diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-11-01 20:18:51 +0000 |
|---|---|---|
| committer | Rémy Coutable <remy@rymai.me> | 2016-11-09 12:25:17 +0100 |
| commit | bf061d0aff091a73611037b811cea2d3380962f4 (patch) | |
| tree | 11294b9f8d9b321f597c268bd4846ffd5b99f6e9 /spec/support/reference_parser_shared_examples.rb | |
| parent | 79d94b167999544086db235602a9213a2d37831e (diff) | |
| download | gitlab-ce-bf061d0aff091a73611037b811cea2d3380962f4.tar.gz | |
Merge branch 'issue_23548_dev' into 'master'
disable markdown in comments when referencing disabled features
fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548
This MR prevents the following references when tool is disabled:
- issues
- snippets
- commits - when repo is disabled
- commit range - when repo is disabled
- milestones
This MR does not prevent references to repository files, since they are just markdown links and don't leak
information.
See merge request !2011
Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'spec/support/reference_parser_shared_examples.rb')
| -rw-r--r-- | spec/support/reference_parser_shared_examples.rb | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/spec/support/reference_parser_shared_examples.rb b/spec/support/reference_parser_shared_examples.rb new file mode 100644 index 00000000000..8eb74635a60 --- /dev/null +++ b/spec/support/reference_parser_shared_examples.rb @@ -0,0 +1,43 @@ +RSpec.shared_examples "referenced feature visibility" do |*related_features| + let(:feature_fields) do + related_features.map { |feature| (feature + "_access_level").to_sym } + end + + before { link['data-project'] = project.id.to_s } + + context "when feature is disabled" do + it "does not create reference" do + set_features_fields_to(ProjectFeature::DISABLED) + expect(subject.nodes_visible_to_user(user, [link])).to eq([]) + end + end + + context "when feature is enabled only for team members" do + before { set_features_fields_to(ProjectFeature::PRIVATE) } + + it "does not create reference for non member" do + non_member = create(:user) + + expect(subject.nodes_visible_to_user(non_member, [link])).to eq([]) + end + + it "creates reference for member" do + project.team << [user, :developer] + + expect(subject.nodes_visible_to_user(user, [link])).to eq([link]) + end + end + + context "when feature is enabled" do + # The project is public + it "creates reference" do + set_features_fields_to(ProjectFeature::ENABLED) + + expect(subject.nodes_visible_to_user(user, [link])).to eq([link]) + end + end + + def set_features_fields_to(visibility_level) + feature_fields.each { |field| project.project_feature.update_attribute(field, visibility_level) } + end +end |