Add latest changes from gitlab-org/gitlab@master

3 files changed, 377 insertions, 0 deletions

diff --git a/spec/requests/api/graphql/mutations/snippets/create_spec.rb b/spec/requests/api/graphql/mutations/snippets/create_spec.rb
new file mode 100644
index 00000000000..9ef45c0f6bc
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/snippets/create_spec.rb
@@ -0,0 +1,144 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Creating a Snippet' do
+  include GraphqlHelpers
+
+  let_it_be(:user) { create(:user) }
+  let_it_be(:project) { create(:project) }
+  let(:content) { 'Initial content' }
+  let(:description) { 'Initial description' }
+  let(:title) { 'Initial title' }
+  let(:file_name) { 'Initial file_name' }
+  let(:visibility_level) { 'public' }
+  let(:project_path) { nil }
+
+  let(:mutation) do
+    variables = {
+      content: content,
+      description: description,
+      visibility_level: visibility_level,
+      file_name: file_name,
+      title: title,
+      project_path: project_path
+    }
+
+    graphql_mutation(:create_snippet, variables)
+  end
+
+  def mutation_response
+    graphql_mutation_response(:create_snippet)
+  end
+
+  context 'when the user does not have permission' do
+    let(:current_user) { nil }
+
+    it_behaves_like 'a mutation that returns top-level errors',
+                    errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+
+    it 'does not create the Snippet' do
+      expect do
+        post_graphql_mutation(mutation, current_user: current_user)
+      end.not_to change { Snippet.count }
+    end
+
+    context 'when user is not authorized in the project' do
+      let(:project_path) { project.full_path }
+
+      it 'does not create the snippet when the user is not authorized' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.not_to change { Snippet.count }
+      end
+    end
+  end
+
+  context 'when the user has permission' do
+    let(:current_user) { user }
+
+    context 'with PersonalSnippet' do
+      it 'creates the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.to change { Snippet.count }.by(1)
+      end
+
+      it 'returns the created Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response['snippet']['content']).to eq(content)
+        expect(mutation_response['snippet']['title']).to eq(title)
+        expect(mutation_response['snippet']['description']).to eq(description)
+        expect(mutation_response['snippet']['fileName']).to eq(file_name)
+        expect(mutation_response['snippet']['visibilityLevel']).to eq(visibility_level)
+        expect(mutation_response['snippet']['project']).to be_nil
+      end
+    end
+
+    context 'with ProjectSnippet' do
+      let(:project_path) { project.full_path }
+
+      before do
+        project.add_developer(current_user)
+      end
+
+      it 'creates the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.to change { Snippet.count }.by(1)
+      end
+
+      it 'returns the created Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response['snippet']['content']).to eq(content)
+        expect(mutation_response['snippet']['title']).to eq(title)
+        expect(mutation_response['snippet']['description']).to eq(description)
+        expect(mutation_response['snippet']['fileName']).to eq(file_name)
+        expect(mutation_response['snippet']['visibilityLevel']).to eq(visibility_level)
+        expect(mutation_response['snippet']['project']['fullPath']).to eq(project_path)
+      end
+
+      context 'when the project path is invalid' do
+        let(:project_path) { 'foobar' }
+
+        it 'returns an an error' do
+          post_graphql_mutation(mutation, current_user: current_user)
+          errors = json_response['errors']
+
+          expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+        end
+      end
+
+      context 'when the feature is disabled' do
+        it 'returns an an error' do
+          project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED)
+
+          post_graphql_mutation(mutation, current_user: current_user)
+          errors = json_response['errors']
+
+          expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+        end
+      end
+    end
+
+    context 'when there are ActiveRecord validation errors' do
+      let(:title) { '' }
+
+      it_behaves_like 'a mutation that returns errors in the response', errors: ["Title can't be blank"]
+
+      it 'does not create the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.not_to change { Snippet.count }
+      end
+
+      it 'does not return Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response['snippet']).to be_nil
+      end
+    end
+  end
+end
diff --git a/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb b/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb
new file mode 100644
index 00000000000..351d2db8973
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb
@@ -0,0 +1,89 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Destroying a Snippet' do
+  include GraphqlHelpers
+
+  let(:current_user) { snippet.author }
+  let(:mutation) do
+    variables = {
+      id: snippet.to_global_id.to_s
+    }
+
+    graphql_mutation(:destroy_snippet, variables)
+  end
+
+  def mutation_response
+    graphql_mutation_response(:destroy_snippet)
+  end
+
+  shared_examples 'graphql delete actions' do
+    context 'when the user does not have permission' do
+      let(:current_user) { create(:user) }
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+
+      it 'does not destroy the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.not_to change { Snippet.count }
+      end
+    end
+
+    context 'when the user has permission' do
+      it 'destroys the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.to change { Snippet.count }.by(-1)
+      end
+
+      it 'returns an empty Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response).to have_key('snippet')
+        expect(mutation_response['snippet']).to be_nil
+      end
+    end
+  end
+
+  describe 'PersonalSnippet' do
+    it_behaves_like 'graphql delete actions' do
+      let_it_be(:snippet) { create(:personal_snippet) }
+    end
+  end
+
+  describe 'ProjectSnippet' do
