2019-10-12 21:52:04 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2015-12-23 02:04:40 +05:30
|
|
|
require 'spec_helper'
|
|
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
RSpec.describe Banzai::Filter::ReferenceRedactorFilter do
|
2015-12-23 02:04:40 +05:30
|
|
|
include ActionView::Helpers::UrlHelper
|
|
|
|
|
include FilterSpecHelper
|
|
|
|
|
|
|
|
|
|
it 'ignores non-GFM links' do
|
|
|
|
|
html = %(See <a href="https://google.com/">Google</a>)
|
2018-03-27 19:54:05 +05:30
|
|
|
doc = filter(html, current_user: build(:user))
|
2015-12-23 02:04:40 +05:30
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def reference_link(data)
|
|
|
|
|
link_to('text', '', class: 'gfm', data: data)
|
|
|
|
|
end
|
|
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
it 'skips when the skip_redaction flag is set' do
|
|
|
|
|
user = create(:user)
|
2017-09-10 17:25:29 +05:30
|
|
|
project = create(:project)
|
2017-08-17 22:00:37 +05:30
|
|
|
link = reference_link(project: project.id, reference_type: 'test')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2017-08-17 22:00:37 +05:30
|
|
|
doc = filter(link, current_user: user, skip_redaction: true)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
|
|
|
|
|
2015-12-23 02:04:40 +05:30
|
|
|
context 'with data-project' do
|
2016-06-16 23:09:34 +05:30
|
|
|
let(:parser_class) do
|
|
|
|
|
Class.new(Banzai::ReferenceParser::BaseParser) do
|
|
|
|
|
self.reference_type = :test
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
before do
|
2017-09-10 17:25:29 +05:30
|
|
|
allow(Banzai::ReferenceParser).to receive(:[])
|
|
|
|
|
.with('test')
|
|
|
|
|
.and_return(parser_class)
|
2016-06-16 23:09:34 +05:30
|
|
|
end
|
|
|
|
|
|
2016-11-24 13:41:30 +05:30
|
|
|
context 'valid projects' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
2020-01-01 13:55:28 +05:30
|
|
|
allow_next_instance_of(Banzai::ReferenceParser::BaseParser) do |instance|
|
|
|
|
|
allow(instance).to receive(:can_read_reference?).and_return(true)
|
|
|
|
|
end
|
2017-09-10 17:25:29 +05:30
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
|
2016-11-24 13:41:30 +05:30
|
|
|
it 'allows permitted Project references' do
|
|
|
|
|
user = create(:user)
|
2017-09-10 17:25:29 +05:30
|
|
|
project = create(:project)
|
2018-11-18 11:00:15 +05:30
|
|
|
project.add_maintainer(user)
|
2016-11-24 13:41:30 +05:30
|
|
|
link = reference_link(project: project.id, reference_type: 'test')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2016-11-24 13:41:30 +05:30
|
|
|
doc = filter(link, current_user: user)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
|
|
|
|
|
2016-11-24 13:41:30 +05:30
|
|
|
context 'invalid projects' do
|
2017-09-10 17:25:29 +05:30
|
|
|
before do
|
2020-01-01 13:55:28 +05:30
|
|
|
allow_next_instance_of(Banzai::ReferenceParser::BaseParser) do |instance|
|
|
|
|
|
allow(instance).to receive(:can_read_reference?).and_return(false)
|
|
|
|
|
end
|
2017-09-10 17:25:29 +05:30
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
|
2016-11-24 13:41:30 +05:30
|
|
|
it 'removes unpermitted references' do
|
|
|
|
|
user = create(:user)
|
2017-09-10 17:25:29 +05:30
|
|
|
project = create(:project)
|
2016-11-24 13:41:30 +05:30
|
|
|
link = reference_link(project: project.id, reference_type: 'test')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2016-11-24 13:41:30 +05:30
|
|
|
doc = filter(link, current_user: user)
|
2015-12-23 02:04:40 +05:30
|
|
|
|
2016-11-24 13:41:30 +05:30
|
|
|
expect(doc.css('a').length).to eq 0
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'handles invalid references' do
|
2020-04-22 19:07:51 +05:30
|
|
|
link = reference_link(project: non_existing_record_id, reference_type: 'test')
|
2015-12-23 02:04:40 +05:30
|
|
|
|
2016-11-24 13:41:30 +05:30
|
|
|
expect { filter(link) }.not_to raise_error
|
|
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
context 'with data-issue' do
|
|
|
|
|
context 'for confidential issues' do
|
|
|
|
|
it 'removes references for non project members' do
|
|
|
|
|
non_member = create(:user)
|
2017-09-10 17:25:29 +05:30
|
|
|
project = create(:project, :public)
|
2016-06-02 11:05:42 +05:30
|
|
|
issue = create(:issue, :confidential, project: project)
|
2016-06-16 23:09:34 +05:30
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
doc = filter(link, current_user: non_member)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 0
|
|
|
|
|
end
|
|
|
|
|
|
2016-06-16 23:09:34 +05:30
|
|
|
it 'removes references for project members with guest role' do
|
|
|
|
|
member = create(:user)
|
2017-09-10 17:25:29 +05:30
|
|
|
project = create(:project, :public)
|
2018-03-17 18:26:18 +05:30
|
|
|
project.add_guest(member)
|
2016-06-16 23:09:34 +05:30
|
|
|
issue = create(:issue, :confidential, project: project)
|
|
|
|
|
|
|
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
|
|
|
|
doc = filter(link, current_user: member)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 0
|
|
|
|
|
end
|
|
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
it 'allows references for author' do
|
|
|
|
|
author = create(:user)
|
2017-09-10 17:25:29 +05:30
|
|
|
project = create(:project, :public)
|
2016-06-02 11:05:42 +05:30
|
|
|
issue = create(:issue, :confidential, project: project, author: author)
|
|
|
|
|
|
2016-06-16 23:09:34 +05:30
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2016-06-02 11:05:42 +05:30
|
|
|
doc = filter(link, current_user: author)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'allows references for assignee' do
|
|
|
|
|
assignee = create(:user)
|
2017-09-10 17:25:29 +05:30
|
|
|
project = create(:project, :public)
|
2017-08-17 22:00:37 +05:30
|
|
|
issue = create(:issue, :confidential, project: project, assignees: [assignee])
|
2016-06-16 23:09:34 +05:30
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
doc = filter(link, current_user: assignee)
|
2015-12-23 02:04:40 +05:30
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'allows references for project members' do
|
|
|
|
|
member = create(:user)
|
2017-09-10 17:25:29 +05:30
|
|
|
project = create(:project, :public)
|
2018-03-17 18:26:18 +05:30
|
|
|
project.add_developer(member)
|
2016-06-02 11:05:42 +05:30
|
|
|
issue = create(:issue, :confidential, project: project)
|
2016-06-16 23:09:34 +05:30
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
doc = filter(link, current_user: member)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'allows references for admin' do
|
|
|
|
|
admin = create(:admin)
|
2017-09-10 17:25:29 +05:30
|
|
|
project = create(:project, :public)
|
2016-06-02 11:05:42 +05:30
|
|
|
issue = create(:issue, :confidential, project: project)
|
2016-06-16 23:09:34 +05:30
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
doc = filter(link, current_user: admin)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
2020-03-28 13:19:24 +05:30
|
|
|
|
|
|
|
|
context "when a confidential issue is moved from a public project to a private one" do
|
|
|
|
|
let(:public_project) { create(:project, :public) }
|
|
|
|
|
let(:private_project) { create(:project, :private) }
|
|
|
|
|
|
|
|
|
|
it 'removes references for author' do
|
|
|
|
|
author = create(:user)
|
|
|
|
|
issue = create(:issue, :confidential, project: public_project, author: author)
|
|
|
|
|
issue.update!(project: private_project) # move issue to private project
|
|
|
|
|
link = reference_link(project: private_project.id, issue: issue.id, reference_type: 'issue')
|
|
|
|
|
|
|
|
|
|
doc = filter(link, current_user: author)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 0
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'removes references for assignee' do
|
|
|
|
|
assignee = create(:user)
|
|
|
|
|
issue = create(:issue, :confidential, project: public_project, assignees: [assignee])
|
|
|
|
|
issue.update!(project: private_project) # move issue to private project
|
|
|
|
|
link = reference_link(project: private_project.id, issue: issue.id, reference_type: 'issue')
|
|
|
|
|
|
|
|
|
|
doc = filter(link, current_user: assignee)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 0
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'allows references for project members' do
|
|
|
|
|
member = create(:user)
|
|
|
|
|
project = create(:project, :public)
|
|
|
|
|
project_2 = create(:project, :private)
|
|
|
|
|
project.add_developer(member)
|
|
|
|
|
project_2.add_developer(member)
|
|
|
|
|
issue = create(:issue, :confidential, project: project)
|
|
|
|
|
issue.update!(project: project_2) # move issue to private project
|
|
|
|
|
link = reference_link(project: project_2.id, issue: issue.id, reference_type: 'issue')
|
|
|
|
|
|
|
|
|
|
doc = filter(link, current_user: member)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
|
|
|
|
end
|
2016-06-02 11:05:42 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'allows references for non confidential issues' do
|
|
|
|
|
user = create(:user)
|
2017-09-10 17:25:29 +05:30
|
|
|
project = create(:project, :public)
|
2016-06-02 11:05:42 +05:30
|
|
|
issue = create(:issue, project: project)
|
2016-06-16 23:09:34 +05:30
|
|
|
link = reference_link(project: project.id, issue: issue.id, reference_type: 'issue')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2016-06-02 11:05:42 +05:30
|
|
|
doc = filter(link, current_user: user)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context "for user references" do
|
2015-12-23 02:04:40 +05:30
|
|
|
context 'with data-group' do
|
|
|
|
|
it 'removes unpermitted Group references' do
|
|
|
|
|
user = create(:user)
|
2016-06-02 11:05:42 +05:30
|
|
|
group = create(:group, :private)
|
2016-06-16 23:09:34 +05:30
|
|
|
link = reference_link(group: group.id, reference_type: 'user')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2015-12-23 02:04:40 +05:30
|
|
|
doc = filter(link, current_user: user)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 0
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'allows permitted Group references' do
|
|
|
|
|
user = create(:user)
|
2016-06-02 11:05:42 +05:30
|
|
|
group = create(:group, :private)
|
2015-12-23 02:04:40 +05:30
|
|
|
group.add_developer(user)
|
2016-06-16 23:09:34 +05:30
|
|
|
link = reference_link(group: group.id, reference_type: 'user')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2015-12-23 02:04:40 +05:30
|
|
|
doc = filter(link, current_user: user)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'handles invalid Group references' do
|
2016-06-16 23:09:34 +05:30
|
|
|
link = reference_link(group: 12345, reference_type: 'user')
|
2015-12-23 02:04:40 +05:30
|
|
|
|
|
|
|
|
expect { filter(link) }.not_to raise_error
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'with data-user' do
|
|
|
|
|
it 'allows any User reference' do
|
|
|
|
|
user = create(:user)
|
2016-06-16 23:09:34 +05:30
|
|
|
link = reference_link(user: user.id, reference_type: 'user')
|
2020-03-28 13:19:24 +05:30
|
|
|
|
2015-12-23 02:04:40 +05:30
|
|
|
doc = filter(link)
|
|
|
|
|
|
|
|
|
|
expect(doc.css('a').length).to eq 1
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
