Merge branch '18535-confidential-issue-notes' into 'master'
Only show notes through JSON on confidential issues that the user has access to Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18535 See merge request !1970
This commit is contained in:
commit
e7a8fe07ea
3 changed files with 18 additions and 1 deletions
|
@ -79,6 +79,7 @@ v 8.9.0 (unreleased)
|
||||||
- Allow users to create confidential issues in private projects
|
- Allow users to create confidential issues in private projects
|
||||||
- Measure CPU time for instrumented methods
|
- Measure CPU time for instrumented methods
|
||||||
- Instrument private methods and private instance methods by default instead just public methods
|
- Instrument private methods and private instance methods by default instead just public methods
|
||||||
|
- Only show notes through JSON on confidential issues that the user has access to
|
||||||
|
|
||||||
v 8.8.5 (unreleased)
|
v 8.8.5 (unreleased)
|
||||||
- Ensure branch cleanup regardless of whether the GitHub import process succeeds
|
- Ensure branch cleanup regardless of whether the GitHub import process succeeds
|
||||||
|
|
|
@ -12,7 +12,7 @@ class NotesFinder
|
||||||
when "commit"
|
when "commit"
|
||||||
project.notes.for_commit_id(target_id).non_diff_notes
|
project.notes.for_commit_id(target_id).non_diff_notes
|
||||||
when "issue"
|
when "issue"
|
||||||
project.issues.find(target_id).notes.inc_author
|
project.issues.visible_to_user(current_user).find(target_id).notes.inc_author
|
||||||
when "merge_request"
|
when "merge_request"
|
||||||
project.merge_requests.find(target_id).mr_and_commit_notes.inc_author
|
project.merge_requests.find(target_id).mr_and_commit_notes.inc_author
|
||||||
when "snippet", "project_snippet"
|
when "snippet", "project_snippet"
|
||||||
|
|
|
@ -34,5 +34,21 @@ describe NotesFinder do
|
||||||
notes = NotesFinder.new.execute(project, user, params)
|
notes = NotesFinder.new.execute(project, user, params)
|
||||||
expect(notes).to eq([note1])
|
expect(notes).to eq([note1])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'confidential issue notes' do
|
||||||
|
let(:confidential_issue) { create(:issue, :confidential, project: project, author: user) }
|
||||||
|
let!(:confidential_note) { create(:note, noteable: confidential_issue, project: confidential_issue.project) }
|
||||||
|
|
||||||
|
let(:params) { { target_id: confidential_issue.id, target_type: 'issue', last_fetched_at: 1.hour.ago.to_i } }
|
||||||
|
|
||||||
|
it 'returns notes if user can see the issue' do
|
||||||
|
expect(NotesFinder.new.execute(project, user, params)).to eq([confidential_note])
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'raises an error if user can not see the issue' do
|
||||||
|
user = create(:user)
|
||||||
|
expect { NotesFinder.new.execute(project, user, params) }.to raise_error(ActiveRecord::RecordNotFound)
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue