spec/services/packages/protection/update_rule_service_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Packages::Protection::UpdateRuleService, '#execute', feature_category: :environment_management do
  let_it_be(:project) { create(:project, :repository) }
  let_it_be(:current_user) { create(:user, maintainer_projects: [project]) }
  let_it_be_with_reload(:package_protection_rule) { create(:package_protection_rule, project: project) }

  let(:service) { described_class.new(package_protection_rule, current_user: current_user, params: params) }

  let(:params) do
    attributes_for(
      :package_protection_rule,
      package_name_pattern: "#{package_protection_rule.package_name_pattern}-updated",
      package_type: 'npm',
      push_protected_up_to_access_level: 'owner'
    )
  end

  subject(:service_execute) { service.execute }

  shared_examples 'a successful service response' do
    let(:expected_attributes) { params }

    it { is_expected.to be_success }

    it do
      is_expected.to have_attributes(
        errors: be_blank,
        message: be_blank,
        payload: { package_protection_rule: be_a(Packages::Protection::Rule).and(have_attributes(expected_attributes)) }
      )
    end

    it { expect { subject }.not_to change { Packages::Protection::Rule.count } }

    it { subject.tap { expect(package_protection_rule.reload).to have_attributes expected_attributes } }
  end

  shared_examples 'an erroneous service response' do
    it { is_expected.to be_error }

    it do
      is_expected.to have_attributes(
        errors: be_present,
        message: be_present,
        payload: { package_protection_rule: nil }
      )
    end

    it { expect { subject }.not_to change { Packages::Protection::Rule.count } }
    it { expect { subject }.not_to change { package_protection_rule.reload.updated_at } }
  end

  it_behaves_like 'a successful service response'

  context 'with disallowed params' do
    let(:params) { super().merge!(project_id: 1, unsupported_param: 'unsupported_param_value') }

    it_behaves_like 'a successful service response' do
      let(:expected_attributes) { params.except(:project_id, :unsupported_param) }
    end
  end

  context 'when fields are invalid' do
    let(:params) do
      { package_name_pattern: '', package_type: 'unknown_package_type',
        push_protected_up_to_access_level: 1000 }
    end

    it_behaves_like 'an erroneous service response'

    it { is_expected.to have_attributes message: /'unknown_package_type' is not a valid package_type/ }
  end

  context 'with empty params' do
    let(:params) { {} }

    it_behaves_like 'a successful service response' do
      let(:expected_attributes) { package_protection_rule.attributes }
    end

    it { expect { service_execute }.not_to change { package_protection_rule.reload.updated_at } }
  end

  context 'with nil params' do
    let(:params) { nil }

    it_behaves_like 'a successful service response' do
      let(:expected_attributes) { package_protection_rule.attributes }
    end

    it { expect { service_execute }.not_to change { package_protection_rule.reload.updated_at } }
  end

  context 'when updated field `package_name_pattern` is already taken' do
    let_it_be_with_reload(:other_existing_package_protection_rule) do
      create(:package_protection_rule, project: project,
        package_name_pattern: "#{package_protection_rule.package_name_pattern}-other")
    end

    let(:params) { { package_name_pattern: other_existing_package_protection_rule.package_name_pattern } }

    it_behaves_like 'an erroneous service response'

    it do
      expect { service_execute }.not_to(
        change { other_existing_package_protection_rule.reload.package_name_pattern }
      )
    end

    it do
      is_expected.to have_attributes(
        errors: match_array([/Package name pattern has already been taken/]),
        message: match_array([/Package name pattern has already been taken/])
      )
    end
  end

  context 'when current_user does not have permission' do
    let_it_be(:developer) { create(:user).tap { |u| project.add_developer(u) } }
    let_it_be(:reporter) { create(:user).tap { |u| project.add_reporter(u) } }
    let_it_be(:guest) { create(:user).tap { |u| project.add_guest(u) } }
    let_it_be(:anonymous) { create(:user) }

    where(:current_user) do
      [ref(:developer), ref(:reporter), ref(:guest), ref(:anonymous)]
    end

    with_them do
      it_behaves_like 'an erroneous service response'

      it { is_expected.to have_attributes errors: match_array(/Unauthorized/), message: /Unauthorized/ }
    end
  end

  context 'without package protection rule' do
    let(:package_protection_rule) { nil }
    let(:params) { {} }

    it { expect { service_execute }.to raise_error(ArgumentError) }
  end

  context 'without current_user' do
    let(:current_user) { nil }

    it { expect { service_execute }.to raise_error(ArgumentError) }
  end
end