Merge branch '19650-remove-admin-section-from-search-results-if-user-doesnt-have-access' into 'master'

Hide admin link from default search results for non-admins Closes #19650 See merge request !14015
2017-09-06 11:08:43 +00:00 · 2017-09-06 11:08:43 +00:00 · 24fc7c878a
parent 1632ffa6ad ed43c6f1fd
commit 24fc7c878a
3 changed files with 32 additions and 4 deletions
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@ -10,6 +10,7 @@ module SearchHelper
    search_pattern = Regexp.new(Regexp.escape(term), "i")

    generic_results = project_autocomplete + default_autocomplete + help_autocomplete
+    generic_results.concat(default_autocomplete_admin) if current_user.admin?
    generic_results.select! { |result| result[:label] =~ search_pattern }

    [
@ -41,8 +42,14 @@ module SearchHelper
    [
      { category: "Settings", label: "User settings",    url: profile_path },
      { category: "Settings", label: "SSH Keys",         url: profile_keys_path },
-      { category: "Settings", label: "Dashboard",        url: root_path },
-      { category: "Settings", label: "Admin Section",    url: admin_root_path }
+      { category: "Settings", label: "Dashboard",        url: root_path }
+    ]
+  end
+
+  # Autocomplete results for settings pages, for admins
+  def default_autocomplete_admin
+    [
+      { category: "Settings", label: "Admin Section", url: admin_root_path }
    ]
  end

--- a/changelogs/unreleased/19650-remove-admin-section-from-search-results-if-user-doesnt-have-access.yml
+++ b/changelogs/unreleased/19650-remove-admin-section-from-search-results-if-user-doesnt-have-access.yml
@ -0,0 +1,5 @@
+---
+title: Hide admin link from default search results for non-admins
+merge_request: 14015
+author:
+type: fixed
--- a/spec/helpers/search_helper_spec.rb
+++ b/spec/helpers/search_helper_spec.rb
@ -17,7 +17,7 @@ describe SearchHelper do
      end
    end

-    context "with a user" do
+    context "with a standard user" do
      let(:user)   { create(:user) }

      before do
@ -29,7 +29,11 @@ describe SearchHelper do
      end

      it "includes default sections" do
-        expect(search_autocomplete_opts("adm").size).to eq(1)
+        expect(search_autocomplete_opts("dash").size).to eq(1)
+      end
+
+      it "does not include admin sections" do
+        expect(search_autocomplete_opts("admin").size).to eq(0)
      end

      it "does not allow regular expression in search term" do
@ -67,6 +71,18 @@ describe SearchHelper do
        end
      end
    end
+
+    context 'with an admin user' do
+      let(:admin) { create(:admin) }
+
+      before do
+        allow(self).to receive(:current_user).and_return(admin)
+      end
+
+      it "includes admin sections" do
+        expect(search_autocomplete_opts("admin").size).to eq(1)
+      end
+    end
  end

  describe 'search_filter_input_options' do