1 files changed, 64 insertions, 1 deletions

diff --git a/spec/controllers/graphql_controller_spec.rb b/spec/controllers/graphql_controller_spec.rb
index 06a949471a7..68150504fe3 100644
--- a/spec/controllers/graphql_controller_spec.rb
+++ b/spec/controllers/graphql_controller_spec.rb
@@ -3,6 +3,8 @@
 require 'spec_helper'
 
 describe GraphqlController do
+  include GraphqlHelpers
+
   before do
     stub_feature_flags(graphql: true)
   end
@@ -30,7 +32,7 @@ describe GraphqlController do
 
   describe 'POST #execute' do
     context 'when user is logged in' do
-      let(:user) { create(:user) }
+      let(:user) { create(:user, last_activity_on: Date.yesterday) }
 
       before do
         sign_in(user)
@@ -54,6 +56,19 @@ describe GraphqlController do
         expect(response).to have_gitlab_http_status(:forbidden)
         expect(response).to render_template('errors/access_denied')
       end
+
+      it 'updates the users last_activity_on field' do
+        expect { post :execute }.to change { user.reload.last_activity_on }
+      end
+    end
+
+    context 'when user uses an API token' do
+      let(:user) { create(:user, last_activity_on: Date.yesterday) }
+      let(:token) { create(:personal_access_token, user: user, scopes: [:api]) }
+
+      it 'updates the users last_activity_on field' do
+        expect { post :execute, params: { access_token: token.token } }.to change { user.reload.last_activity_on }
+      end
     end
 
     context 'when user is not logged in' do
@@ -64,4 +79,52 @@ describe GraphqlController do
       end
     end
   end
+
+  describe 'Admin Mode' do
+    let(:admin) { create(:admin) }
+    let(:project) { create(:project) }
+    let(:graphql_query) { graphql_query_for('project', { 'fullPath' => project.full_path }, %w(id name)) }
+
+    before do
+      sign_in(admin)
+    end
+
+    context 'when admin mode enabled' do
+      before do
+        Gitlab::Session.with_session(controller.session) do
+          controller.current_user_mode.request_admin_mode!
+          controller.current_user_mode.enable_admin_mode!(password: admin.password)
+        end
+      end
+
+      it 'can query project data' do
+        post :execute, params: { query: graphql_query }
+
+        expect(controller.current_user_mode.admin_mode?).to be(true)
+        expect(json_response['data']['project']['name']).to eq(project.name)
+      end
+    end
+
+    context 'when admin mode disabled' do
+      it 'cannot query project data' do
+        post :execute, params: { query: graphql_query }
+
+        expect(controller.current_user_mode.admin_mode?).to be(false)
+        expect(json_response['data']['project']).to be_nil
+      end
+
+      context 'when admin is member of the project' do
+        before do
+          project.add_developer(admin)
+        end
+
+        it 'can query project data' do
+          post :execute, params: { query: graphql_query }
+
+          expect(controller.current_user_mode.admin_mode?).to be(false)
+          expect(json_response['data']['project']['name']).to eq(project.name)
+        end
+      end
+    end
+  end
 end