diff options
Diffstat (limited to 'spec/graphql/mutations')
11 files changed, 32 insertions, 74 deletions
diff --git a/spec/graphql/mutations/customer_relations/contacts/create_spec.rb b/spec/graphql/mutations/customer_relations/contacts/create_spec.rb index 21a1aa2741a..0f05504d4f2 100644 --- a/spec/graphql/mutations/customer_relations/contacts/create_spec.rb +++ b/spec/graphql/mutations/customer_relations/contacts/create_spec.rb @@ -29,7 +29,7 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do it 'raises an error' do expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) - .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action") + .with_message(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) end end @@ -45,7 +45,7 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do it 'raises an error' do expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) - .with_message('Feature disabled') + .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action") end end @@ -97,5 +97,5 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Create do end end - specify { expect(described_class).to require_graphql_authorizations(:admin_contact) } + specify { expect(described_class).to require_graphql_authorizations(:admin_crm_contact) } end diff --git a/spec/graphql/mutations/customer_relations/contacts/update_spec.rb b/spec/graphql/mutations/customer_relations/contacts/update_spec.rb index 93bc6f53cf9..4f59de194fd 100644 --- a/spec/graphql/mutations/customer_relations/contacts/update_spec.rb +++ b/spec/graphql/mutations/customer_relations/contacts/update_spec.rb @@ -10,7 +10,7 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Update do let(:last_name) { 'Smith' } let(:email) { 'ls@gitlab.com' } let(:description) { 'VIP' } - let(:does_not_exist_or_no_permission) { "The resource that you are attempting to access does not exist or you don't have permission to perform this action" } + let(:does_not_exist_or_no_permission) { Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR } let(:contact) { create(:contact, group: group) } let(:attributes) do { @@ -65,11 +65,11 @@ RSpec.describe Mutations::CustomerRelations::Contacts::Update do it 'raises an error' do expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) - .with_message('Feature disabled') + .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action") end end end end - specify { expect(described_class).to require_graphql_authorizations(:admin_contact) } + specify { expect(described_class).to require_graphql_authorizations(:admin_crm_contact) } end diff --git a/spec/graphql/mutations/customer_relations/organizations/create_spec.rb b/spec/graphql/mutations/customer_relations/organizations/create_spec.rb index 738a8d724ab..9be0f5d4289 100644 --- a/spec/graphql/mutations/customer_relations/organizations/create_spec.rb +++ b/spec/graphql/mutations/customer_relations/organizations/create_spec.rb @@ -30,7 +30,7 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do it 'raises an error' do expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) - .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action") + .with_message(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) end end @@ -46,7 +46,7 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do it 'raises an error' do expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) - .with_message('Feature disabled') + .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action") end end @@ -69,5 +69,5 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Create do end end - specify { expect(described_class).to require_graphql_authorizations(:admin_organization) } + specify { expect(described_class).to require_graphql_authorizations(:admin_crm_organization) } end diff --git a/spec/graphql/mutations/customer_relations/organizations/update_spec.rb b/spec/graphql/mutations/customer_relations/organizations/update_spec.rb index 0bc6f184fe3..e3aa8eafe0c 100644 --- a/spec/graphql/mutations/customer_relations/organizations/update_spec.rb +++ b/spec/graphql/mutations/customer_relations/organizations/update_spec.rb @@ -9,7 +9,7 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Update do let(:name) { 'GitLab' } let(:default_rate) { 1000.to_f } let(:description) { 'VIP' } - let(:does_not_exist_or_no_permission) { "The resource that you are attempting to access does not exist or you don't have permission to perform this action" } + let(:does_not_exist_or_no_permission) { Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR } let(:organization) { create(:organization, group: group) } let(:attributes) do { @@ -63,11 +63,11 @@ RSpec.describe Mutations::CustomerRelations::Organizations::Update do it 'raises an error' do expect { resolve_mutation }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable) - .with_message('Feature disabled') + .with_message("The resource that you are attempting to access does not exist or you don't have permission to perform this action") end end end end - specify { expect(described_class).to require_graphql_authorizations(:admin_organization) } + specify { expect(described_class).to require_graphql_authorizations(:admin_crm_organization) } end diff --git a/spec/graphql/mutations/discussions/toggle_resolve_spec.rb b/spec/graphql/mutations/discussions/toggle_resolve_spec.rb index 8c11279a80a..2041b86d6e7 100644 --- a/spec/graphql/mutations/discussions/toggle_resolve_spec.rb +++ b/spec/graphql/mutations/discussions/toggle_resolve_spec.rb @@ -27,7 +27,7 @@ RSpec.describe Mutations::Discussions::ToggleResolve do it 'raises an error if the resource is not accessible to the user' do expect { subject }.to raise_error( Gitlab::Graphql::Errors::ResourceNotAvailable, - "The resource that you are attempting to access does not exist or you don't have permission to perform this action" + Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR ) end end @@ -41,7 +41,7 @@ RSpec.describe Mutations::Discussions::ToggleResolve do it 'raises an error' do expect { subject }.to raise_error( Gitlab::Graphql::Errors::ResourceNotAvailable, - "The resource that you are attempting to access does not exist or you don't have permission to perform this action" + Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR ) end end diff --git a/spec/graphql/mutations/environments/canary_ingress/update_spec.rb b/spec/graphql/mutations/environments/canary_ingress/update_spec.rb index 2715a908f85..48e55828a6b 100644 --- a/spec/graphql/mutations/environments/canary_ingress/update_spec.rb +++ b/spec/graphql/mutations/environments/canary_ingress/update_spec.rb @@ -60,7 +60,7 @@ RSpec.describe Mutations::Environments::CanaryIngress::Update do let(:user) { reporter } it 'raises an error' do - expect { subject }.to raise_error("The resource that you are attempting to access does not exist or you don't have permission to perform this action") + expect { subject }.to raise_error(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) end end end diff --git a/spec/graphql/mutations/merge_requests/set_wip_spec.rb b/spec/graphql/mutations/merge_requests/set_wip_spec.rb deleted file mode 100644 index fae9c4f7fe0..00000000000 --- a/spec/graphql/mutations/merge_requests/set_wip_spec.rb +++ /dev/null @@ -1,55 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe Mutations::MergeRequests::SetWip do - let(:merge_request) { create(:merge_request) } - let(:user) { create(:user) } - - subject(:mutation) { described_class.new(object: nil, context: { current_user: user }, field: nil) } - - specify { expect(described_class).to require_graphql_authorizations(:update_merge_request) } - - describe '#resolve' do - let(:wip) { true } - let(:mutated_merge_request) { subject[:merge_request] } - - subject { mutation.resolve(project_path: merge_request.project.full_path, iid: merge_request.iid, wip: wip) } - - it_behaves_like 'permission level for merge request mutation is correctly verified' - - context 'when the user can update the merge request' do - before do - merge_request.project.add_developer(user) - end - - it 'returns the merge request as a wip' do - expect(mutated_merge_request).to eq(merge_request) - expect(mutated_merge_request).to be_work_in_progress - expect(subject[:errors]).to be_empty - end - - it 'returns errors merge request could not be updated' do - # Make the merge request invalid - merge_request.allow_broken = true - merge_request.update!(source_project: nil) - - expect(subject[:errors]).not_to be_empty - end - - context 'when passing wip as false' do - let(:wip) { false } - - it 'removes `wip` from the title' do - merge_request.update!(title: "WIP: working on it") - - expect(mutated_merge_request).not_to be_work_in_progress - end - - it 'does not do anything if the title did not start with wip' do - expect(mutated_merge_request).not_to be_work_in_progress - end - end - end - end -end diff --git a/spec/graphql/mutations/notes/reposition_image_diff_note_spec.rb b/spec/graphql/mutations/notes/reposition_image_diff_note_spec.rb index e78f755d5c7..39794a070c6 100644 --- a/spec/graphql/mutations/notes/reposition_image_diff_note_spec.rb +++ b/spec/graphql/mutations/notes/reposition_image_diff_note_spec.rb @@ -29,7 +29,7 @@ RSpec.describe Mutations::Notes::RepositionImageDiffNote do it 'raises an error if the resource is not accessible to the user' do expect { subject }.to raise_error( Gitlab::Graphql::Errors::ResourceNotAvailable, - "The resource that you are attempting to access does not exist or you don't have permission to perform this action" + Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR ) end end diff --git a/spec/graphql/mutations/releases/delete_spec.rb b/spec/graphql/mutations/releases/delete_spec.rb index d97f839ce87..9934aea0031 100644 --- a/spec/graphql/mutations/releases/delete_spec.rb +++ b/spec/graphql/mutations/releases/delete_spec.rb @@ -28,7 +28,7 @@ RSpec.describe Mutations::Releases::Delete do shared_examples 'unauthorized or not found error' do it 'raises a Gitlab::Graphql::Errors::ResourceNotAvailable error' do - expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable, "The resource that you are attempting to access does not exist or you don't have permission to perform this action") + expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable, Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) end end diff --git a/spec/graphql/mutations/releases/update_spec.rb b/spec/graphql/mutations/releases/update_spec.rb index 5ee63ac4dc2..9fae703b85a 100644 --- a/spec/graphql/mutations/releases/update_spec.rb +++ b/spec/graphql/mutations/releases/update_spec.rb @@ -232,7 +232,7 @@ RSpec.describe Mutations::Releases::Update do let(:mutation_arguments) { super().merge(project_path: 'not/a/real/path') } it 'raises an error' do - expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable, "The resource that you are attempting to access does not exist or you don't have permission to perform this action") + expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable, Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) end end end @@ -242,7 +242,7 @@ RSpec.describe Mutations::Releases::Update do let(:current_user) { reporter } it 'raises an error' do - expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable, "The resource that you are attempting to access does not exist or you don't have permission to perform this action") + expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable, Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) end end end diff --git a/spec/graphql/mutations/security/ci_configuration/configure_sast_iac_spec.rb b/spec/graphql/mutations/security/ci_configuration/configure_sast_iac_spec.rb new file mode 100644 index 00000000000..f16d504a4ae --- /dev/null +++ b/spec/graphql/mutations/security/ci_configuration/configure_sast_iac_spec.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Mutations::Security::CiConfiguration::ConfigureSastIac do + include GraphqlHelpers + + let(:service) { ::Security::CiConfiguration::SastIacCreateService } + + subject { resolve(described_class, args: { project_path: project.full_path }, ctx: { current_user: user }) } + + include_examples 'graphql mutations security ci configuration' +end |