blob: 4006315660917df978e9e3f47836de1960b13f6a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Deleting a release' do
include GraphqlHelpers
include Presentable
let_it_be(:public_user) { create(:user) }
let_it_be(:guest) { create(:user) }
let_it_be(:reporter) { create(:user) }
let_it_be(:developer) { create(:user) }
let_it_be(:maintainer) { create(:user) }
let_it_be(:project) { create(:project, :public, :repository) }
let_it_be(:tag_name) { 'v1.1.0' }
let_it_be(:release) { create(:release, project: project, tag: tag_name) }
let(:mutation_name) { :release_delete }
let(:project_path) { project.full_path }
let(:mutation_arguments) do
{
projectPath: project_path,
tagName: tag_name
}
end
let(:mutation) do
graphql_mutation(mutation_name, mutation_arguments, <<~FIELDS)
release {
tagName
}
errors
FIELDS
end
let(:delete_release) { post_graphql_mutation(mutation, current_user: current_user) }
let(:mutation_response) { graphql_mutation_response(mutation_name)&.with_indifferent_access }
before do
project.add_guest(guest)
project.add_reporter(reporter)
project.add_developer(developer)
project.add_maintainer(maintainer)
end
shared_examples 'unauthorized or not found error' do
it 'returns a top-level error with message' do
delete_release
expect(mutation_response).to be_nil
expect(graphql_errors.count).to eq(1)
expect(graphql_errors.first['message']).to eq("The resource that you are attempting to access does not exist or you don't have permission to perform this action")
end
end
context 'when the current user has access to update releases' do
let(:current_user) { developer }
it 'deletes the release' do
expect { delete_release }.to change { Release.count }.by(-1)
end
it 'returns the deleted release' do
delete_release
expected_release = { tagName: tag_name }.with_indifferent_access
expect(mutation_response[:release]).to eq(expected_release)
end
it 'does not remove the Git tag associated with the deleted release' do
expect { delete_release }.not_to change { Project.find_by_id(project.id).repository.tag_count }
end
it 'returns no errors' do
delete_release
expect(mutation_response[:errors]).to eq([])
end
context 'validation' do
context 'when the release does not exist' do
let_it_be(:tag_name) { 'not-a-real-release' }
it 'returns the release as null' do
delete_release
expect(mutation_response[:release]).to be_nil
end
it 'returns an errors-at-data message' do
delete_release
expect(mutation_response[:errors]).to eq(['Release does not exist'])
end
end
context 'when the project does not exist' do
let(:project_path) { 'not/a/real/path' }
it_behaves_like 'unauthorized or not found error'
end
end
end
context "when the current user doesn't have access to update releases" do
context 'when the current user is a Reporter' do
let(:current_user) { reporter }
it_behaves_like 'unauthorized or not found error'
end
context 'when the current user is a Guest' do
let(:current_user) { guest }
it_behaves_like 'unauthorized or not found error'
end
context 'when the current user is a public user' do
let(:current_user) { public_user }
it_behaves_like 'unauthorized or not found error'
end
end
end
|
