Merge branch 'osw-44295-adjust-authorization-for-discussions-show' into 'master'
Adjust 404's for LegacyDiffNote discussion rendering Closes #44295 See merge request gitlab-org/gitlab-ce!18201
This commit is contained in:
commit
f103475766
|
@ -4,8 +4,8 @@ class Projects::DiscussionsController < Projects::ApplicationController
|
|||
|
||||
before_action :check_merge_requests_available!
|
||||
before_action :merge_request
|
||||
before_action :discussion
|
||||
before_action :authorize_resolve_discussion!
|
||||
before_action :discussion, only: [:resolve, :unresolve]
|
||||
before_action :authorize_resolve_discussion!, only: [:resolve, :unresolve]
|
||||
|
||||
def resolve
|
||||
Discussions::ResolveService.new(project, current_user, merge_request: merge_request).execute(discussion)
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Adjust 404's for LegacyDiffNote discussion rendering
|
||||
merge_request: 18201
|
||||
author:
|
||||
type: fixed
|
|
@ -16,6 +16,53 @@ describe Projects::DiscussionsController do
|
|||
}
|
||||
end
|
||||
|
||||
describe 'GET show' do
|
||||
before do
|
||||
sign_in user
|
||||
end
|
||||
|
||||
context 'when user is not authorized to read the MR' do
|
||||
it 'returns 404' do
|
||||
get :show, request_params, format: :json
|
||||
|
||||
expect(response).to have_gitlab_http_status(404)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when user is authorized to read the MR' do
|
||||
before do
|
||||
project.add_reporter(user)
|
||||
end
|
||||
|
||||
it 'returns status 200' do
|
||||
get :show, request_params, format: :json
|
||||
|
||||
expect(response).to have_gitlab_http_status(200)
|
||||
end
|
||||
|
||||
it 'returns status 404 if MR does not exists' do
|
||||
merge_request.destroy!
|
||||
|
||||
get :show, request_params, format: :json
|
||||
|
||||
expect(response).to have_gitlab_http_status(404)
|
||||
end
|
||||
end
|
||||
|
||||
context 'when user is authorized but note is LegacyDiffNote' do
|
||||
before do
|
||||
project.add_developer(user)
|
||||
note.update!(type: 'LegacyDiffNote')
|
||||
end
|
||||
|
||||
it 'returns status 200' do
|
||||
get :show, request_params, format: :json
|
||||
|
||||
expect(response).to have_gitlab_http_status(200)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'POST resolve' do
|
||||
before do
|
||||
sign_in user
|
||||
|
|
Loading…
Reference in New Issue