Commit 99e01a0f authored by Jason Goodman's avatar Jason Goodman Committed by Shinya Maeda

Improve specs for feature flag issues controller

Improve permissions checks
parent 8e1be747
...@@ -7,7 +7,7 @@ module FeatureFlagIssues ...@@ -7,7 +7,7 @@ module FeatureFlagIssues
end end
def linkable_issuables(issues) def linkable_issuables(issues)
issues issues.select { |issue| can?(current_user, :read_issue, issue) }
end end
def relate_issuables(referenced_issue) def relate_issuables(referenced_issue)
......
...@@ -8,4 +8,4 @@ ...@@ -8,4 +8,4 @@
project_id: @project.id, project_id: @project.id,
feature_flags_path: project_feature_flags_path(@project), feature_flags_path: project_feature_flags_path(@project),
environments_endpoint: search_project_environments_path(@project, format: :json), environments_endpoint: search_project_environments_path(@project, format: :json),
feature_flag_issues_endpoint: Feature.enabled?(:feature_flags_issue_links, @project) ? project_feature_flag_issues_path(@project, @feature_flag) : ''} } feature_flag_issues_endpoint: Feature.enabled?(:feature_flags_issue_links, @project) && can?(current_user, :read_issue_link, @project) ? project_feature_flag_issues_path(@project, @feature_flag) : ''} }
...@@ -172,6 +172,16 @@ RSpec.describe Projects::FeatureFlagIssuesController do ...@@ -172,6 +172,16 @@ RSpec.describe Projects::FeatureFlagIssuesController do
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
end end
it 'returns not found when related issues feature is unavailable' do
stub_licensed_features(related_issues: false)
feature_flag, _issue = setup
sign_in(developer)
get_request(project, feature_flag)
expect(response).to have_gitlab_http_status(:not_found)
end
context 'when feature flags are unlicensed' do context 'when feature flags are unlicensed' do
before do before do
stub_licensed_features(feature_flags: false) stub_licensed_features(feature_flags: false)
...@@ -201,7 +211,7 @@ RSpec.describe Projects::FeatureFlagIssuesController do ...@@ -201,7 +211,7 @@ RSpec.describe Projects::FeatureFlagIssuesController do
namespace_id: project.namespace, namespace_id: project.namespace,
project_id: project, project_id: project,
feature_flag_iid: feature_flag, feature_flag_iid: feature_flag,
issuable_references: [issue.to_reference], issuable_references: [issue.to_reference(full: true)],
link_type: 'relates_to' link_type: 'relates_to'
} }
...@@ -241,6 +251,40 @@ RSpec.describe Projects::FeatureFlagIssuesController do ...@@ -241,6 +251,40 @@ RSpec.describe Projects::FeatureFlagIssuesController do
})) }))
end end
it 'creates a cross project link for a project in the same namespace' do
other_project = create(:project, namespace: project.namespace)
other_project.add_developer(developer)
feature_flag = create(:operations_feature_flag, project: project)
issue = create(:issue, project: other_project)
sign_in(developer)
post_request(project, feature_flag, issue)
expect(response).to have_gitlab_http_status(:ok)
expect(json_response).to match(a_hash_including({
'issuables' => [a_hash_including({
'id' => issue.id
})]
}))
end
it 'creates a cross project link for a project in another namespace' do
other_project = create(:project)
other_project.add_developer(developer)
feature_flag = create(:operations_feature_flag, project: project)
issue = create(:issue, project: other_project)
sign_in(developer)
post_request(project, feature_flag, issue)
expect(response).to have_gitlab_http_status(:ok)
expect(json_response).to match(a_hash_including({
'issuables' => [a_hash_including({
'id' => issue.id
})]
}))
end
it 'does not create a link for a reporter' do it 'does not create a link for a reporter' do
feature_flag, issue = setup feature_flag, issue = setup
sign_in(reporter) sign_in(reporter)
...@@ -248,18 +292,55 @@ RSpec.describe Projects::FeatureFlagIssuesController do ...@@ -248,18 +292,55 @@ RSpec.describe Projects::FeatureFlagIssuesController do
post_request(project, feature_flag, issue) post_request(project, feature_flag, issue)
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
expect(::FeatureFlagIssue.count).to eq(0)
end end
it 'does not create a cross project link' do it "does not create a cross project link when the user is not a member of the issue's project" do
other_project = create(:project) other_project = create(:project, namespace: project.namespace)
other_project.add_developer(developer)
feature_flag = create(:operations_feature_flag, project: project) feature_flag = create(:operations_feature_flag, project: project)
issue = create(:issue, project: other_project) issue = create(:issue, project: other_project, confidential: true)
sign_in(developer) sign_in(developer)
post_request(project, feature_flag, issue) post_request(project, feature_flag, issue)
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
expect(::FeatureFlagIssue.count).to eq(0)
end
it "does not create a cross project link when the user is a guest of the issue's project" do
other_project = create(:project, namespace: project.namespace)
other_project.add_guest(developer)
feature_flag = create(:operations_feature_flag, project: project)
issue = create(:issue, project: other_project, confidential: true)
sign_in(developer)
post_request(project, feature_flag, issue)
expect(response).to have_gitlab_http_status(:not_found)
expect(::FeatureFlagIssue.count).to eq(0)
end
it 'does not create a link when the user cannot read the issue' do
feature_flag, issue = setup
sign_in(developer)
allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?).with(developer, :read_issue, issue).and_return(false)
post_request(project, feature_flag, issue)
expect(response).to have_gitlab_http_status(:not_found)
expect(::FeatureFlagIssue.count).to eq(0)
end
it 'does not create a link when the related issues feature is unavailable' do
stub_licensed_features(related_issues: false)
feature_flag, issue = setup
sign_in(developer)
post_request(project, feature_flag, issue)
expect(response).to have_gitlab_http_status(:not_found)
expect(::FeatureFlagIssue.count).to eq(0)
end end
context 'when feature flags are unlicensed' do context 'when feature flags are unlicensed' do
...@@ -274,6 +355,7 @@ RSpec.describe Projects::FeatureFlagIssuesController do ...@@ -274,6 +355,7 @@ RSpec.describe Projects::FeatureFlagIssuesController do
post_request(project, feature_flag, issue) post_request(project, feature_flag, issue)
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
expect(::FeatureFlagIssue.count).to eq(0)
end end
end end
end end
...@@ -317,5 +399,16 @@ RSpec.describe Projects::FeatureFlagIssuesController do ...@@ -317,5 +399,16 @@ RSpec.describe Projects::FeatureFlagIssuesController do
expect(response).to have_gitlab_http_status(:not_found) expect(response).to have_gitlab_http_status(:not_found)
expect(feature_flag.reload.issues).to eq([issue]) expect(feature_flag.reload.issues).to eq([issue])
end end
it 'does not unlink the issue when the related issues feature is unavailable' do
stub_licensed_features(related_issues: false)
feature_flag, issue, link = setup
sign_in(developer)
delete_request(project, feature_flag, link)
expect(response).to have_gitlab_http_status(:not_found)
expect(feature_flag.reload.issues).to eq([issue])
end
end end
end end
...@@ -72,6 +72,19 @@ RSpec.describe 'Feature flag issue links', :js do ...@@ -72,6 +72,19 @@ RSpec.describe 'Feature flag issue links', :js do
expect(page).not_to have_selector '#related-issues' expect(page).not_to have_selector '#related-issues'
end end
end end
context 'when the related issues feature is unavailable' do
before do
stub_licensed_features(related_issues: false, feature_flags: true)
end
it 'does not show the related issues widget' do
visit(edit_project_feature_flag_path(project, feature_flag))
expect(page).to have_text 'Strategies'
expect(page).not_to have_selector '#related-issues'
end
end
end end
describe 'unlinking a feature flag from an issue' do describe 'unlinking a feature flag from an issue' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment