GraphQL mutations for add, remove and toggle emoji62826-graphql-emoji-mutations

Adding new `AddAwardEmoji`, `RemoveAwardEmoji` and `ToggleAwardEmoji`
GraphQL mutations.

Adding new `#authorized_find_with_pre_checks!` and (unused, but for
completeness `#authorized_find_with_post_checks!`) authorization
methods. These allow us to perform an authorized find, and run our own
additional checks before or after the authorization runs.

https://gitlab.com/gitlab-org/gitlab-ce/issues/62826

3 files changed, 322 insertions, 0 deletions

diff --git a/spec/requests/api/graphql/mutations/award_emojis/add_spec.rb b/spec/requests/api/graphql/mutations/award_emojis/add_spec.rb
new file mode 100644
index 00000000000..3982125a38a
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/award_emojis/add_spec.rb
@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Adding an AwardEmoji' do
+  include GraphqlHelpers
+
+  let(:current_user) { create(:user) }
+  let(:awardable) { create(:note) }
+  let(:project) { awardable.project }
+  let(:emoji_name) { 'thumbsup' }
+  let(:mutation) do
+    variables = {
+      awardable_id: GitlabSchema.id_from_object(awardable).to_s,
+      name: emoji_name
+    }
+
+    graphql_mutation(:add_award_emoji, variables)
+  end
+
+  def mutation_response
+    graphql_mutation_response(:add_award_emoji)
+  end
+
+  shared_examples 'a mutation that does not create an AwardEmoji' do
+    it do
+      expect do
+        post_graphql_mutation(mutation, current_user: current_user)
+      end.not_to change { AwardEmoji.count }
+    end
+  end
+
+  context 'when the user does not have permission' do
+    it_behaves_like 'a mutation that does not create an AwardEmoji'
+
+    it_behaves_like 'a mutation that returns top-level errors',
+                    errors: ['The resource that you are attempting to access does not exist or you don\'t have permission to perform this action']
+  end
+
+  context 'when the user has permission' do
+    before do
+      project.add_developer(current_user)
+    end
+
+    context 'when the given awardable is not an Awardable' do
+      let(:awardable) { create(:label) }
+
+      it_behaves_like 'a mutation that does not create an AwardEmoji'
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: ['Cannot award emoji to this resource']
+    end
+
+    context 'when the given awardable is an Awardable but still cannot be awarded an emoji' do
+      let(:awardable) { create(:system_note) }
+
+      it_behaves_like 'a mutation that does not create an AwardEmoji'
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: ['Cannot award emoji to this resource']
+    end
+
+    context 'when the given awardable an Awardable' do
+      it 'creates an emoji' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.to change { AwardEmoji.count }.by(1)
+      end
+
+      it 'returns the emoji' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response['awardEmoji']['name']).to eq(emoji_name)
+      end
+
+      context 'when there were active record validation errors' do
+        before do
+          expect_next_instance_of(AwardEmoji) do |award|
+            expect(award).to receive(:valid?).at_least(:once).and_return(false)
+            expect(award).to receive_message_chain(
+              :errors,
+              :full_messages
+            ).and_return(['Error 1', 'Error 2'])
+          end
+        end
+
+        it_behaves_like 'a mutation that does not create an AwardEmoji'
+
+        it_behaves_like 'a mutation that returns errors in the response', errors: ['Error 1', 'Error 2']
+
+        it 'returns an empty awardEmoji' do
+          post_graphql_mutation(mutation, current_user: current_user)
+
+          expect(mutation_response).to have_key('awardEmoji')
+          expect(mutation_response['awardEmoji']).to be_nil
+        end
+      end
+    end
+  end
+end
diff --git a/spec/requests/api/graphql/mutations/award_emojis/remove_spec.rb b/spec/requests/api/graphql/mutations/award_emojis/remove_spec.rb
new file mode 100644
index 00000000000..c78f0c7ca27
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/award_emojis/remove_spec.rb
@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Removing an AwardEmoji' do
+  include GraphqlHelpers
+
+  let(:current_user) { create(:user) }
+  let(:awardable) { create(:note) }
+  let(:project) { awardable.project }
+  let(:emoji_name) { 'thumbsup' }
+  let(:input) { { awardable_id: GitlabSchema.id_from_object(awardable).to_s, name: emoji_name } }
+
+  let(:mutation) do
+    graphql_mutation(:remove_award_emoji, input)
+  end
+
+  def mutation_response
+    graphql_mutation_response(:remove_award_emoji)
+  end
+
+  def create_award_emoji(user)
+    create(:award_emoji, name: emoji_name, awardable: awardable, user: user )
+  end
+
+  shared_examples 'a mutation that does not destroy an AwardEmoji' do
+    it do
+      expect do
+        post_graphql_mutation(mutation, current_user: current_user)
+      end.not_to change { AwardEmoji.count }
+    end
+  end
+
+  shared_examples 'a mutation that does not authorize the user' do
+    it_behaves_like 'a mutation that does not destroy an AwardEmoji'
+
+    it_behaves_like 'a mutation that returns top-level errors',
+                    errors: ['The resource that you are attempting to access does not exist or you don\'t have permission to perform this action']
+  end
+
+  context 'when the current_user does not own the award emoji' do
+    let!(:award_emoji) { create_award_emoji(create(:user)) }
+
+    it_behaves_like 'a mutation that does not authorize the user'
+  end
+
+  context 'when the current_user owns the award emoji' do
+    let!(:award_emoji) { create_award_emoji(current_user) }
+
+    context 'when the given awardable is not an Awardable' do
+      let(:awardable) { create(:label) }
