summaryrefslogtreecommitdiff
path: root/spec/lib/gitlab/background_migration/backfill_admin_mode_scope_for_personal_access_tokens_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/lib/gitlab/background_migration/backfill_admin_mode_scope_for_personal_access_tokens_spec.rb')
-rw-r--r--spec/lib/gitlab/background_migration/backfill_admin_mode_scope_for_personal_access_tokens_spec.rb53
1 files changed, 53 insertions, 0 deletions
diff --git a/spec/lib/gitlab/background_migration/backfill_admin_mode_scope_for_personal_access_tokens_spec.rb b/spec/lib/gitlab/background_migration/backfill_admin_mode_scope_for_personal_access_tokens_spec.rb
new file mode 100644
index 00000000000..7075d4694ae
--- /dev/null
+++ b/spec/lib/gitlab/background_migration/backfill_admin_mode_scope_for_personal_access_tokens_spec.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::BackgroundMigration::BackfillAdminModeScopeForPersonalAccessTokens,
+ :migration, schema: 20221228103133, feature_category: :authentication_and_authorization do
+ let(:users) { table(:users) }
+ let(:personal_access_tokens) { table(:personal_access_tokens) }
+
+ let(:admin) { users.create!(name: 'admin', email: 'admin@example.com', projects_limit: 1, admin: true) }
+ let(:user) { users.create!(name: 'user', email: 'user@example.com', projects_limit: 1) }
+
+ let!(:pat_admin_1) { personal_access_tokens.create!(name: 'admin 1', user_id: admin.id, scopes: "---\n- api\n") }
+ let!(:pat_user) { personal_access_tokens.create!(name: 'user 1', user_id: user.id, scopes: "---\n- api\n") }
+ let!(:pat_revoked) do
+ personal_access_tokens.create!(name: 'admin 2', user_id: admin.id, scopes: "---\n- api\n", revoked: true)
+ end
+
+ let!(:pat_expired) do
+ personal_access_tokens.create!(name: 'admin 3', user_id: admin.id, scopes: "---\n- api\n", expires_at: 1.day.ago)
+ end
+
+ let!(:pat_admin_mode) do
+ personal_access_tokens.create!(name: 'admin 4', user_id: admin.id, scopes: "---\n- admin_mode\n")
+ end
+
+ let!(:pat_admin_2) { personal_access_tokens.create!(name: 'admin 5', user_id: admin.id, scopes: "---\n- read_api\n") }
+ let!(:pat_not_in_range) { personal_access_tokens.create!(name: 'admin 6', user_id: admin.id, scopes: "---\n- api\n") }
+
+ subject do
+ described_class.new(
+ start_id: pat_admin_1.id,
+ end_id: pat_admin_2.id,
+ batch_table: :personal_access_tokens,
+ batch_column: :id,
+ sub_batch_size: 1,
+ pause_ms: 0,
+ connection: ApplicationRecord.connection
+ )
+ end
+
+ it "adds `admin_mode` scope to active personal access tokens of administrators" do
+ subject.perform
+
+ expect(pat_admin_1.reload.scopes).to eq("---\n- api\n- admin_mode\n")
+ expect(pat_user.reload.scopes).to eq("---\n- api\n")
+ expect(pat_revoked.reload.scopes).to eq("---\n- api\n")
+ expect(pat_expired.reload.scopes).to eq("---\n- api\n")
+ expect(pat_admin_mode.reload.scopes).to eq("---\n- admin_mode\n")
+ expect(pat_admin_2.reload.scopes).to eq("---\n- read_api\n- admin_mode\n")
+ expect(pat_not_in_range.reload.scopes).to eq("---\n- api\n")
+ end
+end
View Lorry Controller Status