debian-mirror-gitlab/spec/controllers/graphql_controller_spec.rb

131 lines
3.6 KiB
Ruby
Raw Normal View History

2019-07-07 11:18:12 +05:30
# frozen_string_literal: true
2018-11-08 19:23:39 +05:30
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe GraphqlController do
2020-05-24 23:13:21 +05:30
include GraphqlHelpers
2019-07-07 11:18:12 +05:30
before do
stub_feature_flags(graphql: true)
end
2019-05-30 16:15:17 +05:30
2019-10-12 21:52:04 +05:30
describe 'ArgumentError' do
let(:user) { create(:user) }
let(:message) { 'green ideas sleep furiously' }
before do
sign_in(user)
end
it 'handles argument errors' do
allow(subject).to receive(:execute) do
raise Gitlab::Graphql::Errors::ArgumentError, message
end
post :execute
expect(json_response).to include(
'errors' => include(a_hash_including('message' => message))
)
end
end
2019-07-07 11:18:12 +05:30
describe 'POST #execute' do
context 'when user is logged in' do
2020-05-24 23:13:21 +05:30
let(:user) { create(:user, last_activity_on: Date.yesterday) }
2018-11-08 19:23:39 +05:30
before do
2019-07-07 11:18:12 +05:30
sign_in(user)
2018-11-29 20:51:05 +05:30
end
2019-07-07 11:18:12 +05:30
it 'returns 200 when user can access API' do
post :execute
2019-05-30 16:15:17 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2018-11-29 20:51:05 +05:30
end
2019-05-30 16:15:17 +05:30
2019-07-07 11:18:12 +05:30
it 'returns access denied template when user cannot access API' do
# User cannot access API in a couple of cases
# * When user is internal(like ghost users)
# * When user is blocked
2020-04-22 19:07:51 +05:30
expect(Ability).to receive(:allowed?).with(user, :log_in, :global).and_call_original
2019-07-07 11:18:12 +05:30
expect(Ability).to receive(:allowed?).with(user, :access_api, :global).and_return(false)
2018-11-29 20:51:05 +05:30
2019-07-07 11:18:12 +05:30
post :execute
2019-05-30 16:15:17 +05:30
2020-04-22 19:07:51 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
2019-07-07 11:18:12 +05:30
expect(response).to render_template('errors/access_denied')
2018-11-29 20:51:05 +05:30
end
2020-05-24 23:13:21 +05:30
it 'updates the users last_activity_on field' do
expect { post :execute }.to change { user.reload.last_activity_on }
end
end
context 'when user uses an API token' do
let(:user) { create(:user, last_activity_on: Date.yesterday) }
let(:token) { create(:personal_access_token, user: user, scopes: [:api]) }
it 'updates the users last_activity_on field' do
expect { post :execute, params: { access_token: token.token } }.to change { user.reload.last_activity_on }
end
2018-11-29 20:51:05 +05:30
end
2019-05-30 16:15:17 +05:30
2019-07-07 11:18:12 +05:30
context 'when user is not logged in' do
it 'returns 200' do
post :execute
2019-05-30 16:15:17 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2019-05-30 16:15:17 +05:30
end
end
end
2020-05-24 23:13:21 +05:30
describe 'Admin Mode' do
let(:admin) { create(:admin) }
let(:project) { create(:project) }
let(:graphql_query) { graphql_query_for('project', { 'fullPath' => project.full_path }, %w(id name)) }
before do
sign_in(admin)
end
context 'when admin mode enabled' do
before do
Gitlab::Session.with_session(controller.session) do
controller.current_user_mode.request_admin_mode!
controller.current_user_mode.enable_admin_mode!(password: admin.password)
end
end
it 'can query project data' do
post :execute, params: { query: graphql_query }
expect(controller.current_user_mode.admin_mode?).to be(true)
expect(json_response['data']['project']['name']).to eq(project.name)
end
end
context 'when admin mode disabled' do
it 'cannot query project data' do
post :execute, params: { query: graphql_query }
expect(controller.current_user_mode.admin_mode?).to be(false)
expect(json_response['data']['project']).to be_nil
end
context 'when admin is member of the project' do
before do
project.add_developer(admin)
end
it 'can query project data' do
post :execute, params: { query: graphql_query }
expect(controller.current_user_mode.admin_mode?).to be(false)
expect(json_response['data']['project']['name']).to eq(project.name)
end
end
end
end
2018-11-08 19:23:39 +05:30
end