Commit 914364a1 authored by Dmytro Zaporozhets's avatar Dmytro Zaporozhets

Merge branch '32882-render-special-references-for-releases' into 'master'

Render special references for release entities

See merge request gitlab-org/gitlab!26554
parents 3e598ef9 db0315d1
---
title: Render special references for releases
merge_request: 26554
author:
type: fixed
......@@ -11,7 +11,7 @@ module API
expose :tag, as: :tag_name, if: ->(_, _) { can_download_code? }
expose :description
expose :description_html do |entity|
MarkupHelper.markdown_field(entity, :description)
MarkupHelper.markdown_field(entity, :description, current_user: options[:current_user])
end
expose :created_at
expose :released_at
......
......@@ -4,13 +4,14 @@ require 'spec_helper'
describe API::Entities::Release do
let_it_be(:project) { create(:project) }
let_it_be(:release) { create(:release, :with_evidence, project: project) }
let(:user) { create(:user) }
let_it_be(:user) { create(:user) }
let(:entity) { described_class.new(release, current_user: user) }
describe 'evidence' do
let(:release) { create(:release, :with_evidence, project: project) }
subject { entity.as_json }
describe 'evidence' do
context 'when the current user can download code' do
it 'exposes the evidence sha and the json path' do
allow(Ability).to receive(:allowed?).and_call_original
......@@ -37,4 +38,27 @@ describe API::Entities::Release do
end
end
end
describe 'description_html' do
let(:issue) { create(:issue, :confidential, project: project) }
let(:issue_path) { Gitlab::Routing.url_helpers.project_issue_path(project, issue) }
let(:issue_title) { 'title="%s"' % issue.title }
let(:release) { create(:release, project: project, description: "Now shipping #{issue.to_reference}") }
subject(:description_html) { entity.as_json[:description_html] }
it 'renders special references if current user has access' do
project.add_reporter(user)
expect(description_html).to include(issue_path)
expect(description_html).to include(issue_title)
end
it 'does not render special references if current user has no access' do
project.add_guest(user)
expect(description_html).not_to include(issue_path)
expect(description_html).not_to include(issue_title)
end
end
end
......@@ -233,31 +233,6 @@ describe API::Releases do
.to match_array(release.sources.map(&:url))
end
context "when release description contains confidential issue's link" do
let(:confidential_issue) do
create(:issue,
:confidential,
project: project,
title: 'A vulnerability')
end
let!(:release) do
create(:release,
project: project,
tag: 'v0.1',
sha: commit.id,
author: maintainer,
description: "This is confidential #{confidential_issue.to_reference}")
end
it "does not expose confidential issue's title" do
get api("/projects/#{project.id}/releases/v0.1", maintainer)
expect(json_response['description_html']).to include(confidential_issue.to_reference)
expect(json_response['description_html']).not_to include('A vulnerability')
end
end
context 'when release has link asset' do
let!(:link) do
create(:release_link,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment