diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2015-04-14 16:04:37 -0400 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2015-04-20 13:01:44 -0400 |
| commit | a803cd51eb3c5b98b14eeea56ec4cc363823c2c2 (patch) | |
| tree | 6193bec52d11c175b81b1fe221577fcec35da7ae /spec/lib | |
| parent | 470b0c2508e792e93a9e7db7ba605475edfa2de4 (diff) | |
| download | gitlab-ce-a803cd51eb3c5b98b14eeea56ec4cc363823c2c2.tar.gz | |
Check for project read permissions in cross-references
Diffstat (limited to 'spec/lib')
| -rw-r--r-- | spec/lib/gitlab/markdown/cross_project_reference_spec.rb | 45 |
1 files changed, 36 insertions, 9 deletions
diff --git a/spec/lib/gitlab/markdown/cross_project_reference_spec.rb b/spec/lib/gitlab/markdown/cross_project_reference_spec.rb index 2a3814c8499..0632c1c71e9 100644 --- a/spec/lib/gitlab/markdown/cross_project_reference_spec.rb +++ b/spec/lib/gitlab/markdown/cross_project_reference_spec.rb @@ -2,21 +2,48 @@ require 'spec_helper' module Gitlab::Markdown describe CrossProjectReference do - include CrossProjectReference + # context in the html-pipeline sense, not in the rspec sense + let(:context) do + { + current_user: double('user'), + project: double('project') + } + end + + include described_class describe '#project_from_ref' do - let(:project) { double('project') } + context 'when referenced project does not exist' do + it 'returns the project from context' do + expect(project_from_ref('invalid/reference')).to eq context[:project] + end + end - it 'returns a project from a valid reference' do - expect(Project).to receive(:find_with_namespace).with('cross-reference/foo').and_return(project) + context 'when referenced project exists' do + let(:project2) { double('referenced project') } - expect(project_from_ref('cross-reference/foo')).to eq project - end + before do + expect(Project).to receive(:find_with_namespace). + with('cross/reference').and_return(project2) + end + + context 'and the user has permission to read it' do + it 'returns the referenced project' do + expect(self).to receive(:user_can_reference_project?). + with(project2).and_return(true) + + expect(project_from_ref('cross/reference')).to eq project2 + end + end - it 'returns the project from context when reference is invalid' do - expect(self).to receive(:context).and_return({project: project}) + context 'and the user does not have permission to read it' do + it 'returns the project from context' do + expect(self).to receive(:user_can_reference_project?). + with(project2).and_return(false) - expect(project_from_ref('invalid/reference')).to eq project + expect(project_from_ref('cross/reference')).to eq context[:project] + end + end end end end |