Merge branch 'bvl-graphql-permissions' into 'master'

expose permissions on types Closes #47695 See merge request gitlab-org/gitlab-ce!20152
author: Sean McGivern <sean@mcgivern.me.uk> 2018-06-28 12:24:21 +0000
committer: Sean McGivern <sean@mcgivern.me.uk> 2018-06-28 12:24:21 +0000
commit: 63c64ab3236a5ddf45a2ca56683d07e4140ea90e (patch)
tree: c021b7f30858b330e326d64c016fc74e1a40c461 /spec/requests
parent: 3a6f2739f472d74f88ab43f1a9856bf760be5250 (diff)
parent: 54b56f20b7a70d3e6284c8105eb3d4a568e255b0 (diff)
download: gitlab-ce-63c64ab3236a5ddf45a2ca56683d07e4140ea90e.tar.gz
2 files changed, 70 insertions, 44 deletions
diff --git a/spec/requests/api/graphql/project/merge_request_spec.rb b/spec/requests/api/graphql/project/merge_request_spec.rb
new file mode 100644
index 00000000000..ad57c43bc87
--- /dev/null
+++ b/spec/requests/api/graphql/project/merge_request_spec.rb
@@ -0,0 +1,70 @@
+require 'spec_helper'
+
+describe 'getting merge request information nested in a project' do
+  include GraphqlHelpers
+
+  let(:project) { create(:project, :repository, :public) }
+  let(:current_user) { create(:user) }
+  let(:merge_request_graphql_data) { graphql_data['project']['mergeRequest'] }
+  let!(:merge_request) { create(:merge_request, source_project: project) }
+
+  let(:query) do
+    graphql_query_for(
+      'project',
+      { 'fullPath' => project.full_path },
+      query_graphql_field('mergeRequest', iid: merge_request.iid)
+    )
+  end
+
+  it_behaves_like 'a working graphql query' do
+    before do
+      post_graphql(query, current_user: current_user)
+    end
+  end
+
+  it 'contains merge request information' do
+    post_graphql(query, current_user: current_user)
+
+    expect(merge_request_graphql_data).not_to be_nil
+  end
+
+  # This is a field coming from the `MergeRequestPresenter`
+  it 'includes a web_url' do
+    post_graphql(query, current_user: current_user)
+
+    expect(merge_request_graphql_data['webUrl']).to be_present
+  end
+
+  context 'permissions on the merge request' do
+    it 'includes the permissions for the current user on a public project' do
+      expected_permissions = {
+        'readMergeRequest' => true,
+        'adminMergeRequest' => false,
+        'createNote' => true,
+        'pushToSourceBranch' => false,
+        'removeSourceBranch' => false,
+        'cherryPickOnCurrentMergeRequest' => false,
+        'revertOnCurrentMergeRequest' => false,
+        'updateMergeRequest' => false
+      }
+      post_graphql(query, current_user: current_user)
+
+      permission_data = merge_request_graphql_data['userPermissions']
+
+      expect(permission_data).to be_present
+      expect(permission_data).to eq(expected_permissions)
+    end
+  end
+
+  context 'when the user does not have access to the merge request' do
+    let(:project) { create(:project, :public, :repository) }
+
+    it 'returns nil' do
+      project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE)
+
+      post_graphql(query)
+
+      expect(merge_request_graphql_data).to be_nil
+    end
+  end
+end
diff --git a/spec/requests/api/graphql/project_query_spec.rb b/spec/requests/api/graphql/project_query_spec.rb
index 796ffc9d569..a2b3dc5d121 100644
--- a/spec/requests/api/graphql/project_query_spec.rb
+++ b/spec/requests/api/graphql/project_query_spec.rb
@@ -26,50 +26,6 @@ describe 'getting project information' do
         post_graphql(query, current_user: current_user)
       end
     end
-
-    context 'when requesting a nested merge request' do
-      let(:merge_request) { create(:merge_request, source_project: project) }
-      let(:merge_request_graphql_data) { graphql_data['project']['mergeRequest'] }
-
-      let(:query) do
-        graphql_query_for(
-          'project',
-          { 'fullPath' => project.full_path },
-          query_graphql_field('mergeRequest', iid: merge_request.iid)
-        )
-      end
-
-      it_behaves_like 'a working graphql query' do
-        before do
-          post_graphql(query, current_user: current_user)
-        end
-      end
-
-      it 'contains merge request information' do
-        post_graphql(query, current_user: current_user)
-
-        expect(merge_request_graphql_data).not_to be_nil
-      end
-
-      # This is a field coming from the `MergeRequestPresenter`
-      it 'includes a web_url' do
-        post_graphql(query, current_user: current_user)
-
-        expect(merge_request_graphql_data['webUrl']).to be_present
-      end
-
-      context 'when the user does not have access to the merge request' do
-        let(:project) { create(:project, :public, :repository) }
-
-        it 'returns nil' do
-          project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE)
-
-          post_graphql(query)
-
-          expect(merge_request_graphql_data).to be_nil
-        end
-      end
-    end
   end
 
   context 'when the user does not have access to the project' do
author	Sean McGivern <sean@mcgivern.me.uk>	2018-06-28 12:24:21 +0000
committer	Sean McGivern <sean@mcgivern.me.uk>	2018-06-28 12:24:21 +0000
commit	63c64ab3236a5ddf45a2ca56683d07e4140ea90e (patch)
tree	c021b7f30858b330e326d64c016fc74e1a40c461 /spec/requests
parent	3a6f2739f472d74f88ab43f1a9856bf760be5250 (diff)
parent	54b56f20b7a70d3e6284c8105eb3d4a568e255b0 (diff)
download	gitlab-ce-63c64ab3236a5ddf45a2ca56683d07e4140ea90e.tar.gz