diff options
Diffstat (limited to 'spec/requests/api/graphql')
40 files changed, 1817 insertions, 282 deletions
diff --git a/spec/requests/api/graphql/boards/board_list_query_spec.rb b/spec/requests/api/graphql/boards/board_list_query_spec.rb index b5ed0fe35d5..6ddcf8a13fd 100644 --- a/spec/requests/api/graphql/boards/board_list_query_spec.rb +++ b/spec/requests/api/graphql/boards/board_list_query_spec.rb @@ -9,9 +9,11 @@ RSpec.describe 'Querying a Board list', feature_category: :team_planning do let_it_be(:project) { create(:project) } let_it_be(:board) { create(:board, resource_parent: project) } let_it_be(:label) { create(:label, project: project, name: 'foo') } + let_it_be(:extra_label1) { create(:label, project: project) } + let_it_be(:extra_label2) { create(:label, project: project) } let_it_be(:list) { create(:list, board: board, label: label) } - let_it_be(:issue1) { create(:issue, project: project, labels: [label]) } - let_it_be(:issue2) { create(:issue, project: project, labels: [label], assignees: [current_user]) } + let_it_be(:issue1) { create(:issue, project: project, labels: [label, extra_label1]) } + let_it_be(:issue2) { create(:issue, project: project, labels: [label, extra_label2], assignees: [current_user]) } let_it_be(:issue3) { create(:issue, project: project, labels: [label], confidential: true) } let(:filters) { {} } @@ -66,6 +68,18 @@ RSpec.describe 'Querying a Board list', feature_category: :team_planning do is_expected.to include({ 'issuesCount' => 1, 'title' => list.title }) end end + + context 'when filtering by OR labels' do + let(:filters) { { or: { labelNames: [extra_label1.title, extra_label2.title] } } } + + before_all do + project.add_developer(current_user) + end + + it 'filters issues metadata' do + is_expected.to include({ 'issuesCount' => 2, 'title' => list.title }) + end + end end end diff --git a/spec/requests/api/graphql/ci/ci_cd_setting_spec.rb b/spec/requests/api/graphql/ci/ci_cd_setting_spec.rb index 0437a30eccd..95cabfea2fc 100644 --- a/spec/requests/api/graphql/ci/ci_cd_setting_spec.rb +++ b/spec/requests/api/graphql/ci/ci_cd_setting_spec.rb @@ -50,6 +50,7 @@ RSpec.describe 'Getting Ci Cd Setting', feature_category: :continuous_integratio expect(settings_data['jobTokenScopeEnabled']).to eql project.ci_cd_settings.job_token_scope_enabled? expect(settings_data['inboundJobTokenScopeEnabled']).to eql( project.ci_cd_settings.inbound_job_token_scope_enabled?) + expect(settings_data['optInJwt']).to eql project.ci_cd_settings.opt_in_jwt? end end end diff --git a/spec/requests/api/graphql/ci/config_variables_spec.rb b/spec/requests/api/graphql/ci/config_variables_spec.rb index e6d73701b8f..f76bb8ff837 100644 --- a/spec/requests/api/graphql/ci/config_variables_spec.rb +++ b/spec/requests/api/graphql/ci/config_variables_spec.rb @@ -14,13 +14,13 @@ RSpec.describe 'Query.project(fullPath).ciConfigVariables(sha)', feature_categor let_it_be(:user) { create(:user) } let(:service) { Ci::ListConfigVariablesService.new(project, user) } - let(:sha) { project.repository.commit.sha } + let(:ref) { project.default_branch } let(:query) do %( query { project(fullPath: "#{project.full_path}") { - ciConfigVariables(sha: "#{sha}") { + ciConfigVariables(sha: "#{ref}") { key value valueOptions @@ -47,7 +47,7 @@ RSpec.describe 'Query.project(fullPath).ciConfigVariables(sha)', feature_categor it 'returns the CI variables for the config' do expect(service) .to receive(:execute) - .with(sha) + .with(ref) .and_call_original post_graphql(query, current_user: user) diff --git a/spec/requests/api/graphql/ci/group_variables_spec.rb b/spec/requests/api/graphql/ci/group_variables_spec.rb index 51cbb4719f7..d78b30787c9 100644 --- a/spec/requests/api/graphql/ci/group_variables_spec.rb +++ b/spec/requests/api/graphql/ci/group_variables_spec.rb @@ -47,7 +47,7 @@ RSpec.describe 'Query.group(fullPath).ciVariables', feature_category: :pipeline_ post_graphql(query, current_user: user) - expect(graphql_data.dig('group', 'ciVariables', 'limit')).to be(200) + expect(graphql_data.dig('group', 'ciVariables', 'limit')).to be(30000) expect(graphql_data.dig('group', 'ciVariables', 'nodes')).to contain_exactly({ 'id' => variable.to_global_id.to_s, 'key' => 'TEST_VAR', @@ -72,4 +72,32 @@ RSpec.describe 'Query.group(fullPath).ciVariables', feature_category: :pipeline_ expect(graphql_data.dig('group', 'ciVariables')).to be_nil end end + + describe 'sorting and pagination' do + let_it_be(:current_user) { user } + let_it_be(:data_path) { [:group, :ci_variables] } + let_it_be(:variables) do + [ + create(:ci_group_variable, group: group, key: 'd'), + create(:ci_group_variable, group: group, key: 'a'), + create(:ci_group_variable, group: group, key: 'c'), + create(:ci_group_variable, group: group, key: 'e'), + create(:ci_group_variable, group: group, key: 'b') + ] + end + + def pagination_query(params) + graphql_query_for( + :group, + { fullPath: group.full_path }, + query_graphql_field('ciVariables', params, "#{page_info} nodes { id }") + ) + end + + before do + group.add_owner(current_user) + end + + it_behaves_like 'sorted paginated variables' + end end diff --git a/spec/requests/api/graphql/ci/groups_spec.rb b/spec/requests/api/graphql/ci/groups_spec.rb index d1588833d8f..1874e1d35dd 100644 --- a/spec/requests/api/graphql/ci/groups_spec.rb +++ b/spec/requests/api/graphql/ci/groups_spec.rb @@ -10,8 +10,9 @@ RSpec.describe 'Query.project.pipeline.stages.groups', feature_category: :contin let(:group_graphql_data) { graphql_data_at(:project, :pipeline, :stages, :nodes, 0, :groups, :nodes) } let_it_be(:ref) { 'master' } - let_it_be(:job_a) { create(:commit_status, pipeline: pipeline, name: 'rspec 0 2', ref: ref) } - let_it_be(:job_b) { create(:ci_build, pipeline: pipeline, name: 'rspec 0 1', ref: ref) } + let_it_be(:stage) { create(:ci_stage, pipeline: pipeline) } + let_it_be(:job_a) { create(:commit_status, pipeline: pipeline, name: 'rspec 0 2', ref: ref, ci_stage: stage) } + let_it_be(:job_b) { create(:ci_build, pipeline: pipeline, name: 'rspec 0 1', ref: ref, ci_stage: stage) } let_it_be(:job_c) { create(:ci_bridge, pipeline: pipeline, name: 'spinach 0 1', ref: ref) } let(:params) { {} } diff --git a/spec/requests/api/graphql/ci/instance_variables_spec.rb b/spec/requests/api/graphql/ci/instance_variables_spec.rb index e0397e17923..5b65ae88426 100644 --- a/spec/requests/api/graphql/ci/instance_variables_spec.rb +++ b/spec/requests/api/graphql/ci/instance_variables_spec.rb @@ -69,4 +69,28 @@ RSpec.describe 'Query.ciVariables', feature_category: :pipeline_authoring do expect(graphql_data.dig('ciVariables')).to be_nil end end + + describe 'sorting and pagination' do + let_it_be(:current_user) { create(:admin) } + let_it_be(:data_path) { [:ci_variables] } + let_it_be(:variables) do + [ + create(:ci_instance_variable, key: 'd'), + create(:ci_instance_variable, key: 'a'), + create(:ci_instance_variable, key: 'c'), + create(:ci_instance_variable, key: 'e'), + create(:ci_instance_variable, key: 'b') + ] + end + + def pagination_query(params) + graphql_query_for( + :ci_variables, + params, + "#{page_info} nodes { id }" + ) + end + + it_behaves_like 'sorted paginated variables' + end end diff --git a/spec/requests/api/graphql/ci/jobs_spec.rb b/spec/requests/api/graphql/ci/jobs_spec.rb index 131cdb77107..674407c0a0e 100644 --- a/spec/requests/api/graphql/ci/jobs_spec.rb +++ b/spec/requests/api/graphql/ci/jobs_spec.rb @@ -96,7 +96,7 @@ RSpec.describe 'Query.project.pipeline', feature_category: :continuous_integrati create(:ci_build_need, build: test_job, name: 'my test job') end - it 'reports the build needs and execution requirements', quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/347290' do + it 'reports the build needs and execution requirements' do post_graphql(query, current_user: user) expect(jobs_graphql_data).to contain_exactly( diff --git a/spec/requests/api/graphql/ci/project_variables_spec.rb b/spec/requests/api/graphql/ci/project_variables_spec.rb index 0338b58a0ea..0ddcac89b34 100644 --- a/spec/requests/api/graphql/ci/project_variables_spec.rb +++ b/spec/requests/api/graphql/ci/project_variables_spec.rb @@ -41,7 +41,7 @@ RSpec.describe 'Query.project(fullPath).ciVariables', feature_category: :pipelin post_graphql(query, current_user: user) - expect(graphql_data.dig('project', 'ciVariables', 'limit')).to be(200) + expect(graphql_data.dig('project', 'ciVariables', 'limit')).to be(8000) expect(graphql_data.dig('project', 'ciVariables', 'nodes')).to contain_exactly({ 'id' => variable.to_global_id.to_s, 'key' => 'TEST_VAR', @@ -66,4 +66,32 @@ RSpec.describe 'Query.project(fullPath).ciVariables', feature_category: :pipelin expect(graphql_data.dig('project', 'ciVariables')).to be_nil end end + + describe 'sorting and pagination' do + let_it_be(:current_user) { user } + let_it_be(:data_path) { [:project, :ci_variables] } + let_it_be(:variables) do + [ + create(:ci_variable, project: project, key: 'd'), + create(:ci_variable, project: project, key: 'a'), + create(:ci_variable, project: project, key: 'c'), + create(:ci_variable, project: project, key: 'e'), + create(:ci_variable, project: project, key: 'b') + ] + end + + def pagination_query(params) + graphql_query_for( + :project, + { fullPath: project.full_path }, + query_graphql_field('ciVariables', params, "#{page_info} nodes { id }") + ) + end + + before do + project.add_maintainer(current_user) + end + + it_behaves_like 'sorted paginated variables' + end end diff --git a/spec/requests/api/graphql/ci/runner_spec.rb b/spec/requests/api/graphql/ci/runner_spec.rb index ca08e780758..986e3ce9e52 100644 --- a/spec/requests/api/graphql/ci/runner_spec.rb +++ b/spec/requests/api/graphql/ci/runner_spec.rb @@ -92,6 +92,7 @@ RSpec.describe 'Query.runner(id)', feature_category: :runner_fleet do run_untagged: runner.run_untagged, ip_address: runner.ip_address, runner_type: runner.instance_type? ? 'INSTANCE_TYPE' : 'PROJECT_TYPE', + ephemeral_authentication_token: nil, executor_name: runner.executor_type&.dasherize, architecture_name: runner.architecture, platform_name: runner.platform, @@ -518,6 +519,110 @@ RSpec.describe 'Query.runner(id)', feature_category: :runner_fleet do end end + describe 'ephemeralAuthenticationToken', :freeze_time do + subject(:request) { post_graphql(query, current_user: user) } + + let_it_be(:creator) { create(:user) } + + let(:created_at) { Time.current } + let(:token_prefix) { registration_type == :authenticated_user ? 'glrt-' : '' } + let(:registration_type) {} + let(:query) do + %( + query { + runner(id: "#{runner.to_global_id}") { + id + ephemeralAuthenticationToken + } + } + ) + end + + let(:runner) do + create(:ci_runner, :group, + groups: [group], creator: creator, created_at: created_at, + registration_type: registration_type, token: "#{token_prefix}abc123") + end + + before_all do + group.add_owner(creator) # Allow creating runners in the group + end + + shared_examples 'an ephemeral_authentication_token' do + it 'returns token in ephemeral_authentication_token field' do + request + + runner_data = graphql_data_at(:runner) + expect(runner_data).not_to be_nil + expect(runner_data).to match a_graphql_entity_for(runner, ephemeral_authentication_token: runner.token) + end + end + + shared_examples 'a protected ephemeral_authentication_token' do + it 'returns nil ephemeral_authentication_token' do + request + + runner_data = graphql_data_at(:runner) + expect(runner_data).not_to be_nil + expect(runner_data).to match a_graphql_entity_for(runner, ephemeral_authentication_token: nil) + end + end + + context 'with request made by creator' do + let(:user) { creator } + + context 'with runner created in UI' do + let(:registration_type) { :authenticated_user } + + context 'with runner created in last 3 hours' do + let(:created_at) { (3.hours - 1.second).ago } + + context 'with no runner machine registed yet' do + it_behaves_like 'an ephemeral_authentication_token' + end + + context 'with first runner machine already registed' do + let!(:runner_machine) { create(:ci_runner_machine, runner: runner) } + + it_behaves_like 'a protected ephemeral_authentication_token' + end + end + + context 'with runner created almost too long ago' do + let(:created_at) { (3.hours - 1.second).ago } + + it_behaves_like 'an ephemeral_authentication_token' + end + + context 'with runner created too long ago' do + let(:created_at) { 3.hours.ago } + + it_behaves_like 'a protected ephemeral_authentication_token' + end + end + + context 'with runner registered from command line' do + let(:registration_type) { :registration_token } + + context 'with runner created in last 3 hours' do + let(:created_at) { (3.hours - 1.second).ago } + + it_behaves_like 'a protected ephemeral_authentication_token' + end + end + end + + context 'when request is made by non-creator of the runner' do + let(:user) { create(:admin) } + + context 'with runner created in UI' do + let(:registration_type) { :authenticated_user } + + it_behaves_like 'a protected ephemeral_authentication_token' + end + end + end + describe 'Query limits' do def runner_query(runner) <<~SINGLE @@ -578,7 +683,7 @@ RSpec.describe 'Query.runner(id)', feature_category: :runner_fleet do QUERY end - it 'does not execute more queries per runner', :aggregate_failures do + it 'does not execute more queries per runner', :aggregate_failures, quarantine: "https://gitlab.com/gitlab-org/gitlab/-/issues/391442" do # warm-up license cache and so on: personal_access_token = create(:personal_access_token, user: user) args = { current_user: user, token: { personal_access_token: personal_access_token } } @@ -647,6 +752,11 @@ RSpec.describe 'Query.runner(id)', feature_category: :runner_fleet do icon text } + project { + id + name + webUrl + } shortSha commitPath finishedAt diff --git a/spec/requests/api/graphql/gitlab_schema_spec.rb b/spec/requests/api/graphql/gitlab_schema_spec.rb index 7937091ea7c..c5286b93251 100644 --- a/spec/requests/api/graphql/gitlab_schema_spec.rb +++ b/spec/requests/api/graphql/gitlab_schema_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe 'GitlabSchema configurations', feature_category: :not_owned do +RSpec.describe 'GitlabSchema configurations', feature_category: :integrations do include GraphqlHelpers let_it_be(:project) { create(:project) } @@ -223,4 +223,101 @@ RSpec.describe 'GitlabSchema configurations', feature_category: :not_owned do expect(parsed_id).to eq(project.to_global_id) end end + + describe 'removal of deprecated items' do + let(:mock_schema) do + Class.new(GraphQL::Schema) do + lazy_resolve ::Gitlab::Graphql::Lazy, :force + + query(Class.new(::Types::BaseObject) do + graphql_name 'Query' + + field :foo, GraphQL::Types::Boolean, + deprecated: { milestone: '0.1', reason: :renamed } + + field :bar, (Class.new(::Types::BaseEnum) do + graphql_name 'BarEnum' + + value 'FOOBAR', value: 'foobar', deprecated: { milestone: '0.1', reason: :renamed } + end) + + field :baz, GraphQL::Types::Boolean do + argument :arg, String, required: false, deprecated: { milestone: '0.1', reason: :renamed } + end + + def foo + false + end + + def bar + 'foobar' + end + + def baz(arg:) + false + end + end) + end + end + + let(:params) { {} } + let(:headers) { {} } + + before do + allow(GitlabSchema).to receive(:execute).and_wrap_original do |method, *args| + mock_schema.execute(*args) + end + end + + context 'without `remove_deprecated` param' do + it 'shows deprecated items' do + query = '{ foo bar baz(arg: "test") }' + + post_graphql(query, params: params, headers: headers) + + expect(json_response).to include('data' => { 'foo' => false, 'bar' => 'FOOBAR', 'baz' => false }) + end + end + + context 'with `remove_deprecated` param' do + let(:params) { { remove_deprecated: '1' } } + + it 'hides deprecated field' do + query = '{ foo }' + + post_graphql(query, params: params) + + expect(json_response).not_to include('data' => { 'foo' => false }) + expect(json_response).to include( + 'errors' => include(a_hash_including('message' => /Field 'foo' doesn't exist on type 'Query'/)) + ) + end + + it 'hides deprecated enum value' do + query = '{ bar }' + + post_graphql(query, params: params) + + expect(json_response).not_to include('data' => { 'bar' => 'FOOBAR' }) + expect(json_response).to include( + 'errors' => include( + a_hash_including( + 'message' => /`Query.bar` returned `"foobar"` at `bar`, but this isn't a valid value for `BarEnum`/ + ) + ) + ) + end + + it 'hides deprecated argument' do + query = '{ baz(arg: "test") }' + + post_graphql(query, params: params) + + expect(json_response).not_to include('data' => { 'bar' => 'FOOBAR' }) + expect(json_response).to include( + 'errors' => include(a_hash_including('message' => /Field 'baz' doesn't accept argument 'arg'/)) + ) + end + end + end end diff --git a/spec/requests/api/graphql/group/group_releases_spec.rb b/spec/requests/api/graphql/group/group_releases_spec.rb new file mode 100644 index 00000000000..931e7c19c18 --- /dev/null +++ b/spec/requests/api/graphql/group/group_releases_spec.rb @@ -0,0 +1,139 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Query.group(fullPath).releases()', feature_category: :release_orchestration do + include GraphqlHelpers + + include_context 'when releases and group releases shared context' + + let(:resource_type) { :group } + let(:resource) { group } + + describe "ensures that the correct data is returned based on the project's visibility and the user's access level" do + context 'when the group is private' do + let_it_be(:group) { create(:group, :private) } + let_it_be(:project) { create(:project, :repository, :private, group: group) } + let_it_be(:release) { create(:release, :with_evidence, project: project) } + + before_all do + group.add_guest(guest) + group.add_reporter(reporter) + group.add_developer(developer) + end + + context 'when the user is not logged in' do + let(:current_user) { stranger } + + it_behaves_like 'no access to any release data' + end + + context 'when the user has Guest permissions' do + let(:current_user) { guest } + + it_behaves_like 'no access to any repository-related fields' + end + + context 'when the user has Reporter permissions' do + let(:current_user) { reporter } + + it_behaves_like 'full access to all repository-related fields' + it_behaves_like 'no access to editUrl' + end + + context 'when the user has Developer permissions' do + let(:current_user) { developer } + + it_behaves_like 'full access to all repository-related fields' + it_behaves_like 'access to editUrl' + end + end + + context 'when the group is public' do + let_it_be(:group) { create(:group, :public) } + let_it_be(:project) { create(:project, :repository, :public, group: group) } + let_it_be(:release) { create(:release, :with_evidence, project: project) } + + before_all do + group.add_guest(guest) + group.add_reporter(reporter) + group.add_developer(developer) + end + + context 'when the user is not logged in' do + let(:current_user) { stranger } + + it_behaves_like 'no access to any release data' + end + + context 'when the user has Guest permissions' do + let(:current_user) { guest } + + it_behaves_like 'full access to all repository-related fields' + it_behaves_like 'no access to editUrl' + end + + context 'when the user has Reporter permissions' do + let(:current_user) { reporter } + + it_behaves_like 'full access to all repository-related fields' + it_behaves_like 'no access to editUrl' + end + + context 'when the user has Developer permissions' do + let(:current_user) { developer } + + it_behaves_like 'full access to all repository-related fields' + it_behaves_like 'access to editUrl' + end + end + end + + describe 'sorting and pagination' do + let_it_be(:group) { create(:group, :public) } + let_it_be(:project) { create(:project, :public, group: group) } + let(:current_user) { developer } + + let(:data_path) { [:group, :releases] } + + before_all do + group.add_developer(developer) + end + + def pagination_query(params) + graphql_query_for( + :group, + { full_path: group.full_path }, + query_graphql_field(:releases, params, "#{page_info} nodes { tagName }") + ) + end + + def pagination_results_data(nodes) + nodes.pluck('tagName') + end + + context 'when sorting by released_at' do + let_it_be(:release5) { create(:release, project: project, tag: 'v5.5.0', released_at: 3.days.from_now) } + let_it_be(:release1) { create(:release, project: project, tag: 'v5.1.0', released_at: 3.days.ago) } + let_it_be(:release4) { create(:release, project: project, tag: 'v5.4.0', released_at: 2.days.from_now) } + let_it_be(:release2) { create(:release, project: project, tag: 'v5.2.0', released_at: 2.days.ago) } + let_it_be(:release3) { create(:release, project: project, tag: 'v5.3.0', released_at: 1.day.ago) } + + context 'when ascending' do + it_behaves_like 'sorted paginated query' do + let(:sort_param) { :RELEASED_AT_ASC } + let(:first_param) { 2 } + let(:all_records) { [release1.tag, release2.tag, release3.tag, release4.tag, release5.tag] } + end + end + + context 'when descending' do + it_behaves_like 'sorted paginated query' do + let(:sort_param) { :RELEASED_AT_DESC } + let(:first_param) { 2 } + let(:all_records) { [release5.tag, release4.tag, release3.tag, release2.tag, release1.tag] } + end + end + end + end +end diff --git a/spec/requests/api/graphql/groups_query_spec.rb b/spec/requests/api/graphql/groups_query_spec.rb new file mode 100644 index 00000000000..84c8d3c3388 --- /dev/null +++ b/spec/requests/api/graphql/groups_query_spec.rb @@ -0,0 +1,76 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'searching groups', :with_license, feature_category: :subgroups do + include GraphqlHelpers + + let_it_be(:user) { create(:user) } + let_it_be(:public_group) { create(:group, :public) } + let_it_be(:private_group) { create(:group, :private) } + + let(:fields) do + <<~FIELDS + nodes { + #{all_graphql_fields_for('Group')} + } + FIELDS + end + + let(:query) do + <<~QUERY + query { + groups { + #{fields} + } + } + QUERY + end + + subject { post_graphql(query, current_user: user) } + + describe "Query groups(search)" do + let(:groups) { graphql_data_at(:groups, :nodes) } + let(:names) { groups.map { |group| group["name"] } } # rubocop: disable Rails/Pluck + + it_behaves_like 'a working graphql query' do + before do + subject + end + end + + it 'includes public groups' do + subject + + expect(names).to eq([public_group.name]) + end + + it 'includes accessible private groups ordered by name' do + private_group.add_maintainer(user) + + subject + + expect(names).to eq([public_group.name, private_group.name]) + end + + context 'with `search` argument' do + let_it_be(:other_group) { create(:group, name: 'other-group') } + + let(:query) do + <<~QUERY + query { + groups(search: "oth") { + #{fields} + } + } + QUERY + end + + it 'filters groups by name' do + subject + + expect(names).to contain_exactly(other_group.name) + end + end + end +end diff --git a/spec/requests/api/graphql/issue/issue_spec.rb b/spec/requests/api/graphql/issue/issue_spec.rb index 101de692aa5..3665fbc2df8 100644 --- a/spec/requests/api/graphql/issue/issue_spec.rb +++ b/spec/requests/api/graphql/issue/issue_spec.rb @@ -154,6 +154,47 @@ RSpec.describe 'Query.issue(id)', feature_category: :team_planning do end end + context 'when selecting `related_merge_requests`' do + let(:issue_fields) { ['relatedMergeRequests { nodes { id } }'] } + let_it_be(:user) { create(:user) } + let_it_be(:mr_project) { project } + let!(:merge_request) do + attributes = { + author: user, + source_project: mr_project, + target_project: mr_project, + source_branch: 'master', + target_branch: 'test', + description: "See #{issue.to_reference}" + } + + create(:merge_request, attributes).tap do |merge_request| + create(:note, :system, project: issue.project, noteable: issue, + author: user, note: merge_request.to_reference(full: true)) + end + end + + before do + project.add_developer(current_user) + + post_graphql(query, current_user: current_user) + end + + it 'returns the related merge request' do + expect(issue_data['relatedMergeRequests']['nodes']).to include a_hash_including({ + 'id' => merge_request.to_global_id.to_s + }) + end + + context 'no permission to related merge request' do + let_it_be(:mr_project) { create(:project, :private) } + + it 'does not return the related merge request' do + expect(issue_data['relatedMergeRequests']['nodes']).to be_empty + end + end + end + context 'when there is a confidential issue' do let!(:confidential_issue) do create(:issue, :confidential, project: project) diff --git a/spec/requests/api/graphql/issues_spec.rb b/spec/requests/api/graphql/issues_spec.rb index e67c92d6c33..e437e1bbcb0 100644 --- a/spec/requests/api/graphql/issues_spec.rb +++ b/spec/requests/api/graphql/issues_spec.rb @@ -109,18 +109,6 @@ RSpec.describe 'getting an issue list at root level', feature_category: :team_pl end end - context 'when the root_level_issues_query feature flag is disabled' do - before do - stub_feature_flags(root_level_issues_query: false) - end - - it 'the field returns null' do - post_graphql(query, current_user: developer) - - expect(graphql_data).to eq('issues' => nil) - end - end - context 'when no filters are provided' do let(:all_query_params) { {} } @@ -187,15 +175,21 @@ RSpec.describe 'getting an issue list at root level', feature_category: :team_pl end context 'when fetching issues from multiple projects' do - it 'avoids N+1 queries' do + it 'avoids N+1 queries', :use_sql_query_cache do post_query # warm-up - control = ActiveRecord::QueryRecorder.new { post_query } + control = ActiveRecord::QueryRecorder.new(skip_cached: false) { post_query } + expect_graphql_errors_to_be_empty new_private_project = create(:project, :private).tap { |project| project.add_developer(current_user) } create(:issue, project: new_private_project) - expect { post_query }.not_to exceed_query_limit(control) + private_group = create(:group, :private).tap { |group| group.add_developer(current_user) } + private_project = create(:project, :private, group: private_group) + create(:issue, project: private_project) + + expect { post_query }.not_to exceed_all_query_limit(control) + expect_graphql_errors_to_be_empty end end diff --git a/spec/requests/api/graphql/mutations/achievements/create_spec.rb b/spec/requests/api/graphql/mutations/achievements/create_spec.rb index 1713f050540..3082629d40f 100644 --- a/spec/requests/api/graphql/mutations/achievements/create_spec.rb +++ b/spec/requests/api/graphql/mutations/achievements/create_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Mutations::Achievements::Create, feature_category: :users do +RSpec.describe Mutations::Achievements::Create, feature_category: :user_profile do include GraphqlHelpers include WorkhorseHelpers @@ -13,15 +13,13 @@ RSpec.describe Mutations::Achievements::Create, feature_category: :users do let(:mutation) { graphql_mutation(:achievements_create, params) } let(:name) { 'Name' } let(:description) { 'Description' } - let(:revokeable) { false } let(:avatar) { fixture_file_upload("spec/fixtures/dk.png") } let(:params) do { namespace_id: group.to_global_id, name: name, avatar: avatar, - description: description, - revokeable: revokeable + description: description } end @@ -70,8 +68,7 @@ RSpec.describe Mutations::Achievements::Create, feature_category: :users do expect(graphql_data_at(:achievements_create, :achievement)).to match a_hash_including( 'name' => name, 'namespace' => a_hash_including('id' => group.to_global_id.to_s), - 'description' => description, - 'revokeable' => revokeable + 'description' => description ) end end diff --git a/spec/requests/api/graphql/mutations/ci/job_token_scope/add_project_spec.rb b/spec/requests/api/graphql/mutations/ci/job_token_scope/add_project_spec.rb index 490716ddbe2..55e728b2141 100644 --- a/spec/requests/api/graphql/mutations/ci/job_token_scope/add_project_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/job_token_scope/add_project_spec.rb @@ -60,7 +60,7 @@ RSpec.describe 'CiJobTokenScopeAddProject', feature_category: :continuous_integr post_graphql_mutation(mutation, current_user: current_user) expect(response).to have_gitlab_http_status(:success) expect(mutation_response.dig('ciJobTokenScope', 'projects', 'nodes')).not_to be_empty - end.to change { Ci::JobToken::Scope.new(project).allows?(target_project) }.from(false).to(true) + end.to change { Ci::JobToken::ProjectScopeLink.outbound.count }.by(1) end context 'when invalid target project is provided' do diff --git a/spec/requests/api/graphql/mutations/ci/job_token_scope/remove_project_spec.rb b/spec/requests/api/graphql/mutations/ci/job_token_scope/remove_project_spec.rb index 607c6bd85c2..f1296c054f9 100644 --- a/spec/requests/api/graphql/mutations/ci/job_token_scope/remove_project_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/job_token_scope/remove_project_spec.rb @@ -5,7 +5,13 @@ require 'spec_helper' RSpec.describe 'CiJobTokenScopeRemoveProject', feature_category: :continuous_integration do include GraphqlHelpers - let_it_be(:project) { create(:project, ci_outbound_job_token_scope_enabled: true).tap(&:save!) } + let_it_be(:project) do + create(:project, + ci_outbound_job_token_scope_enabled: true, + ci_inbound_job_token_scope_enabled: true + ) + end + let_it_be(:target_project) { create(:project) } let_it_be(:link) do @@ -16,6 +22,7 @@ RSpec.describe 'CiJobTokenScopeRemoveProject', feature_category: :continuous_int let(:variables) do { + direction: 'OUTBOUND', project_path: project.full_path, target_project_path: target_project.full_path } @@ -61,12 +68,21 @@ RSpec.describe 'CiJobTokenScopeRemoveProject', feature_category: :continuous_int target_project.add_guest(current_user) end - it 'removes the target project from the job token scope' do + it 'removes the target project from the job token outbound scope' do expect do post_graphql_mutation(mutation, current_user: current_user) expect(response).to have_gitlab_http_status(:success) expect(mutation_response.dig('ciJobTokenScope', 'projects', 'nodes')).not_to be_empty - end.to change { Ci::JobToken::Scope.new(project).allows?(target_project) }.from(true).to(false) + end.to change { Ci::JobToken::ProjectScopeLink.outbound.count }.by(-1) + end + + it 'responds successfully' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(response).to have_gitlab_http_status(:ok) + expect(graphql_errors).to be_nil + expect(graphql_data_at(:ciJobTokenScopeRemoveProject, :ciJobTokenScope, :projects, :nodes)) + .to contain_exactly({ 'path' => project.path }) end context 'when invalid target project is provided' do diff --git a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_play_spec.rb b/spec/requests/api/graphql/mutations/ci/pipeline_schedule_play_spec.rb index 0e43fa024f3..492c6946c99 100644 --- a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_play_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/pipeline_schedule_play_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe 'PipelineSchedulePlay', feature_category: :continuious_integration do +RSpec.describe 'PipelineSchedulePlay', feature_category: :continuous_integration do include GraphqlHelpers let_it_be(:user) { create(:user) } @@ -42,14 +42,18 @@ RSpec.describe 'PipelineSchedulePlay', feature_category: :continuious_integratio end end - context 'when authorized' do + context 'when authorized', :sidekiq_inline do before do project.add_maintainer(user) pipeline_schedule.update_columns(next_run_at: 2.hours.ago) end context 'when mutation succeeds' do + let(:service_response) { instance_double('ServiceResponse', payload: new_pipeline) } + let(:new_pipeline) { instance_double('Ci::Pipeline', persisted?: true) } + it do + expect(Ci::CreatePipelineService).to receive_message_chain(:new, :execute).and_return(service_response) post_graphql_mutation(mutation, current_user: user) expect(mutation_response['pipelineSchedule']['id']).to include(pipeline_schedule.id.to_s) @@ -61,14 +65,10 @@ RSpec.describe 'PipelineSchedulePlay', feature_category: :continuious_integratio end context 'when mutation fails' do - before do - allow(RunPipelineScheduleWorker).to receive(:perform_async).and_return(nil) - end - it do expect(RunPipelineScheduleWorker) .to receive(:perform_async) - .with(pipeline_schedule.id, user.id) + .with(pipeline_schedule.id, user.id).and_return(nil) post_graphql_mutation(mutation, current_user: user) diff --git a/spec/requests/api/graphql/mutations/ci/pipeline_schedule_update_spec.rb b/spec/requests/api/graphql/mutations/ci/pipeline_schedule_update_spec.rb new file mode 100644 index 00000000000..c1da231a4a6 --- /dev/null +++ b/spec/requests/api/graphql/mutations/ci/pipeline_schedule_update_spec.rb @@ -0,0 +1,151 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'PipelineScheduleUpdate', feature_category: :continuous_integration do + include GraphqlHelpers + + let_it_be(:user) { create(:user) } + let_it_be(:project) { create(:project, :public, :repository) } + let_it_be(:pipeline_schedule) { create(:ci_pipeline_schedule, project: project, owner: user) } + + let(:mutation) do + variables = { + id: pipeline_schedule.to_global_id.to_s, + **pipeline_schedule_parameters + } + + graphql_mutation( + :pipeline_schedule_update, + variables, + <<-QL + pipelineSchedule { + id + description + cron + refForDisplay + active + cronTimezone + variables { + nodes { + key + value + } + } + } + errors + QL + ) + end + + let(:pipeline_schedule_parameters) { {} } + let(:mutation_response) { graphql_mutation_response(:pipeline_schedule_update) } + + context 'when unauthorized' do + it 'returns an error' do + post_graphql_mutation(mutation, current_user: create(:user)) + + expect(graphql_errors).not_to be_empty + expect(graphql_errors[0]['message']) + .to eq( + "The resource that you are attempting to access does not exist " \ + "or you don't have permission to perform this action" + ) + end + end + + context 'when authorized' do + before do + project.add_developer(user) + end + + context 'when success' do + let(:pipeline_schedule_parameters) do + { + description: 'updated_desc', + cron: '0 1 * * *', + cronTimezone: 'UTC', + ref: 'patch-x', + active: true, + variables: [ + { key: 'AAA', value: "AAA123", variableType: 'ENV_VAR' } + ] + } + end + + it do + post_graphql_mutation(mutation, current_user: user) + + expect(response).to have_gitlab_http_status(:success) + + expect_graphql_errors_to_be_empty + + expect(mutation_response['pipelineSchedule']['id']).to eq(pipeline_schedule.to_global_id.to_s) + + %w[description cron cronTimezone active].each do |key| + expect(mutation_response['pipelineSchedule'][key]).to eq(pipeline_schedule_parameters[key.to_sym]) + end + + expect(mutation_response['pipelineSchedule']['refForDisplay']).to eq(pipeline_schedule_parameters[:ref]) + + expect(mutation_response['pipelineSchedule']['variables']['nodes'][0]['key']).to eq('AAA') + expect(mutation_response['pipelineSchedule']['variables']['nodes'][0]['value']).to eq('AAA123') + end + end + + context 'when failure' do + context 'when params are invalid' do + let(:pipeline_schedule_parameters) do + { + description: '', + cron: 'abc', + cronTimezone: 'cCc', + ref: '', + active: true, + variables: [] + } + end + + it do + post_graphql_mutation(mutation, current_user: user) + + expect(response).to have_gitlab_http_status(:success) + + expect(mutation_response['errors']) + .to match_array( + [ + "Cron is invalid syntax", + "Cron timezone is invalid syntax", + "Ref can't be blank", + "Description can't be blank" + ] + ) + end + end + + context 'when params have duplicate variables' do + let(:pipeline_schedule_parameters) do + { + variables: [ + { key: 'AAA', value: "AAA123", variableType: 'ENV_VAR' }, + { key: 'AAA', value: "AAA123", variableType: 'ENV_VAR' } + ] + } + end + + it 'returns error' do + post_graphql_mutation(mutation, current_user: user) + + expect(response).to have_gitlab_http_status(:success) + + expect(mutation_response['errors']) + .to match_array( + [ + "Variables have duplicate values (AAA)" + ] + ) + end + end + end + end +end diff --git a/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb b/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb index 7a6ee7c2ecc..99e55c44773 100644 --- a/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb +++ b/spec/requests/api/graphql/mutations/ci/project_ci_cd_settings_update_spec.rb @@ -18,7 +18,8 @@ RSpec.describe 'ProjectCiCdSettingsUpdate', feature_category: :continuous_integr full_path: project.full_path, keep_latest_artifact: false, job_token_scope_enabled: false, - inbound_job_token_scope_enabled: false + inbound_job_token_scope_enabled: false, + opt_in_jwt: true } end @@ -117,6 +118,15 @@ RSpec.describe 'ProjectCiCdSettingsUpdate', feature_category: :continuous_integr end end + it 'updates ci_opt_in_jwt' do + post_graphql_mutation(mutation, current_user: user) + + project.reload + + expect(response).to have_gitlab_http_status(:success) + expect(project.ci_opt_in_jwt).to eq(true) + end + context 'when bad arguments are provided' do let(:variables) { { full_path: '', keep_latest_artifact: false } } diff --git a/spec/requests/api/graphql/mutations/issues/bulk_update_spec.rb b/spec/requests/api/graphql/mutations/issues/bulk_update_spec.rb new file mode 100644 index 00000000000..b9c83311908 --- /dev/null +++ b/spec/requests/api/graphql/mutations/issues/bulk_update_spec.rb @@ -0,0 +1,177 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Bulk update issues', feature_category: :team_planning do + include GraphqlHelpers + + let_it_be(:developer) { create(:user) } + let_it_be(:group) { create(:group).tap { |group| group.add_developer(developer) } } + let_it_be(:project) { create(:project, group: group) } + let_it_be(:updatable_issues, reload: true) { create_list(:issue, 2, project: project) } + let_it_be(:milestone) { create(:milestone, group: group) } + + let(:parent) { project } + let(:max_issues) { Mutations::Issues::BulkUpdate::MAX_ISSUES } + let(:mutation) { graphql_mutation(:issues_bulk_update, base_arguments.merge(additional_arguments)) } + let(:mutation_response) { graphql_mutation_response(:issues_bulk_update) } + let(:current_user) { developer } + let(:base_arguments) { { parent_id: parent.to_gid.to_s, ids: updatable_issues.map { |i| i.to_gid.to_s } } } + + let(:additional_arguments) do + { + assignee_ids: [current_user.to_gid.to_s], + milestone_id: milestone.to_gid.to_s + } + end + + context 'when the `bulk_update_issues_mutation` feature flag is disabled' do + before do + stub_feature_flags(bulk_update_issues_mutation: false) + end + + it 'returns a resource not available error' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(graphql_errors).to contain_exactly( + hash_including( + 'message' => '`bulk_update_issues_mutation` feature flag is disabled.' + ) + ) + end + end + + context 'when user can not update all issues' do + let_it_be(:forbidden_issue) { create(:issue) } + + it 'updates only issues that the user can update' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + + updatable_issues.each(&:reset) + forbidden_issue.reset + end.to change { updatable_issues.flat_map(&:assignee_ids) }.from([]).to([current_user.id] * 2).and( + not_change(forbidden_issue, :assignee_ids).from([]) + ) + + expect(mutation_response).to include( + 'updatedIssueCount' => updatable_issues.count + ) + end + end + + context 'when user can update all issues' do + it 'updates all issues' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + updatable_issues.each(&:reload) + end.to change { updatable_issues.flat_map(&:assignee_ids) }.from([]).to([current_user.id] * 2) + .and(change { updatable_issues.map(&:milestone_id) }.from([nil] * 2).to([milestone.id] * 2)) + + expect(mutation_response).to include( + 'updatedIssueCount' => updatable_issues.count + ) + end + + context 'when current user cannot read the specified project' do + let_it_be(:parent) { create(:project, :private) } + + it 'returns a resource not found error' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(graphql_errors).to contain_exactly( + hash_including( + 'message' => "The resource that you are attempting to access does not exist or you don't have " \ + 'permission to perform this action' + ) + ) + end + end + + context 'when scoping to a parent group' do + let(:parent) { group } + + it 'updates all issues' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + updatable_issues.each(&:reload) + end.to change { updatable_issues.flat_map(&:assignee_ids) }.from([]).to([current_user.id] * 2) + .and(change { updatable_issues.map(&:milestone_id) }.from([nil] * 2).to([milestone.id] * 2)) + + expect(mutation_response).to include( + 'updatedIssueCount' => updatable_issues.count + ) + end + + context 'when current user cannot read the specified group' do + let(:parent) { create(:group, :private) } + + it 'returns a resource not found error' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(graphql_errors).to contain_exactly( + hash_including( + 'message' => "The resource that you are attempting to access does not exist or you don't have " \ + 'permission to perform this action' + ) + ) + end + end + end + + context 'when setting arguments to null or none' do + let(:additional_arguments) { { assignee_ids: [], milestone_id: nil } } + + before do + updatable_issues.each do |issue| + issue.update!(assignees: [current_user], milestone: milestone) + end + end + + it 'updates all issues' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + updatable_issues.each(&:reload) + end.to change { updatable_issues.flat_map(&:assignee_ids) }.from([current_user.id] * 2).to([]) + .and(change { updatable_issues.map(&:milestone_id) }.from([milestone.id] * 2).to([nil] * 2)) + + expect(mutation_response).to include( + 'updatedIssueCount' => updatable_issues.count + ) + end + end + end + + context 'when update service returns an error' do + before do + allow_next_instance_of(Issuable::BulkUpdateService) do |update_service| + allow(update_service).to receive(:execute).and_return( + ServiceResponse.error(message: 'update error', http_status: 422) # rubocop:disable Gitlab/ServiceResponse + ) + end + end + + it 'returns an error message' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(graphql_data.dig('issuesBulkUpdate', 'errors')).to contain_exactly('update error') + end + end + + context 'when trying to update more than the max allowed' do + before do + stub_const('Mutations::Issues::BulkUpdate::MAX_ISSUES', updatable_issues.count - 1) + end + + it "restricts updating more than #{Mutations::Issues::BulkUpdate::MAX_ISSUES} issues at the same time" do + post_graphql_mutation(mutation, current_user: current_user) + + expect(graphql_errors).to contain_exactly( + hash_including( + 'message' => + format(_('No more than %{max_issues} issues can be updated at the same time'), max_issues: max_issues) + ) + ) + end + end +end diff --git a/spec/requests/api/graphql/mutations/merge_requests/set_milestone_spec.rb b/spec/requests/api/graphql/mutations/merge_requests/set_milestone_spec.rb index 3907ebad9ce..1898ee5a62d 100644 --- a/spec/requests/api/graphql/mutations/merge_requests/set_milestone_spec.rb +++ b/spec/requests/api/graphql/mutations/merge_requests/set_milestone_spec.rb @@ -63,4 +63,20 @@ RSpec.describe 'Setting milestone of a merge request', feature_category: :code_r expect(mutation_response['mergeRequest']['milestone']).to be_nil end end + + context 'when passing an invalid milestone_id' do + let(:input) { { milestone_id: GitlabSchema.id_from_object(create(:milestone)).to_s } } + + it 'does not set the milestone' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(response).to have_gitlab_http_status(:success) + expect(graphql_errors).to include( + a_hash_including( + 'message' => "The resource that you are attempting to access does not exist " \ + "or you don't have permission to perform this action" + ) + ) + end + end end diff --git a/spec/requests/api/graphql/mutations/notes/create/note_spec.rb b/spec/requests/api/graphql/mutations/notes/create/note_spec.rb index 00e25909746..a6253ba424b 100644 --- a/spec/requests/api/graphql/mutations/notes/create/note_spec.rb +++ b/spec/requests/api/graphql/mutations/notes/create/note_spec.rb @@ -122,8 +122,8 @@ RSpec.describe 'Adding a Note', feature_category: :team_planning do let(:variables_extra) { {} } before do - stub_const('WorkItems::Type::BASE_TYPES', { issue: { name: 'NoNotesWidget', enum_value: 0 } }) - stub_const('WorkItems::Type::WIDGETS_FOR_TYPE', { issue: [::WorkItems::Widgets::Description] }) + WorkItems::Type.default_by_type(:issue).widget_definitions.find_by_widget_type(:notes) + .update!(disabled: true) end it_behaves_like 'a Note mutation that does not create a Note' diff --git a/spec/requests/api/graphql/mutations/notes/destroy_spec.rb b/spec/requests/api/graphql/mutations/notes/destroy_spec.rb index eb45e2aa033..f40518a574b 100644 --- a/spec/requests/api/graphql/mutations/notes/destroy_spec.rb +++ b/spec/requests/api/graphql/mutations/notes/destroy_spec.rb @@ -57,8 +57,7 @@ RSpec.describe 'Destroying a Note', feature_category: :team_planning do context 'without notes widget' do before do - stub_const('WorkItems::Type::BASE_TYPES', { issue: { name: 'NoNotesWidget', enum_value: 0 } }) - stub_const('WorkItems::Type::WIDGETS_FOR_TYPE', { issue: [::WorkItems::Widgets::Description] }) + WorkItems::Type.default_by_type(:issue).widget_definitions.find_by_widget_type(:notes).update!(disabled: true) end it 'does not update the Note' do diff --git a/spec/requests/api/graphql/mutations/notes/update/note_spec.rb b/spec/requests/api/graphql/mutations/notes/update/note_spec.rb index dff8a87314b..7918bc860fe 100644 --- a/spec/requests/api/graphql/mutations/notes/update/note_spec.rb +++ b/spec/requests/api/graphql/mutations/notes/update/note_spec.rb @@ -50,8 +50,7 @@ RSpec.describe 'Updating a Note', feature_category: :team_planning do context 'without notes widget' do before do - stub_const('WorkItems::Type::BASE_TYPES', { issue: { name: 'NoNotesWidget', enum_value: 0 } }) - stub_const('WorkItems::Type::WIDGETS_FOR_TYPE', { issue: [::WorkItems::Widgets::Description] }) + WorkItems::Type.default_by_type(:issue).widget_definitions.find_by_widget_type(:notes).update!(disabled: true) end it 'does not update the Note' do diff --git a/spec/requests/api/graphql/mutations/user_preferences/update_spec.rb b/spec/requests/api/graphql/mutations/user_preferences/update_spec.rb index 31d17401b9e..967ad75c906 100644 --- a/spec/requests/api/graphql/mutations/user_preferences/update_spec.rb +++ b/spec/requests/api/graphql/mutations/user_preferences/update_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe Mutations::UserPreferences::Update, feature_category: :users do +RSpec.describe Mutations::UserPreferences::Update, feature_category: :user_profile do include GraphqlHelpers let_it_be(:current_user) { create(:user) } diff --git a/spec/requests/api/graphql/mutations/work_items/update_spec.rb b/spec/requests/api/graphql/mutations/work_items/update_spec.rb index b33a394d023..ddd294e8f82 100644 --- a/spec/requests/api/graphql/mutations/work_items/update_spec.rb +++ b/spec/requests/api/graphql/mutations/work_items/update_spec.rb @@ -127,7 +127,9 @@ RSpec.describe 'Update a work item', feature_category: :team_planning do let(:fields) do <<~FIELDS workItem { + title description + state widgets { type ... on WorkItemWidgetDescription { @@ -179,6 +181,9 @@ RSpec.describe 'Update a work item', feature_category: :team_planning do nodes { id } } } + ... on WorkItemWidgetDescription { + description + } } } errors @@ -201,6 +206,12 @@ RSpec.describe 'Update a work item', feature_category: :team_planning do let(:expected_labels) { [] } it_behaves_like 'mutation updating work item labels' + + context 'with quick action' do + let(:input) { { 'descriptionWidget' => { 'description' => "/remove_label ~\"#{existing_label.name}\"" } } } + + it_behaves_like 'mutation updating work item labels' + end end context 'when only adding labels' do @@ -208,6 +219,14 @@ RSpec.describe 'Update a work item', feature_category: :team_planning do let(:expected_labels) { [label1, label2, existing_label] } it_behaves_like 'mutation updating work item labels' + + context 'with quick action' do + let(:input) do + { 'descriptionWidget' => { 'description' => "/labels ~\"#{label1.name}\" ~\"#{label2.name}\"" } } + end + + it_behaves_like 'mutation updating work item labels' + end end context 'when adding and removing labels' do @@ -216,10 +235,47 @@ RSpec.describe 'Update a work item', feature_category: :team_planning do let(:expected_labels) { [label1, label2] } it_behaves_like 'mutation updating work item labels' + + context 'with quick action' do + let(:input) do + { 'descriptionWidget' => { 'description' => + "/label ~\"#{label1.name}\" ~\"#{label2.name}\"\n/remove_label ~\"#{existing_label.name}\"" } } + end + + it_behaves_like 'mutation updating work item labels' + end + end + + context 'when the work item type does not support labels widget' do + let_it_be(:work_item) { create(:work_item, :task, project: project) } + + let(:input) { { 'descriptionWidget' => { 'description' => "Updating labels.\n/labels ~\"#{label1.name}\"" } } } + + before do + WorkItems::Type.default_by_type(:task).widget_definitions + .find_by_widget_type(:labels).update!(disabled: true) + end + + it 'ignores the quick action' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + work_item.reload + end.not_to change(work_item.labels, :count) + + expect(work_item.labels).to be_empty + expect(mutation_response['workItem']['widgets']).to include( + 'description' => "Updating labels.", + 'type' => 'DESCRIPTION' + ) + expect(mutation_response['workItem']['widgets']).not_to include( + 'labels', + 'type' => 'LABELS' + ) + end end end - context 'with due and start date widget input' do + context 'with due and start date widget input', :freeze_time do let(:start_date) { Date.today } let(:due_date) { 1.week.from_now.to_date } let(:fields) do @@ -231,6 +287,9 @@ RSpec.describe 'Update a work item', feature_category: :team_planning do startDate dueDate } + ... on WorkItemWidgetDescription { + description + } } } errors @@ -259,6 +318,81 @@ RSpec.describe 'Update a work item', feature_category: :team_planning do ) end + context 'when using quick action' do + let(:due_date) { Date.today } + + context 'when removing due date' do + let(:input) { { 'descriptionWidget' => { 'description' => "/remove_due_date" } } } + + before do + work_item.update!(due_date: due_date) + end + + it 'updates start and due date' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + work_item.reload + end.to not_change(work_item, :start_date).and( + change(work_item, :due_date).from(due_date).to(nil) + ) + + expect(response).to have_gitlab_http_status(:success) + expect(mutation_response['workItem']['widgets']).to include({ + 'startDate' => nil, + 'dueDate' => nil, + 'type' => 'START_AND_DUE_DATE' + }) + end + end + + context 'when setting due date' do + let(:input) { { 'descriptionWidget' => { 'description' => "/due today" } } } + + it 'updates due date' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + work_item.reload + end.to not_change(work_item, :start_date).and( + change(work_item, :due_date).from(nil).to(due_date) + ) + + expect(response).to have_gitlab_http_status(:success) + expect(mutation_response['workItem']['widgets']).to include({ + 'startDate' => nil, + 'dueDate' => Date.today.to_s, + 'type' => 'START_AND_DUE_DATE' + }) + end + end + + context 'when the work item type does not support start and due date widget' do + let_it_be(:work_item) { create(:work_item, :task, project: project) } + + let(:input) { { 'descriptionWidget' => { 'description' => "Updating due date.\n/due today" } } } + + before do + WorkItems::Type.default_by_type(:task).widget_definitions + .find_by_widget_type(:start_and_due_date).update!(disabled: true) + end + + it 'ignores the quick action' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + work_item.reload + end.not_to change(work_item, :due_date) + + expect(mutation_response['workItem']['widgets']).to include( + 'description' => "Updating due date.", + 'type' => 'DESCRIPTION' + ) + expect(mutation_response['workItem']['widgets']).not_to include({ + 'dueDate' => nil, + 'type' => 'START_AND_DUE_DATE' + }) + end + end + end + context 'when provided input is invalid' do let(:due_date) { 1.week.ago.to_date } @@ -516,6 +650,9 @@ RSpec.describe 'Update a work item', feature_category: :team_planning do } } } + ... on WorkItemWidgetDescription { + description + } } } errors @@ -544,6 +681,81 @@ RSpec.describe 'Update a work item', feature_category: :team_planning do } ) end + + context 'when using quick action' do + context 'when assigning a user' do + let(:input) { { 'descriptionWidget' => { 'description' => "/assign @#{developer.username}" } } } + + it 'updates the work item assignee' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + work_item.reload + end.to change(work_item, :assignee_ids).from([]).to([developer.id]) + + expect(response).to have_gitlab_http_status(:success) + expect(mutation_response['workItem']['widgets']).to include( + { + 'type' => 'ASSIGNEES', + 'assignees' => { + 'nodes' => [ + { 'id' => developer.to_global_id.to_s, 'username' => developer.username } + ] + } + } + ) + end + end + + context 'when unassigning a user' do + let(:input) { { 'descriptionWidget' => { 'description' => "/unassign @#{developer.username}" } } } + + before do + work_item.update!(assignee_ids: [developer.id]) + end + + it 'updates the work item assignee' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + work_item.reload + end.to change(work_item, :assignee_ids).from([developer.id]).to([]) + + expect(response).to have_gitlab_http_status(:success) + expect(mutation_response['workItem']['widgets']).to include( + 'type' => 'ASSIGNEES', + 'assignees' => { + 'nodes' => [] + } + ) + end + end + end + + context 'when the work item type does not support the assignees widget' do + let_it_be(:work_item) { create(:work_item, :task, project: project) } + + let(:input) do + { 'descriptionWidget' => { 'description' => "Updating assignee.\n/assign @#{developer.username}" } } + end + + before do + WorkItems::Type.default_by_type(:task).widget_definitions + .find_by_widget_type(:assignees).update!