gitlab-org--gitlab-foss/spec/lib/banzai/reference_parser/issue_parser_spec.rb
Douwe Maan bf061d0aff
Merge branch 'issue_23548_dev' into 'master'
disable markdown in comments when referencing disabled features

fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/23548

This MR prevents the following references when tool is disabled:

- issues
- snippets
- commits - when repo is disabled
- commit range - when repo is disabled
- milestones

This MR does not prevent references to repository files, since they are just markdown links and don't leak
information.

See merge request !2011

Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-11-09 12:25:17 +01:00

81 lines
2.4 KiB
Ruby

require 'spec_helper'
describe Banzai::ReferenceParser::IssueParser, lib: true do
include ReferenceParserHelpers
let(:project) { create(:empty_project, :public) }
let(:user) { create(:user) }
let(:issue) { create(:issue, project: project) }
let(:link) { empty_html_link }
subject { described_class.new(project, user) }
describe '#nodes_visible_to_user' do
context 'when the link has a data-issue attribute' do
before do
link['data-issue'] = issue.id.to_s
end
it_behaves_like "referenced feature visibility", "issues"
it 'returns the nodes when the user can read the issue' do
expect(Ability).to receive(:issues_readable_by_user).
with([issue], user).
and_return([issue])
expect(subject.nodes_visible_to_user(user, [link])).to eq([link])
end
it 'returns an empty Array when the user can not read the issue' do
expect(Ability).to receive(:issues_readable_by_user).
with([issue], user).
and_return([])
expect(subject.nodes_visible_to_user(user, [link])).to eq([])
end
end
context 'when the link does not have a data-issue attribute' do
it 'returns an empty Array' do
expect(subject.nodes_visible_to_user(user, [link])).to eq([])
end
end
context 'when the project uses an external issue tracker' do
it 'returns all nodes' do
link = double(:link)
expect(project).to receive(:external_issue_tracker).and_return(true)
expect(subject.nodes_visible_to_user(user, [link])).to eq([link])
end
end
end
describe '#referenced_by' do
context 'when the link has a data-issue attribute' do
context 'using an existing issue ID' do
before do
link['data-issue'] = issue.id.to_s
end
it 'returns an Array of issues' do
expect(subject.referenced_by([link])).to eq([issue])
end
it 'returns an empty Array when the list of nodes is empty' do
expect(subject.referenced_by([link])).to eq([issue])
expect(subject.referenced_by([])).to eq([])
end
end
end
end
describe '#issues_for_nodes' do
it 'returns a Hash containing the issues for a list of nodes' do
link['data-issue'] = issue.id.to_s
nodes = [link]
expect(subject.issues_for_nodes(nodes)).to eq({ issue.id => issue })
end
end
end