Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/requests/api/redacted_events_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/api/redacted_events_spec.rb')
-rw-r--r--spec/requests/api/redacted_events_spec.rb68
1 files changed, 68 insertions, 0 deletions
diff --git a/spec/requests/api/redacted_events_spec.rb b/spec/requests/api/redacted_events_spec.rb
new file mode 100644
index 00000000000..086dd3df9ba
--- /dev/null
+++ b/spec/requests/api/redacted_events_spec.rb
@@ -0,0 +1,68 @@
+require 'spec_helper'
+
+describe 'Redacted events in API::Events' do
+ shared_examples 'private events are redacted' do
+ it 'redacts events the user does not have access to' do
+ expect_any_instance_of(Event).to receive(:visible_to_user?).and_call_original
+
+ get api(path), user
+
+ expect(response).to have_gitlab_http_status(200)
+ expect(json_response).to contain_exactly(
+ 'project_id' => nil,
+ 'action_name' => nil,
+ 'target_id' => nil,
+ 'target_iid' => nil,
+ 'target_type' => nil,
+ 'author_id' => nil,
+ 'target_title' => 'Confidential event',
+ 'created_at' => nil,
+ 'author_username' => nil
+ )
+ end
+ end
+
+ describe '/users/:id/events' do
+ let(:project) { create(:project, :public) }
+ let(:path) { "/users/#{project.owner.id}/events" }
+ let(:issue) { create(:issue, :confidential, project: project) }
+
+ before do
+ EventCreateService.new.open_issue(issue, issue.author)
+ end
+
+ context 'unauthenticated user views another user with private events' do
+ let(:user) { nil }
+
+ include_examples 'private events are redacted'
+ end
+
+ context 'authenticated user without access views another user with private events' do
+ let(:user) { create(:user) }
+
+ include_examples 'private events are redacted'
+ end
+ end
+
+ describe '/projects/:id/events' do
+ let(:project) { create(:project, :public) }
+ let(:path) { "/projects/#{project.id}/events" }
+ let(:issue) { create(:issue, :confidential, project: project) }
+
+ before do
+ EventCreateService.new.open_issue(issue, issue.author)
+ end
+
+ context 'unauthenticated user views public project' do
+ let(:user) { nil }
+
+ include_examples 'private events are redacted'
+ end
+
+ context 'authenticated user without access views public project' do
+ let(:user) { create(:user) }
+
+ include_examples 'private events are redacted'
+ end
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-19 03:43:12 +0300