Fix Markdown of release notes
It was leaings confidential issue titles and MR titles to any users Fix spec Fix spec Fix tests
This commit is contained in:
parent
aca9ce3eb6
commit
f942a08d23
2 changed files with 28 additions and 1 deletions
|
@ -1116,7 +1116,9 @@ module API
|
|||
|
||||
class Release < TagRelease
|
||||
expose :name
|
||||
expose :description_html
|
||||
expose :description_html do |entity|
|
||||
MarkupHelper.markdown_field(entity, :description)
|
||||
end
|
||||
expose :created_at
|
||||
expose :author, using: Entities::UserBasic, if: -> (release, _) { release.author.present? }
|
||||
expose :commit, using: Entities::Commit
|
||||
|
|
|
@ -127,6 +127,31 @@ describe API::Releases do
|
|||
.to match_array(release.sources.map(&:url))
|
||||
end
|
||||
|
||||
context "when release description contains confidential issue's link" do
|
||||
let(:confidential_issue) do
|
||||
create(:issue,
|
||||
:confidential,
|
||||
project: project,
|
||||
title: 'A vulnerability')
|
||||
end
|
||||
|
||||
let!(:release) do
|
||||
create(:release,
|
||||
project: project,
|
||||
tag: 'v0.1',
|
||||
sha: commit.id,
|
||||
author: maintainer,
|
||||
description: "This is confidential #{confidential_issue.to_reference}")
|
||||
end
|
||||
|
||||
it "does not expose confidential issue's title" do
|
||||
get api("/projects/#{project.id}/releases/v0.1", maintainer)
|
||||
|
||||
expect(json_response['description_html']).to include(confidential_issue.to_reference)
|
||||
expect(json_response['description_html']).not_to include('A vulnerability')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when release has link asset' do
|
||||
let!(:link) do
|
||||
create(:release_link,
|
||||
|
|
Loading…
Reference in a new issue