From c3df0504a2212528bd792fb0cdad539189a6219e Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 18 Oct 2023 03:11:42 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 spec/finders/snippets_finder_spec.rb | 48 +++++++++++++++++++++++++++++++++---
 1 file changed, 45 insertions(+), 3 deletions(-)

(limited to 'spec/finders')

diff --git a/spec/finders/snippets_finder_spec.rb b/spec/finders/snippets_finder_spec.rb
index a5cd90b444e..716eee5c9ac 100644
--- a/spec/finders/snippets_finder_spec.rb
+++ b/spec/finders/snippets_finder_spec.rb
@@ -112,9 +112,7 @@ RSpec.describe SnippetsFinder do
         expect(snippets).to contain_exactly(private_personal_snippet, internal_personal_snippet, public_personal_snippet)
       end
 
-      it 'returns all snippets (everything) for an admin when all_available="true" passed in' do
-        allow(admin).to receive(:can_read_all_resources?).and_return(true)
-
+      it 'returns all snippets (everything) for an admin when all_available="true" passed in', :enable_admin_mode do
         snippets = described_class.new(admin, author: user, all_available: true).execute
 
         expect(snippets).to contain_exactly(
@@ -326,6 +324,50 @@ RSpec.describe SnippetsFinder do
       end
     end
 
+    context 'filtering for snippets authored by banned users', feature_category: :insider_threat do
+      let_it_be(:banned_user) { create(:user, :banned) }
+
+      let_it_be(:banned_public_personal_snippet) { create(:personal_snippet, :public, author: banned_user) }
+      let_it_be(:banned_public_project_snippet) { create(:project_snippet, :public, project: project, author: banned_user) }
+
+      it 'returns banned snippets for admins when in admin mode', :enable_admin_mode do
+        snippets = described_class.new(
+          admin,
+          ids: [banned_public_personal_snippet.id, banned_public_project_snippet.id]
+        ).execute
+
+        expect(snippets).to contain_exactly(
+          banned_public_personal_snippet, banned_public_project_snippet
+        )
+      end
+
+      it 'does not return banned snippets for non-admin users' do
+        snippets = described_class.new(
+          user,
+          ids: [banned_public_personal_snippet.id, banned_public_project_snippet.id]
+        ).execute
+
+        expect(snippets).to be_empty
+      end
+
+      context 'when hide_snippets_of_banned_users feature flag is off' do
+        before do
+          stub_feature_flags(hide_snippets_of_banned_users: false)
+        end
+
+        it 'returns banned snippets for non-admin users' do
+          snippets = described_class.new(
+            user,
+            ids: [banned_public_personal_snippet.id, banned_public_project_snippet.id]
+          ).execute
+
+          expect(snippets).to contain_exactly(
+            banned_public_personal_snippet, banned_public_project_snippet
+          )
+        end
+      end
+    end
+
     context 'when the user cannot read cross project' do
       before do
         allow(Ability).to receive(:allowed?).and_call_original
-- 
cgit v1.2.3