Add tests for events on confidential designs

ee/spec/factories/notes.rb

@@ -9,6 +9,7 @@ FactoryBot.modify do
 
     trait :on_design do
       noteable { create(:design, :with_file, issue: create(:issue, project: project)) }
+      project { noteable.project }
     end
 
     trait :with_review do

ee/spec/models/ee/event_spec.rb

@@ -7,10 +7,13 @@ describe Event do
     let_it_be(:non_member) { create(:user) }
     let_it_be(:member) { create(:user) }
     let_it_be(:guest) { create(:user) }
+    let_it_be(:reporter) { create(:user) }
     let_it_be(:author) { create(:author) }
     let_it_be(:admin) { create(:admin) }
     let_it_be(:project) { create(:project) }
 
+    let(:users) { [non_member, member, reporter, guest, author, admin] }
+
     let(:epic) { create(:epic, group: group, author: author) }
     let(:note_on_epic) { create(:note, :on_epic, noteable: epic) }
     let(:event) { described_class.new(group: group, target: target, author: author) }
@@ -20,6 +23,7 @@ describe Event do
 
       project.add_developer(member)
       project.add_guest(guest)
+      project.add_reporter(reporter)
 
       if defined?(group)
         group.add_developer(member)
@@ -27,21 +31,48 @@ describe Event do
       end
     end
 
+    RSpec::Matchers.define :be_visible_to do |user|
+      match do |event|
+        event.visible_to_user?(user)
+      end
+
+      failure_message do |event|
+        "expected that #{event} should be visible to #{user}"
+      end
+
+      failure_message_when_negated do |event|
+        "expected that #{event} would not be visible to #{user}"
+      end
+    end
+
+    RSpec::Matchers.define :have_access_to do |event|
+      match do |user|
+        event.visible_to_user?(user)
+      end
+
+      failure_message do |user|
+        "expected that #{event} should be visible to #{user}"
+      end
+
+      failure_message_when_negated do |user|
+        "expected that #{event} would not be visible to #{user}"
+      end
+    end
+
     shared_examples 'visible to group members only' do
-      it 'is not visible to other users' do
-        expect(event.visible_to_user?(non_member)).to eq false
-        expect(event.visible_to_user?(member)).to eq true
-        expect(event.visible_to_user?(guest)).to eq true
-        expect(event.visible_to_user?(admin)).to eq true
+      it 'is not visible to other users', :aggregate_failures do
+        expect(event).not_to be_visible_to(non_member)
+        expect(event).not_to be_visible_to(author)
+
+        expect(event).to be_visible_to(member)
+        expect(event).to be_visible_to(guest)
+        expect(event).to be_visible_to(admin)
       end
     end
 
     shared_examples 'visible to everybody' do
-      it 'is visible to other users' do
-        expect(event.visible_to_user?(non_member)).to eq true
-        expect(event.visible_to_user?(member)).to eq true
-        expect(event.visible_to_user?(guest)).to eq true
-        expect(event.visible_to_user?(admin)).to eq true
+      it 'is visible to other users', :aggregate_failures do
+        expect(users).to all(have_access_to(event))
       end
     end
 
@@ -52,13 +83,32 @@ describe Event do
         enable_design_management
       end
 
-      it 'is visible to authorised users' do
-        event = create(:event, :for_design, project: project)
+      it_behaves_like 'visible to group members only' do
+        let(:event) { create(:event, :for_design, project: project) }
+      end
+
+      context 'the event refers to a design on a confidential issue' do
+        let(:project) { create(:project, :public) }
+        let(:issue) { create(:issue, :confidential, project: project) }
+        let(:design) { create(:design, issue: issue) }
+        let(:note) { create(:note, :on_design, noteable: design) }
+        let(:event) { create(:event, project: project, target: note) }
+
+        let(:assignees) do
+          create_list(:user, 3).each { |user| issue.assignees << user }
+        end
+
+        it 'visible to group reporters, the issue author, and assignees', :aggregate_failures do
+          expect(event).not_to be_visible_to(non_member)
+          expect(event).not_to be_visible_to(guest)
+
+          expect(event).to be_visible_to(reporter)
+          expect(event).to be_visible_to(member)
+          expect(event).to be_visible_to(admin)
+          expect(event).to be_visible_to(issue.author)
 
-        expect(event.visible_to_user?(non_member)).to eq false
-        expect(event.visible_to_user?(member)).to eq true
-        expect(event.visible_to_user?(guest)).to eq true
-        expect(event.visible_to_user?(admin)).to eq true
+          expect(assignees).to all(have_access_to(event))
+        end
       end
     end