Fix confidential issues should not be passed to Webhooks

parent 3c3ae816
...@@ -14,6 +14,8 @@ module Issues ...@@ -14,6 +14,8 @@ module Issues
end end
def execute_hooks(issue, action = 'open') def execute_hooks(issue, action = 'open')
return if issue.confidential?
issue_data = hook_data(issue, action) issue_data = hook_data(issue, action)
issue.project.execute_hooks(issue_data, :issue_hooks) issue.project.execute_hooks(issue_data, :issue_hooks)
issue.project.execute_services(issue_data, :issue_hooks) issue.project.execute_services(issue_data, :issue_hooks)
......
...@@ -18,7 +18,7 @@ describe Issues::CloseService, services: true do ...@@ -18,7 +18,7 @@ describe Issues::CloseService, services: true do
context "valid params" do context "valid params" do
before do before do
perform_enqueued_jobs do perform_enqueued_jobs do
@issue = described_class.new(project, user, {}).execute(issue) @issue = described_class.new(project, user).execute(issue)
end end
end end
...@@ -53,10 +53,21 @@ describe Issues::CloseService, services: true do ...@@ -53,10 +53,21 @@ describe Issues::CloseService, services: true do
end end
end end
context "external issue tracker" do context 'when issue is confidential' do
it 'does not execute hooks' do
issue = create(:issue, :confidential, project: project)
expect(project).not_to receive(:execute_hooks)
expect(project).not_to receive(:execute_services)
described_class.new(project, user).execute(issue)
end
end
context 'external issue tracker' do
before do before do
allow(project).to receive(:default_issues_tracker?).and_return(false) allow(project).to receive(:default_issues_tracker?).and_return(false)
@issue = described_class.new(project, user, {}).execute(issue) @issue = described_class.new(project, user).execute(issue)
end end
it { expect(@issue).to be_valid } it { expect(@issue).to be_valid }
......
...@@ -72,6 +72,15 @@ describe Issues::CreateService, services: true do ...@@ -72,6 +72,15 @@ describe Issues::CreateService, services: true do
expect(issue.milestone).not_to eq milestone expect(issue.milestone).not_to eq milestone
end end
end end
it 'does not execute hooks when issue is confidential' do
opts = { title: 'Title', description: 'Description', confidential: true }
expect(project).not_to receive(:execute_hooks)
expect(project).not_to receive(:execute_services)
described_class.new(project, user, opts).execute
end
end end
it_behaves_like 'new issuable record that supports slash commands' it_behaves_like 'new issuable record that supports slash commands'
......
require 'spec_helper' require 'spec_helper'
describe Issues::ReopenService, services: true do describe Issues::ReopenService, services: true do
let(:guest) { create(:user) } let(:project) { create(:empty_project) }
let(:issue) { create(:issue, :closed) } let(:issue) { create(:issue, :closed, project: project) }
let(:project) { issue.project }
before do
project.team << [guest, :guest]
end
describe '#execute' do describe '#execute' do
context 'current user is not authorized to reopen issue' do context 'current user is not authorized to reopen issue' do
before do before do
guest = create(:user)
project.team << [guest, :guest]
perform_enqueued_jobs do perform_enqueued_jobs do
@issue = described_class.new(project, guest).execute(issue) @issue = described_class.new(project, guest).execute(issue)
end end
...@@ -21,5 +19,19 @@ describe Issues::ReopenService, services: true do ...@@ -21,5 +19,19 @@ describe Issues::ReopenService, services: true do
expect(@issue).to be_closed expect(@issue).to be_closed
end end
end end
context 'when issue is confidential' do
it 'does not execute hooks' do
user = create(:user)
project.team << [user, :master]
issue = create(:issue, :confidential, :closed, project: project)
expect(project).not_to receive(:execute_hooks)
expect(project).not_to receive(:execute_services)
described_class.new(project, user).execute(issue)
end
end
end end
end end
...@@ -28,6 +28,11 @@ describe Issues::UpdateService, services: true do ...@@ -28,6 +28,11 @@ describe Issues::UpdateService, services: true do
end end
end end
def update_issue(opts)
@issue = described_class.new(project, user, opts).execute(issue)
@issue.reload
end
context "valid params" do context "valid params" do
before do before do
opts = { opts = {
...@@ -35,12 +40,11 @@ describe Issues::UpdateService, services: true do ...@@ -35,12 +40,11 @@ describe Issues::UpdateService, services: true do