+
+      it_behaves_like 'a mutation that does not destroy an AwardEmoji'
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: ['Cannot award emoji to this resource']
+    end
+
+    context 'when the given awardable is an Awardable' do
+      it 'removes the emoji' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.to change { AwardEmoji.count }.by(-1)
+      end
+
+      it 'returns no errors' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(graphql_errors).to be_nil
+      end
+
+      it 'returns an empty awardEmoji' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response).to have_key('awardEmoji')
+        expect(mutation_response['awardEmoji']).to be_nil
+      end
+    end
+  end
+end
diff --git a/spec/requests/api/graphql/mutations/award_emojis/toggle_spec.rb b/spec/requests/api/graphql/mutations/award_emojis/toggle_spec.rb
new file mode 100644
index 00000000000..31145730f10
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/award_emojis/toggle_spec.rb
@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Toggling an AwardEmoji' do
+  include GraphqlHelpers
+
+  let(:current_user) { create(:user) }
+  let(:awardable) { create(:note) }
+  let(:project) { awardable.project }
+  let(:emoji_name) { 'thumbsup' }
+  let(:mutation) do
+    variables = {
+      awardable_id: GitlabSchema.id_from_object(awardable).to_s,
+      name: emoji_name
+    }
+
+    graphql_mutation(:toggle_award_emoji, variables)
+  end
+
+  def mutation_response
+    graphql_mutation_response(:toggle_award_emoji)
+  end
+
+  shared_examples 'a mutation that does not create or destroy an AwardEmoji' do
+    it do
+      expect do
+        post_graphql_mutation(mutation, current_user: current_user)
+      end.not_to change { AwardEmoji.count }
+    end
+  end
+
+  def create_award_emoji(user)
+    create(:award_emoji, name: emoji_name, awardable: awardable, user: user )
+  end
+
+  context 'when the user has permission' do
+    before do
+      project.add_developer(current_user)
+    end
+
+    context 'when the given awardable is not an Awardable' do
+      let(:awardable) { create(:label) }
+
+      it_behaves_like 'a mutation that does not create or destroy an AwardEmoji'
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: ['Cannot award emoji to this resource']
+    end
+
+    context 'when the given awardable is an Awardable but still cannot be awarded an emoji' do
+      let(:awardable) { create(:system_note) }
+
+      it_behaves_like 'a mutation that does not create or destroy an AwardEmoji'
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: ['Cannot award emoji to this resource']
+    end
+
+    context 'when the given awardable is an Awardable' do
+      context 'when no emoji has been awarded by the current_user yet' do
+        # Create an award emoji for another user. This therefore tests that
+        # toggling is correctly scoped to the user's emoji only.
+        let!(:award_emoji) { create_award_emoji(create(:user)) }
+
+        it 'creates an emoji' do
+          expect do
+            post_graphql_mutation(mutation, current_user: current_user)
+          end.to change { AwardEmoji.count }.by(1)
+        end
+
+        it 'returns the emoji' do
+          post_graphql_mutation(mutation, current_user: current_user)
+
+          expect(mutation_response['awardEmoji']['name']).to eq(emoji_name)
+        end
+
+        it 'returns toggledOn as true' do
+          post_graphql_mutation(mutation, current_user: current_user)
+
+          expect(mutation_response['toggledOn']).to eq(true)
+        end
+
+        context 'when there were active record validation errors' do
+          before do
+            expect_next_instance_of(AwardEmoji) do |award|
+              expect(award).to receive(:valid?).at_least(:once).and_return(false)
+              expect(award).to receive_message_chain(:errors, :full_messages).and_return(['Error 1', 'Error 2'])
+            end
+          end
+
+          it_behaves_like 'a mutation that does not create or destroy an AwardEmoji'
+
+          it_behaves_like 'a mutation that returns errors in the response', errors: ['Error 1', 'Error 2']
+
+          it 'returns an empty awardEmoji' do
+            post_graphql_mutation(mutation, current_user: current_user)
+
+            expect(mutation_response).to have_key('awardEmoji')
+            expect(mutation_response['awardEmoji']).to be_nil
+          end
+        end
+      end
+
+      context 'when an emoji has been awarded by the current_user' do
+        let!(:award_emoji) { create_award_emoji(current_user) }
+
+        it 'removes the emoji' do
+          expect do
+            post_graphql_mutation(mutation, current_user: current_user)
+          end.to change { AwardEmoji.count }.by(-1)
+        end
+
+        it 'returns no errors' do
+          post_graphql_mutation(mutation, current_user: current_user)
+
+          expect(graphql_errors).to be_nil
+        end
+
+        it 'returns an empty awardEmoji' do
+          post_graphql_mutation(mutation, current_user: current_user)
+
+          expect(mutation_response).to have_key('awardEmoji')
+          expect(mutation_response['awardEmoji']).to be_nil
+        end
+
+        it 'returns toggledOn as false' do
+          post_graphql_mutation(mutation, current_user: current_user)
+
+          expect(mutation_response['toggledOn']).to eq(false)
+        end
+      end
+    end
+  end
+
+  context 'when the user does not have permission' do
+    it_behaves_like 'a mutation that does not create or destroy an AwardEmoji'
+
+    it_behaves_like 'a mutation that returns top-level errors',
+                    errors: ['The resource that you are attempting to access does not exist or you don\'t have permission to perform this action']
+  end
+end