Merge branch 'master' of gitlab.com:gitlab-org/gitlab-ce into docs-pages-introdocs-pages-intro

5 files changed, 207 insertions, 1 deletions

diff --git a/spec/features/projects/classification_label_on_project_pages_spec.rb b/spec/features/projects/classification_label_on_project_pages_spec.rb
new file mode 100644
index 00000000000..92f8aa8eb8d
--- /dev/null
+++ b/spec/features/projects/classification_label_on_project_pages_spec.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Classification label on project pages' do
+  let(:project) do
+    create(:project, external_authorization_classification_label: 'authorized label')
+  end
+  let(:user) { create(:user) }
+
+  before do
+    stub_application_setting(external_authorization_service_enabled: true)
+    project.add_maintainer(user)
+    sign_in(user)
+  end
+
+  it 'shows the classification label on the project page' do
+    visit project_path(project)
+
+    expect(page).to have_content('authorized label')
+  end
+end
diff --git a/spec/features/projects/forks/fork_list_spec.rb b/spec/features/projects/forks/fork_list_spec.rb
new file mode 100644
index 00000000000..2c41c61a660
--- /dev/null
+++ b/spec/features/projects/forks/fork_list_spec.rb
@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe 'listing forks of a project' do
+  include ProjectForksHelper
+  include ExternalAuthorizationServiceHelpers
+
+  let(:source) { create(:project, :public, :repository) }
+  let!(:fork) { fork_project(source, nil, repository: true) }
+  let(:user) { create(:user) }
+
+  before do
+    source.add_maintainer(user)
+    sign_in(user)
+  end
+
+  it 'shows the forked project in the list with commit as description' do
+    visit project_forks_path(source)
+
+    page.within('li.project-row') do
+      expect(page).to have_content(fork.full_name)
+      expect(page).to have_css('a.commit-row-message')
+    end
+  end
+
+  it 'does not show the commit message when an external authorization service is used' do
+    enable_external_authorization_service_check
+
+    visit project_forks_path(source)
+
+    page.within('li.project-row') do
+      expect(page).to have_content(fork.full_name)
+      expect(page).not_to have_css('a.commit-row-message')
+    end
+  end
+end
diff --git a/spec/features/projects/issues/viewing_issues_with_external_authorization_enabled_spec.rb b/spec/features/projects/issues/viewing_issues_with_external_authorization_enabled_spec.rb
new file mode 100644
index 00000000000..a8612d77a5e
--- /dev/null
+++ b/spec/features/projects/issues/viewing_issues_with_external_authorization_enabled_spec.rb
@@ -0,0 +1,128 @@
+require 'spec_helper'
+
+describe 'viewing an issue with cross project references' do
+  include ExternalAuthorizationServiceHelpers
+  include Gitlab::Routing.url_helpers
+
+  let(:user) { create(:user) }
+  let(:other_project) do
+    create(:project, :public,
+          external_authorization_classification_label: 'other_label')
+  end
+  let(:other_issue) do
+    create(:issue, :closed,
+           title: 'I am in another project',
+           project: other_project)
+  end
+  let(:other_confidential_issue) do
+    create(:issue, :confidential, :closed,
+           title: 'I am in another project and confidential',
+           project: other_project)
+  end
+  let(:other_merge_request) do
+    create(:merge_request, :closed,
+           title: 'I am a merge request in another project',
+           source_project: other_project)
+  end
+  let(:description_referencing_other_issue) do
+    "Referencing: #{other_issue.to_reference(project)}, "\
+    "a confidential issue #{confidential_issue.to_reference}, "\
+    "a cross project confidential issue #{other_confidential_issue.to_reference(project)}, and "\
+    "a cross project merge request #{other_merge_request.to_reference(project)}"
+  end
+  let(:project) { create(:project) }
+  let(:issue) do
+    create(:issue,
+           project: project,
+           description: description_referencing_other_issue )
+  end
+  let(:confidential_issue) do
+    create(:issue, :confidential, :closed,
+           title: "I am in the same project and confidential",
+           project: project)
+  end
+
+  before do
+    project.add_developer(user)
+    sign_in(user)
+  end
+
+  it 'shows all information related to the cross project reference' do
+    visit project_issue_path(project, issue)
+
+    expect(page).to have_link("#{other_issue.to_reference(project)} (#{other_issue.state})")
+    expect(page).to have_xpath("//a[@title='#{other_issue.title}']")
+  end
+
+  it 'shows a link to the confidential issue in the same project' do
+    visit project_issue_path(project, issue)
+
+    expect(page).to have_link("#{confidential_issue.to_reference(project)} (#{confidential_issue.state})")
