diff options
Diffstat (limited to 'spec/requests/api/graphql/group_query_spec.rb')
-rw-r--r-- | spec/requests/api/graphql/group_query_spec.rb | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/spec/requests/api/graphql/group_query_spec.rb b/spec/requests/api/graphql/group_query_spec.rb new file mode 100644 index 00000000000..8ff95cc9af2 --- /dev/null +++ b/spec/requests/api/graphql/group_query_spec.rb @@ -0,0 +1,118 @@ +# frozen_string_literal: true + +require 'spec_helper' + +# Based on spec/requests/api/groups_spec.rb +# Should follow closely in order to ensure all situations are covered +describe 'getting group information' do + include GraphqlHelpers + include UploadHelpers + + let(:user1) { create(:user, can_create_group: false) } + let(:user2) { create(:user) } + let(:admin) { create(:admin) } + let(:public_group) { create(:group, :public) } + let(:private_group) { create(:group, :private) } + + # similar to the API "GET /groups/:id" + describe "Query group(fullPath)" do + def group_query(group) + graphql_query_for('group', 'fullPath' => group.full_path) + end + + it_behaves_like 'a working graphql query' do + before do + post_graphql(group_query(public_group)) + end + end + + context 'when unauthenticated' do + it 'returns nil for a private group' do + post_graphql(group_query(private_group)) + + expect(graphql_data['group']).to be_nil + end + + it 'returns a public group' do + post_graphql(group_query(public_group)) + + expect(graphql_data['group']).not_to be_nil + end + end + + context "when authenticated as user" do + let!(:group1) { create(:group, avatar: File.open(uploaded_image_temp_path)) } + let!(:group2) { create(:group, :private) } + + before do + group1.add_owner(user1) + group2.add_owner(user2) + end + + it "returns one of user1's groups" do + project = create(:project, namespace: group2, path: 'Foo') + create(:project_group_link, project: project, group: group1) + + post_graphql(group_query(group1), current_user: user1) + + expect(response).to have_gitlab_http_status(200) + expect(graphql_data['group']['id']).to eq(group1.id.to_s) + expect(graphql_data['group']['name']).to eq(group1.name) + expect(graphql_data['group']['path']).to eq(group1.path) + expect(graphql_data['group']['description']).to eq(group1.description) + expect(graphql_data['group']['visibility']).to eq(Gitlab::VisibilityLevel.string_level(group1.visibility_level)) + expect(graphql_data['group']['avatarUrl']).to eq(group1.avatar_url(only_path: false)) + expect(graphql_data['group']['webUrl']).to eq(group1.web_url) + expect(graphql_data['group']['requestAccessEnabled']).to eq(group1.request_access_enabled) + expect(graphql_data['group']['fullName']).to eq(group1.full_name) + expect(graphql_data['group']['fullPath']).to eq(group1.full_path) + expect(graphql_data['group']['parentId']).to eq(group1.parent_id) + end + + it "does not return a non existing group" do + query = graphql_query_for('group', 'fullPath' => '1328') + + post_graphql(query, current_user: user1) + + expect(graphql_data['group']).to be_nil + end + + it "does not return a group not attached to user1" do + private_group.add_owner(user2) + + post_graphql(group_query(private_group), current_user: user1) + + expect(graphql_data['group']).to be_nil + end + + it 'avoids N+1 queries' do + post_graphql(group_query(group1), current_user: admin) + + control_count = ActiveRecord::QueryRecorder.new do + post_graphql(group_query(group1), current_user: admin) + end.count + + create(:project, namespace: group1) + + expect do + post_graphql(group_query(group1), current_user: admin) + end.not_to exceed_query_limit(control_count) + end + end + + context "when authenticated as admin" do + it "returns any existing group" do + post_graphql(group_query(private_group), current_user: admin) + + expect(graphql_data['group']['name']).to eq(private_group.name) + end + + it "does not return a non existing group" do + query = graphql_query_for('group', 'fullPath' => '1328') + post_graphql(query, current_user: admin) + + expect(graphql_data['group']).to be_nil + end + end + end +end |