summaryrefslogtreecommitdiff
path: root/spec/graphql/resolvers/ci/job_token_scope_resolver_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/graphql/resolvers/ci/job_token_scope_resolver_spec.rb')
-rw-r--r--spec/graphql/resolvers/ci/job_token_scope_resolver_spec.rb64
1 files changed, 64 insertions, 0 deletions
diff --git a/spec/graphql/resolvers/ci/job_token_scope_resolver_spec.rb b/spec/graphql/resolvers/ci/job_token_scope_resolver_spec.rb
new file mode 100644
index 00000000000..8522542498d
--- /dev/null
+++ b/spec/graphql/resolvers/ci/job_token_scope_resolver_spec.rb
@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Resolvers::Ci::JobTokenScopeResolver do
+ include GraphqlHelpers
+
+ let_it_be(:current_user) { create(:user) }
+ let_it_be(:project) { create(:project, ci_job_token_scope_enabled: true).tap(&:save!) }
+
+ specify do
+ expect(described_class).to have_nullable_graphql_type(::Types::Ci::JobTokenScopeType)
+ end
+
+ subject(:resolve_scope) { resolve(described_class, ctx: { current_user: current_user }, obj: project) }
+
+ describe '#resolve' do
+ context 'with access to scope' do
+ before do
+ project.add_user(current_user, :maintainer)
+ end
+
+ it 'returns nil when scope is not enabled' do
+ allow(project).to receive(:ci_job_token_scope_enabled?).and_return(false)
+
+ expect(resolve_scope).to eq(nil)
+ end
+
+ it 'returns the same project in the allow list of projects for the Ci Job Token' do
+ expect(resolve_scope.all_projects).to contain_exactly(project)
+ end
+
+ context 'when another projects gets added to the allow list' do
+ let!(:link) { create(:ci_job_token_project_scope_link, source_project: project) }
+
+ it 'returns both projects' do
+ expect(resolve_scope.all_projects).to contain_exactly(project, link.target_project)
+ end
+ end
+
+ context 'when job token scope is disabled' do
+ before do
+ project.update!(ci_job_token_scope_enabled: false)
+ end
+
+ it 'returns nil' do
+ expect(resolve_scope).to be_nil
+ end
+ end
+ end
+
+ context 'without access to scope' do
+ before do
+ project.add_user(current_user, :developer)
+ end
+
+ it 'raises error' do
+ expect do
+ resolve_scope
+ end.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+ end
+ end
+ end
+end
View Lorry Controller Status