Fix TestCasesController permission inconsistency

d15fb4cc · Felipe Artur · 0d347294 · d15fb4cc · d15fb4cc
Commit d15fb4cc authored Mar 05, 2021 by Felipe Artur
2 changed files
--- a/ee/app/controllers/projects/quality/test_cases_controller.rb
+++ b/ee/app/controllers/projects/quality/test_cases_controller.rb
@@ -5,7 +5,7 @@ class Projects::Quality::TestCasesController < Projects::ApplicationController
  before_action :check_quality_management_available!
  before_action :authorize_read_issue!
-  before_action :authorize_create_issue!, only: [:new]
+  before_action :authorize_admin_issue!, only: [:new]
  feature_category :quality_management

--- a/ee/spec/controllers/projects/quality/test_cases_controller_spec.rb
+++ b/ee/spec/controllers/projects/quality/test_cases_controller_spec.rb
@@ -4,13 +4,14 @@ require 'spec_helper'
 RSpec.describe Projects::Quality::TestCasesController do
  let_it_be(:project) { create(:project) }
-  let_it_be(:user) { create(:user) }
+  let_it_be(:non_member) { create(:user) }
+  let_it_be(:guest) { create(:project_member, :guest, project: project).user }
+  let_it_be(:reporter) { create(:project_member, :reporter, project: project).user }
  shared_examples_for 'test case action' do |template|
    context 'with authorized user' do
      before do
-        project.add_developer(user)
+        sign_in(authorized_user)
-        sign_in(user)
      end
      context 'when feature is available' do
@@ -41,7 +42,7 @@ RSpec.describe Projects::Quality::TestCasesController do
    context 'with unauthorized user' do
      before do
-        sign_in(user)
+        sign_in(unauthorized_user)
      end
      context 'when feature is available' do
@@ -69,18 +70,26 @@ RSpec.describe Projects::Quality::TestCasesController do
  describe 'GET' do
    describe '#index' do
+      let_it_be(:authorized_user) { guest }
+      let_it_be(:unauthorized_user) { non_member }
      subject { get :index, params: { namespace_id: project.namespace, project_id: project } }
      it_behaves_like 'test case action', :index
    end
    describe '#new' do
+      let_it_be(:authorized_user) { reporter }
+      let_it_be(:unauthorized_user) { guest }
      subject { get :new, params: { namespace_id: project.namespace, project_id: project } }
      it_behaves_like 'test case action', :new
    end
    describe '#show' do
+      let_it_be(:authorized_user) { guest }
+      let_it_be(:unauthorized_user) { non_member }
      let_it_be(:test_case) { create(:quality_test_case, project: project) }
      subject { get :show, params: { namespace_id: project.namespace, project_id: project, id: test_case } }
@@ -90,8 +99,7 @@ RSpec.describe Projects::Quality::TestCasesController do
      context 'when feature is enabled and user has access' do
        before do
          stub_licensed_features(quality_management: true)
-          project.add_developer(user)
+          sign_in(authorized_user)
-          sign_in(user)
        end
        it 'assigns test case related variables' do