Check permissions to create a note slack command

Every Slack Slash command should have a `self.allowed?` method defined to check the permissions to perform an action

Check permissions to create a note slack command
Every Slack Slash command should have a `self.allowed?` method defined to check the permissions to perform an action
3ebdab56 · Vitali Tatarintev · ee77d3df · 3ebdab56 · 3ebdab56 · 3ebdab56
Commit 3ebdab56 authored Nov 04, 2019 by Vitali Tatarintev
4 changed files
--- a/lib/gitlab/slash_commands/issue_comment.rb
+++ b/lib/gitlab/slash_commands/issue_comment.rb
@@ -11,6 +11,10 @@ module Gitlab
        'issue comment <id> *`⇧ Shift`*+*`↵ Enter`* <comment>'
      end

+      def self.allowed?(issue, user)
+        can?(user, :create_note, issue)
+      end
+
      def execute(match)
        note_body = match[:note_body].to_s.strip
        issue = find_by_iid(match[:iid])

--- a/lib/gitlab/slash_commands/presenters/note_base.rb
+++ b/lib/gitlab/slash_commands/presenters/note_base.rb
@@ -33,7 +33,7 @@ module Gitlab
        def fields
          [
            {
-              title: "Comment",
+              title: 'Comment',
              value: resource.note
            }
          ]

--- a/spec/lib/gitlab/slash_commands/command_spec.rb
+++ b/spec/lib/gitlab/slash_commands/command_spec.rb
@@ -115,5 +115,10 @@ describe Gitlab::SlashCommands::Command do
      let(:params) { { text: 'issue move #78291 to gitlab/gitlab-ci' } }
      it { is_expected.to eq(Gitlab::SlashCommands::IssueMove) }
    end
+
+    context 'IssueComment is triggered' do
+      let(:params) { { text: "issue comment #503\ncomment body" } }
+      it { is_expected.to eq(Gitlab::SlashCommands::IssueComment) }
+    end
  end
 end
--- a/spec/lib/gitlab/slash_commands/issue_comment_spec.rb
+++ b/spec/lib/gitlab/slash_commands/issue_comment_spec.rb
@@ -3,17 +3,18 @@
 require 'spec_helper'

 describe Gitlab::SlashCommands::IssueComment do
+  let_it_be(:project) { create(:project) }
+  let_it_be(:issue) { create(:issue, project: project) }
+  let(:user) { issue.author }
+
  describe '#execute' do
-    let_it_be(:project) { create(:project) }
-    let_it_be(:issue) { create(:issue, project: project) }
-    let(:user) { issue.author }
    let(:chat_name) { double(:chat_name, user: user) }
    let(:regex_match) { described_class.match("issue comment #{issue.iid}\nComment body") }

    subject { described_class.new(project, chat_name).execute(regex_match) }

    context 'when the issue exists' do
-      context 'when the user does not have premission' do
+      context 'when the user does not have permission' do
        let(:chat_name) { double(:chat_name, user: create(:user)) }

        it 'does not allow the user to comment' do
@@ -54,7 +55,7 @@ describe Gitlab::SlashCommands::IssueComment do
    context 'the issue does not exist' do
      let(:regex_match) { described_class.match("issue comment 2343242\nComment body") }

-      it "returns not found" do
+      it 'returns not found' do
        expect(subject[:response_type]).to be(:ephemeral)
        expect(subject[:text]).to match('not found')
      end
@@ -94,4 +95,24 @@ describe Gitlab::SlashCommands::IssueComment do
      end
    end
  end
+
+  describe '.allowed?' do
+    subject { described_class.allowed?(issue, user) }
+
+    before do
+      allow(Ability).to receive(:allowed?).with(user, :create_note, issue).and_return(is_allowed)
+    end
+
+    context 'when the user can create a note' do
+      let(:is_allowed) { true }
+
+      it { is_expected.to be_truthy }
+    end
+
+    context 'when the user cannot create a note' do
+      let(:is_allowed) { false }
+
+      it { is_expected.to be_falsey }
+    end
+  end
 end