Merge branch 'fix-graphql-permission-specs-fps' into 'master'

Fix false positives in graphql tests See merge request gitlab-org/gitlab!76903

Merge branch 'fix-graphql-permission-specs-fps' into 'master'
Fix false positives in graphql tests See merge request gitlab-org/gitlab!76903
8e04c7ff · Furkan Ayhan · afbc2cb4 · 02020053 · 8e04c7ff · 8e04c7ff
Commit 8e04c7ff authored Jan 06, 2022 by Furkan Ayhan
3 changed files
--- a/ee/spec/support/shared_examples/graphql/mutations/epics/permission_check_shared_examples.rb
+++ b/ee/spec/support/shared_examples/graphql/mutations/epics/permission_check_shared_examples.rb
 # frozen_string_literal: true

 RSpec.shared_examples 'permission level for epic mutation is correctly verified' do
-  before do
-    stub_licensed_features(epics: true)
-  end
+  let(:other_user_author) { create(:user) }

  shared_examples_for 'when the user does not have access to the resource' do
+    before do
+      stub_licensed_features(epics: true)
+      epic.update!(author: other_user_author)
+    end
+
    it 'raises an error' do
      expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
    end

    context 'even if author of the epic' do
      before do
-        epic.author = user
-      end
-
-      it 'raises an error' do
-        expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-      end
-    end
-
-    context 'even if assigned to the issue' do
-      before do
-        issue.assignees.push(user)
+        epic.update!(author: user)
      end

      it 'raises an error' do
@@ -30,9 +23,9 @@ RSpec.shared_examples 'permission level for epic mutation is correctly verified'
      end
    end

-    context 'even if author of the issue' do
+    context 'even if assigned to the epic' do
      before do
-        issue.author = user
+        epic.assignees.push(user)
      end

      it 'raises an error' do

--- a/spec/support/shared_examples/graphql/mutations/issues/permission_check_shared_examples.rb
+++ b/spec/support/shared_examples/graphql/mutations/issues/permission_check_shared_examples.rb
 # frozen_string_literal: true

 RSpec.shared_examples 'permission level for issue mutation is correctly verified' do |raises_for_all_errors = false|
-  before do
-    issue.assignees = []
-    issue.author = user
+  let_it_be(:other_user_author) { create(:user) }
+
+  def issue_attributes(issue)
+    issue.attributes.except(
+      # Description and title can be updated by authors and assignees of the issues
+      'description',
+      'title',
+      # Those fields are calculated or expected to be modified during the mutations
+      'author_id',
+      'updated_at',
+      'updated_by_id',
+      'last_edited_at',
+      'last_edited_by_id',
+      'lock_version',
+      # There were spec failures due to nano-second comparisons
+      # this property isn't changed by any mutation so we don't have to verify it
+      'created_at'
+    )
  end

-  shared_examples_for 'when the user does not have access to the resource' do |raise_for_assigned|
+  let(:expected) { issue_attributes(issue) }
+
+  shared_examples_for 'when the user does not have access to the resource' do |raise_for_assigned_and_author|
+    before do
+      issue.assignees = []
+      issue.update!(author: other_user_author)
+    end
+
    it 'raises an error' do
      expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
    end
@@ -17,21 +39,25 @@ RSpec.shared_examples 'permission level for issue mutation is correctly verified
      end

      it 'does not modify issue' do
-        if raises_for_all_errors || raise_for_assigned
+        if raises_for_all_errors || raise_for_assigned_and_author
          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
        else
-          expect(subject[:issue]).to eq issue
+          expect(issue_attributes(subject[:issue])).to eq expected
        end
      end
    end

    context 'even if author of the issue' do
      before do
-        issue.author = user
+        issue.update!(author: user)
      end

-      it 'raises an error' do
-        expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+      it 'does not modify issue' do
+        if raises_for_all_errors || raise_for_assigned_and_author
+          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+        else
+          expect(issue_attributes(subject[:issue])).to eq expected
+        end
      end
    end
  end

--- a/spec/support/shared_examples/graphql/mutations/merge_requests/permission_check_shared_examples.rb
+++ b/spec/support/shared_examples/graphql/mutations/merge_requests/permission_check_shared_examples.rb
 # frozen_string_literal: true

 RSpec.shared_examples 'permission level for merge request mutation is correctly verified' do
-  before do
-    merge_request.assignees = []
-    merge_request.reviewers = []
-    merge_request.author = nil
+  let(:other_user_author) { create(:user) }
+
+  def mr_attributes(mr)
+    mr.attributes.except(
+      # Authors and assignees can edit title, description, target branch and draft status
+      'title',
+      'description',
+      'target_branch',
+      'draft',
+      # Those fields are calculated or expected to be modified during the mutations
+      'author_id',
+      'latest_merge_request_diff_id',
+      'last_edited_at',
+      'last_edited_by_id',
+      'lock_version',
+      'updated_at',
+      'updated_by_id',
+      'merge_status',
+      # There were spec failures due to nano-second comparisons
+      # this property isn't changed by any mutation so we don't have to verify it
+      'created_at'
+    )
  end

-  shared_examples_for 'when the user does not have access to the resource' do |raise_for_assigned|
+  let(:expected) { mr_attributes(merge_request) }
+
+  shared_examples_for 'when the user does not have access to the resource' do |raise_for_assigned_and_author|
+    before do
+      merge_request.assignees = []
+      merge_request.reviewers = []
+      merge_request.update!(author: other_user_author)
+    end
+
    it 'raises an error' do
      expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
    end
@@ -18,12 +44,12 @@ RSpec.shared_examples 'permission level for merge request mutation is correctly
      end

      it 'does not modify merge request' do
-        if raise_for_assigned
+        if raise_for_assigned_and_author
          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
        else
          # In some cases we simply do nothing instead of raising
          # https://gitlab.com/gitlab-org/gitlab/-/issues/196241
-          expect(subject[:merge_request]).to eq merge_request
+          expect(mr_attributes(subject[:merge_request])).to eq expected
        end
      end
    end
@@ -40,11 +66,17 @@ RSpec.shared_examples 'permission level for merge request mutation is correctly

    context 'even if author of the merge request' do
      before do
-        merge_request.author = user
+        merge_request.update!(author: user)
      end

      it 'raises an error' do
-        expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+        if raise_for_assigned_and_author
+          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+        else
+          # In some cases we simply do nothing instead of raising
+          # https://gitlab.com/gitlab-org/gitlab/-/issues/196241
+          expect(mr_attributes(subject[:merge_request])).to eq expected
+        end
      end
    end
  end