require 'spec_helper' describe 'getting an issue list for a project' do include GraphqlHelpers let(:project) { create(:project, :repository, :public) } let(:current_user) { create(:user) } let(:issues_data) { graphql_data['project']['issues']['edges'] } let!(:issues) do [create(:issue, project: project, discussion_locked: true), create(:issue, project: project)] end let(:fields) do <<~QUERY edges { node { #{all_graphql_fields_for('issues'.classify)} } } QUERY end let(:query) do graphql_query_for( 'project', { 'fullPath' => project.full_path }, query_graphql_field('issues', {}, fields) ) end it_behaves_like 'a working graphql query' do before do post_graphql(query, current_user: current_user) end end it 'includes a web_url' do post_graphql(query, current_user: current_user) expect(issues_data[0]['node']['webUrl']).to be_present end it 'includes discussion locked' do post_graphql(query, current_user: current_user) expect(issues_data[0]['node']['discussionLocked']).to eq false expect(issues_data[1]['node']['discussionLocked']).to eq true end context 'when limiting the number of results' do let(:query) do graphql_query_for( 'project', { 'fullPath' => project.full_path }, "issues(first: 1) { #{fields} }" ) end it_behaves_like 'a working graphql query' do before do post_graphql(query, current_user: current_user) end end it "is expected to check permissions on the first issue only" do allow(Ability).to receive(:allowed?).and_call_original # Newest first, we only want to see the newest checked expect(Ability).not_to receive(:allowed?).with(current_user, :read_issue, issues.first) post_graphql(query, current_user: current_user) end end context 'when the user does not have access to the issue' do it 'returns nil' do project.project_feature.update!(issues_access_level: ProjectFeature::PRIVATE) post_graphql(query) expect(issues_data).to eq [] end end context 'when there is a confidential issue' do let!(:confidential_issue) do create(:issue, :confidential, project: project) end context 'when the user cannot see confidential issues' do it 'returns issues without confidential issues' do post_graphql(query, current_user: current_user) expect(issues_data.size).to eq(2) issues_data.each do |issue| expect(issue.dig('node', 'confidential')).to eq(false) end end end context 'when the user can see confidential issues' do it 'returns issues with confidential issues' do project.add_developer(current_user) post_graphql(query, current_user: current_user) expect(issues_data.size).to eq(3) confidentials = issues_data.map do |issue| issue.dig('node', 'confidential') end expect(confidentials).to eq([true, false, false]) end end end end