diff --git a/app/views/events/_event.html.haml b/app/views/events/_event.html.haml index 5623f0f590a..78a1d1a0553 100644 --- a/app/views/events/_event.html.haml +++ b/app/views/events/_event.html.haml @@ -11,5 +11,5 @@ = render "events/event/note", event: event - else = render "events/event/common", event: event -- elsif @user.include_private_contributions? +- elsif @user&.include_private_contributions? = render "events/event/private", event: event diff --git a/spec/features/projects/activity/user_sees_private_activity_spec.rb b/spec/features/projects/activity/user_sees_private_activity_spec.rb new file mode 100644 index 00000000000..d7dc0a6712a --- /dev/null +++ b/spec/features/projects/activity/user_sees_private_activity_spec.rb @@ -0,0 +1,35 @@ +require 'spec_helper' + +describe 'Project > Activity > User sees private activity', :js do + let(:project) { create(:project, :public) } + let(:author) { create(:user) } + let(:user) { create(:user) } + let(:issue) { create(:issue, :confidential, project: project, author: author) } + let(:message) { "#{author.name} opened issue #{issue.to_reference}" } + + before do + project.add_developer(author) + + create(:event, :created, project: project, target: issue, author: author) + end + + it 'shows the activity to a logged-in user with permissions' do + sign_in(author) + visit activity_project_path(project) + + expect(page).to have_content(message) + end + + it 'hides the activity from a logged-in user without permissions' do + sign_in(user) + visit activity_project_path(project) + + expect(page).not_to have_content(message) + end + + it 'hides the activity from an anonymous user' do + visit activity_project_path(project) + + expect(page).not_to have_content(message) + end +end