1 files changed, 84 insertions, 0 deletions
diff --git a/spec/requests/api/graphql/project/packages_protection_rules_spec.rb b/spec/requests/api/graphql/project/packages_protection_rules_spec.rb
new file mode 100644
index 00000000000..0159f8a13e6
--- /dev/null
+++ b/spec/requests/api/graphql/project/packages_protection_rules_spec.rb
@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'getting the packages protection rules linked to a project', :aggregate_failures, feature_category: :package_registry do
+  include GraphqlHelpers
+
+  let_it_be_with_reload(:project) { create(:project) }
+  let_it_be(:user) { project.owner }
+
+  let(:query) do
+    graphql_query_for(
+      :project,
+      { full_path: project.full_path },
+      query_nodes(:packagesProtectionRules, of: 'PackagesProtectionRule')
+    )
+  end
+
+  subject { post_graphql(query, current_user: user) }
+
+  context 'with authorized user owner' do
+    before do
+      subject
+    end
+
+    context 'with package protection rule' do
+      let_it_be(:package_protection_rule) { create(:package_protection_rule, project: project) }
+
+      it_behaves_like 'a working graphql query'
+
+      it 'returns only on PackagesProtectionRule' do
+        expect(graphql_data_at(:project, :packagesProtectionRules, :nodes).count).to eq 1
+      end
+
+      it 'returns all packages protection rule fields' do
+        expect(graphql_data_at(:project, :packagesProtectionRules, :nodes)).to include(
+          hash_including(
+            'packageNamePattern' => package_protection_rule.package_name_pattern,
+            'packageType' => 'NPM',
+            'pushProtectedUpToAccessLevel' => 'DEVELOPER'
+          )
+        )
+      end
+    end
+
+    context 'without package protection rule' do
+      it_behaves_like 'a working graphql query'
+
+      it 'returns no PackagesProtectionRule' do
+        expect(graphql_data_at(:project, :packagesProtectionRules, :nodes)).to eq []
+      end
+    end
+  end
+
+  context 'with unauthorized user' do
+    let_it_be(:user) { create(:user).tap { |u| project.add_developer(u) } }
+
+    before do
+      subject
+    end
+
+    it_behaves_like 'a working graphql query'
+
+    it 'returns no package protection rules' do
+      expect(graphql_data_at(:project, :packagesProtectionRules, :nodes)).to eq []
+    end
+  end
+
+  context "when feature flag ':packages_protected_packages' disabled" do
+    let_it_be(:package_protection_rule) { create(:package_protection_rule, project: project) }
+
+    before do
+      stub_feature_flags(packages_protected_packages: false)
+
+      subject
+    end
+
+    it_behaves_like 'a working graphql query'
+
+    it 'returns no package protection rules' do
+      expect(graphql_data_at(:project, :packagesProtectionRules, :nodes)).to eq []
+    end
+  end
+end