79d94b1679
Honour issue and merge request visibility in their respective finders This MR fixes a security issue with the IssuesFinder and MergeRequestFinder where they would return items the user did not have permission to see. This was most visible on the issue and merge requests page for a group containing projects that had set their issues or merge requests to "private". Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/22481 See merge request !2000
8 lines
271 B
Ruby
8 lines
271 B
Ruby
require 'spec_helper'
|
|
|
|
feature 'Group issues page', feature: true do
|
|
let(:path) { issues_group_path(group) }
|
|
let(:issuable) { create(:issue, project: project, title: "this is my created issuable")}
|
|
|
|
include_examples 'project features apply to issuables', Issue
|
|
end
|