Commit c2e6dc3c authored by Stan Hu's avatar Stan Hu

Merge branch '9497-refactor-groups-epic-controllers' into 'master'

Refactor `Groups::EpicIssuesController` and `Groups::EpicLinksController`

Closes #9497

See merge request gitlab-org/gitlab-ee!10617
parents cb343c8b c9d7bf0e
......@@ -2,17 +2,26 @@
module EpicRelations
extend ActiveSupport::Concern
include Gitlab::Utils::StrongMemoize
include IssuableLinks
included do
skip_before_action :authorize_destroy_issuable!
skip_before_action :authorize_create_epic!
skip_before_action :authorize_update_issuable!
before_action :check_epics_available!
before_action :authorize_read_epic!, only: :index
before_action :authorize_admin_epic!, only: [:create, :destroy, :update]
end
def authorize_read_epic!
render_404 unless can?(current_user, :read_epic, epic)
end
def authorize_admin_epic!
render_403 unless can?(current_user, :admin_epic, epic)
end
def epic
strong_memoize(:epic) do
group.epics.find_by_iid(params[:epic_id])
end
end
end
# frozen_string_literal: true
class Groups::EpicIssuesController < Groups::EpicsController
class Groups::EpicIssuesController < Groups::ApplicationController
include EpicRelations
before_action :authorize_issue_link_association!, only: [:destroy, :update]
......
# frozen_string_literal: true
class Groups::EpicLinksController < Groups::EpicsController
class Groups::EpicLinksController < Groups::ApplicationController
include EpicRelations
before_action :check_nested_support!
......
......@@ -2,7 +2,7 @@ require 'spec_helper'
describe Groups::EpicIssuesController do
let(:group) { create(:group, :public) }
let(:project) { create(:project, :public, group: group) }
let(:project) { create(:project, group: group) }
let(:milestone) { create(:milestone, project: project) }
let(:epic) { create(:epic, group: group) }
let(:user) { create(:user) }
......@@ -35,6 +35,7 @@ describe Groups::EpicIssuesController do
it_behaves_like 'unlicensed epics action'
context 'when epics feature is enabled' do
context 'when user has access to epic' do
before do
group.add_developer(user)
......@@ -49,6 +50,17 @@ describe Groups::EpicIssuesController do
expect(JSON.parse(response.body)).to match_schema('related_issues', dir: 'ee')
end
end
context 'when user does not have access to epic' do
it 'returns 404 status' do
group.update(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
subject
expect(response).to have_gitlab_http_status(404)
end
end
end
end
describe 'POST #create' do
......
......@@ -38,6 +38,10 @@ describe Groups::EpicLinksController, :postgresql do
context 'when epics are enabled' do
before do
stub_licensed_features(epics: true)
end
context 'when user has access to epic' do
before do
group.add_developer(user)
subject
......@@ -50,6 +54,17 @@ describe Groups::EpicLinksController, :postgresql do
expect(json_response).to eq(list_service_response.as_json)
end
end
context 'when user does not have access to epic' do
it 'returns 404 status' do
group.update(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
subject
expect(response).to have_gitlab_http_status(404)
end
end
end
end
describe 'POST #create' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment