Commit 3dca5b30 authored by Robert Schilling's avatar Robert Schilling

Add changelog and updated spec

Ensure that references to private projects are not visible
parent 6e4fdc11
---
title: 'API: Ensure that related merge requests are referenced cross-project'
merge_request: 25222
author: Robert Schilling
type: fixed
...@@ -1838,6 +1838,15 @@ describe API::Issues do ...@@ -1838,6 +1838,15 @@ describe API::Issues do
expect_paginated_array_response([related_mr.id, merge_request.id]) expect_paginated_array_response([related_mr.id, merge_request.id])
end end
it 'does not generate references to projects with no access' do
private_project = create(:project, :private)
create_referencing_mr(private_project.creator, private_project, issue)
get_related_merge_requests(project.id, issue.iid, user)
expect_paginated_array_response(related_mr.id)
end
context 'no merge request mentioned a issue' do context 'no merge request mentioned a issue' do
it 'returns empty array' do it 'returns empty array' do
get_related_merge_requests(project.id, closed_issue.iid, user) get_related_merge_requests(project.id, closed_issue.iid, user)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment