From 3950399a3e36d0e083f4d6fa13e7da30c73a08ad Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Mar 16 2015 12:14:40 +0000
Subject: Add unit-tests for the ACL check when an issue is private


---

diff --git a/tests/test_progit_flask_ui_issues.py b/tests/test_progit_flask_ui_issues.py
index fc844b7..fcff5e2 100644
--- a/tests/test_progit_flask_ui_issues.py
+++ b/tests/test_progit_flask_ui_issues.py
@@ -232,6 +232,37 @@ class ProgitFlaskIssuestests(tests.Modeltests):
             csrf_token = output.data.split(
                 'name="csrf_token" type="hidden" value="')[1].split('">')[0]
 
+        # Create private issue
+        repo = progit.lib.get_project(self.session, 'test')
+        msg = progit.lib.new_issue(
+            session=self.session,
+            repo=repo,
+            title='Test issue',
+            content='We should work on this',
+            user='pingou',
+            ticketfolder=None,
+            private=True,
+        )
+        self.session.commit()
+        self.assertEqual(msg, 'Issue created')
+
+        # Not logged in
+        output = self.app.get('/test/issue/2')
+        self.assertEqual(output.status_code, 403)
+
+        # Wrong user
+        user = tests.FakeUser()
+        with tests.user_set(progit.APP, user):
+            output = self.app.get('/test/issue/2')
+            self.assertEqual(output.status_code, 403)
+
+        # reporter
+        user.username = 'pingou'
+        with tests.user_set(progit.APP, user):
+            output = self.app.get('/test/issue/2')
+            self.assertEqual(output.status_code, 200)
+            self.assertTrue('<p>test project #1</p>' in output.data)
+
         # Project w/o issue tracker
         repo = progit.lib.get_project(self.session, 'test')
         repo.issue_tracker = False
@@ -436,6 +467,27 @@ class ProgitFlaskIssuestests(tests.Modeltests):
                 '<option selected value="Open">Open</option>'
                 in output.data)
 
+        # Create private issue
+        repo = progit.lib.get_project(self.session, 'test')
+        msg = progit.lib.new_issue(
+            session=self.session,
+            repo=repo,
+            title='Test issue',
+            content='We should work on this',
+            user='pingou',
+            ticketfolder=None,
+            private=True,
+        )
+        self.session.commit()
+        self.assertEqual(msg, 'Issue created')
+
+        # Wrong user
+        user = tests.FakeUser()
+        with tests.user_set(progit.APP, user):
+            output = self.app.post(
+                '/test/issue/3/update', data=data, follow_redirects=True)
+            self.assertEqual(output.status_code, 403)
+
         # Project w/o issue tracker
         repo = progit.lib.get_project(self.session, 'test')
         repo.issue_tracker = False