Commit 532ddfa0 authored by Stan Hu's avatar Stan Hu

Merge branch 'fix-epic-boards-auth' into 'master'

Fix authorizations for epic boards

See merge request gitlab-org/gitlab!60742
parents d9432035 67394ec2
......@@ -7,6 +7,7 @@ module BoardsActions
included do
include BoardsResponses
before_action :authorize_read_board!, only: [:index, :show]
before_action :boards, only: :index
before_action :board, only: :show
before_action :push_licensed_features, only: [:index, :show]
......
......@@ -5,7 +5,6 @@ class Groups::BoardsController < Groups::ApplicationController
include RecordUserLastActivity
include Gitlab::Utils::StrongMemoize
before_action :authorize_read_board!, only: [:index, :show]
before_action :assign_endpoint_vars
before_action do
push_frontend_feature_flag(:graphql_board_lists, group, default_enabled: false)
......
......@@ -5,7 +5,6 @@ class Projects::BoardsController < Projects::ApplicationController
include IssuableCollections
before_action :check_issues_available!
before_action :authorize_read_board!, only: [:index, :show]
before_action :assign_endpoint_vars
before_action do
push_frontend_feature_flag(:swimlanes_buffered_rendering, project, default_enabled: :yaml)
......
......@@ -5,7 +5,6 @@ class Groups::EpicBoardsController < Groups::ApplicationController
include Gitlab::Utils::StrongMemoize
extend ::Gitlab::Utils::Override
before_action :authorize_read_board!, only: [:index]
before_action :assign_endpoint_vars
before_action do
push_frontend_feature_flag(:epic_boards, group, default_enabled: :yaml)
......
......@@ -11,20 +11,52 @@ RSpec.describe Groups::EpicBoardsController do
let(:group) { public_group }
before do
stub_licensed_features(epics: true)
group.add_maintainer(user)
sign_in(user)
end
describe 'GET index' do
it 'creates a new board when group does not have one' do
expect { list_boards }.to change(group.epic_boards, :count).by(1)
context 'with epics disabled' do
before do
stub_licensed_features(epics: false)
end
it 'does not create a new board when group does not have one' do
expect { list_boards }.not_to change(group.epic_boards, :count)
end
it 'returns a not found 404 response' do
list_boards
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'with authorized user' do
it 'creates a new board when group does not have one' do
expect { list_boards }.to change(group.epic_boards, :count).by(1)
end
it 'returns correct response' do
list_boards
expect(response).to have_gitlab_http_status(:ok)
end
end
context 'with unauthorized user' do
let_it_be(:group) { private_group }
before do
sign_in(other_user)
end
it 'does not create a new board when group does not have one' do
expect { list_boards }.not_to change(group.epic_boards, :count)
end
it 'returns a not found 404 response' do
list_boards
......@@ -53,6 +85,18 @@ RSpec.describe Groups::EpicBoardsController do
describe 'GET show' do
let!(:board) { create(:epic_board, group: group) }
context 'with epics disabled' do
before do
stub_licensed_features(epics: false)
end
it 'returns a not found 404 response' do
read_board(board: board)
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'json request' do
it 'is not supported' do
read_board(board: board, format: :json)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment