diff options
Diffstat (limited to 'spec/requests/api/graphql/mutations/snippets/destroy_spec.rb')
-rw-r--r-- | spec/requests/api/graphql/mutations/snippets/destroy_spec.rb | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb b/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb new file mode 100644 index 00000000000..351d2db8973 --- /dev/null +++ b/spec/requests/api/graphql/mutations/snippets/destroy_spec.rb @@ -0,0 +1,89 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'Destroying a Snippet' do + include GraphqlHelpers + + let(:current_user) { snippet.author } + let(:mutation) do + variables = { + id: snippet.to_global_id.to_s + } + + graphql_mutation(:destroy_snippet, variables) + end + + def mutation_response + graphql_mutation_response(:destroy_snippet) + end + + shared_examples 'graphql delete actions' do + context 'when the user does not have permission' do + let(:current_user) { create(:user) } + + it_behaves_like 'a mutation that returns top-level errors', + errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR] + + it 'does not destroy the Snippet' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + end.not_to change { Snippet.count } + end + end + + context 'when the user has permission' do + it 'destroys the Snippet' do + expect do + post_graphql_mutation(mutation, current_user: current_user) + end.to change { Snippet.count }.by(-1) + end + + it 'returns an empty Snippet' do + post_graphql_mutation(mutation, current_user: current_user) + + expect(mutation_response).to have_key('snippet') + expect(mutation_response['snippet']).to be_nil + end + end + end + + describe 'PersonalSnippet' do + it_behaves_like 'graphql delete actions' do + let_it_be(:snippet) { create(:personal_snippet) } + end + end + + describe 'ProjectSnippet' do + let_it_be(:project) { create(:project, :private) } + let_it_be(:snippet) { create(:project_snippet, :private, project: project, author: create(:user)) } + + context 'when the author is not a member of the project' do + it 'returns an an error' do + post_graphql_mutation(mutation, current_user: current_user) + errors = json_response['errors'] + + expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) + end + end + + context 'when the author is a member of the project' do + before do + project.add_developer(current_user) + end + + it_behaves_like 'graphql delete actions' + + context 'when the snippet project feature is disabled' do + it 'returns an an error' do + project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED) + + post_graphql_mutation(mutation, current_user: current_user) + errors = json_response['errors'] + + expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR) + end + end + end + end +end |