Check if user can read issue before being assignedissue_22664

author: Felipe Artur <felipefac@gmail.com> 2016-12-14 19:39:53 -0200
committer: Felipe Artur <felipefac@gmail.com> 2016-12-27 19:25:17 -0200
commit: 1b082a4c338d7575e15d7450906801db59873441 (patch)
tree: 1b5081ce55b63436082b038f499a8c54172fc75a /spec/services/issues/update_service_spec.rb
parent: 77deeb12f74b857f9356168ccdf92612fc85fe84 (diff)
download: gitlab-ce-issue_22664.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/spec/services/issues/update_service_spec.rb b/spec/services/issues/update_service_spec.rb
index eafbea46905..d83b09fd32c 100644
--- a/spec/services/issues/update_service_spec.rb
+++ b/spec/services/issues/update_service_spec.rb
@@ -142,6 +142,17 @@ describe Issues::UpdateService, services: true do
 
         update_issue(confidential: true)
       end
+
+      it 'does not update assignee_id with unauthorized users' do
+        project.update(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+        update_issue(confidential: true)
+        non_member        = create(:user)
+        original_assignee = issue.assignee
+
+        update_issue(assignee_id: non_member.id)
+
+        expect(issue.reload.assignee_id).to eq(original_assignee.id)
+      end
     end
 
     context 'todos' do
author	Felipe Artur <felipefac@gmail.com>	2016-12-14 19:39:53 -0200
committer	Felipe Artur <felipefac@gmail.com>	2016-12-27 19:25:17 -0200
commit	1b082a4c338d7575e15d7450906801db59873441 (patch)
tree	1b5081ce55b63436082b038f499a8c54172fc75a /spec/services/issues/update_service_spec.rb
parent	77deeb12f74b857f9356168ccdf92612fc85fe84 (diff)
download	gitlab-ce-issue_22664.tar.gz