Merge branch '32882-render-special-references-for-releases' into 'master'

Render special references for release entities See merge request gitlab-org/gitlab!26554

Merge branch '32882-render-special-references-for-releases' into 'master'
Render special references for release entities See merge request gitlab-org/gitlab!26554
914364a1 · Dmytro Zaporozhets · 3e598ef9 · db0315d1 · 914364a1 · 914364a1
Commit 914364a1 authored Mar 12, 2020 by Dmytro Zaporozhets
4 changed files
--- a/changelogs/unreleased/32882-render-special-references-for-releases.yml
+++ b/changelogs/unreleased/32882-render-special-references-for-releases.yml
+---
+title: Render special references for releases
+merge_request: 26554
+author:
+type: fixed
--- a/lib/api/entities/release.rb
+++ b/lib/api/entities/release.rb
@@ -11,7 +11,7 @@ module API
      expose :tag, as: :tag_name, if: ->(_, _) { can_download_code? }
      expose :description
      expose :description_html do |entity|
-        MarkupHelper.markdown_field(entity, :description)
+        MarkupHelper.markdown_field(entity, :description, current_user: options[:current_user])
      end
      expose :created_at
      expose :released_at

--- a/spec/lib/api/entities/release_spec.rb
+++ b/spec/lib/api/entities/release_spec.rb
@@ -4,13 +4,14 @@ require 'spec_helper'

 describe API::Entities::Release do
  let_it_be(:project) { create(:project) }
-  let_it_be(:release) { create(:release, :with_evidence, project: project) }
-  let(:user) { create(:user) }
+  let_it_be(:user) { create(:user) }
  let(:entity) { described_class.new(release, current_user: user) }

-  subject { entity.as_json }
-
  describe 'evidence' do
+    let(:release) { create(:release, :with_evidence, project: project) }
+
+    subject { entity.as_json }
+
    context 'when the current user can download code' do
      it 'exposes the evidence sha and the json path' do
        allow(Ability).to receive(:allowed?).and_call_original
@@ -37,4 +38,27 @@ describe API::Entities::Release do
      end
    end
  end
+
+  describe 'description_html' do
+    let(:issue) { create(:issue, :confidential, project: project) }
+    let(:issue_path) { Gitlab::Routing.url_helpers.project_issue_path(project, issue) }
+    let(:issue_title) { 'title="%s"' % issue.title }
+    let(:release) { create(:release, project: project, description: "Now shipping #{issue.to_reference}") }
+
+    subject(:description_html) { entity.as_json[:description_html] }
+
+    it 'renders special references if current user has access' do
+      project.add_reporter(user)
+
+      expect(description_html).to include(issue_path)
+      expect(description_html).to include(issue_title)
+    end
+
+    it 'does not render special references if current user has no access' do
+      project.add_guest(user)
+
+      expect(description_html).not_to include(issue_path)
+      expect(description_html).not_to include(issue_title)
+    end
+  end
 end
--- a/spec/requests/api/releases_spec.rb
+++ b/spec/requests/api/releases_spec.rb
@@ -233,31 +233,6 @@ describe API::Releases do
          .to match_array(release.sources.map(&:url))
      end

-      context "when release description contains confidential issue's link" do
-        let(:confidential_issue) do
-          create(:issue,
-                 :confidential,
-                 project: project,
-                 title: 'A vulnerability')
-        end
-
-        let!(:release) do
-          create(:release,
-                 project: project,
-                 tag: 'v0.1',
-                 sha: commit.id,
-                 author: maintainer,
-                 description: "This is confidential #{confidential_issue.to_reference}")
-        end
-
-        it "does not expose confidential issue's title" do
-          get api("/projects/#{project.id}/releases/v0.1", maintainer)
-
-          expect(json_response['description_html']).to include(confidential_issue.to_reference)
-          expect(json_response['description_html']).not_to include('A vulnerability')
-        end
-      end
-
      context 'when release has link asset' do
        let!(:link) do
          create(:release_link,