Fix Markdown of release notes

It was leaings confidential issue titles and MR titles to any users

Fix spec

Fix spec

Fix tests
This commit is contained in:
Shinya Maeda 2019-01-29 18:25:53 +09:00
parent aca9ce3eb6
commit f942a08d23
2 changed files with 28 additions and 1 deletions

View file

@ -1116,7 +1116,9 @@ module API
class Release < TagRelease
expose :name
expose :description_html
expose :description_html do |entity|
MarkupHelper.markdown_field(entity, :description)
end
expose :created_at
expose :author, using: Entities::UserBasic, if: -> (release, _) { release.author.present? }
expose :commit, using: Entities::Commit

View file

@ -127,6 +127,31 @@ describe API::Releases do
.to match_array(release.sources.map(&:url))
end
context "when release description contains confidential issue's link" do
let(:confidential_issue) do
create(:issue,
:confidential,
project: project,
title: 'A vulnerability')
end
let!(:release) do
create(:release,
project: project,
tag: 'v0.1',
sha: commit.id,
author: maintainer,
description: "This is confidential #{confidential_issue.to_reference}")
end
it "does not expose confidential issue's title" do
get api("/projects/#{project.id}/releases/v0.1", maintainer)
expect(json_response['description_html']).to include(confidential_issue.to_reference)
expect(json_response['description_html']).not_to include('A vulnerability')
end
end
context 'when release has link asset' do
let!(:link) do
create(:release_link,