blob: 8522542498d791d3b89f419a8ab7961da4ec83f8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Resolvers::Ci::JobTokenScopeResolver do
include GraphqlHelpers
let_it_be(:current_user) { create(:user) }
let_it_be(:project) { create(:project, ci_job_token_scope_enabled: true).tap(&:save!) }
specify do
expect(described_class).to have_nullable_graphql_type(::Types::Ci::JobTokenScopeType)
end
subject(:resolve_scope) { resolve(described_class, ctx: { current_user: current_user }, obj: project) }
describe '#resolve' do
context 'with access to scope' do
before do
project.add_user(current_user, :maintainer)
end
it 'returns nil when scope is not enabled' do
allow(project).to receive(:ci_job_token_scope_enabled?).and_return(false)
expect(resolve_scope).to eq(nil)
end
it 'returns the same project in the allow list of projects for the Ci Job Token' do
expect(resolve_scope.all_projects).to contain_exactly(project)
end
context 'when another projects gets added to the allow list' do
let!(:link) { create(:ci_job_token_project_scope_link, source_project: project) }
it 'returns both projects' do
expect(resolve_scope.all_projects).to contain_exactly(project, link.target_project)
end
end
context 'when job token scope is disabled' do
before do
project.update!(ci_job_token_scope_enabled: false)
end
it 'returns nil' do
expect(resolve_scope).to be_nil
end
end
end
context 'without access to scope' do
before do
project.add_user(current_user, :developer)
end
it 'raises error' do
expect do
resolve_scope
end.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
end
end
|