+    let_it_be(:project) { create(:project, :private) }
+    let_it_be(:snippet) { create(:project_snippet, :private, project: project, author: create(:user)) }
+
+    context 'when the author is not a member of the project' do
+      it 'returns an an error' do
+        post_graphql_mutation(mutation, current_user: current_user)
+        errors = json_response['errors']
+
+        expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+      end
+    end
+
+    context 'when the author is a member of the project' do
+      before do
+        project.add_developer(current_user)
+      end
+
+      it_behaves_like 'graphql delete actions'
+
+      context 'when the snippet project feature is disabled' do
+        it 'returns an an error' do
+          project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED)
+
+          post_graphql_mutation(mutation, current_user: current_user)
+          errors = json_response['errors']
+
+          expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+        end
+      end
+    end
+  end
+end
diff --git a/spec/requests/api/graphql/mutations/snippets/update_spec.rb b/spec/requests/api/graphql/mutations/snippets/update_spec.rb
new file mode 100644
index 00000000000..deaa9e8a237
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/snippets/update_spec.rb
@@ -0,0 +1,144 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Updating a Snippet' do
+  include GraphqlHelpers
+
+  let_it_be(:original_content) { 'Initial content' }
+  let_it_be(:original_description) { 'Initial description' }
+  let_it_be(:original_title) { 'Initial title' }
+  let_it_be(:original_file_name) { 'Initial file_name' }
+  let(:updated_content) { 'Updated content' }
+  let(:updated_description) { 'Updated description' }
+  let(:updated_title) { 'Updated_title' }
+  let(:updated_file_name) { 'Updated file_name' }
+  let(:current_user) { snippet.author }
+
+  let(:mutation) do
+    variables = {
+      id: GitlabSchema.id_from_object(snippet).to_s,
+      content: updated_content,
+      description: updated_description,
+      visibility_level: 'public',
+      file_name: updated_file_name,
+      title: updated_title
+    }
+
+    graphql_mutation(:update_snippet, variables)
+  end
+
+  def mutation_response
+    graphql_mutation_response(:update_snippet)
+  end
+
+  shared_examples 'graphql update actions' do
+    context 'when the user does not have permission' do
+      let(:current_user) { create(:user) }
+
+      it_behaves_like 'a mutation that returns top-level errors',
+                      errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
+
+      it 'does not update the Snippet' do
+        expect do
+          post_graphql_mutation(mutation, current_user: current_user)
+        end.not_to change { snippet.reload }
+      end
+    end
+
+    context 'when the user has permission' do
+      it 'updates the Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(snippet.reload.title).to eq(updated_title)
+      end
+
+      it 'returns the updated Snippet' do
+        post_graphql_mutation(mutation, current_user: current_user)
+
+        expect(mutation_response['snippet']['content']).to eq(updated_content)
+        expect(mutation_response['snippet']['title']).to eq(updated_title)
+        expect(mutation_response['snippet']['description']).to eq(updated_description)
+        expect(mutation_response['snippet']['fileName']).to eq(updated_file_name)
+        expect(mutation_response['snippet']['visibilityLevel']).to eq('public')
+      end
+
+      context 'when there are ActiveRecord validation errors' do
+        let(:updated_title) { '' }
+
+        it_behaves_like 'a mutation that returns errors in the response', errors: ["Title can't be blank"]
+
+        it 'does not update the Snippet' do
+          post_graphql_mutation(mutation, current_user: current_user)
+
+          expect(snippet.reload.title).to eq(original_title)
+        end
+
+        it 'returns the Snippet with its original values' do
+          post_graphql_mutation(mutation, current_user: current_user)
+
+          expect(mutation_response['snippet']['content']).to eq(original_content)
+          expect(mutation_response['snippet']['title']).to eq(original_title)
+          expect(mutation_response['snippet']['description']).to eq(original_description)
+          expect(mutation_response['snippet']['fileName']).to eq(original_file_name)
+          expect(mutation_response['snippet']['visibilityLevel']).to eq('private')
+        end
+      end
+    end
+  end
+
+  describe 'PersonalSnippet' do
+    it_behaves_like 'graphql update actions' do
+      let_it_be(:snippet) do
+        create(:personal_snippet,
+               :private,
+               file_name: original_file_name,
+               title: original_title,
+               content: original_content,
+               description: original_description)
+      end
+    end
+  end
+
+  describe 'ProjectSnippet' do
+    let_it_be(:project) { create(:project, :private) }
+    let_it_be(:snippet) do
+      create(:project_snippet,
+             :private,
+             project: project,
+             author: create(:user),
+             file_name: original_file_name,
+             title: original_title,
+             content: original_content,
+             description: original_description)
+    end
+
+    context 'when the author is not a member of the project' do
+      it 'returns an an error' do
+        post_graphql_mutation(mutation, current_user: current_user)
+        errors = json_response['errors']
+
+        expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+      end
+    end
+
+    context 'when the author is a member of the project' do
+      before do
+        project.add_developer(current_user)
+      end
+
+      it_behaves_like 'graphql update actions'
+
+      context 'when the snippet project feature is disabled' do
+        it 'returns an an error' do
+          project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED)
+
+          post_graphql_mutation(mutation, current_user: current_user)
+          errors = json_response['errors']
+
+          expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
+        end
+      end
+    end
+  end
+end