Simplify query and add tests for authorization change
This commit is contained in:
parent
6dda85927d
commit
2ba71571de
|
@ -50,14 +50,10 @@ module BoardsResponses
|
|||
end
|
||||
|
||||
def authorize_create_issue
|
||||
board = board_parent.boards.find(issue_params[:board_id])
|
||||
list = board.lists.find(issue_params[:list_id])
|
||||
list = List.find(issue_params[:list_id])
|
||||
action = list.backlog? ? :create_issue : :admin_issue
|
||||
|
||||
if list.backlog?
|
||||
authorize_action_for!(project, :create_issue)
|
||||
else
|
||||
authorize_action_for!(project, :admin_issue)
|
||||
end
|
||||
authorize_action_for!(project, action)
|
||||
end
|
||||
|
||||
def authorize_admin_list
|
||||
|
|
|
@ -208,11 +208,22 @@ describe Boards::IssuesController do
|
|||
end
|
||||
end
|
||||
|
||||
context 'with unauthorized user' do
|
||||
it 'returns a forbidden 403 response' do
|
||||
create_issue user: guest, board: board, list: list1, title: 'New issue'
|
||||
context 'with guest user' do
|
||||
context 'in open list' do
|
||||
it 'returns a successful 200 response' do
|
||||
open_list = board.lists.create(list_type: :backlog)
|
||||
create_issue user: guest, board: board, list: open_list, title: 'New issue'
|
||||
|
||||
expect(response).to have_gitlab_http_status(403)
|
||||
expect(response).to have_gitlab_http_status(200)
|
||||
end
|
||||
end
|
||||
|
||||
context 'in label list' do
|
||||
it 'returns a forbidden 403 response' do
|
||||
create_issue user: guest, board: board, list: list1, title: 'New issue'
|
||||
|
||||
expect(response).to have_gitlab_http_status(403)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue