Commit 1745209f authored by Peter Leitzen's avatar Peter Leitzen

Merge branch 'sk/214423-fix-500-on-snippet-api' into 'master'

Fix 500 error for non-existing snippet on graphql mutations

See merge request gitlab-org/gitlab!30632
parents db7ab32c ce6a65c5
...@@ -15,6 +15,8 @@ module Mutations ...@@ -15,6 +15,8 @@ module Mutations
end end
def authorized_resource?(snippet) def authorized_resource?(snippet)
return false if snippet.nil?
Ability.allowed?(context[:current_user], ability_for(snippet), snippet) Ability.allowed?(context[:current_user], ability_for(snippet), snippet)
end end
......
---
title: Fix 500 error for non-existing snippet on graphql mutations
merge_request: 30632
author: Sashi Kumar
type: fixed
...@@ -6,9 +6,10 @@ describe 'Destroying a Snippet' do ...@@ -6,9 +6,10 @@ describe 'Destroying a Snippet' do
include GraphqlHelpers include GraphqlHelpers
let(:current_user) { snippet.author } let(:current_user) { snippet.author }
let(:snippet_gid) { snippet.to_global_id.to_s }
let(:mutation) do let(:mutation) do
variables = { variables = {
id: snippet.to_global_id.to_s id: snippet_gid
} }
graphql_mutation(:destroy_snippet, variables) graphql_mutation(:destroy_snippet, variables)
...@@ -49,9 +50,11 @@ describe 'Destroying a Snippet' do ...@@ -49,9 +50,11 @@ describe 'Destroying a Snippet' do
end end
describe 'PersonalSnippet' do describe 'PersonalSnippet' do
it_behaves_like 'graphql delete actions' do let_it_be(:snippet) { create(:personal_snippet) }
let_it_be(:snippet) { create(:personal_snippet) }
end it_behaves_like 'graphql delete actions'
it_behaves_like 'when the snippet is not found'
end end
describe 'ProjectSnippet' do describe 'ProjectSnippet' do
...@@ -85,5 +88,7 @@ describe 'Destroying a Snippet' do ...@@ -85,5 +88,7 @@ describe 'Destroying a Snippet' do
end end
end end
end end
it_behaves_like 'when the snippet is not found'
end end
end end
...@@ -10,9 +10,11 @@ describe 'Mark snippet as spam', :do_not_mock_admin_mode do ...@@ -10,9 +10,11 @@ describe 'Mark snippet as spam', :do_not_mock_admin_mode do
let_it_be(:snippet) { create(:personal_snippet) } let_it_be(:snippet) { create(:personal_snippet) }
let_it_be(:user_agent_detail) { create(:user_agent_detail, subject: snippet) } let_it_be(:user_agent_detail) { create(:user_agent_detail, subject: snippet) }
let(:current_user) { snippet.author } let(:current_user) { snippet.author }
let(:snippet_gid) { snippet.to_global_id.to_s }
let(:mutation) do let(:mutation) do
variables = { variables = {
id: snippet.to_global_id.to_s id: snippet_gid
} }
graphql_mutation(:mark_as_spam_snippet, variables) graphql_mutation(:mark_as_spam_snippet, variables)
...@@ -30,6 +32,8 @@ describe 'Mark snippet as spam', :do_not_mock_admin_mode do ...@@ -30,6 +32,8 @@ describe 'Mark snippet as spam', :do_not_mock_admin_mode do
end end
end end
it_behaves_like 'when the snippet is not found'
context 'when the user does not have permission' do context 'when the user does not have permission' do
let(:current_user) { other_user } let(:current_user) { other_user }
......
...@@ -15,9 +15,10 @@ describe 'Updating a Snippet' do ...@@ -15,9 +15,10 @@ describe 'Updating a Snippet' do
let(:updated_file_name) { 'Updated file_name' } let(:updated_file_name) { 'Updated file_name' }
let(:current_user) { snippet.author } let(:current_user) { snippet.author }
let(:snippet_gid) { GitlabSchema.id_from_object(snippet).to_s }
let(:mutation) do let(:mutation) do
variables = { variables = {
id: GitlabSchema.id_from_object(snippet).to_s, id: snippet_gid,
content: updated_content, content: updated_content,
description: updated_description, description: updated_description,
visibility_level: 'public', visibility_level: 'public',
...@@ -90,16 +91,18 @@ describe 'Updating a Snippet' do ...@@ -90,16 +91,18 @@ describe 'Updating a Snippet' do
end end
describe 'PersonalSnippet' do describe 'PersonalSnippet' do
it_behaves_like 'graphql update actions' do let(:snippet) do
let(:snippet) do create(:personal_snippet,
create(:personal_snippet, :private,
:private, file_name: original_file_name,
file_name: original_file_name, title: original_title,
title: original_title, content: original_content,
content: original_content, description: original_description)
description: original_description)
end
end end
it_behaves_like 'graphql update actions'
it_behaves_like 'when the snippet is not found'
end end
describe 'ProjectSnippet' do describe 'ProjectSnippet' do
...@@ -142,5 +145,7 @@ describe 'Updating a Snippet' do ...@@ -142,5 +145,7 @@ describe 'Updating a Snippet' do
end end
end end
end end
it_behaves_like 'when the snippet is not found'
end end
end end
# frozen_string_literal: true
RSpec.shared_examples 'when the snippet is not found' do
let(:snippet_gid) do
"gid://gitlab/#{snippet.class.name}/#{non_existing_record_id}"
end
it_behaves_like 'a mutation that returns top-level errors',
errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment