Merge branch 'missing-raw-snippet-access-spec' into 'master'
Add missing security specs for raw snippet access ## What does this MR do? It extends the project snippets access security specs to cover raw snippet paths as well. When I was researching snippets for !7256, I noticed that specs existed for the HTML show view of project snippets but not the raw view. Seeing as this is a spec that is checking for access regressions on places where sensitive information might be kept, I thought it would be a good idea to cover the raw snippets access too. To balance out the karma of adding in extra tests I also changed the tests to all use an `empty_project` spec. ## Are there points in the code the reviewer needs to double check? With the aim of making the specs easier to read, I restructured some of them to use context blocks for each type of snippet. I've used the same access rights defined for the show snippet paths for the raw snippet access. ## Why was this MR needed? To catch security regressions on raw snippet access for projects. ## Screenshots (if relevant) ## Does this MR meet the acceptance criteria? - [-] [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CHANGELOG.md) entry added - [-] [Documentation created/updated](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/development/doc_styleguide.md) - [-] API support added - Tests - [x] Added for this feature/bug - [ ] All builds are passing - [x] Conform by the [merge request performance guides](http://docs.gitlab.com/ce/development/merge_request_performance_guidelines.html) - [x] Conform by the [style guides](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/CONTRIBUTING.md#style-guides) - [x] Branch has no merge conflicts with `master` (if it does - rebase it please) - [x] [Squashed related commits together](https://git-scm.com/book/en/Git-Tools-Rewriting-History#Squashing-Commits) ## What are the relevant issue numbers? See merge request !7300
Showing
Please register or sign in to comment