diff options
| author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-06-25 10:59:00 +0200 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-06-28 13:50:17 +0200 |
| commit | 54b56f20b7a70d3e6284c8105eb3d4a568e255b0 (patch) | |
| tree | de18fca7bd27dcd55817e21c4654cf36c1430c5f /spec | |
| parent | 627236c9edd7f085ec5070ef7fcfbcbfc9b6de78 (diff) | |
| download | gitlab-ce-54b56f20b7a70d3e6284c8105eb3d4a568e255b0.tar.gz | |
Expose permissions on types in GraphQL
This adds a reusable way to expose permissions for a user to types in
GraphQL.
Diffstat (limited to 'spec')
10 files changed, 189 insertions, 48 deletions
diff --git a/spec/graphql/types/merge_request_type_spec.rb b/spec/graphql/types/merge_request_type_spec.rb new file mode 100644 index 00000000000..6e57122867a --- /dev/null +++ b/spec/graphql/types/merge_request_type_spec.rb @@ -0,0 +1,5 @@ +require 'spec_helper' + +describe Types::MergeRequestType do + it { expect(described_class).to expose_permissions_using(Types::PermissionTypes::MergeRequest) } +end diff --git a/spec/graphql/types/permission_types/base_permission_type_spec.rb b/spec/graphql/types/permission_types/base_permission_type_spec.rb new file mode 100644 index 00000000000..a7e51797047 --- /dev/null +++ b/spec/graphql/types/permission_types/base_permission_type_spec.rb @@ -0,0 +1,47 @@ +require 'spec_helper' + +describe Types::PermissionTypes::BasePermissionType do + let(:permitable) { double('permittable') } + let(:current_user) { build(:user) } + let(:context) { { current_user: current_user } } + subject(:test_type) do + Class.new(described_class) do + graphql_name 'TestClass' + + permission_field :do_stuff, resolve: -> (_, _, _) { true } + ability_field(:read_issue) + abilities :admin_issue + end + end + + describe '.permission_field' do + it 'adds a field for the required permission' do + is_expected.to have_graphql_field(:do_stuff) + end + end + + describe '.ability_field' do + it 'adds a field for the required permission' do + is_expected.to have_graphql_field(:read_issue) + end + + it 'does not add a resolver block if another resolving param is passed' do + expected_keywords = { + name: :resolve_using_hash, + hash_key: :the_key, + type: GraphQL::BOOLEAN_TYPE, + description: "custom description", + null: false + } + expect(test_type).to receive(:field).with(expected_keywords) + + test_type.ability_field :resolve_using_hash, hash_key: :the_key, description: "custom description" + end + end + + describe '.abilities' do + it 'adds a field for the passed permissions' do + is_expected.to have_graphql_field(:admin_issue) + end + end +end diff --git a/spec/graphql/types/permission_types/merge_request_spec.rb b/spec/graphql/types/permission_types/merge_request_spec.rb new file mode 100644 index 00000000000..e1026b01a74 --- /dev/null +++ b/spec/graphql/types/permission_types/merge_request_spec.rb @@ -0,0 +1,13 @@ +require 'spec_helper' + +describe Types::PermissionTypes::MergeRequest do + it do + expected_permissions = [ + :read_merge_request, :admin_merge_request, :update_merge_request, + :create_note, :push_to_source_branch, :remove_source_branch, + :cherry_pick_on_current_merge_request, :revert_on_current_merge_request + ] + + expect(described_class).to have_graphql_fields(expected_permissions) + end +end diff --git a/spec/graphql/types/permission_types/merge_request_type_spec.rb b/spec/graphql/types/permission_types/merge_request_type_spec.rb new file mode 100644 index 00000000000..6e57122867a --- /dev/null +++ b/spec/graphql/types/permission_types/merge_request_type_spec.rb @@ -0,0 +1,5 @@ +require 'spec_helper' + +describe Types::MergeRequestType do + it { expect(described_class).to expose_permissions_using(Types::PermissionTypes::MergeRequest) } +end diff --git a/spec/graphql/types/permission_types/project_spec.rb b/spec/graphql/types/permission_types/project_spec.rb new file mode 100644 index 00000000000..89eecef096e --- /dev/null +++ b/spec/graphql/types/permission_types/project_spec.rb @@ -0,0 +1,18 @@ +require 'spec_helper' + +describe Types::PermissionTypes::Project do + it do + expected_permissions = [ + :change_namespace, :change_visibility_level, :rename_project, :remove_project, :archive_project, + :remove_fork_project, :remove_pages, :read_project, :create_merge_request_in, + :read_wiki, :read_project_member, :create_issue, :upload_file, :read_cycle_analytics, + :download_code, :download_wiki_code, :fork_project, :create_project_snippet, + :read_commit_status, :request_access, :create_pipeline, :create_pipeline_schedule, + :create_merge_request_from, :create_wiki, :push_code, :create_deployment, :push_to_delete_protected_branch, + :admin_wiki, :admin_project, :update_pages, :admin_remote_mirror, :create_label, + :update_wiki, :destroy_wiki, :create_pages, :destroy_pages + ] + + expect(described_class).to have_graphql_fields(expected_permissions) + end +end diff --git a/spec/graphql/types/project_type_spec.rb b/spec/graphql/types/project_type_spec.rb index b4eeca2e3f1..7b5bc335511 100644 --- a/spec/graphql/types/project_type_spec.rb +++ b/spec/graphql/types/project_type_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe GitlabSchema.types['Project'] do + it { expect(described_class).to expose_permissions_using(Types::PermissionTypes::Project) } + it { expect(described_class.graphql_name).to eq('Project') } describe 'nested merge request' do diff --git a/spec/requests/api/graphql/project/merge_request_spec.rb b/spec/requests/api/graphql/project/merge_request_spec.rb new file mode 100644 index 00000000000..ad57c43bc87 --- /dev/null +++ b/spec/requests/api/graphql/project/merge_request_spec.rb @@ -0,0 +1,70 @@ +require 'spec_helper' + +describe 'getting merge request information nested in a project' do + include GraphqlHelpers + + let(:project) { create(:project, :repository, :public) } + let(:current_user) { create(:user) } + let(:merge_request_graphql_data) { graphql_data['project']['mergeRequest'] } + let!(:merge_request) { create(:merge_request, source_project: project) } + + let(:query) do + graphql_query_for( + 'project', + { 'fullPath' => project.full_path }, + query_graphql_field('mergeRequest', iid: merge_request.iid) + ) + end + + it_behaves_like 'a working graphql query' do + before do + post_graphql(query, current_user: current_user) + end + end + + it 'contains merge request information' do + post_graphql(query, current_user: current_user) + + expect(merge_request_graphql_data).not_to be_nil + end + + # This is a field coming from the `MergeRequestPresenter` + it 'includes a web_url' do + post_graphql(query, current_user: current_user) + + expect(merge_request_graphql_data['webUrl']).to be_present + end + + context 'permissions on the merge request' do + it 'includes the permissions for the current user on a public project' do + expected_permissions = { + 'readMergeRequest' => true, + 'adminMergeRequest' => false, + 'createNote' => true, + 'pushToSourceBranch' => false, + 'removeSourceBranch' => false, + 'cherryPickOnCurrentMergeRequest' => false, + 'revertOnCurrentMergeRequest' => false, + 'updateMergeRequest' => false + } + post_graphql(query, current_user: current_user) + + permission_data = merge_request_graphql_data['userPermissions'] + + expect(permission_data).to be_present + expect(permission_data).to eq(expected_permissions) + end + end + + context 'when the user does not have access to the merge request' do + let(:project) { create(:project, :public, :repository) } + + it 'returns nil' do + project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE) + + post_graphql(query) + + expect(merge_request_graphql_data).to be_nil + end + end +end diff --git a/spec/requests/api/graphql/project_query_spec.rb b/spec/requests/api/graphql/project_query_spec.rb index 796ffc9d569..a2b3dc5d121 100644 --- a/spec/requests/api/graphql/project_query_spec.rb +++ b/spec/requests/api/graphql/project_query_spec.rb @@ -26,50 +26,6 @@ describe 'getting project information' do post_graphql(query, current_user: current_user) end end - - context 'when requesting a nested merge request' do - let(:merge_request) { create(:merge_request, source_project: project) } - let(:merge_request_graphql_data) { graphql_data['project']['mergeRequest'] } - - let(:query) do - graphql_query_for( - 'project', - { 'fullPath' => project.full_path }, - query_graphql_field('mergeRequest', iid: merge_request.iid) - ) - end - - it_behaves_like 'a working graphql query' do - before do - post_graphql(query, current_user: current_user) - end - end - - it 'contains merge request information' do - post_graphql(query, current_user: current_user) - - expect(merge_request_graphql_data).not_to be_nil - end - - # This is a field coming from the `MergeRequestPresenter` - it 'includes a web_url' do - post_graphql(query, current_user: current_user) - - expect(merge_request_graphql_data['webUrl']).to be_present - end - - context 'when the user does not have access to the merge request' do - let(:project) { create(:project, :public, :repository) } - - it 'returns nil' do - project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE) - - post_graphql(query) - - expect(merge_request_graphql_data).to be_nil - end - end - end end context 'when the user does not have access to the project' do diff --git a/spec/support/matchers/graphql_matchers.rb b/spec/support/matchers/graphql_matchers.rb index d23cbaf4beb..be6fa4c71a0 100644 --- a/spec/support/matchers/graphql_matchers.rb +++ b/spec/support/matchers/graphql_matchers.rb @@ -7,9 +7,24 @@ RSpec::Matchers.define :require_graphql_authorizations do |*expected| end RSpec::Matchers.define :have_graphql_fields do |*expected| + def expected_field_names + expected.map { |name| GraphqlHelpers.fieldnamerize(name) } + end + match do |kls| - field_names = expected.map { |name| GraphqlHelpers.fieldnamerize(name) } - expect(kls.fields.keys).to contain_exactly(*field_names) + expect(kls.fields.keys).to contain_exactly(*expected_field_names) + end + + failure_message do |kls| + missing = expected_field_names - kls.fields.keys + extra = kls.fields.keys - expected_field_names + + message = [] + + message << "is missing fields: <#{missing.inspect}>" if missing.any? + message << "contained unexpected fields: <#{extra.inspect}>" if extra.any? + + message.join("\n") end end @@ -44,3 +59,13 @@ RSpec::Matchers.define :have_graphql_resolver do |expected| end end end + +RSpec::Matchers.define :expose_permissions_using do |expected| + match do |type| + permission_field = type.fields['userPermissions'] + + expect(permission_field).not_to be_nil + expect(permission_field.type).to be_non_null + expect(permission_field.type.of_type.graphql_name).to eq(expected.graphql_name) + end +end diff --git a/spec/support/shared_examples/requests/graphql_shared_examples.rb b/spec/support/shared_examples/requests/graphql_shared_examples.rb index 9b2b74593a5..fe7b7bc306f 100644 --- a/spec/support/shared_examples/requests/graphql_shared_examples.rb +++ b/spec/support/shared_examples/requests/graphql_shared_examples.rb @@ -3,8 +3,8 @@ require 'spec_helper' shared_examples 'a working graphql query' do include GraphqlHelpers - it 'is returns a successfull response', :aggregate_failures do - expect(response).to be_success + it 'returns a successful response', :aggregate_failures do + expect(response).to have_gitlab_http_status(:success) expect(graphql_errors['errors']).to be_nil expect(json_response.keys).to include('data') end |