(disabled: true) + end + + it 'ignores the quick action' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + work_item.reload + end.not_to change(work_item, :assignee_ids) + + expect(mutation_response['workItem']['widgets']).to include({ + 'description' => "Updating assignee.", + 'type' => 'DESCRIPTION' + } + ) + expect(mutation_response['workItem']['widgets']).not_to include({ 'type' => 'ASSIGNEES' }) + end + end end context 'when updating milestone' do diff --git a/spec/requests/api/graphql/notes/note_spec.rb b/spec/requests/api/graphql/notes/note_spec.rb new file mode 100644 index 00000000000..daceaec0b94 --- /dev/null +++ b/spec/requests/api/graphql/notes/note_spec.rb @@ -0,0 +1,104 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Query.note(id)', feature_category: :team_planning do + include GraphqlHelpers + + let_it_be(:current_user) { create(:user) } + let_it_be(:project) { create(:project, :private) } + let_it_be(:issue) { create(:issue, project: project) } + let_it_be(:note) { create(:note, noteable: issue, project: project) } + let_it_be(:system_note) { create(:note, :system, noteable: issue, project: project) } + + let(:note_params) { { 'id' => global_id_of(note) } } + let(:note_data) { graphql_data['note'] } + let(:note_fields) { all_graphql_fields_for('Note'.classify) } + + let(:query) do + graphql_query_for('note', note_params, note_fields) + end + + it_behaves_like 'a working graphql query' do + before do + post_graphql(query, current_user: current_user) + end + end + + context 'when the user does not have access to read the note' do + it 'returns nil' do + post_graphql(query, current_user: current_user) + + expect(note_data).to be nil + end + + context 'when it is a system note' do + let(:note_params) { { 'id' => global_id_of(system_note) } } + + it 'returns nil' do + post_graphql(query, current_user: current_user) + + expect(note_data).to be nil + end + end + end + + context 'when the user has access to read the note' do + before do + project.add_guest(current_user) + end + + it 'returns note' do + post_graphql(query, current_user: current_user) + + expect(note_data['id']).to eq(global_id_of(note).to_s) + end + + context 'when it is a system note' do + let(:note_params) { { 'id' => global_id_of(system_note) } } + + it 'returns note' do + post_graphql(query, current_user: current_user) + + expect(note_data['id']).to eq(global_id_of(system_note).to_s) + end + end + + context 'and notes widget is not available' do + before do + WorkItems::Type.default_by_type(:issue).widget_definitions + .find_by_widget_type(:notes).update!(disabled: true) + end + + it 'returns nil' do + post_graphql(query, current_user: current_user) + + expect(note_data).to be nil + end + end + + context 'when note is internal' do + let_it_be(:note) { create(:note, :confidential, noteable: issue, project: project) } + + it 'returns nil' do + post_graphql(query, current_user: current_user) + + expect(note_data).to be nil + end + + context 'and user can read confidential notes' do + let_it_be(:developer) { create(:user) } + + before do + project.add_developer(developer) + end + + it 'returns note' do + post_graphql(query, current_user: developer) + + expect(note_data['id']).to eq(global_id_of(note).to_s) + end + end + end + end +end diff --git a/spec/requests/api/graphql/notes/synthetic_note_resolver_spec.rb b/spec/requests/api/graphql/notes/synthetic_note_resolver_spec.rb new file mode 100644 index 00000000000..1199aeb4c39 --- /dev/null +++ b/spec/requests/api/graphql/notes/synthetic_note_resolver_spec.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Query.synthetic_note(noteable_id, sha)', feature_category: :team_planning do + include GraphqlHelpers + + let_it_be(:current_user) { create(:user) } + let_it_be(:project) { create(:project, :private) } + let_it_be(:issue) { create(:issue, project: project) } + let_it_be(:label) { create(:label, project: project) } + let_it_be(:label_event, refind: true) do + create(:resource_label_event, user: current_user, issue: issue, label: label, action: 'add', created_at: 2.days.ago) + end + + let(:label_note) { LabelNote.from_events([label_event]) } + let(:global_id) { ::Gitlab::GlobalId.build(label_note, model_name: LabelNote.to_s, id: label_note.discussion_id) } + let(:note_params) { { sha: label_note.discussion_id, noteable_id: global_id_of(issue) } } + let(:note_data) { graphql_data['syntheticNote'] } + let(:note_fields) { all_graphql_fields_for('Note'.classify) } + + let(:query) do + graphql_query_for('synthetic_note', note_params, note_fields) + end + + context 'when the user does not have access to read the note' do + it 'returns nil' do + post_graphql(query, current_user: current_user) + + expect(note_data).to be nil + end + end + + context 'when the user has access to read the note' do + before do + project.add_guest(current_user) + end + + it 'returns synthetic note' do + post_graphql(query, current_user: current_user) + + expect(note_data['id']).to eq(global_id.to_s) + end + + context 'and notes widget is not available' do + before do + WorkItems::Type.default_by_type(:issue).widget_definitions + .find_by_widget_type(:notes).update!(disabled: true) + end + + it 'returns nil' do + post_graphql(query, current_user: current_user) + + expect(note_data).to be nil + end + end + end +end diff --git a/spec/requests/api/graphql/packages/package_spec.rb b/spec/requests/api/graphql/packages/package_spec.rb index 42927634119..82fcc5254ad 100644 --- a/spec/requests/api/graphql/packages/package_spec.rb +++ b/spec/requests/api/graphql/packages/package_spec.rb @@ -41,6 +41,7 @@ RSpec.describe 'package details', feature_category: :package_registry do context 'with unauthorized user' do before do project.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE) + project.add_guest(user) end it 'returns no packages' do @@ -48,6 +49,47 @@ RSpec.describe 'package details', feature_category: :package_registry do expect(graphql_data_at(:package)).to be_nil end + + context 'with access to package registry for everyone' do + before do + project.project_feature.update!(package_registry_access_level: ProjectFeature::PUBLIC) + subject + end + + it_behaves_like 'a working graphql query' do + it 'matches the JSON schema' do + expect(package_details).to match_schema('graphql/packages/package_details') + end + end + + it '`public_package` returns true' do + expect(graphql_data_at(:package, :public_package)).to eq(true) + end + end + end + + context 'when project is public' do + let_it_be(:public_project) { create(:project, :public, group: group) } + let_it_be(:composer_package) { create(:composer_package, project: public_project) } + let(:package_global_id) { global_id_of(composer_package) } + + before do + subject + end + + it_behaves_like 'a working graphql query' do + before do + subject + end + + it 'matches the JSON schema' do + expect(package_details).to match_schema('graphql/packages/package_details') + end + end + + it '`public_package` returns true' do + expect(graphql_data_at(:package, :public_package)).to eq(true) + end end context 'with authorized user' do @@ -113,6 +155,29 @@ RSpec.describe 'package details', feature_category: :package_registry do end end + context 'versions field', :aggregate_failures do + let_it_be(:composer_package2) { create(:composer_package, project: project, name: composer_package.name) } + let_it_be(:composer_package3) { create(:composer_package, :error, project: project, name: composer_package.name) } + let_it_be(:pending_destruction) { create(:composer_package, :pending_destruction, project: project, name: composer_package.name) } + + def run_query + versions_nodes = <<~QUERY + nodes { id } + QUERY + + query = graphql_query_for(:package, { id: package_global_id }, query_graphql_field("versions", {}, versions_nodes)) + post_graphql(query, current_user: user) + end + + it 'returns other versions' do + run_query + versions_ids = graphql_data.dig('package', 'versions', 'nodes').pluck('id') + expected_ids = [composer_package2, composer_package3].map(&:to_gid).map(&:to_s) + + expect(versions_ids).to contain_exactly(*expected_ids) + end + end + context 'pipelines field', :aggregate_failures do let(:pipelines) { create_list(:ci_pipeline, 6, project: project) } let(:pipeline_gids) { pipelines.sort_by(&:id).map(&:to_gid).map(&:to_s).reverse } @@ -227,6 +292,49 @@ RSpec.describe 'package details', feature_category: :package_registry do end end + context 'public_package' do + context 'when project is private' do + let_it_be(:private_project) { create(:project, :private, group: group) } + let_it_be(:composer_package) { create(:composer_package, project: private_project) } + let(:package_global_id) { global_id_of(composer_package) } + + before do + private_project.add_developer(user) + end + + it 'returns false' do + subject + + expect(graphql_data_at(:package, :public_package)).to eq(false) + end + + context 'with access to package registry for everyone' do + before do + private_project.project_feature.update!(package_registry_access_level: ProjectFeature::PUBLIC) + subject + end + + it 'returns true' do + expect(graphql_data_at(:package, :public_package)).to eq(true) + end + end + end + + context 'when project is public' do + let_it_be(:public_project) { create(:project, :public, group: group) } + let_it_be(:composer_package) { create(:composer_package, project: public_project) } + let(:package_global_id) { global_id_of(composer_package) } + + before do + subject + end + + it 'returns true' do + expect(graphql_data_at(:package, :public_package)).to eq(true) + end + end + end + context 'with package that has no default status' do before do composer_package.update!