diff options
Diffstat (limited to 'spec/controllers/graphql_controller_spec.rb')
-rw-r--r-- | spec/controllers/graphql_controller_spec.rb | 65 |
1 files changed, 64 insertions, 1 deletions
diff --git a/spec/controllers/graphql_controller_spec.rb b/spec/controllers/graphql_controller_spec.rb index 06a949471a7..68150504fe3 100644 --- a/spec/controllers/graphql_controller_spec.rb +++ b/spec/controllers/graphql_controller_spec.rb @@ -3,6 +3,8 @@ require 'spec_helper' describe GraphqlController do + include GraphqlHelpers + before do stub_feature_flags(graphql: true) end @@ -30,7 +32,7 @@ describe GraphqlController do describe 'POST #execute' do context 'when user is logged in' do - let(:user) { create(:user) } + let(:user) { create(:user, last_activity_on: Date.yesterday) } before do sign_in(user) @@ -54,6 +56,19 @@ describe GraphqlController do expect(response).to have_gitlab_http_status(:forbidden) expect(response).to render_template('errors/access_denied') end + + it 'updates the users last_activity_on field' do + expect { post :execute }.to change { user.reload.last_activity_on } + end + end + + context 'when user uses an API token' do + let(:user) { create(:user, last_activity_on: Date.yesterday) } + let(:token) { create(:personal_access_token, user: user, scopes: [:api]) } + + it 'updates the users last_activity_on field' do + expect { post :execute, params: { access_token: token.token } }.to change { user.reload.last_activity_on } + end end context 'when user is not logged in' do @@ -64,4 +79,52 @@ describe GraphqlController do end end end + + describe 'Admin Mode' do + let(:admin) { create(:admin) } + let(:project) { create(:project) } + let(:graphql_query) { graphql_query_for('project', { 'fullPath' => project.full_path }, %w(id name)) } + + before do + sign_in(admin) + end + + context 'when admin mode enabled' do + before do + Gitlab::Session.with_session(controller.session) do + controller.current_user_mode.request_admin_mode! + controller.current_user_mode.enable_admin_mode!(password: admin.password) + end + end + + it 'can query project data' do + post :execute, params: { query: graphql_query } + + expect(controller.current_user_mode.admin_mode?).to be(true) + expect(json_response['data']['project']['name']).to eq(project.name) + end + end + + context 'when admin mode disabled' do + it 'cannot query project data' do + post :execute, params: { query: graphql_query } + + expect(controller.current_user_mode.admin_mode?).to be(false) + expect(json_response['data']['project']).to be_nil + end + + context 'when admin is member of the project' do + before do + project.add_developer(admin) + end + + it 'can query project data' do + post :execute, params: { query: graphql_query } + + expect(controller.current_user_mode.admin_mode?).to be(false) + expect(json_response['data']['project']['name']).to eq(project.name) + end + end + end + end end |