Commit 97bd3491 authored by Rémy Coutable's avatar Rémy Coutable

Improve Milestones API specs

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 03ae2cdb
...@@ -8,8 +8,6 @@ v 8.7.1 (unreleased) ...@@ -8,8 +8,6 @@ v 8.7.1 (unreleased)
- Fix license detection to detect all license files, not only known licenses. !3878 - Fix license detection to detect all license files, not only known licenses. !3878
- Use the `can?` helper instead of `current_user.can?`. !3882 - Use the `can?` helper instead of `current_user.can?`. !3882
- Prevent users from deleting Webhooks via API they do not own - Prevent users from deleting Webhooks via API they do not own
- Use the `can?` helper instead of `current_user.can?`
- Filter confidential issues from milestones API if user does not have access
v 8.7.0 v 8.7.0
- Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented - Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
......
...@@ -140,19 +140,18 @@ describe API::API, api: true do ...@@ -140,19 +140,18 @@ describe API::API, api: true do
get api("/projects/#{project.id}/milestones/#{milestone.id}/issues") get api("/projects/#{project.id}/milestones/#{milestone.id}/issues")
expect(response.status).to eq(401) expect(response.status).to eq(401)
end end
end
describe 'confidential issues' do describe 'confidential issues' do
it 'should return confidential issues to team members' do let(:public_project) { create(:project, :public) }
public_project = create(:project, :public) let(:milestone) { create(:milestone, project: public_project) }
user = create(:user) let(:issue) { create(:issue, project: public_project) }
milestone = create(:milestone, project: public_project) let(:confidential_issue) { create(:issue, confidential: true, project: public_project) }
issue = create(:issue, project: public_project) before do
confidential_issue = create(:issue, confidential: true, project: public_project)
public_project.team << [user, :developer] public_project.team << [user, :developer]
milestone.issues << issue milestone.issues << issue << confidential_issue
milestone.issues << confidential_issue end
it 'returns confidential issues to team members' do
get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user) get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user)
expect(response.status).to eq(200) expect(response.status).to eq(200)
...@@ -161,17 +160,8 @@ describe API::API, api: true do ...@@ -161,17 +160,8 @@ describe API::API, api: true do
expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id) expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id)
end end
it 'should not return confidential issues to regular users' do it 'does not return confidential issues to regular users' do
public_project = create(:project, :public) get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", create(:user))
normal_user = create(:user)
milestone = create(:milestone, project: public_project)
issue = create(:issue, project: public_project)
confidential_issue = create(:issue, confidential: true, project: public_project)
public_project.team << [user, :developer]
milestone.issues << issue
milestone.issues << confidential_issue
get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", normal_user)
expect(response.status).to eq(200) expect(response.status).to eq(200)
expect(json_response).to be_an Array expect(json_response).to be_an Array
...@@ -179,4 +169,5 @@ describe API::API, api: true do ...@@ -179,4 +169,5 @@ describe API::API, api: true do
expect(json_response.map { |issue| issue['id'] }).to include(issue.id) expect(json_response.map { |issue| issue['id'] }).to include(issue.id)
end end
end end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment