BigW Consortium Gitlab

search_results_spec.rb 6.52 KB
Newer Older
1 2 3
require 'spec_helper'

describe Gitlab::SearchResults do
4
  let(:user) { create(:user) }
5
  let!(:project) { create(:project, name: 'foo') }
6 7 8 9 10 11 12
  let!(:issue) { create(:issue, project: project, title: 'foo') }

  let!(:merge_request) do
    create(:merge_request, source_project: project, title: 'foo')
  end

  let!(:milestone) { create(:milestone, project: project, title: 'foo') }
13
  let(:results) { described_class.new(user, Project.all, 'foo') }
14

15 16 17
  context 'as a user with access' do
    before do
      project.team << [user, :developer]
18 19
    end

20 21 22 23
    describe '#projects_count' do
      it 'returns the total amount of projects' do
        expect(results.projects_count).to eq(1)
      end
24 25
    end

26 27 28 29 30 31 32 33 34 35
    describe '#issues_count' do
      it 'returns the total amount of issues' do
        expect(results.issues_count).to eq(1)
      end
    end

    describe '#merge_requests_count' do
      it 'returns the total amount of merge requests' do
        expect(results.merge_requests_count).to eq(1)
      end
36 37
    end

38 39 40 41
    describe '#milestones_count' do
      it 'returns the total amount of milestones' do
        expect(results.milestones_count).to eq(1)
      end
42
    end
43 44

    it 'includes merge requests from source and target projects' do
45
      forked_project = create(:project, forked_from_project: project)
46 47 48 49 50 51
      merge_request_2 = create(:merge_request, target_project: project, source_project: forked_project, title: 'foo')

      results = described_class.new(user, Project.where(id: forked_project.id), 'foo')

      expect(results.objects('merge_requests')).to include merge_request_2
    end
52 53
  end

54
  it 'does not list issues on private projects' do
55
    private_project = create(:project, :private)
56 57 58 59 60
    issue = create(:issue, project: private_project, title: 'foo')

    expect(results.objects('issues')).not_to include issue
  end

61
  describe 'confidential issues' do
62 63 64 65
    let(:project_1) { create(:project, :internal) }
    let(:project_2) { create(:project, :internal) }
    let(:project_3) { create(:project, :internal) }
    let(:project_4) { create(:project, :internal) }
66 67 68 69 70 71 72 73 74
    let(:query) { 'issue' }
    let(:limit_projects) { Project.where(id: [project_1.id, project_2.id, project_3.id]) }
    let(:author) { create(:user) }
    let(:assignee) { create(:user) }
    let(:non_member) { create(:user) }
    let(:member) { create(:user) }
    let(:admin) { create(:admin) }
    let!(:issue) { create(:issue, project: project_1, title: 'Issue 1') }
    let!(:security_issue_1) { create(:issue, :confidential, project: project_1, title: 'Security issue 1', author: author) }
75
    let!(:security_issue_2) { create(:issue, :confidential, title: 'Security issue 2', project: project_1, assignees: [assignee]) }
76
    let!(:security_issue_3) { create(:issue, :confidential, project: project_2, title: 'Security issue 3', author: author) }
77
    let!(:security_issue_4) { create(:issue, :confidential, project: project_3, title: 'Security issue 4', assignees: [assignee]) }
78 79
    let!(:security_issue_5) { create(:issue, :confidential, project: project_4, title: 'Security issue 5') }

80
    it 'does not list confidential issues for non project members' do
81 82 83 84 85 86 87 88 89 90 91 92
      results = described_class.new(non_member, limit_projects, query)
      issues = results.objects('issues')

      expect(issues).to include issue
      expect(issues).not_to include security_issue_1
      expect(issues).not_to include security_issue_2
      expect(issues).not_to include security_issue_3
      expect(issues).not_to include security_issue_4
      expect(issues).not_to include security_issue_5
      expect(results.issues_count).to eq 1
    end

93
    it 'does not list confidential issues for project members with guest role' do
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108
      project_1.team << [member, :guest]
      project_2.team << [member, :guest]

      results = described_class.new(member, limit_projects, query)
      issues = results.objects('issues')

      expect(issues).to include issue
      expect(issues).not_to include security_issue_1
      expect(issues).not_to include security_issue_2
      expect(issues).not_to include security_issue_3
      expect(issues).not_to include security_issue_4
      expect(issues).not_to include security_issue_5
      expect(results.issues_count).to eq 1
    end

109
    it 'lists confidential issues for author' do
110 111 112 113 114 115 116 117 118 119 120 121
      results = described_class.new(author, limit_projects, query)
      issues = results.objects('issues')

      expect(issues).to include issue
      expect(issues).to include security_issue_1
      expect(issues).not_to include security_issue_2
      expect(issues).to include security_issue_3
      expect(issues).not_to include security_issue_4
      expect(issues).not_to include security_issue_5
      expect(results.issues_count).to eq 3
    end

122
    it 'lists confidential issues for assignee' do
123 124 125 126 127 128 129 130 131 132 133 134
      results = described_class.new(assignee, limit_projects, query)
      issues = results.objects('issues')

      expect(issues).to include issue
      expect(issues).not_to include security_issue_1
      expect(issues).to include security_issue_2
      expect(issues).not_to include security_issue_3
      expect(issues).to include security_issue_4
      expect(issues).not_to include security_issue_5
      expect(results.issues_count).to eq 3
    end

135
    it 'lists confidential issues for project members' do
136 137 138 139 140 141 142 143 144 145 146 147 148 149 150
      project_1.team << [member, :developer]
      project_2.team << [member, :developer]

      results = described_class.new(member, limit_projects, query)
      issues = results.objects('issues')

      expect(issues).to include issue
      expect(issues).to include security_issue_1
      expect(issues).to include security_issue_2
      expect(issues).to include security_issue_3
      expect(issues).not_to include security_issue_4
      expect(issues).not_to include security_issue_5
      expect(results.issues_count).to eq 4
    end

151
    it 'lists all issues for admin' do
152 153 154 155 156 157 158 159 160 161 162 163
      results = described_class.new(admin, limit_projects, query)
      issues = results.objects('issues')

      expect(issues).to include issue
      expect(issues).to include security_issue_1
      expect(issues).to include security_issue_2
      expect(issues).to include security_issue_3
      expect(issues).to include security_issue_4
      expect(issues).not_to include security_issue_5
      expect(results.issues_count).to eq 5
    end
  end
164 165 166 167 168 169 170

  it 'does not list merge requests on projects with limited access' do
    project.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
    project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE)

    expect(results.objects('merge_requests')).not_to include merge_request
  end
171
end