gitlab-org--gitlab-foss/spec/models/concerns
Douwe Maan 79d94b1679 Merge branch '22481-honour-issue-visibility-for-groups' into 'security'
Honour issue and merge request visibility in their respective finders

This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private".

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481

See merge request !2000
2016-11-09 12:24:13 +01:00
..
access_requestable_spec.rb Exclude requesters from Project#members, Group#members and User#members 2016-07-01 17:44:46 +02:00
awardable_spec.rb Order award tooltips by their created_at date 2016-09-01 08:40:10 +10:00
cache_markdown_field_spec.rb Add RTL support to markdown renderer 2016-10-16 17:47:48 +03:30
case_sensitivity_spec.rb trick rubocop and temporarily add ruby 2.1 images for any branch 2016-01-28 11:41:58 +01:00
expirable_spec.rb Differentiate the expire from leave event 2016-10-20 00:26:45 +00:00
faster_cache_keys_spec.rb Added concern for a faster "cache_key" method 2016-08-08 16:49:22 +02:00
has_status_spec.rb Fix tests. Check 'success' first (default status) 2016-10-03 19:35:53 +08:00
issuable_spec.rb Merge branch '22481-honour-issue-visibility-for-groups' into 'security' 2016-11-09 12:24:13 +01:00
mentionable_spec.rb Simplify Mentionable concern instance methods 2016-10-04 10:45:48 +02:00
milestoneish_spec.rb adds second batch of tests changed to active tense 2016-08-09 15:11:39 +01:00
participable_spec.rb Cache Participable#participants in instance variable 2016-06-21 12:54:12 +02:00
project_features_compatibility_spec.rb Fix project features default values 2016-11-01 11:03:56 -02:00
spammable_spec.rb Further refactor and syntax fixes. 2016-08-15 17:20:57 -05:00
strip_attribute_spec.rb Enable Style/EmptyLines cop, remove redundant ones 2016-07-01 21:56:17 +02:00
subscribable_spec.rb Add API endpoints for un/subscribing from/to a label 2016-05-12 22:48:09 +02:00
token_authenticatable_spec.rb adds second batch of tests changed to active tense 2016-08-09 15:11:39 +01:00