1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe ContainerRegistry::Protection::UpdateRuleService, '#execute', feature_category: :container_registry do
let_it_be(:project) { create(:project, :repository) }
let_it_be(:current_user) { create(:user, maintainer_projects: [project]) }
let_it_be_with_reload(:container_registry_protection_rule) do
create(:container_registry_protection_rule, project: project)
end
let(:service) { described_class.new(container_registry_protection_rule, current_user: current_user, params: params) }
let(:params) do
attributes_for(
:container_registry_protection_rule,
repository_path_pattern: "#{container_registry_protection_rule.repository_path_pattern}-updated",
delete_protected_up_to_access_level: 'owner',
push_protected_up_to_access_level: 'owner'
)
end
subject(:service_execute) { service.execute }
shared_examples 'a successful service response' do
let(:expected_attributes) { params }
it { is_expected.to be_success }
it do
is_expected.to have_attributes(
errors: be_blank,
message: be_blank,
payload: {
container_registry_protection_rule:
be_a(ContainerRegistry::Protection::Rule)
.and(have_attributes(expected_attributes))
}
)
end
it { expect { subject }.not_to change { ContainerRegistry::Protection::Rule.count } }
it { subject.tap { expect(container_registry_protection_rule.reload).to have_attributes expected_attributes } }
end
shared_examples 'an erroneous service response' do
it { is_expected.to be_error }
it do
is_expected.to have_attributes(
errors: be_present,
message: be_present,
payload: { container_registry_protection_rule: nil }
)
end
it { expect { subject }.not_to change { ContainerRegistry::Protection::Rule.count } }
it { expect { subject }.not_to change { container_registry_protection_rule.reload.updated_at } }
end
it_behaves_like 'a successful service response'
context 'with disallowed params' do
let(:params) { super().merge!(project_id: 1, unsupported_param: 'unsupported_param_value') }
it_behaves_like 'a successful service response' do
let(:expected_attributes) { params.except(:project_id, :unsupported_param) }
end
end
context 'with invalid params' do
using RSpec::Parameterized::TableSyntax
where(:params_invalid, :message_expected) do
{ repository_path_pattern: '' } | [/Repository path pattern can't be blank/]
{ delete_protected_up_to_access_level: 1000 } | /not a valid delete_protected_up_to_access_level/
{ push_protected_up_to_access_level: 1000 } | /not a valid push_protected_up_to_access_level/
end
with_them do
let(:params) do
super().merge(params_invalid)
end
it_behaves_like 'an erroneous service response'
it { is_expected.to have_attributes message: message_expected }
end
end
context 'with empty params' do
let(:params) { {} }
it_behaves_like 'a successful service response' do
let(:expected_attributes) { container_registry_protection_rule.attributes }
end
it { expect { service_execute }.not_to change { container_registry_protection_rule.reload.updated_at } }
end
context 'with nil params' do
let(:params) { nil }
it_behaves_like 'a successful service response' do
let(:expected_attributes) { container_registry_protection_rule.attributes }
end
it { expect { service_execute }.not_to change { container_registry_protection_rule.reload.updated_at } }
end
context 'when updated field `repository_path_pattern` is already taken' do
let_it_be_with_reload(:other_existing_container_registry_protection_rule) do
create(:container_registry_protection_rule, project: project,
repository_path_pattern: "#{container_registry_protection_rule.repository_path_pattern}-other")
end
let(:params) do
{ repository_path_pattern: other_existing_container_registry_protection_rule.repository_path_pattern }
end
it_behaves_like 'an erroneous service response'
it do
expect { service_execute }.not_to(
change { other_existing_container_registry_protection_rule.reload.repository_path_pattern }
)
end
it do
is_expected.to have_attributes(
errors: match_array([/Repository path pattern has already been taken/]),
message: match_array([/Repository path pattern has already been taken/])
)
end
end
context 'when current_user does not have permission' do
let_it_be(:developer) { create(:user).tap { |u| project.add_developer(u) } }
let_it_be(:reporter) { create(:user).tap { |u| project.add_reporter(u) } }
let_it_be(:guest) { create(:user).tap { |u| project.add_guest(u) } }
let_it_be(:anonymous) { create(:user) }
where(:current_user) do
[ref(:developer), ref(:reporter), ref(:guest), ref(:anonymous)]
end
with_them do
it_behaves_like 'an erroneous service response'
it { is_expected.to have_attributes errors: match_array(/Unauthorized/), message: /Unauthorized/ }
end
end
context 'without container registry protection rule' do
let(:container_registry_protection_rule) { nil }
let(:params) { {} }
it { expect { service_execute }.to raise_error(ArgumentError) }
end
context 'without current_user' do
let(:current_user) { nil }
it { expect { service_execute }.to raise_error(ArgumentError) }
end
end
|
