Commit 73926ac0 authored by Can Eldem's avatar Can Eldem Committed by James Lopez

Check current user is nil when serialising

parent bcb605fa
...@@ -57,14 +57,18 @@ class Vulnerabilities::FeedbackEntity < Grape::Entity ...@@ -57,14 +57,18 @@ class Vulnerabilities::FeedbackEntity < Grape::Entity
end end
def can_destroy_feedback? def can_destroy_feedback?
can?(request.current_user, :destroy_vulnerability_feedback, feedback) can?(current_user, :destroy_vulnerability_feedback, feedback)
end end
def can_read_issue? def can_read_issue?
feedback.issue.present? && can?(request.current_user, :read_issue, feedback.issue) feedback.issue.present? && can?(current_user, :read_issue, feedback.issue)
end end
def can_read_merge_request? def can_read_merge_request?
feedback.merge_request.present? && can?(request.current_user, :read_merge_request, feedback.merge_request) feedback.merge_request.present? && can?(current_user, :read_merge_request, feedback.merge_request)
end
def current_user
return request.current_user if request.respond_to?(:current_user)
end end
end end
...@@ -44,6 +44,23 @@ describe Vulnerabilities::FeedbackEntity do ...@@ -44,6 +44,23 @@ describe Vulnerabilities::FeedbackEntity do
end end
end end
context 'when there is no current user' do
let(:entity) { described_class.represent(feedback, request: request) }
before do
allow(request).to receive(:current_user).and_return(nil)
allow(feedback).to receive(:author).and_return(nil)
end
subject { entity.as_json }
it 'does not include fields related to current user' do
is_expected.not_to include(:issue_url)
is_expected.not_to include(:destroy_vulnerability_feedback_dismissal_path)
is_expected.not_to include(:merge_request_path)
end
end
context 'when issue is not present' do context 'when issue is not present' do
let(:feedback) { build(:vulnerability_feedback, feedback_type: :issue, project: project, issue: nil) } let(:feedback) { build(:vulnerability_feedback, feedback_type: :issue, project: project, issue: nil) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment