Skip to content

G
gitlab-ce
Commit 4ded8adf authored by Douglas Barbosa Alexandre's avatar Douglas Barbosa Alexandre
Browse files
Options

Remove references for confidential issues

parent dc4c8769
Hide whitespace changes
Inline Side-by-side
Showing with 33 additions and 1 deletion
lib/banzai/filter/issue_reference_filter.rb
View file @ 4ded8adf
......@@ -9,6 +9,15 @@ module Banzai
Issue
end
def self.user_can_see_reference?(user, node, context)
if node.has_attribute?('data-issue')
issue = Issue.find(node.attr('data-issue')) rescue nil
issue && !issue.confidential?
else
super
end
end
def find_object(project, id)
project.get_issue(id)
end
......
spec/lib/banzai/filter/redactor_filter_spec.rb
View file @ 4ded8adf
......@@ -44,8 +44,31 @@ describe Banzai::Filter::RedactorFilter, lib: true do
end
end
context "for user references" do
context 'with data-issue' do
it 'removes references for confidential issues' do
user = create(:user)
project = create(:empty_project)
issue = create(:issue, :confidential, project: project)
link = reference_link(issue: issue.id, reference_filter: 'IssueReferenceFilter')
doc = filter(link, current_user: user)
expect(doc.css('a').length).to eq 0
end
it 'allows references for non confidential issues' do
user = create(:user)
project = create(:empty_project)
issue = create(:issue, project: project)
link = reference_link(issue: issue.id, reference_filter: 'IssueReferenceFilter')
doc = filter(link, current_user: user)
expect(doc.css('a').length).to eq 1
end
end
context "for user references" do
context 'with data-group' do
it 'removes unpermitted Group references' do
user = create(:user)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7