(status: :error) diff --git a/spec/requests/api/graphql/project/alert_management/alerts_spec.rb b/spec/requests/api/graphql/project/alert_management/alerts_spec.rb index 304edfbf4e4..55d223daf27 100644 --- a/spec/requests/api/graphql/project/alert_management/alerts_spec.rb +++ b/spec/requests/api/graphql/project/alert_management/alerts_spec.rb @@ -16,7 +16,7 @@ RSpec.describe 'getting Alert Management Alerts', feature_category: :incident_ma let(:fields) do <<~QUERY nodes { - #{all_graphql_fields_for('AlertManagementAlert', excluded: ['assignees'])} + #{all_graphql_fields_for('AlertManagementAlert', excluded: %w[assignees relatedMergeRequests])} } QUERY end diff --git a/spec/requests/api/graphql/project/merge_request_spec.rb b/spec/requests/api/graphql/project/merge_request_spec.rb index 6aa96cfc070..76e5d687fd1 100644 --- a/spec/requests/api/graphql/project/merge_request_spec.rb +++ b/spec/requests/api/graphql/project/merge_request_spec.rb @@ -193,7 +193,8 @@ RSpec.describe 'getting merge request information nested in a project', feature_ 'cherryPickOnCurrentMergeRequest' => false, 'revertOnCurrentMergeRequest' => false, 'updateMergeRequest' => false, - 'canMerge' => false + 'canMerge' => false, + 'canApprove' => false } post_graphql(query, current_user: current_user) diff --git a/spec/requests/api/graphql/project/project_statistics_spec.rb b/spec/requests/api/graphql/project/project_statistics_spec.rb index d078659b954..444738cbc81 100644 --- a/spec/requests/api/graphql/project/project_statistics_spec.rb +++ b/spec/requests/api/graphql/project/project_statistics_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe 'rendering project statistics', feature_category: :project_statistics do +RSpec.describe 'rendering project statistics', feature_category: :shared do include GraphqlHelpers let(:project) { create(:project) } diff --git a/spec/requests/api/graphql/project/releases_spec.rb b/spec/requests/api/graphql/project/releases_spec.rb index aa454349fcf..bc47f5a0248 100644 --- a/spec/requests/api/graphql/project/releases_spec.rb +++ b/spec/requests/api/graphql/project/releases_spec.rb @@ -5,226 +5,10 @@ require 'spec_helper' RSpec.describe 'Query.project(fullPath).releases()', feature_category: :release_orchestration do include GraphqlHelpers - let_it_be(:stranger) { create(:user) } - let_it_be(:guest) { create(:user) } - let_it_be(:reporter) { create(:user) } - let_it_be(:developer) { create(:user) } - - let(:base_url_params) { { scope: 'all', release_tag: release.tag } } - let(:opened_url_params) { { state: 'opened', **base_url_params } } - let(:merged_url_params) { { state: 'merged', **base_url_params } } - let(:closed_url_params) { { state: 'closed', **base_url_params } } - - let(:query) do - graphql_query_for(:project, { fullPath: project.full_path }, - %{ - releases { - count - nodes { - tagName - tagPath - name - commit { - sha - } - assets { - count - sources { - nodes { - url - } - } - } - evidences { - nodes { - sha - } - } - links { - selfUrl - openedMergeRequestsUrl - mergedMergeRequestsUrl - closedMergeRequestsUrl - openedIssuesUrl - closedIssuesUrl - } - } - } - }) - end - - let(:params_for_issues_and_mrs) { { scope: 'all', state: 'opened', release_tag: release.tag } } - let(:post_query) { post_graphql(query, current_user: current_user) } - - let(:data) { graphql_data.dig('project', 'releases', 'nodes', 0) } - - before do - stub_default_url_options(host: 'www.example.com') - end - - shared_examples 'correct total count' do - let(:data) { graphql_data.dig('project', 'releases') } - - before do - create_list(:release, 2, project: project) - - post_query - end - - it 'returns the total count' do - expect(data['count']).to eq(project.releases.count) - end - end - - shared_examples 'full access to all repository-related fields' do - describe 'repository-related fields' do - before do - post_query - end - - it 'returns data for fields that are protected in private projects' do - expected_sources = release.sources.map do |s| - { 'url' => s.url } - end - - expected_evidences = release.evidences.map do |e| - { 'sha' => e.sha } - end - - expect(data).to eq( - 'tagName' => release.tag, - 'tagPath' => project_tag_path(project, release.tag), - 'name' => release.name, - 'commit' => { - 'sha' => release.commit.sha - }, - 'assets' => { - 'count' => release.assets_count, - 'sources' => { - 'nodes' => expected_sources - } - }, - 'evidences' => { - 'nodes' => expected_evidences - }, - 'links' => { - 'selfUrl' => project_release_url(project, release), - 'openedMergeRequestsUrl' => project_merge_requests_url(project, opened_url_params), - 'mergedMergeRequestsUrl' => project_merge_requests_url(project, merged_url_params), - 'closedMergeRequestsUrl' => project_merge_requests_url(project, closed_url_params), - 'openedIssuesUrl' => project_issues_url(project, opened_url_params), - 'closedIssuesUrl' => project_issues_url(project, closed_url_params) - } - ) - end - end - - it_behaves_like 'correct total count' - end - - shared_examples 'no access to any repository-related fields' do - describe 'repository-related fields' do - before do - post_query - end + include_context 'when releases and group releases shared context' - it 'does not return data for fields that expose repository information' do - tag_name = release.tag - release_name = release.name - expect(data).to eq( - 'tagName' => tag_name, - 'tagPath' => nil, - 'name' => release_name, - 'commit' => nil, - 'assets' => { - 'count' => release.assets_count(except: [:sources]), - 'sources' => { - 'nodes' => [] - } - }, - 'evidences' => { - 'nodes' => [] - }, - 'links' => { - 'closedIssuesUrl' => nil, - 'closedMergeRequestsUrl' => nil, - 'mergedMergeRequestsUrl' => nil, - 'openedIssuesUrl' => nil, - 'openedMergeRequestsUrl' => nil, - 'selfUrl' => project_release_url(project, release) - } - ) - end - end - - it_behaves_like 'correct total count' - end - - # editUrl is tested separately becuase its permissions - # are slightly different than other release fields - shared_examples 'access to editUrl' do - let(:query) do - graphql_query_for(:project, { fullPath: project.full_path }, - %{ - releases { - nodes { - links { - editUrl - } - } - } - }) - end - - before do - post_query - end - - it 'returns editUrl' do - expect(data).to eq( - 'links' => { - 'editUrl' => edit_project_release_url(project, release) - } - ) - end - end - - shared_examples 'no access to editUrl' do - let(:query) do - graphql_query_for(:project, { fullPath: project.full_path }, - %{ - releases { - nodes { - links { - editUrl - } - } - } - }) - end - - before do - post_query - end - - it 'does not return editUrl' do - expect(data).to eq( - 'links' => { - 'editUrl' => nil - } - ) - end - end - - shared_examples 'no access to any release data' do - before do - post_query - end - - it 'returns nil' do - expect(data).to eq(nil) - end - end + let(:resource_type) { :project } + let(:resource) { project } describe "ensures that the correct data is returned based on the project's visibility and the user's access level" do context 'when the project is private' do @@ -312,7 +96,7 @@ RSpec.describe 'Query.project(fullPath).releases()', feature_category: :release_ def pagination_query(params) graphql_query_for( - :project, + resource_type, { full_path: sort_project.full_path }, query_graphql_field(:releases, params, "#{page_info} nodes { tagName }") ) diff --git a/spec/requests/api/graphql/project/work_items_spec.rb b/spec/requests/api/graphql/project/work_items_spec.rb index de35c943749..f49165a88ea 100644 --- a/spec/requests/api/graphql/project/work_items_spec.rb +++ b/spec/requests/api/graphql/project/work_items_spec.rb @@ -8,6 +8,7 @@ RSpec.describe 'getting a work item list for a project', feature_category: :team let_it_be(:group) { create(:group) } let_it_be(:project) { create(:project, :repository, :public, group: group) } let_it_be(:current_user) { create(:user) } + let_it_be(:reporter) { create(:user).tap { |reporter| project.add_reporter(reporter) } } let_it_be(:label1) { create(:label, project: project) } let_it_be(:label2) { create(:label, project: project) } let_it_be(:milestone1) { create(:milestone, project: project) } @@ -43,10 +44,10 @@ RSpec.describe 'getting a work item list for a project', feature_category: :team end shared_examples 'work items resolver without N + 1 queries' do - it 'avoids N+1 queries' do + it 'avoids N+1 queries', :use_sql_query_cache do post_graphql(query, current_user: current_user) # warm-up - control = ActiveRecord::QueryRecorder.new do + control = ActiveRecord::QueryRecorder.new(skip_cached: false) do post_graphql(query, current_user: current_user) end @@ -59,11 +60,12 @@ RSpec.describe 'getting a work item list for a project', feature_category: :team last_edited_at: 1.week.ago, project: project, labels: [label1, label2], - milestone: milestone2 + milestone: milestone2, + author: reporter ) + expect { post_graphql(query, current_user: current_user) }.not_to exceed_all_query_limit(control) expect_graphql_errors_to_be_empty - expect { post_graphql(query, current_user: current_user) }.not_to exceed_query_limit(control) end end @@ -212,6 +214,19 @@ RSpec.describe 'getting a work item list for a project', feature_category: :team end end + context 'when filtering by author username' do + let_it_be(:author) { create(:author) } + let_it_be(:item_3) { create(:work_item, project: project, author: author) } + + let(:item_filter_params) { { author_username: item_3.author.username } } + + it 'returns correct results' do + post_graphql(query, current_user: current_user) + + expect(item_ids).to match_array([item_3.to_global_id.to_s]) + end + end + describe 'sorting and pagination' do let(:data_path) { [:project, :work_items] } diff --git a/spec/requests/api/graphql/subscriptions/notes/created_spec.rb b/spec/requests/api/graphql/subscriptions/notes/created_spec.rb new file mode 100644 index 00000000000..f955c14ef3b --- /dev/null +++ b/spec/requests/api/graphql/subscriptions/notes/created_spec.rb @@ -0,0 +1,177 @@ +# frozen_string_literal: true + +require "spec_helper" + +RSpec.describe 'Subscriptions::Notes::Created', feature_category: :team_planning do + include GraphqlHelpers + include Graphql::Subscriptions::Notes::Helper + + let_it_be(:guest) { create(:user) } + let_it_be(:reporter) { create(:user) } + let_it_be(:project) { create(:project) } + let_it_be(:task) { create(:work_item, :task, project: project) } + + let(:current_user) { nil } + let(:subscribe) { notes_subscription('workItemNoteCreated', task, current_user) } + let(:response_note) { graphql_dig_at(graphql_data(response[:result]), :workItemNoteCreated) } + let(:discussion) { graphql_dig_at(response_note, :discussion) } + let(:discussion_notes) { graphql_dig_at(discussion, :notes, :nodes) } + + before do + stub_const('GitlabSchema', Graphql::Subscriptions::ActionCable::MockGitlabSchema) + Graphql::Subscriptions::ActionCable::MockActionCable.clear_mocks + project.add_guest(guest) + project.add_reporter(reporter) + end + + subject(:response) do + subscription_response do + # this creates note defined with let lazily and triggers the subscription event + new_note + end + end + + context 'when user is unauthorized' do + let(:new_note) { create(:note, noteable: task, project: project, type: 'DiscussionNote') } + + it 'does not receive any data' do + expect(response).to be_nil + end + end + + context 'when user is authorized' do + let(:current_user) { guest } + let(:new_note) { create(:note, noteable: task, project: project, type: 'DiscussionNote') } + + it 'receives created note' do + response + note = Note.find(new_note.id) + + expect(response_note['id']).to eq(note.to_gid.to_s) + expect(discussion['id']).to eq(note.discussion.to_gid.to_s) + expect(discussion_notes.pluck('id')).to eq([note.to_gid.to_s]) + end + + context 'when a new note is created as a reply' do + let_it_be(:note, refind: true) { create(:note, noteable: task, project: project, type: 'DiscussionNote') } + + let(:new_note) do + create(:note, noteable: task, project: project, in_reply_to: note, discussion_id: note.discussion_id) + end + + it 'receives created note' do + response + reply = Note.find(new_note.id) + + expect(response_note['id']).to eq(reply.to_gid.to_s) + expect(discussion['id']).to