diff options
Diffstat (limited to 'spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb')
-rw-r--r-- | spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb | 80 |
1 files changed, 17 insertions, 63 deletions
diff --git a/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb b/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb index c5d7665c3b2..0c548e1ce32 100644 --- a/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb +++ b/spec/lib/gitlab/graphql/authorize/authorize_resource_spec.rb @@ -12,7 +12,8 @@ RSpec.describe Gitlab::Graphql::Authorize::AuthorizeResource do authorize :read_the_thing def initialize(user, found_object) - @user, @found_object = user, found_object + @user = user + @found_object = found_object end def find_object @@ -22,6 +23,14 @@ RSpec.describe Gitlab::Graphql::Authorize::AuthorizeResource do def current_user user end + + def context + { current_user: user } + end + + def self.authorization + @authorization ||= ::Gitlab::Graphql::Authorize::ObjectAuthorization.new(required_permissions) + end end end @@ -30,11 +39,14 @@ RSpec.describe Gitlab::Graphql::Authorize::AuthorizeResource do subject(:loading_resource) { fake_class.new(user, project) } + before do + # don't allow anything by default + allow(Ability).to receive(:allowed?).and_return(false) + end + context 'when the user is allowed to perform the action' do before do - allow(Ability).to receive(:allowed?).with(user, :read_the_thing, project, scope: :user) do - true - end + allow(Ability).to receive(:allowed?).with(user, :read_the_thing, project).and_return(true) end describe '#authorized_find!' do @@ -48,24 +60,12 @@ RSpec.describe Gitlab::Graphql::Authorize::AuthorizeResource do expect { loading_resource.authorize!(project) }.not_to raise_error end end - - describe '#authorized_resource?' do - it 'is true' do - expect(loading_resource.authorized_resource?(project)).to be(true) - end - end end context 'when the user is not allowed to perform the action' do - before do - allow(Ability).to receive(:allowed?).with(user, :read_the_thing, project, scope: :user) do - false - end - end - describe '#authorized_find!' do it 'raises an error' do - expect { loading_resource.authorize!(project) }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) + expect { loading_resource.authorized_find! }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) end end @@ -74,12 +74,6 @@ RSpec.describe Gitlab::Graphql::Authorize::AuthorizeResource do expect { loading_resource.authorize!(project) }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) end end - - describe '#authorized_resource?' do - it 'is false' do - expect(loading_resource.authorized_resource?(project)).to be(false) - end - end end context 'when the class does not define #find_object' do @@ -92,46 +86,6 @@ RSpec.describe Gitlab::Graphql::Authorize::AuthorizeResource do end end - context 'when the class does not define authorize' do - let(:fake_class) do - Class.new do - include Gitlab::Graphql::Authorize::AuthorizeResource - - attr_reader :user, :found_object - - def initialize(user, found_object) - @user, @found_object = user, found_object - end - - def find_object(*_args) - found_object - end - - def current_user - user - end - - def self.name - 'TestClass' - end - end - end - - let(:error) { /#{fake_class.name} has no authorizations/ } - - describe '#authorized_find!' do - it 'raises a comprehensive error message' do - expect { loading_resource.authorized_find! }.to raise_error(error) - end - end - - describe '#authorized_resource?' do - it 'raises a comprehensive error message' do - expect { loading_resource.authorized_resource?(project) }.to raise_error(error) - end - end - end - describe '#authorize' do it 'adds permissions from subclasses to those of superclasses when used on classes' do base_class = Class.new do |