Commit 97bd3491 authored by Rémy Coutable's avatar Rémy Coutable

Improve Milestones API specs

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 03ae2cdb
......@@ -8,8 +8,6 @@ v 8.7.1 (unreleased)
- Fix license detection to detect all license files, not only known licenses. !3878
- Use the `can?` helper instead of `current_user.can?`. !3882
- Prevent users from deleting Webhooks via API they do not own
- Use the `can?` helper instead of `current_user.can?`
- Filter confidential issues from milestones API if user does not have access
v 8.7.0
- Gitlab::GitAccess and Gitlab::GitAccessWiki are now instrumented
......
......@@ -140,19 +140,18 @@ describe API::API, api: true do
get api("/projects/#{project.id}/milestones/#{milestone.id}/issues")
expect(response.status).to eq(401)
end
end
describe 'confidential issues' do
it 'should return confidential issues to team members' do
public_project = create(:project, :public)
user = create(:user)
milestone = create(:milestone, project: public_project)
issue = create(:issue, project: public_project)
confidential_issue = create(:issue, confidential: true, project: public_project)
let(:public_project) { create(:project, :public) }
let(:milestone) { create(:milestone, project: public_project) }
let(:issue) { create(:issue, project: public_project) }
let(:confidential_issue) { create(:issue, confidential: true, project: public_project) }
before do
public_project.team << [user, :developer]
milestone.issues << issue
milestone.issues << confidential_issue
milestone.issues << issue << confidential_issue
end
it 'returns confidential issues to team members' do
get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user)
expect(response.status).to eq(200)
......@@ -161,17 +160,8 @@ describe API::API, api: true do
expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id)
end
it 'should not return confidential issues to regular users' do
public_project = create(:project, :public)
normal_user = create(:user)
milestone = create(:milestone, project: public_project)
issue = create(:issue, project: public_project)
confidential_issue = create(:issue, confidential: true, project: public_project)
public_project.team << [user, :developer]
milestone.issues << issue
milestone.issues << confidential_issue
get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", normal_user)
it 'does not return confidential issues to regular users' do
get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", create(:user))
expect(response.status).to eq(200)
expect(json_response).to be_an Array
......@@ -179,4 +169,5 @@ describe API::API, api: true do
expect(json_response.map { |issue| issue['id'] }).to include(issue.id)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment