Merge branch...

Merge branch '34222-new-private-group-name-visible-to-users-if-request-access-is-enabled' into 'master'

Hide private group name when access request is denied

See merge request gitlab-org/gitlab!72708

app/mailers/emails/members.rb

@@ -43,9 +43,13 @@ module Emails
 
       user = User.find(user_id)
 
+      @source_hidden = !member_source.readable_by?(user)
+
+      human_name = @source_hidden ? 'Hidden' : member_source.human_name
+
       member_email_with_layout(
         to: user.notification_email_for(notification_group),
-        subject: subject("Access to the #{member_source.human_name} #{member_source.model_name.singular} was denied"))
+        subject: subject("Access to the #{human_name} #{member_source.model_name.singular} was denied"))
     end
 
     def member_invited_email(member_source_type, member_id, token)

app/views/notify/member_access_denied_email.html.haml

@@ -2,6 +2,11 @@
   %td.text-content
     %p
       Your request to join the
-      #{link_to member_source.human_name, member_source.web_url, class: :highlight} #{member_source.model_name.singular}
-      has been #{content_tag :span, 'denied', class: :highlight}.
+
+      - if @source_hidden
+        #{content_tag :span, 'Hidden', class: :highlight}
+      - else
+        #{link_to member_source.human_name, member_source.web_url, class: :highlight}
+
+      #{member_source.model_name.singular} has been #{content_tag :span, 'denied', class: :highlight}.
 

spec/mailers/notify_spec.rb

@@ -721,11 +721,8 @@ RSpec.describe Notify do
     end
 
     describe 'project access denied' do
-      let(:project) { create(:project, :public) }
-      let(:project_member) do
-        project.request_access(user)
-        project.requesters.find_by(user_id: user.id)
-      end
+      let_it_be(:project) { create(:project, :public) }
+      let_it_be(:project_member) { create(:project_member, :developer, :access_request, user: user, source: project) }
 
       subject { described_class.member_access_denied_email('project', project.id, user.id) }
 
@@ -740,6 +737,17 @@ RSpec.describe Notify do
         is_expected.to have_body_text project.full_name
         is_expected.to have_body_text project.web_url
       end
+
+      context 'when user can not read project' do
+        let_it_be(:project) { create(:project, :private) }
+
+        it 'hides project name from subject and body' do
+          is_expected.to have_subject "Access to the Hidden project was denied"
+          is_expected.to have_body_text "Hidden project"
+          is_expected.not_to have_body_text project.full_name
+          is_expected.not_to have_body_text project.web_url
+        end
+      end
     end
 
     describe 'project access changed' do
@@ -1375,10 +1383,8 @@ RSpec.describe Notify do
     end
 
     describe 'group access denied' do
-      let(:group_member) do
-        group.request_access(user)
-        group.requesters.find_by(user_id: user.id)
-      end
+      let_it_be(:group) { create(:group, :public) }
+      let_it_be(:group_member) { create(:group_member, :developer, :access_request, user: user, source: group) }
 
       let(:recipient) { user }
 
@@ -1396,6 +1402,17 @@ RSpec.describe Notify do
         is_expected.to have_body_text group.name
         is_expected.to have_body_text group.web_url
       end
+
+      context 'when user can not read group' do
+        let_it_be(:group) { create(:group, :private) }
+
+        it 'hides group name from subject and body' do
+          is_expected.to have_subject "Access to the Hidden group was denied"
+          is_expected.to have_body_text "Hidden group"
+          is_expected.not_to have_body_text group.name
+          is_expected.not_to have_body_text group.web_url
+        end
+      end
     end
 
     describe 'group access changed' do