Merge branch '216881-fix-close-button-showing-for-unauthorized-users' into 'master'

Fix label `x` button showing for unauthorized users See merge request gitlab-org/gitlab!45189

Merge branch '216881-fix-close-button-showing-for-unauthorized-users' into 'master'
Fix label `x` button showing for unauthorized users See merge request gitlab-org/gitlab!45189
679db733 · Kushal Pandya · 4eeb3b33 · fc0a3218 · 679db733 · 679db733
Commit 679db733 authored Oct 15, 2020 by Kushal Pandya
3 changed files
--- a/app/assets/javascripts/sidebar/components/labels/sidebar_labels.vue
+++ b/app/assets/javascripts/sidebar/components/labels/sidebar_labels.vue
@@ -77,7 +77,7 @@ export default {
 <template>
  <labels-select
    class="block labels js-labels-block"
-    :allow-label-remove="true"
+    :allow-label-remove="allowLabelEdit"
    :allow-label-create="allowLabelCreate"
    :allow-label-edit="allowLabelEdit"
    :allow-multiselect="true"

--- a/ee/app/assets/javascripts/epic/components/sidebar_items/sidebar_labels.vue
+++ b/ee/app/assets/javascripts/epic/components/sidebar_items/sidebar_labels.vue
@@ -128,7 +128,7 @@ export default {
 <template>
  <labels-select-vue
-    :allow-label-remove="true"
+    :allow-label-remove="canUpdate"
    :allow-label-edit="canUpdate"
    :allow-label-create="true"
    :allow-multiselect="true"

--- a/spec/features/issues/user_edits_issue_spec.rb
+++ b/spec/features/issues/user_edits_issue_spec.rb
@@ -13,319 +13,349 @@ RSpec.describe "Issues > User edits issue", :js do
  let_it_be(:milestone) { create(:milestone, project: project) }
  let_it_be(:milestones) { create_list(:milestone, 25, project: project_with_milestones) }
-  before do
+  context 'with authorized user' do
-    project.add_developer(user)
-    project_with_milestones.add_developer(user)
-    sign_in(user)
-  end
-  context "from edit page" do
    before do
-      visit edit_project_issue_path(project, issue)
+      project.add_developer(user)
+      project_with_milestones.add_developer(user)
+      sign_in(user)
    end
-    it "previews content" do
+    context "from edit page" do
-      form = first(".gfm-form")
+      before do
+        visit edit_project_issue_path(project, issue)
-      page.within(form) do
-        fill_in("Description", with: "Bug fixed :smile:")
-        click_button("Preview")
      end
-      expect(form).to have_button("Write")
+      it "previews content" do
-    end
+        form = first(".gfm-form")
-    it 'allows user to select unassigned' do
+        page.within(form) do
-      visit edit_project_issue_path(project, issue)
+          fill_in("Description", with: "Bug fixed :smile:")
+          click_button("Preview")
+        end
-      expect(page).to have_content "Assignee #{user.name}"
+        expect(form).to have_button("Write")
+      end
-      first('.js-user-search').click
+      it 'allows user to select unassigned' do
-      click_link 'Unassigned'
+        visit edit_project_issue_path(project, issue)
-      click_button 'Save changes'
+        expect(page).to have_content "Assignee #{user.name}"
-      page.within('.assignee') do
+        first('.js-user-search').click
-        expect(page).to have_content 'None - assign yourself'
+        click_link 'Unassigned'
-      end
-    end
-    context 'with due date' do
+        click_button 'Save changes'
-      before do
-        visit edit_project_issue_path(project, issue)
+        page.within('.assignee') do
+          expect(page).to have_content 'None - assign yourself'
+        end
      end
-      it 'saves with due date' do
+      context 'with due date' do
-        date = Date.today.at_beginning_of_month.tomorrow
+        before do
+          visit edit_project_issue_path(project, issue)
+        end
-        fill_in 'issue_title', with: 'bug 345'
+        it 'saves with due date' do
-        fill_in 'issue_description', with: 'bug description'
+          date = Date.today.at_beginning_of_month.tomorrow
-        find('#issuable-due-date').click
-        page.within '.pika-single' do
+          fill_in 'issue_title', with: 'bug 345'
-          click_button date.day
+          fill_in 'issue_description', with: 'bug description'
-        end
+          find('#issuable-due-date').click
-        expect(find('#issuable-due-date').value).to eq date.to_s
+          page.within '.pika-single' do
+            click_button date.day
+          end
-        click_button 'Save changes'
+          expect(find('#issuable-due-date').value).to eq date.to_s
-        page.within '.issuable-sidebar' do
+          click_button 'Save changes'
-          expect(page).to have_content date.to_s(:medium)
+          page.within '.issuable-sidebar' do
+            expect(page).to have_content date.to_s(:medium)
+          end
        end
-      end
-      it 'warns about version conflict' do
+        it 'warns about version conflict' do
-        issue.update(title: "New title")
+          issue.update(title: "New title")
-        fill_in 'issue_title', with: 'bug 345'
+          fill_in 'issue_title', with: 'bug 345'
-        fill_in 'issue_description', with: 'bug description'
+          fill_in 'issue_description', with: 'bug description'
-        click_button 'Save changes'
+          click_button 'Save changes'
-        expect(page).to have_content 'Someone edited the issue the same time you did'
+          expect(page).to have_content 'Someone edited the issue the same time you did'
+        end
      end
    end
-  end
-  context "from issue#show" do
+    context "from issue#show" do
-    before do
+      before do
-      visit project_issue_path(project, issue)
+        visit project_issue_path(project, issue)
-    end
+      end
-    describe 'update labels' do
+      describe 'update labels' do
-      it 'will not send ajax request when no data is changed' do
+        it 'will not send ajax request when no data is changed' do
-        page.within '.labels' do
+          page.within '.labels' do
-          click_on 'Edit'
+            click_on 'Edit'
-          find('.dropdown-title button').click
+            find('.dropdown-title button').click
-          expect(page).not_to have_selector('.block-loading')
+            expect(page).not_to have_selector('.block-loading')
-          expect(page).not_to have_selector('.gl-spinner')
+            expect(page).not_to have_selector('.gl-spinner')
+          end
        end
-      end
-      it 'can add label to issue' do
+        it 'can add label to issue' do
-        page.within '.block.labels' do
+          page.within '.block.labels' do
-          expect(page).to have_text('verisimilitude')
+            expect(page).to have_text('verisimilitude')
-          expect(page).not_to have_text('syzygy')
+            expect(page).not_to have_text('syzygy')
-          click_on 'Edit'
+            click_on 'Edit'
-          wait_for_requests
+            wait_for_requests
-          click_on 'syzygy'
+            click_on 'syzygy'
-          find('.dropdown-header-button').click
+            find('.dropdown-header-button').click
-          wait_for_requests
+            wait_for_requests
-          expect(page).to have_text('verisimilitude')
+            expect(page).to have_text('verisimilitude')
-          expect(page).to have_text('syzygy')
+            expect(page).to have_text('syzygy')
+          end
        end
-      end
-      it 'can remove label from issue by clicking on the label `x` button' do
+        it 'can remove label from issue by clicking on the label `x` button' do
-        page.within '.block.labels' do
+          page.within '.block.labels' do
-          expect(page).to have_text('verisimilitude')
+            expect(page).to have_text('verisimilitude')
-          within '.gl-label' do
+            within '.gl-label' do
-            click_button
+              click_button
-          end
+            end
-          wait_for_requests
+            wait_for_requests
-          expect(page).not_to have_text('verisimilitude')
+            expect(page).not_to have_text('verisimilitude')
+          end
        end
      end
-    end
-    describe 'update assignee' do
+      describe 'update assignee' do
-      context 'by authorized user' do
+        context 'by authorized user' do
-        def close_dropdown_menu_if_visible
+          def close_dropdown_menu_if_visible
-          find('.dropdown-menu-toggle', visible: :all).tap do |toggle|
+            find('.dropdown-menu-toggle', visible: :all).tap do |toggle|
-            toggle.click if toggle.visible?
+              toggle.click if toggle.visible?
+            end
          end
-        end
-        it 'allows user to select unassigned' do
+          it 'allows user to select unassigned' do
-          visit project_issue_path(project, issue)
+            visit project_issue_path(project, issue)
-          page.within('.assignee') do
+            page.within('.assignee') do
-            expect(page).to have_content "#{user.name}"
+              expect(page).to have_content "#{user.name}"
-            click_link 'Edit'
+              click_link 'Edit'
-            click_link 'Unassigned'
+              click_link 'Unassigned'
-            first('.title').click
+              first('.title').click
-            expect(page).to have_content 'None - assign yourself'
+              expect(page).to have_content 'None - assign yourself'
+            end
          end
-        end
-        it 'allows user to select an assignee' do
+          it 'allows user to select an assignee' do
-          issue2 = create(:issue, project: project, author: user)
+            issue2 = create(:issue, project: project, author: user)
-          visit project_issue_path(project, issue2)
+            visit project_issue_path(project, issue2)
-          page.within('.assignee') do
+            page.within('.assignee') do
-            expect(page).to have_content "None"
+              expect(page).to have_content "None"
-          end
+            end
-          page.within '.assignee' do
+            page.within '.assignee' do
-            click_link 'Edit'
+              click_link 'Edit'
-          end
+            end
-          page.within '.dropdown-menu-user' do
+            page.within '.dropdown-menu-user' do
-            click_link user.name
+              click_link user.name
-          end
+            end
-          page.within('.assignee') do
+            page.within('.assignee') do
-            expect(page).to have_content user.name
+              expect(page).to have_content user.name
+            end
          end
-        end
-        it 'allows user to unselect themselves' do
+          it 'allows user to unselect themselves' do
-          issue2 = create(:issue, project: project, author: user, assignees: [user])
+            issue2 = create(:issue, project: project, author: user, assignees: [user])
-          visit project_issue_path(project, issue2)
+            visit project_issue_path(project, issue2)
-          page.within '.assignee' do
+            page.within '.assignee' do
-            expect(page).to have_content user.name
+              expect(page).to have_content user.name
-            click_link 'Edit'
+              click_link 'Edit'
-            click_link user.name
+              click_link user.name
-            close_dropdown_menu_if_visible
+              close_dropdown_menu_if_visible
-            page.within '.value .assign-yourself' do
+              page.within '.value .assign-yourself' do
-              expect(page).to have_content "None"
+                expect(page).to have_content "None"
+              end
            end
          end
        end
-      end
-      context 'by unauthorized user' do
+        context 'by unauthorized user' do
-        let(:guest) { create(:user) }
+          let(:guest) { create(:user) }
-        before do
+          before do
-          project.add_guest(guest)
+            project.add_guest(guest)
-        end
+          end
-        it 'shows assignee text' do
+          it 'shows assignee text' do
-          sign_out(:user)
+            sign_out(:user)
-          sign_in(guest)
+            sign_in(guest)
-          visit project_issue_path(project, issue)
+            visit project_issue_path(project, issue)
-          expect(page).to have_content issue.assignees.first.name
+            expect(page).to have_content issue.assignees.first.name
+          end
        end
      end
-    end
-    describe 'update milestone' do
+      describe 'update milestone' do
-      context 'by authorized user' do
+        context 'by authorized user' do
-        it 'allows user to select unassigned' do
+          it 'allows user to select unassigned' do
-          visit project_issue_path(project, issue)
+            visit project_issue_path(project, issue)
-          page.within('.milestone') do
+            page.within('.milestone') do
-            expect(page).to have_content "None"
+              expect(page).to have_content "None"
-          end
+            end
-          find('.block.milestone .edit-link').click
+            find('.block.milestone .edit-link').click
-          sleep 2 # wait for ajax stuff to complete
+            sleep 2 # wait for ajax stuff to complete
-          first('.dropdown-content li').click
+            first('.dropdown-content li').click
-          sleep 2
+            sleep 2
-          page.within('.milestone') do
+            page.within('.milestone') do
-            expect(page).to have_content 'None'
+              expect(page).to have_content 'None'
+            end
          end
-        end
-        it 'allows user to de-select milestone' do
+          it 'allows user to de-select milestone' do
-          visit project_issue_path(project, issue)
+            visit project_issue_path(project, issue)
-          page.within('.milestone') do
+            page.within('.milestone') do
-            click_link 'Edit'
+              click_link 'Edit'
-            click_link milestone.title
+              click_link milestone.title
-            page.within '.value' do
+              page.within '.value' do
-              expect(page).to have_content milestone.title
+                expect(page).to have_content milestone.title
-            end
+              end
-            click_link 'Edit'
+              click_link 'Edit'
-            click_link milestone.title
+              click_link milestone.title
-            page.within '.value' do
+              page.within '.value' do
-              expect(page).to have_content 'None'
+                expect(page).to have_content 'None'
+              end
            end
          end
-        end
-        it 'allows user to search milestone' do
+          it 'allows user to search milestone' do
-          visit project_issue_path(project_with_milestones, issue_with_milestones)
+            visit project_issue_path(project_with_milestones, issue_with_milestones)
-          page.within('.milestone') do
+            page.within('.milestone') do
-            click_link 'Edit'
+              click_link 'Edit'
-            wait_for_requests
+              wait_for_requests
-            # We need to enclose search string in quotes for exact match as all the milestone titles
+              # We need to enclose search string in quotes for exact match as all the milestone titles
-            # within tests are prefixed with `My title`.
+              # within tests are prefixed with `My title`.
-            find('.dropdown-input-field', visible: true).send_keys "\"#{milestones[0].title}\""
+              find('.dropdown-input-field', visible: true).send_keys "\"#{milestones[0].title}\""
-            wait_for_requests
+              wait_for_requests
-            page.within '.dropdown-content' do
+              page.within '.dropdown-content' do
-              expect(page).to have_content milestones[0].title
+                expect(page).to have_content milestones[0].title
+              end
            end
          end
        end
-      end
-      context 'by unauthorized user' do
+        context 'by unauthorized user' do
-        let(:guest) { create(:user) }
+          let(:guest) { create(:user) }
-        before do
+          before do
-          project.add_guest(guest)
+            project.add_guest(guest)
-          issue.milestone = milestone
+            issue.milestone = milestone
-          issue.save
+            issue.save
-        end
+          end
-        it 'shows milestone text' do
+          it 'shows milestone text' do
-          sign_out(:user)
+            sign_out(:user)
-          sign_in(guest)
+            sign_in(guest)
-          visit project_issue_path(project, issue)
+            visit project_issue_path(project, issue)
-          expect(page).to have_content milestone.title
+            expect(page).to have_content milestone.title
+          end
        end
      end
-    end
-    context 'update due date' do
+      context 'update due date' do
-      it 'adds due date to issue' do
+        it 'adds due date to issue' do
-        date = Date.today.at_beginning_of_month + 2.days
+          date = Date.today.at_beginning_of_month + 2.days
-        page.within '.due_date' do
+          page.within '.due_date' do
-          click_link 'Edit'
+            click_link 'Edit'
-          page.within '.pika-single' do
+            page.within '.pika-single' do
-            click_button date.day
+              click_button date.day
-          end
+            end
-          wait_for_requests
+            wait_for_requests
-          expect(find('.value').text).to have_content date.strftime('%b %-d, %Y')
+            expect(find('.value').text).to have_content date.strftime('%b %-d, %Y')
+          end
        end
-      end
-      it 'removes due date from issue' do
+        it 'removes due date from issue' do
-        date = Date.today.at_beginning_of_month + 2.days
+          date = Date.today.at_beginning_of_month + 2.days
-        page.within '.due_date' do
+          page.within '.due_date' do
-          click_link 'Edit'
+            click_link 'Edit'
-          page.within '.pika-single' do
+            page.within '.pika-single' do
-            click_button date.day
+              click_button date.day
+            end
+            wait_for_requests
+            expect(page).to have_no_content 'None'
+            click_link 'remove due date'
+            expect(page).to have_content 'None'
          end
+        end
+      end
+    end
+  end
+  context 'with unauthorized user' do
+    before do
+      sign_in(user)
+    end
-          wait_for_requests
+    context "from issue#show" do
+      before do
+        visit project_issue_path(project, issue)
+      end
-          expect(page).to have_no_content 'None'
+      describe 'updating labels' do
+        it 'cannot edit labels' do
+          page.within '.block.labels' do
+            expect(page).not_to have_button('Edit')
+          end
+        end
-          click_link 'remove due date'
+        it 'cannot remove label with a click as it has no `x` button' do
-          expect(page).to have_content 'None'
+          page.within '.block.labels' do
+            within '.gl-label' do
+              expect(page).not_to have_button
+            end
+          end
        end
      end
    end