kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Fix Markdown of release notes

Browse source 
It was leaings confidential issue titles and MR titles to any users

Fix spec

Fix spec

Fix tests
This commit is contained in:
Shinya Maeda 2019-01-29 18:25:53 +09:00
parent aca9ce3eb6
commit f942a08d23
2 changed files with 28 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/api/entities.rb
View file

@ -1116,7 +1116,9 @@ module API
class Release < TagRelease class Release < TagRelease
expose :name expose :name
expose :description_html expose :description_html do |entity|
MarkupHelper.markdown_field(entity, :description)
end
expose :created_at expose :created_at
expose :author, using: Entities::UserBasic, if: -> (release, _) { release.author.present? } expose :author, using: Entities::UserBasic, if: -> (release, _) { release.author.present? }
expose :commit, using: Entities::Commit expose :commit, using: Entities::Commit

25
spec/requests/api/releases_spec.rb
View file

@ -127,6 +127,31 @@ describe API::Releases do
.to match_array(release.sources.map(&:url)) .to match_array(release.sources.map(&:url))
end end
context "when release description contains confidential issue's link" do
let(:confidential_issue) do
create(:issue,
:confidential,
project: project,
title: 'A vulnerability')
end
let!(:release) do
create(:release,
project: project,
tag: 'v0.1',
sha: commit.id,
author: maintainer,
description: "This is confidential #{confidential_issue.to_reference}")
end
it "does not expose confidential issue's title" do
get api("/projects/#{project.id}/releases/v0.1", maintainer)
expect(json_response['description_html']).to include(confidential_issue.to_reference)
expect(json_response['description_html']).not_to include('A vulnerability')
end
end
context 'when release has link asset' do context 'when release has link asset' do
let!(:link) do let!(:link) do
create(:release_link, create(:release_link,