Commit 8e04c7ff authored by Furkan Ayhan's avatar Furkan Ayhan

Merge branch 'fix-graphql-permission-specs-fps' into 'master'

Fix false positives in graphql tests

See merge request gitlab-org/gitlab!76903
parents afbc2cb4 02020053
# frozen_string_literal: true # frozen_string_literal: true
RSpec.shared_examples 'permission level for epic mutation is correctly verified' do RSpec.shared_examples 'permission level for epic mutation is correctly verified' do
before do let(:other_user_author) { create(:user) }
stub_licensed_features(epics: true)
end
shared_examples_for 'when the user does not have access to the resource' do shared_examples_for 'when the user does not have access to the resource' do
before do
stub_licensed_features(epics: true)
epic.update!(author: other_user_author)
end
it 'raises an error' do it 'raises an error' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end end
context 'even if author of the epic' do context 'even if author of the epic' do
before do before do
epic.author = user epic.update!(author: user)
end
it 'raises an error' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end
end
context 'even if assigned to the issue' do
before do
issue.assignees.push(user)
end end
it 'raises an error' do it 'raises an error' do
...@@ -30,9 +23,9 @@ RSpec.shared_examples 'permission level for epic mutation is correctly verified' ...@@ -30,9 +23,9 @@ RSpec.shared_examples 'permission level for epic mutation is correctly verified'
end end
end end
context 'even if author of the issue' do context 'even if assigned to the epic' do
before do before do
issue.author = user epic.assignees.push(user)
end end
it 'raises an error' do it 'raises an error' do
......
# frozen_string_literal: true # frozen_string_literal: true
RSpec.shared_examples 'permission level for issue mutation is correctly verified' do |raises_for_all_errors = false| RSpec.shared_examples 'permission level for issue mutation is correctly verified' do |raises_for_all_errors = false|
before do let_it_be(:other_user_author) { create(:user) }
issue.assignees = []
issue.author = user def issue_attributes(issue)
issue.attributes.except(
# Description and title can be updated by authors and assignees of the issues
'description',
'title',
# Those fields are calculated or expected to be modified during the mutations
'author_id',
'updated_at',
'updated_by_id',
'last_edited_at',
'last_edited_by_id',
'lock_version',
# There were spec failures due to nano-second comparisons
# this property isn't changed by any mutation so we don't have to verify it
'created_at'
)
end end
shared_examples_for 'when the user does not have access to the resource' do |raise_for_assigned| let(:expected) { issue_attributes(issue) }
shared_examples_for 'when the user does not have access to the resource' do |raise_for_assigned_and_author|
before do
issue.assignees = []
issue.update!(author: other_user_author)
end
it 'raises an error' do it 'raises an error' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end end
...@@ -17,21 +39,25 @@ RSpec.shared_examples 'permission level for issue mutation is correctly verified ...@@ -17,21 +39,25 @@ RSpec.shared_examples 'permission level for issue mutation is correctly verified
end end
it 'does not modify issue' do it 'does not modify issue' do
if raises_for_all_errors || raise_for_assigned if raises_for_all_errors || raise_for_assigned_and_author
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
else else
expect(subject[:issue]).to eq issue expect(issue_attributes(subject[:issue])).to eq expected
end end
end end
end end
context 'even if author of the issue' do context 'even if author of the issue' do
before do before do
issue.author = user issue.update!(author: user)
end end
it 'raises an error' do it 'does not modify issue' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) if raises_for_all_errors || raise_for_assigned_and_author
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
else
expect(issue_attributes(subject[:issue])).to eq expected
end
end end
end end
end end
......
# frozen_string_literal: true # frozen_string_literal: true
RSpec.shared_examples 'permission level for merge request mutation is correctly verified' do RSpec.shared_examples 'permission level for merge request mutation is correctly verified' do
before do let(:other_user_author) { create(:user) }
merge_request.assignees = []
merge_request.reviewers = [] def mr_attributes(mr)
merge_request.author = nil mr.attributes.except(
# Authors and assignees can edit title, description, target branch and draft status
'title',
'description',
'target_branch',
'draft',
# Those fields are calculated or expected to be modified during the mutations
'author_id',
'latest_merge_request_diff_id',
'last_edited_at',
'last_edited_by_id',
'lock_version',
'updated_at',
'updated_by_id',
'merge_status',
# There were spec failures due to nano-second comparisons
# this property isn't changed by any mutation so we don't have to verify it
'created_at'
)
end end
shared_examples_for 'when the user does not have access to the resource' do |raise_for_assigned| let(:expected) { mr_attributes(merge_request) }
shared_examples_for 'when the user does not have access to the resource' do |raise_for_assigned_and_author|
before do
merge_request.assignees = []
merge_request.reviewers = []
merge_request.update!(author: other_user_author)
end
it 'raises an error' do it 'raises an error' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
end end
...@@ -18,12 +44,12 @@ RSpec.shared_examples 'permission level for merge request mutation is correctly ...@@ -18,12 +44,12 @@ RSpec.shared_examples 'permission level for merge request mutation is correctly
end end
it 'does not modify merge request' do it 'does not modify merge request' do
if raise_for_assigned if raise_for_assigned_and_author
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
else else
# In some cases we simply do nothing instead of raising # In some cases we simply do nothing instead of raising
# https://gitlab.com/gitlab-org/gitlab/-/issues/196241 # https://gitlab.com/gitlab-org/gitlab/-/issues/196241
expect(subject[:merge_request]).to eq merge_request expect(mr_attributes(subject[:merge_request])).to eq expected
end end
end end
end end
...@@ -40,11 +66,17 @@ RSpec.shared_examples 'permission level for merge request mutation is correctly ...@@ -40,11 +66,17 @@ RSpec.shared_examples 'permission level for merge request mutation is correctly
context 'even if author of the merge request' do context 'even if author of the merge request' do
before do before do
merge_request.author = user merge_request.update!(author: user)
end end
it 'raises an error' do it 'raises an error' do
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) if raise_for_assigned_and_author
expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
else
# In some cases we simply do nothing instead of raising
# https://gitlab.com/gitlab-org/gitlab/-/issues/196241
expect(mr_attributes(subject[:merge_request])).to eq expected
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment