Merge branch '57831-allow-graphql-scalar-fields-to-be-authorized' into 'master'

Allow GraphQL Scalar-fields to be authorized Closes #57831 See merge request gitlab-org/gitlab-ce!26338
author: Nick Thomas <nick@gitlab.com> 2019-04-04 20:12:43 +0300
committer: Nick Thomas <nick@gitlab.com> 2019-04-04 20:12:43 +0300
commit: a2d044bf97ec350019b2daebd962ab4901070818 (patch)
tree: a499e4701475e91c60e4b3bf7dc5ede8d5669f79 /spec/lib
parent: 9946c23a32c13a2ac773a36c4f06ab85d62252db (diff)
parent: 6643b92b8807e2d59f36d676303b89ea01824f22 (diff)
1 files changed, 64 insertions, 31 deletions
diff --git a/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb b/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb
index ce320a2bdb0..6114aca0616 100644
--- a/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb
+++ b/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb
@@ -9,55 +9,88 @@ describe Gitlab::Graphql::Authorize::AuthorizeFieldService do
     let(:current_user) { double(:current_user) }
     let(:abilities) { [double(:first_ability), double(:last_ability)] }
 
-    let(:checker) do
-      service = described_class.new(double(resolve_proc: proc {}))
-      allow(service).to receive(:authorizations).and_return(abilities)
-      service.__send__(:build_checker, current_user)
-    end
+    context 'when authorizing against the object' do
+      let(:checker) do
+        service = described_class.new(double(resolve_proc: proc {}))
+        allow(service).to receive(:authorizations).and_return(abilities)
+        service.__send__(:build_checker, current_user, nil)
+      end
 
-    it 'returns a checker which checks for a single object' do
-      object = double(:object)
+      it 'returns a checker which checks for a single object' do
+        object = double(:object)
 
-      abilities.each do |ability|
-        spy_ability_check_for(ability, object, passed: true)
-      end
+        abilities.each do |ability|
+          spy_ability_check_for(ability, object, passed: true)
+        end
 
-      expect(checker.call(object)).to eq(object)
-    end
+        expect(checker.call(object)).to eq(object)
+      end
 
-    it 'returns a checker which checks for all objects' do
-      objects = [double(:first), double(:last)]
+      it 'returns a checker which checks for all objects' do
+        objects = [double(:first), double(:last)]
 
-      abilities.each do |ability|
-        objects.each do |object|
-          spy_ability_check_for(ability, object, passed: true)
+        abilities.each do |ability|
+          objects.each do |object|
+            spy_ability_check_for(ability, object, passed: true)
+          end
         end
+
+        expect(checker.call(objects)).to eq(objects)
       end
 
-      expect(checker.call(objects)).to eq(objects)
-    end
+      context 'when some objects would not pass the check' do
+        it 'returns nil when it is single object' do
+          disallowed = double(:object)
+
+          spy_ability_check_for(abilities.first, disallowed, passed: false)
 
-    context 'when some objects would not pass the check' do
-      it 'returns nil when it is single object' do
-        disallowed = double(:object)
+          expect(checker.call(disallowed)).to be_nil
+        end
+
+        it 'returns only objects which passed when there are more than one' do
+          allowed = double(:allowed)
+          disallowed = double(:disallowed)
 
-        spy_ability_check_for(abilities.first, disallowed, passed: false)
+          spy_ability_check_for(abilities.first, disallowed, passed: false)
 
-        expect(checker.call(disallowed)).to be_nil
+          abilities.each do |ability|
+            spy_ability_check_for(ability, allowed, passed: true)
+          end
+
+          expect(checker.call([disallowed, allowed])).to contain_exactly(allowed)
+        end
       end
+    end
+
+    context 'when authorizing against another object' do
+      let(:authorizing_obj) { double(:object) }
 
-      it 'returns only objects which passed when there are more than one' do
-        allowed = double(:allowed)
-        disallowed = double(:disallowed)
+      let(:checker) do
+        service = described_class.new(double(resolve_proc: proc {}))
+        allow(service).to receive(:authorizations).and_return(abilities)
+        service.__send__(:build_checker, current_user, authorizing_obj)
+      end
+
+      it 'returns a checker which checks for a single object' do
+        object = double(:object)
+
+        abilities.each do |ability|
+          spy_ability_check_for(ability, authorizing_obj, passed: true)
+        end
+
+        expect(checker.call(object)).to eq(object)
+      end
 
-        spy_ability_check_for(abilities.first, disallowed, passed: false)
+      it 'returns a checker which checks for all objects' do
+        objects = [double(:first), double(:last)]
 
         abilities.each do |ability|
-          spy_ability_check_for(ability, allowed, passed: true)
+          objects.each do |object|
+            spy_ability_check_for(ability, authorizing_obj, passed: true)
+          end
         end
 
-        expect(checker.call([disallowed, allowed]))
-          .to contain_exactly(allowed)
+        expect(checker.call(objects)).to eq(objects)
       end
     end
   end
author	Nick Thomas <nick@gitlab.com>	2019-04-04 20:12:43 +0300
committer	Nick Thomas <nick@gitlab.com>	2019-04-04 20:12:43 +0300
commit	a2d044bf97ec350019b2daebd962ab4901070818 (patch)
tree	a499e4701475e91c60e4b3bf7dc5ede8d5669f79 /spec/lib
parent	9946c23a32c13a2ac773a36c4f06ab85d62252db (diff)
parent	6643b92b8807e2d59f36d676303b89ea01824f22 (diff)