Don't treat anonymous users as owners when group has pending invites

The `members` table can have entries where `user_id: nil`, because people can invite group members by email. We never want to include those as members, because it might cause confusion with the anonymous (logged out) user.

Don't treat anonymous users as owners when group has pending invites
The `members` table can have entries where `user_id: nil`, because people can invite group members by email. We never want to include those as members, because it might cause confusion with the anonymous (logged out) user.
fde9528d · Sean McGivern · Valery Sizov · f248fc3d · fde9528d
Commit fde9528d authored Jul 24, 2017 by Sean McGivern Committed by Valery Sizov Jul 25, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

spec/policies/project_policy_spec.rb spec/policies/project_policy_spec.rb +1 -1

No files found.
--- a/spec/policies/project_policy_spec.rb
+++ b/spec/policies/project_policy_spec.rb
@@ -142,7 +142,7 @@ describe ProjectPolicy, models: true do
  context 'when a project has pending invites, and the current user is anonymous' do
    let(:group) { create(:group, :public) }
    let(:project) { create(:empty_project, :public, namespace: group) }
-    let(:user_permissions) { [:create_project, :create_issue, :create_note, :upload_file] }
+    let(:user_permissions) { [:read_issue_link, :create_project, :create_issue, :create_note, :upload_file] }
    let(:anonymous_permissions) { guest_permissions - user_permissions }

    subject { described_class.new(nil, project) }