summaryrefslogtreecommitdiff
path: root/spec/finders/notes_finder_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/finders/notes_finder_spec.rb')
-rw-r--r--spec/finders/notes_finder_spec.rb200
1 files changed, 172 insertions, 28 deletions
diff --git a/spec/finders/notes_finder_spec.rb b/spec/finders/notes_finder_spec.rb
index 7c6860372cc..4d21254323c 100644
--- a/spec/finders/notes_finder_spec.rb
+++ b/spec/finders/notes_finder_spec.rb
@@ -2,59 +2,203 @@ require 'spec_helper'
describe NotesFinder do
let(:user) { create :user }
- let(:project) { create :project }
- let(:note1) { create :note_on_commit, project: project }
- let(:note2) { create :note_on_commit, project: project }
- let(:commit) { note1.noteable }
+ let(:project) { create(:empty_project) }
before do
project.team << [user, :master]
end
describe '#execute' do
- let(:params) { { target_id: commit.id, target_type: 'commit', last_fetched_at: 1.hour.ago.to_i } }
+ it 'finds notes on snippets when project is public and user isnt a member'
- before do
- note1
- note2
+ it 'finds notes on merge requests' do
+ create(:note_on_merge_request, project: project)
+
+ notes = described_class.new(project, user).execute
+
+ expect(notes.count).to eq(1)
end
- it 'finds all notes' do
- notes = NotesFinder.new.execute(project, user, params)
- expect(notes.size).to eq(2)
+ it 'finds notes on snippets' do
+ create(:note_on_project_snippet, project: project)
+
+ notes = described_class.new(project, user).execute
+
+ expect(notes.count).to eq(1)
end
- it 'raises an exception for an invalid target_type' do
- params.merge!(target_type: 'invalid')
- expect { NotesFinder.new.execute(project, user, params) }.to raise_error('invalid target_type')
+ it "excludes notes on commits the author can't download" do
+ project = create(:project, :private)
+ note = create(:note_on_commit, project: project)
+ params = { target_type: 'commit', target_id: note.noteable.id }
+
+ notes = described_class.new(project, create(:user), params).execute
+
+ expect(notes.count).to eq(0)
end
- it 'filters out old notes' do
- note2.update_attribute(:updated_at, 2.hours.ago)
- notes = NotesFinder.new.execute(project, user, params)
- expect(notes).to eq([note1])
+ it 'succeeds when no notes found' do
+ notes = described_class.new(project, create(:user)).execute
+
+ expect(notes.count).to eq(0)
end
- context 'confidential issue notes' do
- let(:confidential_issue) { create(:issue, :confidential, project: project, author: user) }
- let!(:confidential_note) { create(:note, noteable: confidential_issue, project: confidential_issue.project) }
+ context 'on restricted projects' do
+ let(:project) do
+ create(:empty_project, :public, issues_access_level: ProjectFeature::PRIVATE,
+ snippets_access_level: ProjectFeature::PRIVATE,
+ merge_requests_access_level: ProjectFeature::PRIVATE)
+ end
+
+ it 'publicly excludes notes on merge requests' do
+ create(:note_on_merge_request, project: project)
+
+ notes = described_class.new(project, create(:user)).execute
+
+ expect(notes.count).to eq(0)
+ end
+
+ it 'publicly excludes notes on issues' do
+ create(:note_on_issue, project: project)
+
+ notes = described_class.new(project, create(:user)).execute
+
+ expect(notes.count).to eq(0)
+ end
+
+ it 'publicly excludes notes on snippets' do
+ create(:note_on_project_snippet, project: project)
+
+ notes = described_class.new(project, create(:user)).execute
+
+ expect(notes.count).to eq(0)
+ end
+ end
+
+ context 'for target' do
+ let(:project) { create(:project) }
+ let(:note1) { create :note_on_commit, project: project }
+ let(:note2) { create :note_on_commit, project: project }
+ let(:commit) { note1.noteable }
+ let(:params) { { target_id: commit.id, target_type: 'commit', last_fetched_at: 1.hour.ago.to_i } }
+
+ before do
+ note1
+ note2
+ end
+
+ it 'finds all notes' do
+ notes = described_class.new(project, user, params).execute
+ expect(notes.size).to eq(2)
+ end
+
+ it 'finds notes on merge requests' do
+ note = create(:note_on_merge_request, project: project)
+ params = { target_type: 'merge_request', target_id: note.noteable.id }
+
+ notes = described_class.new(project, user, params).execute
+
+ expect(notes).to include(note)
+ end
+
+ it 'finds notes on snippets' do
+ note = create(:note_on_project_snippet, project: project)
+ params = { target_type: 'snippet', target_id: note.noteable.id }
- let(:params) { { target_id: confidential_issue.id, target_type: 'issue', last_fetched_at: 1.hour.ago.to_i } }
+ notes = described_class.new(project, user, params).execute
- it 'returns notes if user can see the issue' do
- expect(NotesFinder.new.execute(project, user, params)).to eq([confidential_note])
+ expect(notes.count).to eq(1)
end
- it 'raises an error if user can not see the issue' do
+ it 'raises an exception for an invalid target_type' do
+ params.merge!(target_type: 'invalid')
+ expect { described_class.new(project, user, params).execute }.to raise_error('invalid target_type')
+ end
+
+ it 'filters out old notes' do
+ note2.update_attribute(:updated_at, 2.hours.ago)
+ notes = described_class.new(project, user, params).execute
+ expect(notes).to eq([note1])
+ end
+
+ context 'confidential issue notes' do
+ let(:confidential_issue) { create(:issue, :confidential, project: project, author: user) }
+ let!(:confidential_note) { create(:note, noteable: confidential_issue, project: confidential_issue.project) }
+
+ let(:params) { { target_id: confidential_issue.id, target_type: 'issue', last_fetched_at: 1.hour.ago.to_i } }
+
+ it 'returns notes if user can see the issue' do
+ expect(described_class.new(project, user, params).execute).to eq([confidential_note])
+ end
+
+ it 'raises an error if user can not see the issue' do
+ user = create(:user)
+ expect { described_class.new(project, user, params).execute }.to raise_error(ActiveRecord::RecordNotFound)
+ end
+
+ it 'raises an error for project members with guest role' do
+ user = create(:user)
+ project.team << [user, :guest]
+
+ expect { described_class.new(project, user, params).execute }.to raise_error(ActiveRecord::RecordNotFound)
+ end
+ end
+ end
+ end
+
+ describe '.search' do
+ let(:project) { create(:empty_project, :public) }
+ let(:note) { create(:note_on_issue, note: 'WoW', project: project) }
+
+ it 'returns notes with matching content' do
+ expect(described_class.new(note.project, nil, search: note.note).execute).to eq([note])
+ end
+
+ it 'returns notes with matching content regardless of the casing' do
+ expect(described_class.new(note.project, nil, search: 'WOW').execute).to eq([note])
+ end
+
+ it 'returns commit notes user can access' do
+ note = create(:note_on_commit, project: project)
+
+ expect(described_class.new(note.project, create(:user), search: note.note).execute).to eq([note])
+ end
+
+ context "confidential issues" do
+ let(:user) { create(:user) }
+ let(:confidential_issue) { create(:issue, :confidential, project: project, author: user) }
+ let(:confidential_note) { create(:note, note: "Random", noteable: confidential_issue, project: confidential_issue.project) }
+
+ it "returns notes with matching content if user can see the issue" do
+ expect(described_class.new(confidential_note.project, user, search: confidential_note.note).execute).to eq([confidential_note])
+ end
+
+ it "does not return notes with matching content if user can not see the issue" do
user = create(:user)
- expect { NotesFinder.new.execute(project, user, params) }.to raise_error(ActiveRecord::RecordNotFound)
+ expect(described_class.new(confidential_note.project, user, search: confidential_note.note).execute).to be_empty
end
- it 'raises an error for project members with guest role' do
+ it "does not return notes with matching content for project members with guest role" do
user = create(:user)
project.team << [user, :guest]
+ expect(described_class.new(confidential_note.project, user, search: confidential_note.note).execute).to be_empty
+ end
+
+ it "does not return notes with matching content for unauthenticated users" do
+ expect(described_class.new(confidential_note.project, nil, search: confidential_note.note).execute).to be_empty
+ end
+ end
+
+ context 'inlines SQL filters on subqueries for performance' do
+ let(:sql) { described_class.new(note.project, nil, search: note.note).execute.to_sql }
+ let(:number_of_noteable_types) { 4 }
+
+ specify 'project_id check' do
+ expect(sql.scan(/project_id/).count).to be >= (number_of_noteable_types + 2)
+ end
- expect { NotesFinder.new.execute(project, user, params) }.to raise_error(ActiveRecord::RecordNotFound)
+ specify 'search filter' do
+ expect(sql.scan(/LIKE/).count).to be >= number_of_noteable_types
end
end
end
View Lorry Controller Status