Merge branch 'security-2920-fix-notes-with-label-cross-reference' into 'master'
Project path reveals labels from Private project if the issue is moved to public project See merge request gitlab/gitlabhq!3419
This commit is contained in:
commit
c7ee6535d4
4 changed files with 66 additions and 1 deletions
|
@ -13,7 +13,9 @@ module Mentionable
|
|||
def self.other_patterns
|
||||
[
|
||||
Commit.reference_pattern,
|
||||
MergeRequest.reference_pattern
|
||||
MergeRequest.reference_pattern,
|
||||
Label.reference_pattern,
|
||||
Milestone.reference_pattern
|
||||
]
|
||||
end
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ class SystemNoteMetadata < ApplicationRecord
|
|||
commit cross_reference
|
||||
close duplicate
|
||||
moved merge
|
||||
label milestone
|
||||
].freeze
|
||||
|
||||
ICON_TYPES = %w[
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Show cross-referenced label and milestones in issues' activities only to authorized users
|
||||
merge_request:
|
||||
author:
|
||||
type: security
|
|
@ -379,6 +379,63 @@ describe Note do
|
|||
expect(label_note.cross_reference?).to be_falsy
|
||||
end
|
||||
end
|
||||
|
||||
context 'when system note metadata is not present' do
|
||||
let(:note) { build(:note, :system) }
|
||||
|
||||
before do
|
||||
allow(note).to receive(:system_note_metadata).and_return(nil)
|
||||
end
|
||||
|
||||
it 'delegates to the system note service' do
|
||||
expect(SystemNotes::IssuablesService).to receive(:cross_reference?).with(note.note)
|
||||
|
||||
note.cross_reference?
|
||||
end
|
||||
end
|
||||
|
||||
context 'with a system note' do
|
||||
let(:issue) { create(:issue, project: create(:project, :repository)) }
|
||||
let(:note) { create(:system_note, note: "test", noteable: issue, project: issue.project) }
|
||||
|
||||
shared_examples 'system_note_metadata includes note action' do
|
||||
it 'delegates to the cross-reference regex' do
|
||||
expect(note).to receive(:matches_cross_reference_regex?)
|
||||
|
||||
note.cross_reference?
|
||||
end
|
||||
end
|
||||
|
||||
context 'with :label action' do
|
||||
let!(:metadata) {create(:system_note_metadata, note: note, action: :label)}
|
||||
|
||||
it_behaves_like 'system_note_metadata includes note action'
|
||||
|
||||
it { expect(note.cross_reference?).to be_falsy }
|
||||
|
||||
context 'with cross reference label note' do
|
||||
let(:label) { create(:label, project: issue.project)}
|
||||
let(:note) { create(:system_note, note: "added #{label.to_reference} label", noteable: issue, project: issue.project) }
|
||||
|
||||
it { expect(note.cross_reference?).to be_truthy }
|
||||
end
|
||||
end
|
||||
|
||||
context 'with :milestone action' do
|
||||
let!(:metadata) {create(:system_note_metadata, note: note, action: :milestone)}
|
||||
|
||||
it_behaves_like 'system_note_metadata includes note action'
|
||||
|
||||
it { expect(note.cross_reference?).to be_falsy }
|
||||
|
||||
context 'with cross reference milestone note' do
|
||||
let(:milestone) { create(:milestone, project: issue.project)}
|
||||
let(:note) { create(:system_note, note: "added #{milestone.to_reference} milestone", noteable: issue, project: issue.project) }
|
||||
|
||||
it { expect(note.cross_reference?).to be_truthy }
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'clear_blank_line_code!' do
|
||||
|
|
Loading…
Reference in a new issue