Use ability to check access to references for confidential issues

978ae222 · Douglas Barbosa Alexandre · 8b8cb00b · 978ae222 · 978ae222 · 978ae222
Commit 978ae222 authored Mar 15, 2016 by Douglas Barbosa Alexandre
9 changed files
--- a/lib/banzai/filter/issue_reference_filter.rb
+++ b/lib/banzai/filter/issue_reference_filter.rb
@@ -10,26 +10,8 @@ module Banzai
      end

      def self.user_can_see_reference?(user, node, context)
-        project = Project.find(node.attr('data-project')) rescue nil
-        return unless project
-
-        id = node.attr('data-issue')
-        issue = find_object(project, id)
-        return unless issue
-
-        if issue.is_a?(Issue) && issue.confidential?
-          Ability.abilities.allowed?(user, :read_issue, issue)
-        else
-          super
-        end
-      end
-
-      def self.find_object(project, id)
-        if project.default_issues_tracker?
-          project.issues.find_by(id: id)
-        else
-          ExternalIssue.new(id, project)
-        end
+        issue = Issue.find(node.attr('data-issue')) rescue nil
+        Ability.abilities.allowed?(user, :read_issue, issue)
      end

      def find_object(project, id)

--- a/spec/lib/banzai/filter/redactor_filter_spec.rb
+++ b/spec/lib/banzai/filter/redactor_filter_spec.rb
@@ -90,6 +90,17 @@ describe Banzai::Filter::RedactorFilter, lib: true do

        expect(doc.css('a').length).to eq 1
      end
+
+      it 'allows references for admin' do
+        admin = create(:admin)
+        project = create(:empty_project, :public)
+        issue = create(:issue, :confidential, project: project)
+
+        link = reference_link(project: project.id, issue: issue.id, reference_filter: 'IssueReferenceFilter')
+        doc = filter(link, current_user: admin)
+
+        expect(doc.css('a').length).to eq 1
+      end
    end

    it 'allows references for non confidential issues' do

--- a/spec/lib/gitlab/closing_issue_extractor_spec.rb
+++ b/spec/lib/gitlab/closing_issue_extractor_spec.rb
@@ -11,6 +11,7 @@ describe Gitlab::ClosingIssueExtractor, lib: true do
  subject { described_class.new(project, project.creator) }

  before do
+    project.team  << [project.creator, :developer]
    project2.team << [project.creator, :master]
  end


--- a/spec/lib/gitlab/reference_extractor_spec.rb
+++ b/spec/lib/gitlab/reference_extractor_spec.rb
@@ -2,6 +2,7 @@ require 'spec_helper'

 describe Gitlab::ReferenceExtractor, lib: true do
  let(:project) { create(:project) }
+
  subject { Gitlab::ReferenceExtractor.new(project, project.creator) }

  it 'accesses valid user objects' do
@@ -41,6 +42,7 @@ describe Gitlab::ReferenceExtractor, lib: true do
  end

  it 'accesses valid issue objects' do
+    project.team << [project.creator, :developer]
    @i0 = create(:issue, project: project)
    @i1 = create(:issue, project: project)


--- a/spec/models/commit_spec.rb
+++ b/spec/models/commit_spec.rb
@@ -86,10 +86,21 @@ eos
    let(:issue) { create :issue, project: project }
    let(:other_project) { create :project, :public }
    let(:other_issue) { create :issue, project: other_project }
+    let(:commiter) { create :user }
+
+    before do
+      project.team << [commiter, :developer]
+      other_project.team << [commiter, :developer]
+    end

    it 'detects issues that this commit is marked as closing' do
      ext_ref = "#{other_project.path_with_namespace}##{other_issue.iid}"
-      allow(commit).to receive(:safe_message).and_return("Fixes ##{issue.iid} and #{ext_ref}")
+
+      allow(commit).to receive_messages(
+        safe_message: "Fixes ##{issue.iid} and #{ext_ref}",
+        committer_email: commiter.email
+      )
+
      expect(commit.closes_issues).to include(issue)
      expect(commit.closes_issues).to include(other_issue)
    end

--- a/spec/models/concerns/mentionable_spec.rb
+++ b/spec/models/concerns/mentionable_spec.rb
@@ -48,7 +48,8 @@ describe Issue, "Mentionable" do

  describe '#create_new_cross_references!' do
    let(:project) { create(:project) }
-    let(:issues)  { create_list(:issue, 2, project: project) }
+    let(:author)  { create(:author) }
+    let(:issues)  { create_list(:issue, 2, project: project, author: author) }

    context 'before changes are persisted' do
      it 'ignores pre-existing references' do
@@ -91,7 +92,7 @@ describe Issue, "Mentionable" do
    end

    def create_issue(description:)
-      create(:issue, project: project, description: description)
+      create(:issue, project: project, description: description, author: author)
    end
  end
 end
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -150,6 +150,7 @@ describe MergeRequest, models: true do
    let(:commit2) { double('commit2', safe_message: "Fixes #{issue1.to_reference}") }

    before do
+      subject.project.team << [subject.author, :developer]
      allow(subject).to receive(:commits).and_return([commit0, commit1, commit2])
    end


--- a/spec/services/git_push_service_spec.rb
+++ b/spec/services/git_push_service_spec.rb
@@ -228,12 +228,16 @@ describe GitPushService, services: true do
    let(:commit) { project.commit }

    before do
+      project.team << [commit_author, :developer]
+      project.team << [user, :developer]
+
      allow(commit).to receive_messages(
        safe_message: "this commit \n mentions #{issue.to_reference}",
        references: [issue],
        author_name: commit_author.name,
        author_email: commit_author.email
      )
+
      allow(project.repository).to receive(:commits_between).and_return([commit])
    end


--- a/spec/support/mentionable_shared_examples.rb
+++ b/spec/support/mentionable_shared_examples.rb
@@ -52,6 +52,8 @@ shared_context 'mentionable context' do
    end

    set_mentionable_text.call(ref_string)
+
+    project.team << [author, :developer]
  end
 end