Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
7ee52833
Commit
7ee52833
authored
8 years ago
by
Douglas Barbosa Alexandre
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Restrict access for confidential issues on autocomplete
parent
43d8bdb4
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
81 additions
and
6 deletions
+81
-6
app/controllers/projects_controller.rb
app/controllers/projects_controller.rb
+1
-1
app/services/projects/autocomplete_service.rb
app/services/projects/autocomplete_service.rb
+1
-5
spec/services/projects/autocomplete_service_spec.rb
spec/services/projects/autocomplete_service_spec.rb
+79
-0
No files found.
app/controllers/projects_controller.rb
View file @
7ee52833
...
...
@@ -134,7 +134,7 @@ class ProjectsController < ApplicationController
def
autocomplete_sources
note_type
=
params
[
'type'
]
note_id
=
params
[
'type_id'
]
autocomplete
=
::
Projects
::
AutocompleteService
.
new
(
@project
)
autocomplete
=
::
Projects
::
AutocompleteService
.
new
(
@project
,
current_user
)
participants
=
::
Projects
::
ParticipantsService
.
new
(
@project
,
current_user
).
execute
(
note_type
,
note_id
)
@suggestions
=
{
...
...
This diff is collapsed.
Click to expand it.
app/services/projects/autocomplete_service.rb
View file @
7ee52833
module
Projects
class
AutocompleteService
<
BaseService
def
initialize
(
project
)
@project
=
project
end
def
issues
@project
.
issues
.
opened
.
select
([
:iid
,
:title
])
@project
.
issues
.
visible_to_user
(
current_user
).
opened
.
select
([
:iid
,
:title
])
end
def
merge_requests
...
...
This diff is collapsed.
Click to expand it.
spec/services/projects/autocomplete_service_spec.rb
0 → 100644
View file @
7ee52833
require
'spec_helper'
describe
Projects
::
AutocompleteService
,
services:
true
do
describe
'#issues'
do
describe
'confidential issues'
do
let
(
:author
)
{
create
(
:user
)
}
let
(
:assignee
)
{
create
(
:user
)
}
let
(
:non_member
)
{
create
(
:user
)
}
let
(
:member
)
{
create
(
:user
)
}
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:project
)
{
create
(
:empty_project
,
:public
)
}
let!
(
:issue
)
{
create
(
:issue
,
project:
project
,
title:
'Issue 1'
)
}
let!
(
:security_issue_1
)
{
create
(
:issue
,
:confidential
,
project:
project
,
title:
'Security issue 1'
,
author:
author
)
}
let!
(
:security_issue_2
)
{
create
(
:issue
,
:confidential
,
title:
'Security issue 2'
,
project:
project
,
assignee:
assignee
)
}
it
'should not list project confidential issues for guests'
do
autocomplete
=
described_class
.
new
(
project
,
nil
)
issues
=
autocomplete
.
issues
.
map
(
&
:iid
)
expect
(
issues
).
to
include
issue
.
iid
expect
(
issues
).
not_to
include
security_issue_1
.
iid
expect
(
issues
).
not_to
include
security_issue_2
.
iid
expect
(
issues
.
count
).
to
eq
1
end
it
'should not list project confidential issues for non project members'
do
autocomplete
=
described_class
.
new
(
project
,
non_member
)
issues
=
autocomplete
.
issues
.
map
(
&
:iid
)
expect
(
issues
).
to
include
issue
.
iid
expect
(
issues
).
not_to
include
security_issue_1
.
iid
expect
(
issues
).
not_to
include
security_issue_2
.
iid
expect
(
issues
.
count
).
to
eq
1
end
it
'should list project confidential issues for author'
do
autocomplete
=
described_class
.
new
(
project
,
author
)
issues
=
autocomplete
.
issues
.
map
(
&
:iid
)
expect
(
issues
).
to
include
issue
.
iid
expect
(
issues
).
to
include
security_issue_1
.
iid
expect
(
issues
).
not_to
include
security_issue_2
.
iid
expect
(
issues
.
count
).
to
eq
2
end
it
'should list project confidential issues for assignee'
do
autocomplete
=
described_class
.
new
(
project
,
assignee
)
issues
=
autocomplete
.
issues
.
map
(
&
:iid
)
expect
(
issues
).
to
include
issue
.
iid
expect
(
issues
).
not_to
include
security_issue_1
.
iid
expect
(
issues
).
to
include
security_issue_2
.
iid
expect
(
issues
.
count
).
to
eq
2
end
it
'should list project confidential issues for project members'
do
project
.
team
<<
[
member
,
:developer
]
autocomplete
=
described_class
.
new
(
project
,
member
)
issues
=
autocomplete
.
issues
.
map
(
&
:iid
)
expect
(
issues
).
to
include
issue
.
iid
expect
(
issues
).
to
include
security_issue_1
.
iid
expect
(
issues
).
to
include
security_issue_2
.
iid
expect
(
issues
.
count
).
to
eq
3
end
it
'should list all project issues for admin'
do
autocomplete
=
described_class
.
new
(
project
,
admin
)
issues
=
autocomplete
.
issues
.
map
(
&
:iid
)
expect
(
issues
).
to
include
issue
.
iid
expect
(
issues
).
to
include
security_issue_1
.
iid
expect
(
issues
).
to
include
security_issue_2
.
iid
expect
(
issues
.
count
).
to
eq
3
end
end
end
end
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment