Commit f942a08d authored by Shinya Maeda's avatar Shinya Maeda

Fix Markdown of release notes

It was leaings confidential issue titles and MR titles to any users

Fix spec

Fix spec

Fix tests
parent aca9ce3e
...@@ -1116,7 +1116,9 @@ module API ...@@ -1116,7 +1116,9 @@ module API
class Release < TagRelease class Release < TagRelease
expose :name expose :name
expose :description_html expose :description_html do |entity|
MarkupHelper.markdown_field(entity, :description)
end
expose :created_at expose :created_at
expose :author, using: Entities::UserBasic, if: -> (release, _) { release.author.present? } expose :author, using: Entities::UserBasic, if: -> (release, _) { release.author.present? }
expose :commit, using: Entities::Commit expose :commit, using: Entities::Commit
......
...@@ -127,6 +127,31 @@ describe API::Releases do ...@@ -127,6 +127,31 @@ describe API::Releases do
.to match_array(release.sources.map(&:url)) .to match_array(release.sources.map(&:url))
end end
context "when release description contains confidential issue's link" do
let(:confidential_issue) do
create(:issue,
:confidential,
project: project,
title: 'A vulnerability')
end
let!(:release) do
create(:release,
project: project,
tag: 'v0.1',
sha: commit.id,
author: maintainer,
description: "This is confidential #{confidential_issue.to_reference}")
end
it "does not expose confidential issue's title" do
get api("/projects/#{project.id}/releases/v0.1", maintainer)
expect(json_response['description_html']).to include(confidential_issue.to_reference)
expect(json_response['description_html']).not_to include('A vulnerability')
end
end
context 'when release has link asset' do context 'when release has link asset' do
let!(:link) do let!(:link) do
create(:release_link, create(:release_link,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment