1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
# frozen_string_literal: true
require 'spec_helper'
describe 'Destroying a Snippet' do
include GraphqlHelpers
let(:current_user) { snippet.author }
let(:snippet_gid) { snippet.to_global_id.to_s }
let(:mutation) do
variables = {
id: snippet_gid
}
graphql_mutation(:destroy_snippet, variables)
end
def mutation_response
graphql_mutation_response(:destroy_snippet)
end
shared_examples 'graphql delete actions' do
context 'when the user does not have permission' do
let(:current_user) { create(:user) }
it_behaves_like 'a mutation that returns top-level errors',
errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
it 'does not destroy the Snippet' do
expect do
post_graphql_mutation(mutation, current_user: current_user)
end.not_to change { Snippet.count }
end
end
context 'when the user has permission' do
it 'destroys the Snippet' do
expect do
post_graphql_mutation(mutation, current_user: current_user)
end.to change { Snippet.count }.by(-1)
end
it 'returns an empty Snippet' do
post_graphql_mutation(mutation, current_user: current_user)
expect(mutation_response).to have_key('snippet')
expect(mutation_response['snippet']).to be_nil
end
end
end
describe 'PersonalSnippet' do
let_it_be(:snippet) { create(:personal_snippet) }
it_behaves_like 'graphql delete actions'
it_behaves_like 'when the snippet is not found'
end
describe 'ProjectSnippet' do
let_it_be(:project) { create(:project, :private) }
let_it_be(:snippet) { create(:project_snippet, :private, project: project, author: create(:user)) }
context 'when the author is not a member of the project' do
it 'returns an an error' do
post_graphql_mutation(mutation, current_user: current_user)
errors = json_response['errors']
expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
end
end
context 'when the author is a member of the project' do
before do
project.add_developer(current_user)
end
it_behaves_like 'graphql delete actions'
context 'when the snippet project feature is disabled' do
it 'returns an an error' do
project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED)
post_graphql_mutation(mutation, current_user: current_user)
errors = json_response['errors']
expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
end
end
end
it_behaves_like 'when the snippet is not found'
end
end
|