diff options
Diffstat (limited to 'spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb')
-rw-r--r-- | spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb b/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb new file mode 100644 index 00000000000..95bf7685ade --- /dev/null +++ b/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb @@ -0,0 +1,103 @@ +require 'spec_helper' + +describe Gitlab::Graphql::Authorize::AuthorizeResource do + let(:fake_class) do + Class.new do + include Gitlab::Graphql::Authorize::AuthorizeResource + + attr_reader :user, :found_object + + authorize :read_the_thing + + def initialize(user, found_object) + @user, @found_object = user, found_object + end + + def find_object + found_object + end + + def current_user + user + end + end + end + + let(:user) { build(:user) } + let(:project) { build(:project) } + subject(:loading_resource) { fake_class.new(user, project) } + + context 'when the user is allowed to perform the action' do + before do + allow(Ability).to receive(:allowed?).with(user, :read_the_thing, project, scope: :user) do + true + end + end + + describe '#authorized_find' do + it 'returns the object' do + expect(loading_resource.authorized_find).to eq(project) + end + end + + describe '#authorized_find!' do + it 'returns the object' do + expect(loading_resource.authorized_find!).to eq(project) + end + end + + describe '#authorize!' do + it 'does not raise an error' do + expect { loading_resource.authorize!(project) }.not_to raise_error + end + end + + describe '#authorized?' do + it 'is true' do + expect(loading_resource.authorized?(project)).to be(true) + end + end + end + + context 'when the user is not allowed to perform the action' do + before do + allow(Ability).to receive(:allowed?).with(user, :read_the_thing, project, scope: :user) do + false + end + end + + describe '#authorized_find' do + it 'returns `nil`' do + expect(loading_resource.authorized_find).to be_nil + end + end + + describe '#authorized_find!' do + it 'raises an error' do + expect { loading_resource.authorize!(project) }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) + end + end + + describe '#authorize!' do + it 'does not raise an error' do + expect { loading_resource.authorize!(project) }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) + end + end + + describe '#authorized?' do + it 'is false' do + expect(loading_resource.authorized?(project)).to be(false) + end + end + end + + context 'when the class does not define #find_object' do + let(:fake_class) do + Class.new { include Gitlab::Graphql::Authorize::AuthorizeResource } + end + + it 'raises a comprehensive error message' do + expect { fake_class.new.find_object }.to raise_error(/Implement #find_object in #{fake_class.name}/) + end + end +end |