From 17b91a3c6ab73fff087e91665e9afb8046cbf045 Mon Sep 17 00:00:00 2001 From: GitLab Bot Date: Fri, 13 Dec 2019 09:08:01 +0000 Subject: Add latest changes from gitlab-org/gitlab@master --- .../api/graphql/mutations/snippets/create_spec.rb | 144 +++++++++++++++++++++ .../api/graphql/mutations/snippets/destroy_spec.rb | 89 +++++++++++++ .../api/graphql/mutations/snippets/update_spec.rb | 144 +++++++++++++++++++++ 3 files changed, 377 insertions(+) create mode 100644 spec/requests/api/graphql/mutations/snippets/create_spec.rb create mode 100644 spec/requests/api/graphql/mutations/snippets/destroy_spec.rb create mode 100644 spec/requests/api/graphql/mutations/snippets/update_spec.rb (limited to 'spec/requests') diff --git a/spec/requests/api/graphql/mutations/snippets/create_spec.rb b/spec/requests/api/graphql/mutations/snippets/create_spec.rb new file mode 100644 index 00000000000..9ef45c0f6bc --- /dev/null +++ b/spec/requests/api/graphql/mutations/snippets/create_spec.rb @@ -0,0 +1,144 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Creating a Snippet' do + include GraphqlHelpers + + let_it_be(:user) { create(:user) } + let_it_be(:project) { create(:project) } + let(:content) { 'Initial content' } + let(:description) { 'Initial description' } + let(:title) { 'Initial title' } + let(:file_name) { 'Initial file_name' } + let(:visibility_level) { 'public' } + let(:project_path) { nil } + + let(:mutation) do + variables = { + content: content, + description: description, + visibility_level: visibility_level, + file_name: file_name, + title: title, + project_path: project_path + } + + graphql_mutation(:create_snippet, variables) + end + + def mutation_response + graphql_mutation_response(:create_snippet) + end + + context 'when the user does not have permission' do + let(:current_user) { nil } + + it_behaves_like 'a mutation that returns top-level errors', + errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR] + + it 'does not create the Snippet' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + end.not_to change { Snippet.count } + end + + context 'when user is not authorized in the project' do + let(:project_path) { project.full_path } + + it 'does not create the snippet when the user is not authorized' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + end.not_to change { Snippet.count } + end + end + end + + context 'when the user has permission' do + let(:current_user) { user } + + context 'with PersonalSnippet' do + it 'creates the Snippet' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + end.to change { Snippet.count }.by(1) + end + + it 'returns the created Snippet' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(mutation_response['snippet']['content']).to eq(content) + expect(mutation_response['snippet']['title']).to eq(title) + expect(mutation_response['snippet']['description']).to eq(description) + expect(mutation_response['snippet']['fileName']).to eq(file_name) + expect(mutation_response['snippet']['visibilityLevel']).to eq(visibility_level) + expect(mutation_response['snippet']['project']).to be_nil + end + end + + context 'with ProjectSnippet' do + let(:project_path) { project.full_path } + + before do + project.add_developer(current_user) + end + + it 'creates the Snippet' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + end.to change { Snippet.count }.by(1) + end + + it 'returns the created Snippet' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(mutation_response['snippet']['content']).to eq(content) + expect(mutation_response['snippet']['title']).to eq(title) + expect(mutation_response['snippet']['description']).to eq(description) + expect(mutation_response['snippet']['fileName']).to eq(file_name) + expect(mutation_response['snippet']['visibilityLevel']).to eq(visibility_level) + expect(mutation_response['snippet']['project']['fullPath']).to eq(project_path) + end + + context 'when the project path is invalid' do + let(:project_path) { 'foobar' } + + it 'returns an an error' do + post_graphql_mutation(mutation, current_user: current_user) + errors = json_response['errors'] + + expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) + end + end + + context 'when the feature is disabled' do + it 'returns an an error' do + project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED) + + post_graphql_mutation(mutation, current_user: current_user) + errors = json_response['errors'] + + expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) + end + end + end + + context 'when there are ActiveRecord validation errors' do + let(:title) { '' } + + it_behaves_like 'a mutation that returns errors in the response', errors: ["Title can't be blank"] + + it 'does not create the Snippet' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + end.not_to change { Snippet.count } + end + + it 'does not return Snippet' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(mutation_response['snippet']).to be_nil + end + end + end +end diff --git a/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb b/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb new file mode 100644 index 00000000000..351d2db8973 --- /dev/null +++ b/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb @@ -0,0 +1,89 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Destroying a Snippet' do + include GraphqlHelpers + + let(:current_user) { snippet.author } + let(:mutation) do + variables = { + id: snippet.to_global_id.to_s + } + + graphql_mutation(:destroy_snippet, variables) + end + + def mutation_response + graphql_mutation_response(:destroy_snippet) + end + + shared_examples 'graphql delete actions' do + context 'when the user does not have permission' do + let(:current_user) { create(:user) } + + it_behaves_like 'a mutation that returns top-level errors', + errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR] + + it 'does not destroy the Snippet' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + end.not_to change { Snippet.count } + end + end + + context 'when the user has permission' do + it 'destroys the Snippet' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + end.to change { Snippet.count }.by(-1) + end + + it 'returns an empty Snippet' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(mutation_response).to have_key('snippet') + expect(mutation_response['snippet']).to be_nil + end + end + end + + describe 'PersonalSnippet' do + it_behaves_like 'graphql delete actions' do + let_it_be(:snippet) { create(:personal_snippet) } + end + end + + describe 'ProjectSnippet' do + let_it_be(:project) { create(:project, :private) } + let_it_be(:snippet) { create(:project_snippet, :private, project: project, author: create(:user)) } + + context 'when the author is not a member of the project' do + it 'returns an an error' do + post_graphql_mutation(mutation, current_user: current_user) + errors = json_response['errors'] + + expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) + end + end + + context 'when the author is a member of the project' do + before do + project.add_developer(current_user) + end + + it_behaves_like 'graphql delete actions' + + context 'when the snippet project feature is disabled' do + it 'returns an an error' do + project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED) + + post_graphql_mutation(mutation, current_user: current_user) + errors = json_response['errors'] + + expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) + end + end + end + end +end diff --git a/spec/requests/api/graphql/mutations/snippets/update_spec.rb b/spec/requests/api/graphql/mutations/snippets/update_spec.rb new file mode 100644 index 00000000000..deaa9e8a237 --- /dev/null +++ b/spec/requests/api/graphql/mutations/snippets/update_spec.rb @@ -0,0 +1,144 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Updating a Snippet' do + include GraphqlHelpers + + let_it_be(:original_content) { 'Initial content' } + let_it_be(:original_description) { 'Initial description' } + let_it_be(:original_title) { 'Initial title' } + let_it_be(:original_file_name) { 'Initial file_name' } + let(:updated_content) { 'Updated content' } + let(:updated_description) { 'Updated description' } + let(:updated_title) { 'Updated_title' } + let(:updated_file_name) { 'Updated file_name' } + let(:current_user) { snippet.author } + + let(:mutation) do + variables = { + id: GitlabSchema.id_from_object(snippet).to_s, + content: updated_content, + description: updated_description, + visibility_level: 'public', + file_name: updated_file_name, + title: updated_title + } + + graphql_mutation(:update_snippet, variables) + end + + def mutation_response + graphql_mutation_response(:update_snippet) + end + + shared_examples 'graphql update actions' do + context 'when the user does not have permission' do + let(:current_user) { create(:user) } + + it_behaves_like 'a mutation that returns top-level errors', + errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR] + + it 'does not update the Snippet' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + end.not_to change { snippet.reload } + end + end + + context 'when the user has permission' do + it 'updates the Snippet' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(snippet.reload.title).to eq(updated_title) + end + + it 'returns the updated Snippet' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(mutation_response['snippet']['content']).to eq(updated_content) + expect(mutation_response['snippet']['title']).to eq(updated_title) + expect(mutation_response['snippet']['description']).to eq(updated_description) + expect(mutation_response['snippet']['fileName']).to eq(updated_file_name) + expect(mutation_response['snippet']['visibilityLevel']).to eq('public') + end + + context 'when there are ActiveRecord validation errors' do + let(:updated_title) { '' } + + it_behaves_like 'a mutation that returns errors in the response', errors: ["Title can't be blank"] + + it 'does not update the Snippet' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(snippet.reload.title).to eq(original_title) + end + + it 'returns the Snippet with its original values' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(mutation_response['snippet']['content']).to eq(original_content) + expect(mutation_response['snippet']['title']).to eq(original_title) + expect(mutation_response['snippet']['description']).to eq(original_description) + expect(mutation_response['snippet']['fileName']).to eq(original_file_name) + expect(mutation_response['snippet']['visibilityLevel']).to eq('private') + end + end + end + end + + describe 'PersonalSnippet' do + it_behaves_like 'graphql update actions' do + let_it_be(:snippet) do + create(:personal_snippet, + :private, + file_name: original_file_name, + title: original_title, + content: original_content, + description: original_description) + end + end + end + + describe 'ProjectSnippet' do + let_it_be(:project) { create(:project, :private) } + let_it_be(:snippet) do + create(:project_snippet, + :private, + project: project, + author: create(:user), + file_name: original_file_name, + title: original_title, + content: original_content, + description: original_description) + end + + context 'when the author is not a member of the project' do + it 'returns an an error' do + post_graphql_mutation(mutation, current_user: current_user) + errors = json_response['errors'] + + expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) + end + end + + context 'when the author is a member of the project' do + before do + project.add_developer(current_user) + end + + it_behaves_like 'graphql update actions' + + context 'when the snippet project feature is disabled' do + it 'returns an an error' do + project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED) + + post_graphql_mutation(mutation, current_user: current_user) + errors = json_response['errors'] + + expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) + end + end + end + end +end -- cgit v1.2.1