Commit c9577711 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Handle issue move access instead of raising error

Closes #15533
parent b8f28628
...@@ -96,6 +96,8 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -96,6 +96,8 @@ class Projects::IssuesController < Projects::ApplicationController
if params[:move_to_project_id].to_i > 0 if params[:move_to_project_id].to_i > 0
new_project = Project.find(params[:move_to_project_id]) new_project = Project.find(params[:move_to_project_id])
return render_404 unless issue.can_move?(current_user, new_project)
move_service = Issues::MoveService.new(project, current_user) move_service = Issues::MoveService.new(project, current_user)
@issue = move_service.execute(@issue, new_project) @issue = move_service.execute(@issue, new_project)
end end
......
...@@ -40,6 +40,45 @@ describe Projects::IssuesController do ...@@ -40,6 +40,45 @@ describe Projects::IssuesController do
end end
end end
describe 'PUT #update' do
context 'when moving issue to another private project' do
let(:another_project) { create(:project, :private) }
before do
sign_in(user)
project.team << [user, :developer]
end
context 'when user has access to move issue' do
before { another_project.team << [user, :reporter] }
it 'moves issue to another project' do
move_issue
expect(response).to have_http_status :found
expect(another_project.issues).to_not be_empty
end
end
context 'when user does not have access to move issue' do
it 'responds with 404' do
move_issue
expect(response).to have_http_status :not_found
end
end
def move_issue
put :update,
namespace_id: project.namespace.to_param,
project_id: project.to_param,
id: issue.iid,
issue: { title: 'New title' },
move_to_project_id: another_project.id
end
end
end
describe 'Confidential Issues' do describe 'Confidential Issues' do
let(:project) { create(:project_empty_repo, :public) } let(:project) { create(:project_empty_repo, :public) }
let(:assignee) { create(:assignee) } let(:assignee) { create(:assignee) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment