Commit 50491d32 authored by Lin Jen-Shin's avatar Lin Jen-Shin

Instead of returning all or nothing, return whichever passed

And add tests
parent 30918929
......@@ -45,15 +45,12 @@ module Gitlab
end
end
checked =
case value
when Array
value.all?(&check)
else
check.call(value)
end
value if checked
case value
when Array
value.select(&check)
else
value if check.call(value)
end
end
end
end
......
......@@ -15,7 +15,7 @@ describe Gitlab::Graphql::Authorize::Instrumentation do
object = double(:object)
abilities.each do |ability|
spy_ability_check_for(ability, object)
spy_ability_check_for(ability, object, passed: true)
end
expect(checker.call(object)).to eq(object)
......@@ -26,18 +26,42 @@ describe Gitlab::Graphql::Authorize::Instrumentation do
abilities.each do |ability|
objects.each do |object|
spy_ability_check_for(ability, object)
spy_ability_check_for(ability, object, passed: true)
end
end
expect(checker.call(objects)).to eq(objects)
end
def spy_ability_check_for(ability, object)
context 'when some objects would not pass the check' do
it 'returns nil when it is single object' do
disallowed = double(:object)
spy_ability_check_for(abilities.first, disallowed, passed: false)
expect(checker.call(disallowed)).to be_nil
end
it 'returns only objects which passed when there are more than one' do
allowed = double(:allowed)
disallowed = double(:disallowed)
spy_ability_check_for(abilities.first, disallowed, passed: false)
abilities.each do |ability|
spy_ability_check_for(ability, allowed, passed: true)
end
expect(checker.call([disallowed, allowed]))
.to contain_exactly(allowed)
end
end
def spy_ability_check_for(ability, object, passed: true)
expect(Ability)
.to receive(:allowed?)
.with(current_user, ability, object)
.and_return(true)
.and_return(passed)
end
end
end
......@@ -56,4 +56,40 @@ describe 'getting an issue list for a project' do
expect(issues_data).to eq []
end
end
context 'when there is a confidential issue' do
let!(:confidential_issue) do
create(:issue, :confidential, project: project)
end
context 'when the user cannot see confidential issues' do
it 'returns issues without confidential issues' do
post_graphql(query, current_user: current_user)
expect(issues_data.size).to eq(2)
issues_data.each do |issue|
expect(issue.dig('node', 'confidential')).to eq(false)
end
end
end
context 'when the user can see confidential issues' do
before do
project.add_developer(current_user)
end
it 'returns issues with confidential issues' do
post_graphql(query, current_user: current_user)
expect(issues_data.size).to eq(3)
confidentials = issues_data.map do |issue|
issue.dig('node', 'confidential')
end
expect(confidentials).to eq([true, false, false])
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment