spec/support/shared_examples/lib/gitlab/project_search_results_shared_examples.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

# frozen_string_literal: true

RSpec.shared_examples 'access restricted confidential issues' do
  let(:query) { 'issue' }
  let(:author) { create(:user) }
  let(:assignee) { create(:user) }
  let(:project) { create(:project, :internal) }

  let!(:issue) { create(:issue, project: project, title: 'Issue 1') }
  let!(:security_issue_1) { create(:issue, :confidential, project: project, title: 'Security issue 1', author: author) }
  let!(:security_issue_2) { create(:issue, :confidential, title: 'Security issue 2', project: project, assignees: [assignee]) }

  subject(:objects) do
    described_class.new(user, query, project: project).objects('issues')
  end

  context 'when the user is non-member' do
    let(:user) { create(:user) }

    it 'does not list project confidential issues for non project members' do
      expect(objects).to contain_exactly(issue)
      expect(results.limited_issues_count).to eq 1
    end
  end

  context 'when the member is guest' do
    let(:user) do
      create(:user) { |guest| project.add_guest(guest) }
    end

    it 'does not list project confidential issues for project members with guest role' do
      expect(objects).to contain_exactly(issue)
      expect(results.limited_issues_count).to eq 1
    end
  end

  context 'when the user is the author' do
    let(:user) { author }

    it 'lists project confidential issues' do
      expect(objects).to contain_exactly(issue,
                                         security_issue_1)
      expect(results.limited_issues_count).to eq 2
    end
  end

  context 'when the user is the assignee' do
    let(:user) { assignee }

    it 'lists project confidential issues for assignee' do
      expect(objects).to contain_exactly(issue,
                                         security_issue_2)
      expect(results.limited_issues_count).to eq 2
    end
  end

  context 'when the user is a developper' do
    let(:user) do
      create(:user) { |user| project.add_developer(user) }
    end

    it 'lists project confidential issues' do
      expect(objects).to contain_exactly(issue,
                                         security_issue_1,
                                         security_issue_2)
      expect(results.limited_issues_count).to eq 3
    end
  end

  context 'when the user is admin', :request_store do
    let(:user) { create(:user, admin: true) }

    it 'lists all project issues' do
      expect(objects).to contain_exactly(issue,
                                         security_issue_1,
                                         security_issue_2)
    end
  end
end