diff options
| author | Alexandru Croitor <acroitor@gitlab.com> | 2019-09-10 15:30:07 +0300 |
|---|---|---|
| committer | Alexandru Croitor <acroitor@gitlab.com> | 2019-09-23 11:58:12 +0300 |
| commit | a4e04c4c64dd6523643197eb50eb3e8c9d2cbf42 (patch) | |
| tree | 4bb6fa9f896d443e7585f960b555861a351b686d /spec | |
| parent | 7099ecf77cb45c7b456a47f24064657ca59549b7 (diff) | |
Redirect user to root path after unsubscribing from private resource
If user unsubsrcribes from a resource that they no longer have
access to they should not be revealed the resource path, but be
redirected to app root instead.
https://gitlab.com/gitlab-org/gitlab-ce/issues/64938
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/controllers/sent_notifications_controller_spec.rb | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/spec/controllers/sent_notifications_controller_spec.rb b/spec/controllers/sent_notifications_controller_spec.rb index fafcd6927cd..0e634d8ba99 100644 --- a/spec/controllers/sent_notifications_controller_spec.rb +++ b/spec/controllers/sent_notifications_controller_spec.rb @@ -208,6 +208,35 @@ describe SentNotificationsController do .to redirect_to(project_merge_request_path(project, merge_request)) end end + + context 'when project is private' do + context 'and user does not have access' do + let(:noteable) { issue } + let(:target_project) { private_project } + + before do + get(:unsubscribe, params: { id: sent_notification.reply_key }) + end + + it 'unsubscribes user and redirects to root path' do + expect(response).to redirect_to(root_path) + end + end + + context 'and user has access' do + let(:noteable) { issue } + let(:target_project) { private_project } + + before do + private_project.add_developer(user) + get(:unsubscribe, params: { id: sent_notification.reply_key }) + end + + it 'unsubscribes user and redirects to issue path' do + expect(response).to redirect_to(project_issue_path(private_project, issue)) + end + end + end end end end |