diff options
author | Nick Thomas <nick@gitlab.com> | 2019-04-04 20:12:43 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2019-04-04 20:12:43 +0300 |
commit | a2d044bf97ec350019b2daebd962ab4901070818 (patch) | |
tree | a499e4701475e91c60e4b3bf7dc5ede8d5669f79 /spec/lib | |
parent | 9946c23a32c13a2ac773a36c4f06ab85d62252db (diff) | |
parent | 6643b92b8807e2d59f36d676303b89ea01824f22 (diff) |
Merge branch '57831-allow-graphql-scalar-fields-to-be-authorized' into 'master'
Allow GraphQL Scalar-fields to be authorized
Closes #57831
See merge request gitlab-org/gitlab-ce!26338
Diffstat (limited to 'spec/lib')
-rw-r--r-- | spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb | 95 |
1 files changed, 64 insertions, 31 deletions
diff --git a/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb b/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb index ce320a2bdb0..6114aca0616 100644 --- a/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb +++ b/spec/lib/gitlab/graphql/authorize/authorize_field_service_spec.rb @@ -9,55 +9,88 @@ describe Gitlab::Graphql::Authorize::AuthorizeFieldService do let(:current_user) { double(:current_user) } let(:abilities) { [double(:first_ability), double(:last_ability)] } - let(:checker) do - service = described_class.new(double(resolve_proc: proc {})) - allow(service).to receive(:authorizations).and_return(abilities) - service.__send__(:build_checker, current_user) - end + context 'when authorizing against the object' do + let(:checker) do + service = described_class.new(double(resolve_proc: proc {})) + allow(service).to receive(:authorizations).and_return(abilities) + service.__send__(:build_checker, current_user, nil) + end - it 'returns a checker which checks for a single object' do - object = double(:object) + it 'returns a checker which checks for a single object' do + object = double(:object) - abilities.each do |ability| - spy_ability_check_for(ability, object, passed: true) - end + abilities.each do |ability| + spy_ability_check_for(ability, object, passed: true) + end - expect(checker.call(object)).to eq(object) - end + expect(checker.call(object)).to eq(object) + end - it 'returns a checker which checks for all objects' do - objects = [double(:first), double(:last)] + it 'returns a checker which checks for all objects' do + objects = [double(:first), double(:last)] - abilities.each do |ability| - objects.each do |object| - spy_ability_check_for(ability, object, passed: true) + abilities.each do |ability| + objects.each do |object| + spy_ability_check_for(ability, object, passed: true) + end end + + expect(checker.call(objects)).to eq(objects) end - expect(checker.call(objects)).to eq(objects) - end + context 'when some objects would not pass the check' do + it 'returns nil when it is single object' do + disallowed = double(:object) + + spy_ability_check_for(abilities.first, disallowed, passed: false) - context 'when some objects would not pass the check' do - it 'returns nil when it is single object' do - disallowed = double(:object) + expect(checker.call(disallowed)).to be_nil + end + + it 'returns only objects which passed when there are more than one' do + allowed = double(:allowed) + disallowed = double(:disallowed) - spy_ability_check_for(abilities.first, disallowed, passed: false) + spy_ability_check_for(abilities.first, disallowed, passed: false) - expect(checker.call(disallowed)).to be_nil + abilities.each do |ability| + spy_ability_check_for(ability, allowed, passed: true) + end + + expect(checker.call([disallowed, allowed])).to contain_exactly(allowed) + end end + end + + context 'when authorizing against another object' do + let(:authorizing_obj) { double(:object) } - it 'returns only objects which passed when there are more than one' do - allowed = double(:allowed) - disallowed = double(:disallowed) + let(:checker) do + service = described_class.new(double(resolve_proc: proc {})) + allow(service).to receive(:authorizations).and_return(abilities) + service.__send__(:build_checker, current_user, authorizing_obj) + end + + it 'returns a checker which checks for a single object' do + object = double(:object) + + abilities.each do |ability| + spy_ability_check_for(ability, authorizing_obj, passed: true) + end + + expect(checker.call(object)).to eq(object) + end - spy_ability_check_for(abilities.first, disallowed, passed: false) + it 'returns a checker which checks for all objects' do + objects = [double(:first), double(:last)] abilities.each do |ability| - spy_ability_check_for(ability, allowed, passed: true) + objects.each do |object| + spy_ability_check_for(ability, authorizing_obj, passed: true) + end end - expect(checker.call([disallowed, allowed])) - .to contain_exactly(allowed) + expect(checker.call(objects)).to eq(objects) end end end |