2 files changed, 58 insertions, 6 deletions

diff --git a/spec/services/spam/spam_action_service_spec.rb b/spec/services/spam/spam_action_service_spec.rb
index 15cb4977b61..bc73a5cbfaf 100644
--- a/spec/services/spam/spam_action_service_spec.rb
+++ b/spec/services/spam/spam_action_service_spec.rb
@@ -2,7 +2,8 @@
 
 require 'spec_helper'
 
-RSpec.describe Spam::SpamActionService, feature_category: :instance_resiliency do
+RSpec.describe Spam::SpamActionService, feature_category: :instance_resiliency,
+  quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/418757' do
   include_context 'includes Spam constants'
 
   let(:issue) { create(:issue, project: project, author: author) }
diff --git a/spec/services/spam/spam_verdict_service_spec.rb b/spec/services/spam/spam_verdict_service_spec.rb
index 6b14cf33041..70f43d82ead 100644
--- a/spec/services/spam/spam_verdict_service_spec.rb
+++ b/spec/services/spam/spam_verdict_service_spec.rb
@@ -136,6 +136,38 @@ RSpec.describe Spam::SpamVerdictService, feature_category: :instance_resiliency
       end
     end
 
+    context 'if allow_possible_spam user custom attribute is set' do
+      before do
+        UserCustomAttribute.upsert_custom_attributes(
+          [{
+            user_id: user.id,
+            key: 'allow_possible_spam',
+            value: 'does not matter'
+          }]
+        )
+      end
+
+      context 'and a service returns a verdict that should be overridden' do
+        before do
+          allow(service).to receive(:get_spamcheck_verdict).and_return(BLOCK_USER)
+        end
+
+        it 'overrides and renders the override verdict' do
+          is_expected.to eq OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM
+        end
+      end
+
+      context 'and a service returns a verdict that does not need to be overridden' do
+        before do
+          allow(service).to receive(:get_spamcheck_verdict).and_return(ALLOW)
+        end
+
+        it 'does not override and renders the original verdict' do
+          is_expected.to eq ALLOW
+        end
+      end
+    end
+
     context 'records metrics' do
       let(:histogram) { instance_double(Prometheus::Client::Histogram) }
 
@@ -237,6 +269,8 @@ RSpec.describe Spam::SpamVerdictService, feature_category: :instance_resiliency
       end
 
       context 'if the endpoint is accessible' do
+        let(:user_scores) { Abuse::UserTrustScore.new(user) }
+
         before do
           allow(service).to receive(:spamcheck_client).and_return(spam_client)
           allow(spam_client).to receive(:spam?).and_return(spam_client_result)
@@ -248,7 +282,7 @@ RSpec.describe Spam::SpamVerdictService, feature_category: :instance_resiliency
 
           it 'returns the verdict' do
             is_expected.to eq(NOOP)
-            expect(user.spam_score).to eq(0.0)
+            expect(user_scores.spam_score).to eq(0.0)
           end
         end
 
@@ -259,7 +293,7 @@ RSpec.describe Spam::SpamVerdictService, feature_category: :instance_resiliency
           context 'the result was evaluated' do
             it 'returns the verdict and updates the spam score' do
               is_expected.to eq(ALLOW)
-              expect(user.spam_score).to be_within(0.000001).of(verdict_score)
+              expect(user_scores.spam_score).to be_within(0.000001).of(verdict_score)
             end
           end
 
@@ -268,7 +302,7 @@ RSpec.describe Spam::SpamVerdictService, feature_category: :instance_resiliency
 
             it 'returns the verdict and does not update the spam score' do
               expect(subject).to eq(ALLOW)
-              expect(user.spam_score).to eq(0.0)
+              expect(user_scores.spam_score).to eq(0.0)
             end
           end
         end
@@ -290,7 +324,7 @@ RSpec.describe Spam::SpamVerdictService, feature_category: :instance_resiliency
           with_them do
             it "returns expected spam constant and updates the spam score" do
               is_expected.to eq(expected)
-              expect(user.spam_score).to be_within(0.000001).of(verdict_score)
+              expect(user_scores.spam_score).to be_within(0.000001).of(verdict_score)
             end
           end
         end
@@ -369,7 +403,24 @@ RSpec.describe Spam::SpamVerdictService, feature_category: :instance_resiliency
     describe 'issue' do
       let(:target) { issue }
 
-      it_behaves_like 'execute spam verdict service'
+      context 'when issue is publicly visible' do
+        before do
+          allow(issue).to receive(:publicly_visible?).and_return(true)
+        end
+
+        it_behaves_like 'execute spam verdict service'
+      end
+
+      context 'when issue is not publicly visible' do
+        before do
+          allow(issue).to receive(:publicly_visible?).and_return(false)
+          allow(service).to receive(:get_spamcheck_verdict).and_return(BLOCK_USER)
+        end
+
+        it 'overrides and renders the override verdict' do
+          expect(service.execute).to eq OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM
+        end
+      end
     end
 
     describe 'snippet' do