description: 'Also please fix', description: 'Also please fix',
assignee_id: user2.id, assignee_id: user2.id,
state_event: 'close', state_event: 'close',
label_ids: [label.id], label_ids: [label.id]
confidential: true
} }
perform_enqueued_jobs do perform_enqueued_jobs do
@issue = Issues::UpdateService.new(project, user, opts).execute(issue) @issue = described_class.new(project, user, opts).execute(issue)
end end
@issue.reload @issue.reload
...@@ -81,18 +85,35 @@ describe Issues::UpdateService, services: true do ...@@ -81,18 +85,35 @@ describe Issues::UpdateService, services: true do
expect(note).not_to be_nil expect(note).not_to be_nil
expect(note.note).to eq 'Changed title: **{-Old-} title** → **{+New+} title**' expect(note.note).to eq 'Changed title: **{-Old-} title** → **{+New+} title**'
end end
end
context 'when issue turns confidential' do
let(:opts) do
{
title: 'New title',
description: 'Also please fix',
assignee_id: user2.id,
state_event: 'close',
label_ids: [label.id],
confidential: true
}
end
it 'creates system note about confidentiality change' do it 'creates system note about confidentiality change' do
update_issue({ confidential: true })
note = find_note('Made the issue confidential') note = find_note('Made the issue confidential')
expect(note).not_to be_nil expect(note).not_to be_nil
expect(note.note).to eq 'Made the issue confidential' expect(note.note).to eq 'Made the issue confidential'
end end
end
def update_issue(opts) it 'does not execute hooks' do
@issue = Issues::UpdateService.new(project, user, opts).execute(issue) expect(project).not_to receive(:execute_hooks)
@issue.reload expect(project).not_to receive(:execute_services)
update_issue({ confidential: true })
end
end end
context 'todos' do context 'todos' do
...@@ -176,7 +197,7 @@ describe Issues::UpdateService, services: true do ...@@ -176,7 +197,7 @@ describe Issues::UpdateService, services: true do
opts = { label_ids: [label.id] } opts = { label_ids: [label.id] }
perform_enqueued_jobs do perform_enqueued_jobs do
@issue = Issues::UpdateService.new(project, user, opts).execute(issue) @issue = described_class.new(project, user, opts).execute(issue)
end end
should_email(subscriber) should_email(subscriber)
...@@ -190,7 +211,7 @@ describe Issues::UpdateService, services: true do ...@@ -190,7 +211,7 @@ describe Issues::UpdateService, services: true do
opts = { label_ids: [label.id, label2.id] } opts = { label_ids: [label.id, label2.id] }
perform_enqueued_jobs do perform_enqueued_jobs do
@issue = Issues::UpdateService.new(project, user, opts).execute(issue) @issue = described_class.new(project, user, opts).execute(issue)
end end
should_not_email(subscriber) should_not_email(subscriber)
...@@ -201,7 +222,7 @@ describe Issues::UpdateService, services: true do ...@@ -201,7 +222,7 @@ describe Issues::UpdateService, services: true do
opts = { label_ids: [label2.id] } opts = { label_ids: [label2.id] }
perform_enqueued_jobs do perform_enqueued_jobs do
@issue = Issues::UpdateService.new(project, user, opts).execute(issue) @issue = described_class.new(project, user, opts).execute(issue)
end end
should_not_email(subscriber) should_not_email(subscriber)
...@@ -210,7 +231,7 @@ describe Issues::UpdateService, services: true do ...@@ -210,7 +231,7 @@ describe Issues::UpdateService, services: true do
end end
end end
context 'when Issue has tasks' do context 'when issue has tasks' do
before { update_issue({ description: "- [ ] Task 1\n- [ ] Task 2" }) } before { update_issue({ description: "- [ ] Task 1\n- [ ] Task 2" }) }
it { expect(@issue.tasks?).to eq(true) } it { expect(@issue.tasks?).to eq(true) }
...@@ -277,7 +298,7 @@ describe Issues::UpdateService, services: true do ...@@ -277,7 +298,7 @@ describe Issues::UpdateService, services: true do
context 'updating labels' do context 'updating labels' do
let(:label3) { create(:label, project: project) } let(:label3) { create(:label, project: project) }
let(:result) { Issues::UpdateService.new(project, user, params).execute(issue).reload } let(:result) { described_class.new(project, user, params).execute(issue).reload }
context 'when add_label_ids and label_ids are passed' do context 'when add_label_ids and label_ids are passed' do
let(:params) { { label_ids: [label.id], add_label_ids: [label3.id] } } let(:params) { { label_ids: [label.id], add_label_ids: [label3.id] } }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment