From b39512ed755239198a9c294b6a45e65c05900235 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 18 Aug 2022 08:17:02 +0000
Subject: Add latest changes from gitlab-org/gitlab@15-3-stable-ee

---
 ...ch_cross_project_authorization_shared_examples.rb | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 spec/support/shared_examples/controllers/search_cross_project_authorization_shared_examples.rb

(limited to 'spec/support/shared_examples/controllers/search_cross_project_authorization_shared_examples.rb')

diff --git a/spec/support/shared_examples/controllers/search_cross_project_authorization_shared_examples.rb b/spec/support/shared_examples/controllers/search_cross_project_authorization_shared_examples.rb
new file mode 100644
index 00000000000..9421561aea4
--- /dev/null
+++ b/spec/support/shared_examples/controllers/search_cross_project_authorization_shared_examples.rb
@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+RSpec.shared_examples_for 'when the user cannot read cross project' do |action, params|
+  before do
+    allow(Ability).to receive(:allowed?).and_call_original
+    allow(Ability).to receive(:allowed?).with(user, :read_cross_project, :global).and_return(false)
+  end
+
+  it 'blocks access without a project_id' do
+    get action, params: params
+
+    expect(response).to have_gitlab_http_status(:forbidden)
+  end
+
+  it 'allows access with a project_id' do
+    get action, params: params.merge(project_id: create(:project, :public).id)
+
+    expect(response).to have_gitlab_http_status(:ok)
+  end
+end
-- 
cgit v1.2.3