Welcome to mirror list, hosted at ThFree Co, Russian Federation.

viewing_issues_with_external_authorization_enabled_spec.rb « issues « projects « features « spec - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/features/projects/issues/viewing_issues_with_external_authorization_enabled_spec.rb
blob: bf1b2f7e5cd3eece2de0d29c5db265f052fa91df (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'viewing an issue with cross project references' do
  include ExternalAuthorizationServiceHelpers
  include Gitlab::Routing.url_helpers

  let(:user) { create(:user) }
  let(:other_project) do
    create(:project, :public, external_authorization_classification_label: 'other_label')
  end

  let(:other_issue) do
    create(:issue, :closed, title: 'I am in another project', project: other_project)
  end

  let(:other_confidential_issue) do
    create(:issue, :confidential, :closed, title: 'I am in another project and confidential', project: other_project)
  end

  let(:other_merge_request) do
    create(:merge_request, :closed, title: 'I am a merge request in another project', source_project: other_project)
  end

  let(:description_referencing_other_issue) do
    "Referencing: #{other_issue.to_reference(project)}, "\
    "a confidential issue #{confidential_issue.to_reference}, "\
    "a cross project confidential issue #{other_confidential_issue.to_reference(project)}, and "\
    "a cross project merge request #{other_merge_request.to_reference(project)}"
  end

  let(:project) { create(:project) }
  let(:issue) do
    create(:issue, project: project, description: description_referencing_other_issue)
  end

  let(:confidential_issue) do
    create(:issue, :confidential, :closed, title: "I am in the same project and confidential", project: project)
  end

  before do
    project.add_developer(user)
    sign_in(user)
  end

  it 'shows all information related to the cross project reference' do
    visit project_issue_path(project, issue)

    expect(page).to have_link("#{other_issue.to_reference(project)} (#{other_issue.state})")
    expect(page).to have_xpath("//a[@title='#{other_issue.title}']")
  end

  it 'shows a link to the confidential issue in the same project' do
    visit project_issue_path(project, issue)

    expect(page).to have_link("#{confidential_issue.to_reference(project)} (#{confidential_issue.state})")
    expect(page).to have_xpath("//a[@title='#{confidential_issue.title}']")
  end

  it 'does not show the link to a cross project confidential issue when the user does not have access' do
    visit project_issue_path(project, issue)

    expect(page).not_to have_link("#{other_confidential_issue.to_reference(project)} (#{other_confidential_issue.state})")
    expect(page).not_to have_xpath("//a[@title='#{other_confidential_issue.title}']")
  end

  it 'shows the link to a cross project confidential issue when the user has access' do
    other_project.add_developer(user)

    visit project_issue_path(project, issue)

    expect(page).to have_link("#{other_confidential_issue.to_reference(project)} (#{other_confidential_issue.state})")
    expect(page).to have_xpath("//a[@title='#{other_confidential_issue.title}']")
  end

  context 'when an external authorization service is enabled' do
    before do
      enable_external_authorization_service_check
    end

    it 'only hits the external service for the project the user is viewing' do
      expect(::Gitlab::ExternalAuthorization)
        .to receive(:access_allowed?).with(user, 'default_label', any_args).at_least(1).and_return(true)
      expect(::Gitlab::ExternalAuthorization)
        .not_to receive(:access_allowed?).with(user, 'other_label', any_args)

      visit project_issue_path(project, issue)
    end

    it 'shows only the link to the cross project references' do
      visit project_issue_path(project, issue)

      expect(page).to have_link(other_issue.to_reference(project).to_s)
      expect(page).to have_link(other_merge_request.to_reference(project).to_s)
      expect(page).not_to have_content("#{other_issue.to_reference(project)} (#{other_issue.state})")
      expect(page).not_to have_xpath("//a[@title='#{other_issue.title}']")
      expect(page).not_to have_content("#{other_merge_request.to_reference(project)} (#{other_merge_request.state})")
      expect(page).not_to have_xpath("//a[@title='#{other_merge_request.title}']")
    end

    it 'does not link a cross project confidential issue if the user does not have access' do
      visit project_issue_path(project, issue)

      expect(page).not_to have_link(other_confidential_issue.to_reference(project).to_s)
      expect(page).not_to have_xpath("//a[@title='#{other_confidential_issue.title}']")
    end

    it 'links a cross project confidential issue without exposing information when the user has access' do
      other_project.add_developer(user)

      visit project_issue_path(project, issue)

      expect(page).to have_link(other_confidential_issue.to_reference(project).to_s)
      expect(page).not_to have_xpath("//a[@title='#{other_confidential_issue.title}']")
    end

    it 'shows a link to the confidential issue in the same project' do
      visit project_issue_path(project, issue)

      expect(page).to have_link("#{confidential_issue.to_reference(project)} (#{confidential_issue.state})")
      expect(page).to have_xpath("//a[@title='#{confidential_issue.title}']")
    end
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 08:50:02 +0300