diff options
author | John T Skarbek <jskarbek@gitlab.com> | 2019-08-14 21:11:04 +0300 |
---|---|---|
committer | John T Skarbek <jskarbek@gitlab.com> | 2019-08-14 21:11:04 +0300 |
commit | 2b2efbc609a85093238ee3bec94358670021d0e5 (patch) | |
tree | 671ff737363c10b61e4a970e1c108319cc07e37d /spec | |
parent | affa81eb79ec0ca01a1a0c2733cc5cdffb3b9ff1 (diff) | |
parent | 7b52cff4896c8f681aea34fb273209400cf3e06e (diff) |
Merge remote-tracking branch 'dev/security-2873-restrict-slash-commands-to-users-who-can-log-in'
Diffstat (limited to 'spec')
-rw-r--r-- | spec/policies/global_policy_spec.rb | 28 | ||||
-rw-r--r-- | spec/support/shared_examples/chat_slash_commands_shared_examples.rb | 13 |
2 files changed, 41 insertions, 0 deletions
diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb index 12be3927e18..df6cc526eb0 100644 --- a/spec/policies/global_policy_spec.rb +++ b/spec/policies/global_policy_spec.rb @@ -226,4 +226,32 @@ describe GlobalPolicy do it { is_expected.not_to be_allowed(:read_instance_statistics) } end end + + describe 'slash commands' do + context 'regular user' do + it { is_expected.to be_allowed(:use_slash_commands) } + end + + context 'when internal' do + let(:current_user) { User.ghost } + + it { is_expected.not_to be_allowed(:use_slash_commands) } + end + + context 'when blocked' do + before do + current_user.block + end + + it { is_expected.not_to be_allowed(:use_slash_commands) } + end + + context 'when access locked' do + before do + current_user.lock_access! + end + + it { is_expected.not_to be_allowed(:use_slash_commands) } + end + end end diff --git a/spec/support/shared_examples/chat_slash_commands_shared_examples.rb b/spec/support/shared_examples/chat_slash_commands_shared_examples.rb index 82975027e5b..dcc92dda950 100644 --- a/spec/support/shared_examples/chat_slash_commands_shared_examples.rb +++ b/spec/support/shared_examples/chat_slash_commands_shared_examples.rb @@ -93,6 +93,19 @@ RSpec.shared_examples 'chat slash commands service' do subject.trigger(params) end + + context 'when user is blocked' do + before do + chat_name.user.block + end + + it 'blocks command execution' do + expect_any_instance_of(Gitlab::SlashCommands::Command).not_to receive(:execute) + + result = subject.trigger(params) + expect(result).to include(text: /^Whoops! This action is not allowed/) + end + end end end end |