spec/graphql/types/ci/job_token_scope_type_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe GitlabSchema.types['CiJobTokenScopeType'] do
  specify { expect(described_class.graphql_name).to eq('CiJobTokenScopeType') }

  it 'has the correct fields' do
    expected_fields = [:projects]

    expect(described_class).to have_graphql_fields(*expected_fields)
  end

  describe 'query' do
    let(:project) { create(:project, ci_job_token_scope_enabled: true).tap(&:save!) }
    let_it_be(:current_user) { create(:user) }

    let(:query) do
      %(
        query {
          project(fullPath: "#{project.full_path}") {
            ciJobTokenScope {
              projects {
                nodes {
                  path
                }
              }
            }
          }
        }
      )
    end

    subject { GitlabSchema.execute(query, context: { current_user: current_user }).as_json }

    let(:projects_field) { subject.dig('data', 'project', 'ciJobTokenScope', 'projects', 'nodes') }
    let(:returned_project_paths) { projects_field.map { |project| project['path'] } }

    context 'with access to scope' do
      before do
        project.add_member(current_user, :maintainer)
      end

      context 'when multiple projects in the allow list' do
        let!(:link) { create(:ci_job_token_project_scope_link, source_project: project) }

        context 'when linked projects are readable' do
          before do
            link.target_project.add_member(current_user, :developer)
          end

          it 'returns readable projects in scope' do
            expect(returned_project_paths).to contain_exactly(project.path, link.target_project.path)
          end
        end

        context 'when linked project is not readable' do
          it 'returns readable projects in scope' do
            expect(returned_project_paths).to contain_exactly(project.path)
          end
        end

        context 'when job token scope is disabled' do
          before do
            project.ci_cd_settings.update!(job_token_scope_enabled: false)
          end

          it 'does not return an error' do
            expect(subject['errors']).to be_nil
          end

          it 'returns nil' do
            expect(subject['data']['project']['ciJobTokenScope']).to be_nil
          end
        end
      end
    end
  end
end