+    expect(page).to have_xpath("//a[@title='#{confidential_issue.title}']")
+  end
+
+  it 'does not show the link to a cross project confidential issue when the user does not have access' do
+    visit project_issue_path(project, issue)
+
+    expect(page).not_to have_link("#{other_confidential_issue.to_reference(project)} (#{other_confidential_issue.state})")
+    expect(page).not_to have_xpath("//a[@title='#{other_confidential_issue.title}']")
+  end
+
+  it 'shows the link to a cross project confidential issue when the user has access' do
+    other_project.add_developer(user)
+
+    visit project_issue_path(project, issue)
+
+    expect(page).to have_link("#{other_confidential_issue.to_reference(project)} (#{other_confidential_issue.state})")
+    expect(page).to have_xpath("//a[@title='#{other_confidential_issue.title}']")
+  end
+
+  context 'when an external authorization service is enabled' do
+    before do
+      enable_external_authorization_service_check
+    end
+
+    it 'only hits the external service for the project the user is viewing' do
+      expect(::Gitlab::ExternalAuthorization)
+        .to receive(:access_allowed?).with(user, 'default_label', any_args).at_least(1).and_return(true)
+      expect(::Gitlab::ExternalAuthorization)
+        .not_to receive(:access_allowed?).with(user, 'other_label', any_args)
+
+      visit project_issue_path(project, issue)
+    end
+
+    it 'shows only the link to the cross project references' do
+      visit project_issue_path(project, issue)
+
+      expect(page).to have_link("#{other_issue.to_reference(project)}")
+      expect(page).to have_link("#{other_merge_request.to_reference(project)}")
+      expect(page).not_to have_content("#{other_issue.to_reference(project)} (#{other_issue.state})")
+      expect(page).not_to have_xpath("//a[@title='#{other_issue.title}']")
+      expect(page).not_to have_content("#{other_merge_request.to_reference(project)} (#{other_merge_request.state})")
+      expect(page).not_to have_xpath("//a[@title='#{other_merge_request.title}']")
+    end
+
+    it 'does not link a cross project confidential issue if the user does not have access' do
+      visit project_issue_path(project, issue)
+
+      expect(page).not_to have_link("#{other_confidential_issue.to_reference(project)}")
+      expect(page).not_to have_xpath("//a[@title='#{other_confidential_issue.title}']")
+    end
+
+    it 'links a cross project confidential issue without exposing information when the user has access' do
+      other_project.add_developer(user)
+
+      visit project_issue_path(project, issue)
+
+      expect(page).to have_link("#{other_confidential_issue.to_reference(project)}")
+      expect(page).not_to have_xpath("//a[@title='#{other_confidential_issue.title}']")
+    end
+
+    it 'shows a link to the confidential issue in the same project' do
+      visit project_issue_path(project, issue)
+
+      expect(page).to have_link("#{confidential_issue.to_reference(project)} (#{confidential_issue.state})")
+      expect(page).to have_xpath("//a[@title='#{confidential_issue.title}']")
+    end
+  end
+end
diff --git a/spec/features/projects/settings/external_authorization_service_settings_spec.rb b/spec/features/projects/settings/external_authorization_service_settings_spec.rb
new file mode 100644
index 00000000000..31b2892cf6f
--- /dev/null
+++ b/spec/features/projects/settings/external_authorization_service_settings_spec.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Projects > Settings > External Authorization Classification Label setting' do
+  let(:user) { create(:user) }
+  let(:project) { create(:project_empty_repo) }
+
+  before do
+    project.add_maintainer(user)
+    sign_in(user)
+  end
+
+  it 'shows the field to set a classification label' do
+    stub_application_setting(external_authorization_service_enabled: true)
+
+    visit edit_project_path(project)
+
+    expect(page).to have_selector('#project_external_authorization_classification_label')
+  end
+end
diff --git a/spec/features/projects/wiki/user_creates_wiki_page_spec.rb b/spec/features/projects/wiki/user_creates_wiki_page_spec.rb
index efb7b01f5ad..bcbba6f14da 100644
--- a/spec/features/projects/wiki/user_creates_wiki_page_spec.rb
+++ b/spec/features/projects/wiki/user_creates_wiki_page_spec.rb
@@ -43,7 +43,7 @@ describe "User creates wiki page" do
         expect(page).to have_content("Create Page")
       end
 
-      it "shows non-escaped link in the pages list", :js do
+      it "shows non-escaped link in the pages list", :js, :quarantine do
         fill_in(:wiki_title, with: "one/two/three-test")
 
         page.within(".wiki-form") do