019-10-29 18:58:02 +0300 |
commit | ca324614b5da3f1bb2fcab44cc6c483a712939b7 (patch) | |
tree | 463d377338a0718f4107366cc0b8b8a39be4723b /spec | |
parent | 64d59e7e1cdd7ede2f308665cc482869150db4fe (diff) | |
parent | 920c7a4abe28dac1d1b26098ece2d912c01d9584 (diff) |
Merge branch 'security-33689-post-filter-search-results-ce' into 'master'
Filter out search results based on permissions to avoid bugs leaking data
See merge request gitlab/gitlabhq!3493
Diffstat (limited to 'spec')
-rw-r--r-- | spec/models/milestone_spec.rb | 8 | ||||
-rw-r--r-- | spec/models/note_spec.rb | 20 | ||||
-rw-r--r-- | spec/models/project_spec.rb | 8 |
3 files changed, 29 insertions, 7 deletions
diff --git a/spec/models/milestone_spec.rb b/spec/models/milestone_spec.rb index 2ecbe548520..120ba67f328 100644 --- a/spec/models/milestone_spec.rb +++ b/spec/models/milestone_spec.rb @@ -227,6 +227,14 @@ describe Milestone do end end + describe '#to_ability_name' do + it 'returns milestone' do + milestone = build(:milestone) + + expect(milestone.to_ability_name).to eq('milestone') + end + end + describe '.search' do let(:milestone) { create(:milestone, title: 'foo', description: 'bar') } diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb index 4c320b4b145..1c895f084b0 100644 --- a/spec/models/note_spec.rb +++ b/spec/models/note_spec.rb @@ -578,24 +578,30 @@ describe Note do end describe '#to_ability_name' do - it 'returns snippet for a project snippet note' do - expect(build(:note_on_project_snippet).to_ability_name).to eq('project_snippet') + it 'returns note' do + expect(build(:note).to_ability_name).to eq('note') + end + end + + describe '#noteable_ability_name' do + it 'returns project_snippet for a project snippet note' do + expect(build(:note_on_project_snippet).noteable_ability_name).to eq('project_snippet') end it 'returns personal_snippet for a personal snippet note' do - expect(build(:note_on_personal_snippet).to_ability_name).to eq('personal_snippet') + expect(build(:note_on_personal_snippet).noteable_ability_name).to eq('personal_snippet') end it 'returns merge_request for an MR note' do - expect(build(:note_on_merge_request).to_ability_name).to eq('merge_request') + expect(build(:note_on_merge_request).noteable_ability_name).to eq('merge_request') end it 'returns issue for an issue note' do - expect(build(:note_on_issue).to_ability_name).to eq('issue') + expect(build(:note_on_issue).noteable_ability_name).to eq('issue') end - it 'returns issue for a commit note' do - expect(build(:note_on_commit).to_ability_name).to eq('commit') + it 'returns commit for a commit note' do + expect(build(:note_on_commit).noteable_ability_name).to eq('commit') end end diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb index 5922a6f36f5..b4d9ce28829 100644 --- a/spec/models/project_spec.rb +++ b/spec/models/project_spec.rb @@ -4444,6 +4444,14 @@ describe Project do end end + describe '#to_ability_name' do + it 'returns project' do + project = build(:project_empty_repo) + + expect(project.to_ability_name).to eq('project') + end + end + describe '#execute_hooks' do let(:data) { { ref: 'refs/heads/master', data: 'data' } } it 'executes active projects hooks with the specified scope' do |