From ea4eb460479a24fea9ee890c8ba8f6f4dec7f44b Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Wed, 3 May 2017 23:51:25 +0000 Subject: Merge branch 'tc-fix-private-subgroups-shown' into 'security' Use GroupsFinder to find subgroups the user has access to See merge request !2096 --- spec/controllers/groups_controller_spec.rb | 35 ++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) (limited to 'spec/controllers/groups_controller_spec.rb') diff --git a/spec/controllers/groups_controller_spec.rb b/spec/controllers/groups_controller_spec.rb index 073b87a1cb4..4c8d82a1677 100644 --- a/spec/controllers/groups_controller_spec.rb +++ b/spec/controllers/groups_controller_spec.rb @@ -26,6 +26,41 @@ describe GroupsController do end end + describe 'GET #subgroups' do + let!(:public_subgroup) { create(:group, :public, parent: group) } + let!(:private_subgroup) { create(:group, :private, parent: group) } + + context 'as a user' do + before do + sign_in(user) + end + + it 'shows the public subgroups' do + get :subgroups, id: group.to_param + + expect(assigns(:nested_groups)).to contain_exactly(public_subgroup) + end + + context 'being member' do + it 'shows public and private subgroups the user is member of' do + private_subgroup.add_guest(user) + + get :subgroups, id: group.to_param + + expect(assigns(:nested_groups)).to contain_exactly(public_subgroup, private_subgroup) + end + end + end + + context 'as a guest' do + it 'shows the public subgroups' do + get :subgroups, id: group.to_param + + expect(assigns(:nested_groups)).to contain_exactly(public_subgroup) + end + end + end + describe 'GET #issues' do let(:issue_1) { create(:issue, project: project) } let(:issue_2) { create(:issue, project: project) } -- cgit v1.2.1