Merge branch 'security-33689-post-filter-search-results-ce' into 'master'

Filter out search results based on permissions to avoid bugs leaking data See merge request gitlab/gitlabhq!3493
author: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-10-29 18:58:02 +0300
committer: GitLab Release Tools Bot <robert+release-tools@gitlab.com> 2019-10-29 18:58:02 +0300
commit: ca324614b5da3f1bb2fcab44cc6c483a712939b7 (patch)
tree: 463d377338a0718f4107366cc0b8b8a39be4723b /spec
parent: 64d59e7e1cdd7ede2f308665cc482869150db4fe (diff)
parent: 920c7a4abe28dac1d1b26098ece2d912c01d9584 (diff)
3 files changed, 29 insertions, 7 deletions
diff --git a/spec/models/milestone_spec.rb b/spec/models/milestone_spec.rb
index 2ecbe548520..120ba67f328 100644
--- a/spec/models/milestone_spec.rb
+++ b/spec/models/milestone_spec.rb
@@ -227,6 +227,14 @@ describe Milestone do
     end
   end
 
+  describe '#to_ability_name' do
+    it 'returns milestone' do
+      milestone = build(:milestone)
+
+      expect(milestone.to_ability_name).to eq('milestone')
+    end
+  end
+
   describe '.search' do
     let(:milestone) { create(:milestone, title: 'foo', description: 'bar') }
 
diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb
index 4c320b4b145..1c895f084b0 100644
--- a/spec/models/note_spec.rb
+++ b/spec/models/note_spec.rb
@@ -578,24 +578,30 @@ describe Note do
   end
 
   describe '#to_ability_name' do
-    it 'returns snippet for a project snippet note' do
-      expect(build(:note_on_project_snippet).to_ability_name).to eq('project_snippet')
+    it 'returns note' do
+      expect(build(:note).to_ability_name).to eq('note')
+    end
+  end
+
+  describe '#noteable_ability_name' do
+    it 'returns project_snippet for a project snippet note' do
+      expect(build(:note_on_project_snippet).noteable_ability_name).to eq('project_snippet')
     end
 
     it 'returns personal_snippet for a personal snippet note' do
-      expect(build(:note_on_personal_snippet).to_ability_name).to eq('personal_snippet')
+      expect(build(:note_on_personal_snippet).noteable_ability_name).to eq('personal_snippet')
     end
 
     it 'returns merge_request for an MR note' do
-      expect(build(:note_on_merge_request).to_ability_name).to eq('merge_request')
+      expect(build(:note_on_merge_request).noteable_ability_name).to eq('merge_request')
     end
 
     it 'returns issue for an issue note' do
-      expect(build(:note_on_issue).to_ability_name).to eq('issue')
+      expect(build(:note_on_issue).noteable_ability_name).to eq('issue')
     end
 
-    it 'returns issue for a commit note' do
-      expect(build(:note_on_commit).to_ability_name).to eq('commit')
+    it 'returns commit for a commit note' do
+      expect(build(:note_on_commit).noteable_ability_name).to eq('commit')
     end
   end
 
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 5922a6f36f5..b4d9ce28829 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -4444,6 +4444,14 @@ describe Project do
     end
   end
 
+  describe '#to_ability_name' do
+    it 'returns project' do
+      project = build(:project_empty_repo)
+
+      expect(project.to_ability_name).to eq('project')
+    end
+  end
+
   describe '#execute_hooks' do
     let(:data) { { ref: 'refs/heads/master', data: 'data' } }
     it 'executes active projects hooks with the specified scope' do
author	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-10-29 18:58:02 +0300
committer	GitLab Release Tools Bot <robert+release-tools@gitlab.com>	2019-10-29 18:58:02 +0300
commit	ca324614b5da3f1bb2fcab44cc6c483a712939b7 (patch)
tree	463d377338a0718f4107366cc0b8b8a39be4723b /spec
parent	64d59e7e1cdd7ede2f308665cc482869150db4fe (diff)
parent	920c7a4abe28dac1d1b26098ece2d912c01d9584 (diff)