eq(reply.discussion.to_gid.to_s) + expect(discussion_notes.pluck('id')).to eq([note.to_gid.to_s, reply.to_gid.to_s]) + end + end + + context 'when note is confidential' do + let(:current_user) { reporter } + let(:new_note) { create(:note, :confidential, noteable: task, project: project, type: 'DiscussionNote') } + + context 'and user has permission to read confidential notes' do + it 'receives created note' do + response + confidential_note = Note.find(new_note.id) + + expect(response_note['id']).to eq(confidential_note.to_gid.to_s) + expect(discussion['id']).to eq(confidential_note.discussion.to_gid.to_s) + expect(discussion_notes.pluck('id')).to eq([confidential_note.to_gid.to_s]) + end + + context 'and replying' do + let_it_be(:note, refind: true) do + create(:note, :confidential, noteable: task, project: project, type: 'DiscussionNote') + end + + let(:new_note) do + create(:note, :confidential, + noteable: task, project: project, in_reply_to: note, discussion_id: note.discussion_id) + end + + it 'receives created note' do + response + reply = Note.find(new_note.id) + + expect(response_note['id']).to eq(reply.to_gid.to_s) + expect(discussion['id']).to eq(reply.discussion.to_gid.to_s) + expect(discussion_notes.pluck('id')).to eq([note.to_gid.to_s, reply.to_gid.to_s]) + end + end + end + + context 'and user does not have permission to read confidential notes' do + let(:current_user) { guest } + let(:new_note) { create(:note, :confidential, noteable: task, project: project, type: 'DiscussionNote') } + + it 'does not receive note data' do + response + expect(response_note).to be_nil + end + end + end + end + + context 'when resource events are triggering note subscription' do + let_it_be(:label1) { create(:label, project: project, title: 'foo') } + let_it_be(:label2) { create(:label, project: project, title: 'bar') } + + subject(:response) do + subscription_response do + # this creates note defined with let lazily and triggers the subscription event + resource_event + end + end + + context 'when user is unauthorized' do + let(:resource_event) { create(:resource_label_event, issue: task, label: label1) } + + it "does not receive discussion data" do + expect(response).to be_nil + end + end + + context 'when user is authorized' do + let(:current_user) { guest } + let(:resource_event) { create(:resource_label_event, issue: task, label: label1) } + + it "receives created synthetic note as a discussion" do + response + + event = ResourceLabelEvent.find(resource_event.id) + discussion_id = event.discussion_id + discussion_gid = ::Gitlab::GlobalId.as_global_id(discussion_id, model_name: 'Discussion').to_s + note_gid = ::Gitlab::GlobalId.as_global_id(discussion_id, model_name: 'LabelNote').to_s + + expect(response_note['id']).to eq(note_gid) + expect(discussion['id']).to eq(discussion_gid) + expect(discussion_notes.size).to eq(1) + expect(discussion_notes.pluck('id')).to match_array([note_gid]) + end + + context 'when several label events are created' do + let(:resource_event) do + ResourceEvents::ChangeLabelsService.new(task, current_user).execute(added_labels: [label1, label2]) + end + + it "receives created synthetic note as a discussion" do + response + + event = ResourceLabelEvent.where(label_id: [label1, label2]).first + discussion_id = event.discussion_id + discussion_gid = ::Gitlab::GlobalId.as_global_id(discussion_id, model_name: 'Discussion').to_s + note_gid = ::Gitlab::GlobalId.as_global_id(discussion_id, model_name: 'LabelNote').to_s + + expect(response_note['id']).to eq(note_gid) + expect(discussion['id']).to eq(discussion_gid) + expect(discussion_notes.size).to eq(1) + expect(discussion_notes.pluck('id')).to match_array([note_gid]) + end + end + end + end +end diff --git a/spec/requests/api/graphql/subscriptions/notes/deleted_spec.rb b/spec/requests/api/graphql/subscriptions/notes/deleted_spec.rb new file mode 100644 index 00000000000..d98f1cfe77e --- /dev/null +++ b/spec/requests/api/graphql/subscriptions/notes/deleted_spec.rb @@ -0,0 +1,72 @@ +# frozen_string_literal: true + +require "spec_helper" + +RSpec.describe 'Subscriptions::Notes::Deleted', feature_category: :team_planning do + include GraphqlHelpers + include Graphql::Subscriptions::Notes::Helper + + let_it_be(:guest) { create(:user) } + let_it_be(:reporter) { create(:user) } + let_it_be(:project) { create(:project) } + let_it_be(:task) { create(:work_item, :task, project: project) } + let_it_be(:note, refind: true) { create(:note, noteable: task, project: project, type: 'DiscussionNote') } + let_it_be(:reply_note, refind: true) do + create(:note, noteable: task, project: project, in_reply_to: note, discussion_id: note.discussion_id) + end + + let(:current_user) { nil } + let(:subscribe) { notes_subscription('workItemNoteDeleted', task, current_user) } + let(:deleted_note) { graphql_dig_at(graphql_data(response[:result]), :workItemNoteDeleted) } + + before do + stub_const('GitlabSchema', Graphql::Subscriptions::ActionCable::MockGitlabSchema) + Graphql::Subscriptions::ActionCable::MockActionCable.clear_mocks + project.add_guest(guest) + project.add_reporter(reporter) + end + + subject(:response) do + subscription_response do + note.destroy! + end + end + + context 'when user is unauthorized' do + it 'does not receive any data' do + expect(response).to be_nil + end + end + + context 'when user is authorized' do + let(:current_user) { guest } + + it 'receives note id that is removed' do + expect(deleted_note['id']).to eq(note.to_gid.to_s) + expect(deleted_note['discussionId']).to eq(note.discussion.to_gid.to_s) + expect(deleted_note['lastDiscussionNote']).to be false + end + + context 'when last discussion note is deleted' do + let_it_be(:note, refind: true) { create(:note, noteable: task, project: project, type: 'DiscussionNote') } + + it 'receives note id that is removed' do + expect(deleted_note['id']).to eq(note.to_gid.to_s) + expect(deleted_note['discussionId']).to eq(note.discussion.to_gid.to_s) + expect(deleted_note['lastDiscussionNote']).to be true + end + end + + context 'when note is confidential' do + let_it_be(:note, refind: true) do + create(:note, :confidential, noteable: task, project: project, type: 'DiscussionNote') + end + + it 'receives note id that is removed' do + expect(deleted_note['id']).to eq(note.to_gid.to_s) + expect(deleted_note['discussionId']).to eq(note.discussion.to_gid.to_s) + expect(deleted_note['lastDiscussionNote']).to be true + end + end + end +end diff --git a/spec/requests/api/graphql/subscriptions/notes/updated_spec.rb b/spec/requests/api/graphql/subscriptions/notes/updated_spec.rb new file mode 100644 index 00000000000..25c0a79e7aa --- /dev/null +++ b/spec/requests/api/graphql/subscriptions/notes/updated_spec.rb @@ -0,0 +1,67 @@ +# frozen_string_literal: true + +require "spec_helper" + +RSpec.describe 'Subscriptions::Notes::Updated', feature_category: :team_planning do + include GraphqlHelpers + include Graphql::Subscriptions::Notes::Helper + + let_it_be(:guest) { create(:user) } + let_it_be(:reporter) { create(:user) } + let_it_be(:project) { create(:project) } + let_it_be(:task) { create(:work_item, :task, project: project) } + let_it_be(:note, refind: true) { create(:note, noteable: task, project: task.project, type: 'DiscussionNote') } + + let(:current_user) { nil } + let(:subscribe) { note_subscription('workItemNoteUpdated', task, current_user) } + let(:updated_note) { graphql_dig_at(graphql_data(response[:result]), :workItemNoteUpdated) } + + before do + stub_const('GitlabSchema', Graphql::Subscriptions::ActionCable::MockGitlabSchema) + Graphql::Subscriptions::ActionCable::MockActionCable.clear_mocks + project.add_guest(guest) + project.add_reporter(reporter) + end + + subject(:response) do + subscription_response do + note.update!(note: 'changing the note body') + end + end + + context 'when user is unauthorized' do + it 'does not receive any data' do + expect(response).to be_nil + end + end + + context 'when user is authorized' do + let(:current_user) { reporter } + + it 'receives updated note data' do + expect(updated_note['id']).to eq(note.to_gid.to_s) + expect(updated_note['body']).to eq('changing the note body') + end + + context 'when note is confidential' do + let_it_be(:note, refind: true) do + create(:note, :confidential, noteable: task, project: task.project, type: 'DiscussionNote') + end + + context 'and user has permission to read confidential notes' do + it 'receives updated note data' do + expect(updated_note['id']).to eq(note.to_gid.to_s) + expect(updated_note['body']).to eq('changing the note body') + end + end + + context 'and user does not have permission to read confidential notes' do + let(:current_user) { guest } + + it 'does not receive updated note data' do + expect(updated_note).to be_nil + end + end + end + end +end diff --git a/spec/requests/api/graphql/user_spec.rb b/spec/requests/api/graphql/user_spec.rb index 3e82d783a18..c19dfa6f3f3 100644 --- a/spec/requests/api/graphql/user_spec.rb +++ b/spec/requests/api/graphql/user_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe 'User', feature_category: :users do +RSpec.describe 'User', feature_category: :user_profile do include GraphqlHelpers let_it_be(:current_user) { create(:user) } diff --git a/spec/requests/api/graphql/work_item_spec.rb b/spec/requests/api/graphql/work_item_spec.rb index 6b5d437df83..0fad4f4ff3a 100644 --- a/spec/requests/api/graphql/work_item_spec.rb +++ b/spec/requests/api/graphql/work_item_spec.rb @@ -55,7 +55,12 @@ RSpec.describe 'Query.work_item(id)', feature_category: :team_planning do 'title' => work_item.title, 'confidential' => work_item.confidential, 'workItemType' => hash_including('id' => work_item.work_item_type.to_gid.to_s), - 'userPermissions' => { 'readWorkItem' => true, 'updateWorkItem' => true, 'deleteWorkItem' => false }, + 'userPermissions' => { + 'readWorkItem' => true, + 'updateWorkItem' => true, + 'deleteWorkItem' => false, + 'adminWorkItem' => true + }, 'project' => hash_including('id' => project.to_gid.to_s, 'fullPath' => project.full_path) ) end @@ -210,6 +215,20 @@ RSpec.describe 'Query.work_item(id)', feature_category: :team_planning do it 'places the newest child item to the end of the children list' do expect(hierarchy_children.last['id']).to eq(newest_child.to_gid.to_s) end + + context 'when relative position is set' do + let_it_be(:first_child) { create(:work_item, :task, project: project, created_at: 5.minutes.from_now) } + + let_it_be(:first_link) do + create(:parent_link, work_item_parent: work_item, work_item: first_child, relative_position: 1) + end + + it 'places children according to relative_position at the beginning of the children list' do + ordered_list = [first_child, oldest_child, child_item1, child_item2, newest_child] + + expect(hierarchy_children.pluck('id')).to eq(ordered_list.map(&:to_gid).map(&:to_s)) + end + end end end |