blob: eb4f0b594ead0ea1fb02f2e09421c020a183a80f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Deleting a release' do
include GraphqlHelpers
include Presentable
let_it_be(:public_user) { create(:user) }
let_it_be(:guest) { create(:user) }
let_it_be(:reporter) { create(:user) }
let_it_be(:developer) { create(:user) }
let_it_be(:maintainer) { create(:user) }
let_it_be(:project) { create(:project, :public, :repository) }
let_it_be(:tag_name) { 'v1.1.0' }
let_it_be(:release) { create(:release, project: project, tag: tag_name) }
let(:mutation_name) { :release_delete }
let(:project_path) { project.full_path }
let(:mutation_arguments) do
{
projectPath: project_path,
tagName: tag_name
}
end
let(:mutation) do
graphql_mutation(mutation_name, mutation_arguments, <<~FIELDS)
release {
tagName
}
errors
FIELDS
end
let(:delete_release) { post_graphql_mutation(mutation, current_user: current_user) }
let(:mutation_response) { graphql_mutation_response(mutation_name)&.with_indifferent_access }
before do
project.add_guest(guest)
project.add_reporter(reporter)
project.add_developer(developer)
project.add_maintainer(maintainer)
end
shared_examples 'unauthorized or not found error' do
it 'returns a top-level error with message' do
delete_release
expect(mutation_response).to be_nil
expect(graphql_errors.count).to eq(1)
expect(graphql_errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
end
end
context 'when the current user has access to update releases' do
let(:current_user) { developer }
it 'deletes the release' do
expect { delete_release }.to change { Release.count }.by(-1)
end
it 'returns the deleted release' do
delete_release
expected_release = { tagName: tag_name }.with_indifferent_access
expect(mutation_response[:release]).to eq(expected_release)
end
it 'does not remove the Git tag associated with the deleted release' do
expect { delete_release }.not_to change { Project.find_by_id(project.id).repository.tag_count }
end
it 'returns no errors' do
delete_release
expect(mutation_response[:errors]).to eq([])
end
context 'validation' do
context 'when the release does not exist' do
let_it_be(:tag_name) { 'not-a-real-release' }
it 'returns the release as null' do
delete_release
expect(mutation_response[:release]).to be_nil
end
it 'returns an errors-at-data message' do
delete_release
expect(mutation_response[:errors]).to eq(['Release does not exist'])
end
end
context 'when the project does not exist' do
let(:project_path) { 'not/a/real/path' }
it_behaves_like 'unauthorized or not found error'
end
end
end
context "when the current user doesn't have access to update releases" do
context 'when the current user is a Reporter' do
let(:current_user) { reporter }
it_behaves_like 'unauthorized or not found error'
end
context 'when the current user is a Guest' do
let(:current_user) { guest }
it_behaves_like 'unauthorized or not found error'
end
context 'when the current user is a public user' do
let(:current_user) { public_user }
it_behaves_like 'unauthorized or not found error'
end
end
end
|
