diff --git a/app/controllers/projects/autocomplete_sources_controller.rb b/app/controllers/projects/autocomplete_sources_controller.rb
index abf3b98a5d7e248b01d83a5848eb4b2b7eefbbcf..728349d40fd4a48548114effb2591c7f524c124b 100644
--- a/app/controllers/projects/autocomplete_sources_controller.rb
+++ b/app/controllers/projects/autocomplete_sources_controller.rb
@@ -69,7 +69,7 @@ def target
end
def authorize_read_crm_contact!
- render_404 unless can?(current_user, :read_crm_contact, project.root_ancestor)
+ render_404 unless can?(current_user, :read_crm_contact, project.crm_group)
end
end
diff --git a/spec/controllers/projects/autocomplete_sources_controller_spec.rb b/spec/controllers/projects/autocomplete_sources_controller_spec.rb
index b33169da6808e5931278d7ef549abb3e0f78ba96..ad4a6783bd8c9d98974df04f6be5401bd4652839 100644
--- a/spec/controllers/projects/autocomplete_sources_controller_spec.rb
+++ b/spec/controllers/projects/autocomplete_sources_controller_spec.rb
@@ -348,40 +348,51 @@ def members_by_username(username)
sign_in(user)
end
- context 'when feature flag is enabled' do
- context 'when a group has crm enabled' do
- context 'when a user can read contacts' do
- it 'lists contacts' do
- group.add_developer(user)
+ it 'lists contacts' do
+ group.add_developer(user)
- get :contacts, format: :json, params: { namespace_id: group.path, project_id: project.path, type: issue.class.name }
+ get :contacts, format: :json, params: { namespace_id: group.path, project_id: project.path, type: issue.class.name }
- emails = json_response.map { |contact_data| contact_data["email"] }
- expect(emails).to match_array([contact_1.email, contact_2.email])
- end
- end
+ emails = json_response.map { |contact_data| contact_data["email"] }
+ expect(emails).to match_array([contact_1.email, contact_2.email])
+ end
- context 'when a user can not read contacts' do
- it 'renders 404' do
- get :contacts, format: :json, params: { namespace_id: group.path, project_id: project.path, type: issue.class.name }
+ context 'with contacts outside of the root group' do
+ let!(:crm_group) { create(:group) }
+ let!(:crm_settings) { create(:crm_settings, group: group, source_group: crm_group) }
+ let!(:contact_1) { create(:contact, group: crm_group) }
+ let!(:contact_2) { create(:contact, group: crm_group) }
- expect(response).to have_gitlab_http_status(:not_found)
- end
- end
+ it 'lists contacts' do
+ project.add_developer(user)
+ crm_group.add_developer(user)
+
+ get :contacts, format: :json, params: { namespace_id: group.path, project_id: project.path, type: issue.class.name }
+
+ emails = json_response.map { |contact_data| contact_data["email"] }
+ expect(emails).to match_array([contact_1.email, contact_2.email])
end
+ end
- context 'when a group has crm disabled' do
- before do
- create(:crm_settings, group: group, enabled: false)
- end
+ context 'when a user can not read contacts' do
+ it 'renders 404' do
+ get :contacts, format: :json, params: { namespace_id: group.path, project_id: project.path, type: issue.class.name }
- it 'renders 404' do
- group.add_developer(user)
+ expect(response).to have_gitlab_http_status(:not_found)
+ end
+ end
+
+ context 'when a group has crm disabled' do
+ before do
+ create(:crm_settings, group: group, enabled: false)
+ end
- get :contacts, format: :json, params: { namespace_id: group.path, project_id: project.path, type: issue.class.name }
+ it 'renders 404' do
+ group.add_developer(user)
- expect(response).to have_gitlab_http_status(:not_found)
- end
+ get :contacts, format: :json, params: { namespace_id: group.path, project_id: project.path, type: issue.class.name }
+
+ expect(response).to have_gitlab_http_status(:not_found)
end
end
end