diff options
author | Brett Walker <bwalker@gitlab.com> | 2019-03-27 23:02:25 +0300 |
---|---|---|
committer | Brett Walker <bwalker@gitlab.com> | 2019-04-04 16:39:30 +0300 |
commit | f458c561070d754cd546b07caf60dfa7ffb06293 (patch) | |
tree | ef4c65fb5b6767030c0c8b88223f415eabfe88be /spec/graphql | |
parent | 815901e322b60d28983f52a7ce5e98555285bef8 (diff) |
Initial field and query complexity limits
It makes all Types::BaseField default to a complexity of 1.
Queries themselves now have limited complexity, scaled
to the type of user: no user, authenticated user, or an
admin user.
Diffstat (limited to 'spec/graphql')
-rw-r--r-- | spec/graphql/gitlab_schema_spec.rb | 32 | ||||
-rw-r--r-- | spec/graphql/types/base_field_spec.rb | 19 |
2 files changed, 51 insertions, 0 deletions
diff --git a/spec/graphql/gitlab_schema_spec.rb b/spec/graphql/gitlab_schema_spec.rb index b9ddb427e85..a535d9cdc7e 100644 --- a/spec/graphql/gitlab_schema_spec.rb +++ b/spec/graphql/gitlab_schema_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe GitlabSchema do @@ -31,6 +33,36 @@ describe GitlabSchema do expect(connection).to eq(Gitlab::Graphql::Connections::KeysetConnection) end + context 'for different types of users' do + it 'returns DEFAULT_MAX_COMPLEXITY for no user' do + expect(GraphQL::Schema).to receive(:execute).with('query', hash_including(max_complexity: GitlabSchema::DEFAULT_MAX_COMPLEXITY)) + + described_class.execute('query') + end + + it 'returns AUTHENTICATED_COMPLEXITY for a logged in user' do + user = build :user + + expect(GraphQL::Schema).to receive(:execute).with('query', hash_including(max_complexity: GitlabSchema::AUTHENTICATED_COMPLEXITY)) + + described_class.execute('query', context: { current_user: user }) + end + + it 'returns ADMIN_COMPLEXITY for an admin user' do + user = build :user, :admin + + expect(GraphQL::Schema).to receive(:execute).with('query', hash_including(max_complexity: GitlabSchema::ADMIN_COMPLEXITY)) + + described_class.execute('query', context: { current_user: user }) + end + + it 'returns what was passed on the query' do + expect(GraphQL::Schema).to receive(:execute).with('query', { max_complexity: 1234 }) + + described_class.execute('query', max_complexity: 1234) + end + end + def field_instrumenters described_class.instrumenters[:field] end diff --git a/spec/graphql/types/base_field_spec.rb b/spec/graphql/types/base_field_spec.rb new file mode 100644 index 00000000000..b5697ee5245 --- /dev/null +++ b/spec/graphql/types/base_field_spec.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Types::BaseField do + context 'when considering complexity' do + it 'defaults to 1' do + field = described_class.new(name: 'test', type: GraphQL::STRING_TYPE, null: true) + + expect(field.to_graphql.complexity).to eq 1 + end + + it 'has specified value' do + field = described_class.new(name: 'test', type: GraphQL::STRING_TYPE, null: true, complexity: 12) + + expect(field.to_graphql.complexity).to eq 12 + end + end +end |