diff options
author | Kushal Pandya <kushalspandya@gmail.com> | 2019-07-03 06:52:53 +0000 |
---|---|---|
committer | Kushal Pandya <kushalspandya@gmail.com> | 2019-07-03 06:52:53 +0000 |
commit | ae7a43975805fa9bf7964afa832b71b53e9e0f59 (patch) | |
tree | ef8b664b82fb675aef6d2609be71bfcad0120de1 | |
parent | 4a8fa7fac762ca56166ff02d9601b41873b235dc (diff) | |
parent | 2302385cce79b7407d73acccd190f77e55370f04 (diff) | |
download | gitlab-ce-ae7a43975805fa9bf7964afa832b71b53e9e0f59.tar.gz |
Merge branch 'rj-fix-manual-order' into 'master'
Don't let logged out user do manual order
See merge request gitlab-org/gitlab-ce!30264
-rw-r--r-- | app/assets/javascripts/manual_ordering.js | 2 | ||||
-rw-r--r-- | changelogs/unreleased/rj-fix-manual-order.yml | 5 | ||||
-rw-r--r-- | spec/features/groups/issues_spec.rb | 19 |
3 files changed, 25 insertions, 1 deletions
diff --git a/app/assets/javascripts/manual_ordering.js b/app/assets/javascripts/manual_ordering.js index e16ddbfef7e..012d1e70410 100644 --- a/app/assets/javascripts/manual_ordering.js +++ b/app/assets/javascripts/manual_ordering.js @@ -21,7 +21,7 @@ const updateIssue = (url, issueList, { move_before_id, move_after_id }) => const initManualOrdering = () => { const issueList = document.querySelector('.manual-ordering'); - if (!issueList || !(gon.features && gon.features.manualSorting)) { + if (!issueList || !(gon.features && gon.features.manualSorting) || !(gon.current_user_id > 0)) { return; } diff --git a/changelogs/unreleased/rj-fix-manual-order.yml b/changelogs/unreleased/rj-fix-manual-order.yml new file mode 100644 index 00000000000..ecc39b78b06 --- /dev/null +++ b/changelogs/unreleased/rj-fix-manual-order.yml @@ -0,0 +1,5 @@ +--- +title: Don't let logged out user do manual order +merge_request: 30264 +author: +type: fixed diff --git a/spec/features/groups/issues_spec.rb b/spec/features/groups/issues_spec.rb index c000165ccd9..0ada530781c 100644 --- a/spec/features/groups/issues_spec.rb +++ b/spec/features/groups/issues_spec.rb @@ -150,6 +150,25 @@ describe 'Group issues page' do check_issue_order end + it 'issues should not be draggable when user is not logged in', :js do + sign_out(user_in_group) + + visit issues_group_path(group, sort: 'relative_position') + + drag_to(selector: '.manual-ordering', + from_index: 0, + to_index: 2) + + wait_for_requests + + # Issue order should remain the same + page.within('.manual-ordering') do + expect(find('.issue:nth-child(1) .title')).to have_content('Issue #1') + expect(find('.issue:nth-child(2) .title')).to have_content('Issue #2') + expect(find('.issue:nth-child(3) .title')).to have_content('Issue #3') + end + end + def check_issue_order page.within('.manual-ordering') do expect(find('.issue:nth-child(1) .title')).to have_content('Issue #2') |