2019-07-07 11:18:12 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2018-11-08 19:23:39 +05:30
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe GraphqlController do
|
2019-07-07 11:18:12 +05:30
|
|
|
before do
|
|
|
|
stub_feature_flags(graphql: true)
|
|
|
|
end
|
2019-05-30 16:15:17 +05:30
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
describe 'POST #execute' do
|
|
|
|
context 'when user is logged in' do
|
|
|
|
let(:user) { create(:user) }
|
2018-11-08 19:23:39 +05:30
|
|
|
|
|
|
|
before do
|
2019-07-07 11:18:12 +05:30
|
|
|
sign_in(user)
|
2018-11-29 20:51:05 +05:30
|
|
|
end
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
it 'returns 200 when user can access API' do
|
|
|
|
post :execute
|
2019-05-30 16:15:17 +05:30
|
|
|
|
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2018-11-29 20:51:05 +05:30
|
|
|
end
|
2019-05-30 16:15:17 +05:30
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
it 'returns access denied template when user cannot access API' do
|
|
|
|
# User cannot access API in a couple of cases
|
|
|
|
# * When user is internal(like ghost users)
|
|
|
|
# * When user is blocked
|
|
|
|
expect(Ability).to receive(:allowed?).with(user, :access_api, :global).and_return(false)
|
2018-11-29 20:51:05 +05:30
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
post :execute
|
2019-05-30 16:15:17 +05:30
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
expect(response.status).to eq(403)
|
|
|
|
expect(response).to render_template('errors/access_denied')
|
2018-11-29 20:51:05 +05:30
|
|
|
end
|
|
|
|
end
|
2019-05-30 16:15:17 +05:30
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
context 'when user is not logged in' do
|
|
|
|
it 'returns 200' do
|
|
|
|
post :execute
|
2019-05-30 16:15:17 +05:30
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
expect(response).to have_gitlab_http_status(200)
|
2019-05-30 16:15:17 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2018-11-08 19:23:39 +05:30
|
|
|
end
|