Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
iv
gitlab-ce
Commits
97bd3491
Commit
97bd3491
authored
Apr 25, 2016
by
Rémy Coutable
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improve Milestones API specs
Signed-off-by:
Rémy Coutable
<
remy@rymai.me
>
parent
03ae2cdb
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
27 additions
and
38 deletions
+27
-38
CHANGELOG
CHANGELOG
+0
-2
spec/requests/api/milestones_spec.rb
spec/requests/api/milestones_spec.rb
+27
-36
No files found.
CHANGELOG
View file @
97bd3491
...
@@ -8,8 +8,6 @@ v 8.7.1 (unreleased)
...
@@ -8,8 +8,6 @@ v 8.7.1 (unreleased)
- Fix license detection to detect all license files, not only known licenses. !3878
- Fix license detection to detect all license files, not only known licenses. !3878
- Use the `can?` helper instead of `current_user.can?`. !3882
- Use the `can?` helper instead of `current_user.can?`. !3882
- Prevent users from deleting Webhooks via API they do not own
- Prevent users from deleting Webhooks via API they do not own
- Use the `can?` helper instead of `current_user.can?`
- Filter confidential issues from milestones API if user does not have access
v 8.7.0
v 8.7.0
- Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
- Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
...
...
spec/requests/api/milestones_spec.rb
View file @
97bd3491
...
@@ -140,43 +140,34 @@ describe API::API, api: true do
...
@@ -140,43 +140,34 @@ describe API::API, api: true do
get
api
(
"/projects/
#{
project
.
id
}
/milestones/
#{
milestone
.
id
}
/issues"
)
get
api
(
"/projects/
#{
project
.
id
}
/milestones/
#{
milestone
.
id
}
/issues"
)
expect
(
response
.
status
).
to
eq
(
401
)
expect
(
response
.
status
).
to
eq
(
401
)
end
end
end
describe
'confidential issues'
do
it
'should return confidential issues to team members'
do
public_project
=
create
(
:project
,
:public
)
user
=
create
(
:user
)
milestone
=
create
(
:milestone
,
project:
public_project
)
issue
=
create
(
:issue
,
project:
public_project
)
confidential_issue
=
create
(
:issue
,
confidential:
true
,
project:
public_project
)
public_project
.
team
<<
[
user
,
:developer
]
milestone
.
issues
<<
issue
milestone
.
issues
<<
confidential_issue
get
api
(
"/projects/
#{
public_project
.
id
}
/milestones/
#{
milestone
.
id
}
/issues"
,
user
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_response
).
to
be_an
Array
expect
(
json_response
.
size
).
to
eq
(
2
)
expect
(
json_response
.
map
{
|
issue
|
issue
[
'id'
]
}).
to
include
(
issue
.
id
,
confidential_issue
.
id
)
end
it
'should not return confidential issues to regular users'
do
public_project
=
create
(
:project
,
:public
)
normal_user
=
create
(
:user
)
milestone
=
create
(
:milestone
,
project:
public_project
)
issue
=
create
(
:issue
,
project:
public_project
)
confidential_issue
=
create
(
:issue
,
confidential:
true
,
project:
public_project
)
public_project
.
team
<<
[
user
,
:developer
]
milestone
.
issues
<<
issue
milestone
.
issues
<<
confidential_issue
get
api
(
"/projects/
#{
public_project
.
id
}
/milestones/
#{
milestone
.
id
}
/issues"
,
normal_user
)
expect
(
response
.
status
).
to
eq
(
200
)
describe
'confidential issues'
do
expect
(
json_response
).
to
be_an
Array
let
(
:public_project
)
{
create
(
:project
,
:public
)
}
expect
(
json_response
.
size
).
to
eq
(
1
)
let
(
:milestone
)
{
create
(
:milestone
,
project:
public_project
)
}
expect
(
json_response
.
map
{
|
issue
|
issue
[
'id'
]
}).
to
include
(
issue
.
id
)
let
(
:issue
)
{
create
(
:issue
,
project:
public_project
)
}
let
(
:confidential_issue
)
{
create
(
:issue
,
confidential:
true
,
project:
public_project
)
}
before
do
public_project
.
team
<<
[
user
,
:developer
]
milestone
.
issues
<<
issue
<<
confidential_issue
end
it
'returns confidential issues to team members'
do
get
api
(
"/projects/
#{
public_project
.
id
}
/milestones/
#{
milestone
.
id
}
/issues"
,
user
)
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_response
).
to
be_an
Array
expect
(
json_response
.
size
).
to
eq
(
2
)
expect
(
json_response
.
map
{
|
issue
|
issue
[
'id'
]
}).
to
include
(
issue
.
id
,
confidential_issue
.
id
)
end
it
'does not return confidential issues to regular users'
do
get
api
(
"/projects/
#{
public_project
.
id
}
/milestones/
#{
milestone
.
id
}
/issues"
,
create
(
:user
))
expect
(
response
.
status
).
to
eq
(
200
)
expect
(
json_response
).
to
be_an
Array
expect
(
json_response
.
size
).
to
eq
(
1
)
expect
(
json_response
.
map
{
|
issue
|
issue
[
'id'
]
}).
to
include
(
issue
.
id
)
end
end
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment