2015-11-19 15:18:13 +00:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2015-12-15 14:51:16 +00:00
|
|
|
describe Banzai::Filter::RedactorFilter, lib: true do
|
2015-11-19 15:18:13 +00:00
|
|
|
include ActionView::Helpers::UrlHelper
|
|
|
|
include FilterSpecHelper
|
|
|
|
|
|
|
|
it 'ignores non-GFM links' do
|
|
|
|
html = %(See <a href="https://google.com/">Google</a>)
|
|
|
|
doc = filter(html, current_user: double)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
end
|
|
|
|
|
|
|
|
def reference_link(data)
|
|
|
|
link_to('text', '', class: 'gfm', data: data)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with data-project' do
|
2016-05-26 11:16:43 +00:00
|
|
|
let(:parser_class) do
|
|
|
|
Class.new(Banzai::ReferenceParser::BaseParser) do
|
|
|
|
self.reference_type = :test
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
allow(Banzai::ReferenceParser).to receive(:[]).
|
|
|
|
with('test').
|
|
|
|
and_return(parser_class)
|
|
|
|
end
|
|
|
|
|
2015-11-19 15:18:13 +00:00
|
|
|
it 'removes unpermitted Project references' do
|
|
|
|
user = create(:user)
|
|
|
|
project = create(:empty_project)
|
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(project: project.id, reference_type: 'test')
|
2015-11-19 15:18:13 +00:00
|
|
|
doc = filter(link, current_user: user)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 0
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows permitted Project references' do
|
|
|
|
user = create(:user)
|
|
|
|
project = create(:empty_project)
|
|
|
|
project.team << [user, :master]
|
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(project: project.id, reference_type: 'test')
|
2015-11-19 15:18:13 +00:00
|
|
|
doc = filter(link, current_user: user)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'handles invalid Project references' do
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(project: 12345, reference_type: 'test')
|
2015-11-19 15:18:13 +00:00
|
|
|
|
|
|
|
expect { filter(link) }.not_to raise_error
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-03-17 20:39:50 +00:00
|
|
|
context 'with data-issue' do
|
|
|
|
context 'for confidential issues' do
|
|
|
|
it 'removes references for non project members' do
|
|
|
|
non_member = create(:user)
|
|
|
|
project = create(:empty_project, :public)
|
|
|
|
issue = create(:issue, :confidential, project: project)
|
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2016-03-17 20:39:50 +00:00
|
|
|
doc = filter(link, current_user: non_member)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 0
|
|
|
|
end
|
|
|
|
|
2016-06-06 19:13:31 +00:00
|
|
|
it 'removes references for project members with guest role' do
|
|
|
|
member = create(:user)
|
|
|
|
project = create(:empty_project, :public)
|
|
|
|
project.team << [member, :guest]
|
|
|
|
issue = create(:issue, :confidential, project: project)
|
|
|
|
|
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
|
|
|
doc = filter(link, current_user: member)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 0
|
|
|
|
end
|
|
|
|
|
2016-03-17 20:39:50 +00:00
|
|
|
it 'allows references for author' do
|
|
|
|
author = create(:user)
|
|
|
|
project = create(:empty_project, :public)
|
|
|
|
issue = create(:issue, :confidential, project: project, author: author)
|
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2016-03-17 20:39:50 +00:00
|
|
|
doc = filter(link, current_user: author)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows references for assignee' do
|
|
|
|
assignee = create(:user)
|
|
|
|
project = create(:empty_project, :public)
|
|
|
|
issue = create(:issue, :confidential, project: project, assignee: assignee)
|
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2016-03-17 20:39:50 +00:00
|
|
|
doc = filter(link, current_user: assignee)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows references for project members' do
|
|
|
|
member = create(:user)
|
|
|
|
project = create(:empty_project, :public)
|
|
|
|
project.team << [member, :developer]
|
|
|
|
issue = create(:issue, :confidential, project: project)
|
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2016-03-17 20:39:50 +00:00
|
|
|
doc = filter(link, current_user: member)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows references for admin' do
|
|
|
|
admin = create(:admin)
|
|
|
|
project = create(:empty_project, :public)
|
|
|
|
issue = create(:issue, :confidential, project: project)
|
2015-11-19 15:18:13 +00:00
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2016-03-17 20:39:50 +00:00
|
|
|
doc = filter(link, current_user: admin)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows references for non confidential issues' do
|
|
|
|
user = create(:user)
|
|
|
|
project = create(:empty_project, :public)
|
|
|
|
issue = create(:issue, project: project)
|
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2016-03-17 20:39:50 +00:00
|
|
|
doc = filter(link, current_user: user)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "for user references" do
|
2015-11-19 15:18:13 +00:00
|
|
|
context 'with data-group' do
|
|
|
|
it 'removes unpermitted Group references' do
|
|
|
|
user = create(:user)
|
2016-03-20 21:55:08 +00:00
|
|
|
group = create(:group, :private)
|
2015-11-19 15:18:13 +00:00
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(group: group.id, reference_type: 'user')
|
2015-11-19 15:18:13 +00:00
|
|
|
doc = filter(link, current_user: user)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 0
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'allows permitted Group references' do
|
|
|
|
user = create(:user)
|
2016-03-20 21:55:08 +00:00
|
|
|
group = create(:group, :private)
|
2015-11-19 15:18:13 +00:00
|
|
|
group.add_developer(user)
|
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(group: group.id, reference_type: 'user')
|
2015-11-19 15:18:13 +00:00
|
|
|
doc = filter(link, current_user: user)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'handles invalid Group references' do
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(group: 12345, reference_type: 'user')
|
2015-11-19 15:18:13 +00:00
|
|
|
|
|
|
|
expect { filter(link) }.not_to raise_error
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with data-user' do
|
|
|
|
it 'allows any User reference' do
|
|
|
|
user = create(:user)
|
|
|
|
|
2016-05-26 11:16:43 +00:00
|
|
|
link = reference_link(user: user.id, reference_type: 'user')
|
2015-11-19 15:18:13 +00:00
|
|
|
doc = filter(link)
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|