From 222fda90362a3be9e54323af32234d038b99908d Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Wed, 29 Jun 2022 14:11:15 +0000
Subject: Add latest changes from gitlab-org/security/gitlab@15-1-stable-ee

---
 spec/requests/api/ci/runners_spec.rb | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'spec/requests')

diff --git a/spec/requests/api/ci/runners_spec.rb b/spec/requests/api/ci/runners_spec.rb
index 3000bdc2ce7..31b85a0b1d6 100644
--- a/spec/requests/api/ci/runners_spec.rb
+++ b/spec/requests/api/ci/runners_spec.rb
@@ -804,6 +804,23 @@ RSpec.describe API::Ci::Runners do
             expect(json_response).to be_an(Array)
             expect(json_response.length).to eq(2)
           end
+
+          context 'when user does not have authorization to see all jobs' do
+            it 'shows only jobs it has permission to see' do
+              create(:ci_build, :running, runner: two_projects_runner, project: project)
+              create(:ci_build, :running, runner: two_projects_runner, project: project2)
+
+              project.add_guest(user2)
+              project2.add_maintainer(user2)
+              get api("/runners/#{two_projects_runner.id}/jobs", user2)
+
+              expect(response).to have_gitlab_http_status(:ok)
+              expect(response).to include_pagination_headers
+
+              expect(json_response).to be_an(Array)
+              expect(json_response.length).to eq(1)
+            end
+          end
         end
 
         context 'when valid status is provided' do
-- 
cgit v1.2.3