Commit 38f3c2e1 authored by Jarka Košanová's avatar Jarka Košanová

Remove link after issue move when no permissions

Don't show new issue link after move
when a user does not have permissions
to display the new issue
parent 66b20a66
......@@ -74,6 +74,7 @@ module Emails
@new_issue = new_issue
@new_project = new_issue.project
@can_access_project = recipient.can?(:read_project, @new_project)
mail_answer_thread(issue, issue_thread_options(updated_by_user.id, recipient.id, reason))
end
......
%p
Issue was moved to another project.
%p
- if @can_access_project
%p
New issue:
= link_to project_issue_url(@new_project, @new_issue) do
= @new_issue.title
- else
You don't have access to the project.
Issue was moved to another project.
<% if @can_access_project %>
New issue location:
<%= project_issue_url(@new_project, @new_issue) %>
<% else %>
You don't have access to the project.
<% end %>
---
title: Don't show new issue link after move when a user does not have permissions
merge_request:
author:
type: security
......@@ -194,6 +194,11 @@ describe Notify do
let(:new_issue) { create(:issue) }
subject { described_class.issue_moved_email(recipient, issue, new_issue, current_user) }
context 'when a user has permissions to access the new issue' do
before do
new_issue.project.add_developer(recipient)
end
it_behaves_like 'an answer to an existing thread with reply-by-email enabled' do
let(:model) { issue }
end
......@@ -213,6 +218,31 @@ describe Notify do
is_expected.to have_body_text(project_issue_path(project, issue))
end
end
it 'contains the issue title' do
is_expected.to have_body_text new_issue.title
end
end
context 'when a user does not permissions to access the new issue' do
it 'has the correct subject and body' do
new_issue_url = project_issue_path(new_issue.project, new_issue)
aggregate_failures do
is_expected.to have_referable_subject(issue, reply: true)
is_expected.not_to have_body_text(new_issue_url)
is_expected.to have_body_text(project_issue_path(project, issue))
end
end
it 'does not contain the issue title' do
is_expected.not_to have_body_text new_issue.title
end
it 'contains information about missing permissions' do
is_expected.to have_body_text "You don't have access to the project."
end
end
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment