Fix evidences controller spec
requested to merge 259049-spec-controllers-projects-releases-evidences_controller_spec-rb-168-only-passes-on-retries into master
What does this MR do?
Fixes #259049 (closed)
Currently, we remove issues from the release evidence hash regardless of permissions.
But we don't allow users to download release evidence if they don't have access to issues. That's sounds like a bug to - #259674 (closed).
Anyway, currently specs are somewhere in the middle of our attempts to properly secure release evidence:
they take into account that there is some kind of difference between confidential/not confidential issues, which is not true.
So this MR just removes all these confidential cases and asserts only for:
- issues are newer shown in release evidence
- if users have no access to issues, then they can't download it
Screenshots
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Peter Leitzen