Give ProjectNotFound when the project is not readable
This commit is contained in:
parent
e7a6d17b2b
commit
a7c823a573
3 changed files with 3 additions and 6 deletions
|
@ -25,7 +25,7 @@ module Gitlab
|
||||||
def validate_permission!(permission)
|
def validate_permission!(permission)
|
||||||
raise UserNotFoundError unless author
|
raise UserNotFoundError unless author
|
||||||
raise UserBlockedError if author.blocked?
|
raise UserBlockedError if author.blocked?
|
||||||
# TODO: Give project not found error if author cannot read project
|
raise ProjectNotFound unless author.can?(:read_project, project)
|
||||||
raise UserNotAuthorizedError unless author.can?(permission, project)
|
raise UserNotAuthorizedError unless author.can?(permission, project)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -10,9 +10,6 @@ module Gitlab
|
||||||
end
|
end
|
||||||
|
|
||||||
def execute
|
def execute
|
||||||
# Must be private project without access
|
|
||||||
raise ProjectNotFound unless author.can?(:read_project, project)
|
|
||||||
|
|
||||||
validate_permission!(:create_issue)
|
validate_permission!(:create_issue)
|
||||||
validate_authentication_token!
|
validate_authentication_token!
|
||||||
|
|
||||||
|
|
|
@ -88,8 +88,8 @@ describe Gitlab::Email::Receiver, lib: true do
|
||||||
project.update_attribute(:visibility_level, Project::PRIVATE)
|
project.update_attribute(:visibility_level, Project::PRIVATE)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "raises a UserNotAuthorizedError" do
|
it "raises a ProjectNotFound" do
|
||||||
expect { receiver.execute }.to raise_error(Gitlab::Email::UserNotAuthorizedError)
|
expect { receiver.execute }.to raise_error(Gitlab::Email::ProjectNotFound)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue