summaryrefslogtreecommitdiff
path: root/spec/views
diff options
context:
space:
mode:
authorFelipe Artur <felipefac@gmail.com>2019-04-08 15:21:21 -0300
committerFelipe Artur <felipefac@gmail.com>2019-04-09 15:53:56 -0300
commitff06452e05b1191ce8649ae6a9e646341ab073ba (patch)
tree78546f0bf3854f6737742176644940f1793b672b /spec/views
parentb4165554113a7f9ce9fecd7d169f9a64686b5c44 (diff)
downloadgitlab-ce-ff06452e05b1191ce8649ae6a9e646341ab073ba.tar.gz
Prevent leaking information when issue is moved
Prevent leaking namespace and project names on moved issue links
Diffstat (limited to 'spec/views')
-rw-r--r--spec/views/projects/issues/show.html.haml_spec.rb27
1 files changed, 21 insertions, 6 deletions
diff --git a/spec/views/projects/issues/show.html.haml_spec.rb b/spec/views/projects/issues/show.html.haml_spec.rb
index 1d9c6d36ad7..1ca9eaf8fdb 100644
--- a/spec/views/projects/issues/show.html.haml_spec.rb
+++ b/spec/views/projects/issues/show.html.haml_spec.rb
@@ -19,6 +19,7 @@ describe 'projects/issues/show' do
context 'when the issue is closed' do
before do
allow(issue).to receive(:closed?).and_return(true)
+ allow(view).to receive(:current_user).and_return(user)
end
context 'when the issue was moved' do
@@ -28,16 +29,30 @@ describe 'projects/issues/show' do
issue.moved_to = new_issue
end
- it 'shows "Closed (moved)" if an issue has been moved' do
- render
+ context 'when user can see the moved issue' do
+ before do
+ project.add_developer(user)
+ end
- expect(rendered).to have_selector('.status-box-issue-closed:not(.hidden)', text: 'Closed (moved)')
+ it 'shows "Closed (moved)" if an issue has been moved' do
+ render
+
+ expect(rendered).to have_selector('.status-box-issue-closed:not(.hidden)', text: 'Closed (moved)')
+ end
+
+ it 'links "moved" to the new issue the original issue was moved to' do
+ render
+
+ expect(rendered).to have_selector("a[href=\"#{issue_path(new_issue)}\"]", text: 'moved')
+ end
end
- it 'links "moved" to the new issue the original issue was moved to' do
- render
+ context 'when user cannot see moved issue' do
+ it 'does not show moved issue link' do
+ render
- expect(rendered).to have_selector("a[href=\"#{issue_path(new_issue)}\"]", text: 'moved')
+ expect(rendered).not_to have_selector("a[href=\"#{issue_path(new_issue)}\"]", text: 'moved')
+ end
end
end