Merge branch 'sk/214423-fix-500-on-snippet-api' into 'master'

Fix 500 error for non-existing snippet on graphql mutations See merge request gitlab-org/gitlab!30632

Merge branch 'sk/214423-fix-500-on-snippet-api' into 'master'
Fix 500 error for non-existing snippet on graphql mutations See merge request gitlab-org/gitlab!30632
1745209f · Peter Leitzen · db7ab32c · ce6a65c5 · 1745209f · 1745209f
Commit 1745209f authored Apr 28, 2020 by Peter Leitzen
6 changed files
--- a/app/graphql/mutations/snippets/base.rb
+++ b/app/graphql/mutations/snippets/base.rb
@@ -15,6 +15,8 @@ module Mutations
      end

      def authorized_resource?(snippet)
+        return false if snippet.nil?
+
        Ability.allowed?(context[:current_user], ability_for(snippet), snippet)
      end


--- a/changelogs/unreleased/sk-fix-500-on-snippet-graphql-mutations.yml
+++ b/changelogs/unreleased/sk-fix-500-on-snippet-graphql-mutations.yml
+---
+title: Fix 500 error for non-existing snippet on graphql mutations
+merge_request: 30632
+author: Sashi Kumar
+type: fixed
--- a/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb
+++ b/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb
@@ -6,9 +6,10 @@ describe 'Destroying a Snippet' do
  include GraphqlHelpers

  let(:current_user) { snippet.author }
+  let(:snippet_gid) { snippet.to_global_id.to_s }
  let(:mutation) do
    variables = {
-      id: snippet.to_global_id.to_s
+      id: snippet_gid
    }

    graphql_mutation(:destroy_snippet, variables)
@@ -49,9 +50,11 @@ describe 'Destroying a Snippet' do
  end

  describe 'PersonalSnippet' do
-    it_behaves_like 'graphql delete actions' do
-      let_it_be(:snippet) { create(:personal_snippet) }
-    end
+    let_it_be(:snippet) { create(:personal_snippet) }
+
+    it_behaves_like 'graphql delete actions'
+
+    it_behaves_like 'when the snippet is not found'
  end

  describe 'ProjectSnippet' do
@@ -85,5 +88,7 @@ describe 'Destroying a Snippet' do
        end
      end
    end
+
+    it_behaves_like 'when the snippet is not found'
  end
 end
--- a/spec/requests/api/graphql/mutations/snippets/mark_as_spam_spec.rb
+++ b/spec/requests/api/graphql/mutations/snippets/mark_as_spam_spec.rb
@@ -10,9 +10,11 @@ describe 'Mark snippet as spam', :do_not_mock_admin_mode do
  let_it_be(:snippet) { create(:personal_snippet) }
  let_it_be(:user_agent_detail) { create(:user_agent_detail, subject: snippet) }
  let(:current_user) { snippet.author }
+
+  let(:snippet_gid) { snippet.to_global_id.to_s }
  let(:mutation) do
    variables = {
-      id: snippet.to_global_id.to_s
+      id: snippet_gid
    }

    graphql_mutation(:mark_as_spam_snippet, variables)
@@ -30,6 +32,8 @@ describe 'Mark snippet as spam', :do_not_mock_admin_mode do
    end
  end

+  it_behaves_like 'when the snippet is not found'
+
  context 'when the user does not have permission' do
    let(:current_user) { other_user }


--- a/spec/requests/api/graphql/mutations/snippets/update_spec.rb
+++ b/spec/requests/api/graphql/mutations/snippets/update_spec.rb
@@ -15,9 +15,10 @@ describe 'Updating a Snippet' do
  let(:updated_file_name) { 'Updated file_name' }
  let(:current_user) { snippet.author }

+  let(:snippet_gid) { GitlabSchema.id_from_object(snippet).to_s }
  let(:mutation) do
    variables = {
-      id: GitlabSchema.id_from_object(snippet).to_s,
+      id: snippet_gid,
      content: updated_content,
      description: updated_description,
      visibility_level: 'public',
@@ -90,16 +91,18 @@ describe 'Updating a Snippet' do
  end

  describe 'PersonalSnippet' do
-    it_behaves_like 'graphql update actions' do
-      let(:snippet) do
-        create(:personal_snippet,
-               :private,
-               file_name: original_file_name,
-               title: original_title,
-               content: original_content,
-               description: original_description)
-      end
+    let(:snippet) do
+      create(:personal_snippet,
+             :private,
+             file_name: original_file_name,
+             title: original_title,
+             content: original_content,
+             description: original_description)
    end
+
+    it_behaves_like 'graphql update actions'
+
+    it_behaves_like 'when the snippet is not found'
  end

  describe 'ProjectSnippet' do
@@ -142,5 +145,7 @@ describe 'Updating a Snippet' do
        end
      end
    end
+
+    it_behaves_like 'when the snippet is not found'
  end
 end
--- a/spec/support/shared_examples/requests/api/graphql/mutations/snippets_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/graphql/mutations/snippets_shared_examples.rb
+# frozen_string_literal: true
+
+RSpec.shared_examples 'when the snippet is not found' do
+  let(:snippet_gid) do
+    "gid://gitlab/#{snippet.class.name}/#{non_existing_record_id}"
+  end
+
+  it_behaves_like 'a mutation that returns top-level errors',
+                  errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+end