Commit 7934b913 authored by Jarka Kadlecová's avatar Jarka Kadlecová

Fix removing todos for confidential issues

- dont remove todos for authos & assignees
- remove todos for project guests
parent 501fb04e
...@@ -14,6 +14,8 @@ module Todos ...@@ -14,6 +14,8 @@ module Todos
override :todos override :todos
def todos def todos
Todo.where(target: issue) Todo.where(target: issue)
.where('user_id != ?', issue.author_id)
.where('user_id NOT IN (?)', issue.assignees.select(:id))
end end
override :todos_to_remove? override :todos_to_remove?
...@@ -25,6 +27,13 @@ module Todos ...@@ -25,6 +27,13 @@ module Todos
def project_ids def project_ids
issue.project_id issue.project_id
end end
override :authorized_users
def authorized_users
ProjectAuthorization.select(:user_id)
.where(project_id: project_ids)
.where('access_level >= ?', Gitlab::Access::REPORTER)
end
end end
end end
end end
...@@ -42,7 +42,11 @@ module Todos ...@@ -42,7 +42,11 @@ module Todos
end end
def confidential_issues def confidential_issues
assigned_ids = IssueAssignee.select(:issue_id).where(user_id: user_id)
Issue.where(project_id: project_ids, confidential: true) Issue.where(project_id: project_ids, confidential: true)
.where('author_id != ?', user_id)
.where('id NOT IN (?)', assigned_ids)
end end
end end
end end
......
...@@ -3,16 +3,23 @@ require 'spec_helper' ...@@ -3,16 +3,23 @@ require 'spec_helper'
describe Todos::Destroy::ConfidentialIssueService do describe Todos::Destroy::ConfidentialIssueService do
let(:project) { create(:project, :public) } let(:project) { create(:project, :public) }
let(:user) { create(:user) } let(:user) { create(:user) }
let(:author) { create(:user) }
let(:assignee) { create(:user) }
let(:guest) { create(:user) }
let(:project_member) { create(:user) } let(:project_member) { create(:user) }
let(:issue) { create(:issue, project: project) } let(:issue) { create(:issue, project: project, author: author, assignees: [assignee]) }
let!(:todo_issue_non_member) { create(:todo, user: user, target: issue, project: project) } let!(:todo_issue_non_member) { create(:todo, user: user, target: issue, project: project) }
let!(:todo_issue_member) { create(:todo, user: project_member, target: issue, project: project) } let!(:todo_issue_member) { create(:todo, user: project_member, target: issue, project: project) }
let!(:todo_issue_author) { create(:todo, user: author, target: issue, project: project) }
let!(:todo_issue_asignee) { create(:todo, user: assignee, target: issue, project: project) }
let!(:todo_issue_guest) { create(:todo, user: guest, target: issue, project: project) }
let!(:todo_another_non_member) { create(:todo, user: user, project: project) } let!(:todo_another_non_member) { create(:todo, user: user, project: project) }
describe '#execute' do describe '#execute' do
before do before do
project.add_developer(project_member) project.add_developer(project_member)
project.add_guest(guest)
end end
subject { described_class.new(issue.id).execute } subject { described_class.new(issue.id).execute }
...@@ -23,9 +30,10 @@ describe Todos::Destroy::ConfidentialIssueService do ...@@ -23,9 +30,10 @@ describe Todos::Destroy::ConfidentialIssueService do
end end
it 'removes issue todos for a user who is not a project member' do it 'removes issue todos for a user who is not a project member' do
expect { subject }.to change { Todo.count }.from(3).to(2) expect { subject }.to change { Todo.count }.from(6).to(4)
expect(user.todos).to match_array([todo_another_non_member]) expect(user.todos).to match_array([todo_another_non_member])
expect(author.todos).to match_array([todo_issue_author])
expect(project_member.todos).to match_array([todo_issue_member]) expect(project_member.todos).to match_array([todo_issue_member])
end end
end end
......
...@@ -29,6 +29,7 @@ describe Todos::Destroy::EntityLeaveService do ...@@ -29,6 +29,7 @@ describe Todos::Destroy::EntityLeaveService do
end end
context 'when project is not private' do context 'when project is not private' do
context 'when a user is not an author of confidential issue' do
before do before do
group.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL) group.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL) project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
...@@ -38,6 +39,33 @@ describe Todos::Destroy::EntityLeaveService do ...@@ -38,6 +39,33 @@ describe Todos::Destroy::EntityLeaveService do
expect { subject }.to change { Todo.count }.from(3).to(2) expect { subject }.to change { Todo.count }.from(3).to(2)
end end
end end
context 'when a user is an author of confidential issue' do
before do
issue.update!(author: user)
group.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
end
it 'removes only confidential issues todos' do
expect { subject }.not_to change { Todo.count }
end
end
context 'when a user is an assignee of confidential issue' do
before do
issue.assignees << user
group.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
project.update!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
end
it 'removes only confidential issues todos' do
expect { subject }.not_to change { Todo.count }
end
end
end
end end
context 'when a user leaves a group' do context 'when a user leaves a group' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment