Commit 324a6afe authored by Peter Leitzen's avatar Peter Leitzen

Merge branch 'ajk-13984-milestone-permissions' into 'master'

Add appropriate permissions for some GraphQL objects

See merge request gitlab-org/gitlab!53320
parents 9564bbb5 ad3e86d6
...@@ -17,6 +17,7 @@ RSpec.describe Resolvers::DastSiteValidationResolver do ...@@ -17,6 +17,7 @@ RSpec.describe Resolvers::DastSiteValidationResolver do
before do before do
project.add_maintainer(current_user) project.add_maintainer(current_user)
stub_licensed_features(security_on_demand_scans: true)
end end
specify do specify do
......
...@@ -6,18 +6,24 @@ RSpec.describe GitlabSchema.types['DastProfile'] do ...@@ -6,18 +6,24 @@ RSpec.describe GitlabSchema.types['DastProfile'] do
include GraphqlHelpers include GraphqlHelpers
let_it_be(:object) { create(:dast_profile) } let_it_be(:object) { create(:dast_profile) }
let_it_be(:project) { object.project }
let_it_be(:user) { create(:user, developer_projects: [project]) }
let_it_be(:fields) { %i[id name description dastSiteProfile dastScannerProfile editPath] } let_it_be(:fields) { %i[id name description dastSiteProfile dastScannerProfile editPath] }
specify { expect(described_class.graphql_name).to eq('DastProfile') } specify { expect(described_class.graphql_name).to eq('DastProfile') }
specify { expect(described_class).to require_graphql_authorizations(:read_on_demand_scans) } specify { expect(described_class).to require_graphql_authorizations(:read_on_demand_scans) }
before do
stub_licensed_features(security_on_demand_scans: true)
end
it { expect(described_class).to have_graphql_fields(fields) } it { expect(described_class).to have_graphql_fields(fields) }
describe 'editPath field' do describe 'editPath field' do
it 'correctly renders the field' do it 'correctly renders the field' do
expected_result = Gitlab::Routing.url_helpers.edit_project_on_demand_scan_path(object.project, object) expected_result = Gitlab::Routing.url_helpers.edit_project_on_demand_scan_path(project, object)
expect(resolve_field(:edit_path, object)).to eq(expected_result) expect(resolve_field(:edit_path, object, current_user: user)).to eq(expected_result)
end end
end end
end end
...@@ -6,7 +6,7 @@ RSpec.describe Resolvers::PackagesResolver do ...@@ -6,7 +6,7 @@ RSpec.describe Resolvers::PackagesResolver do
include GraphqlHelpers include GraphqlHelpers
let_it_be(:user) { create(:user) } let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project) } let_it_be(:project) { create(:project, :public) }
let_it_be(:package) { create(:package, project: project) } let_it_be(:package) { create(:package, project: project) }
describe '#resolve' do describe '#resolve' do
......
...@@ -6,9 +6,10 @@ RSpec.describe Resolvers::ReleaseMilestonesResolver do ...@@ -6,9 +6,10 @@ RSpec.describe Resolvers::ReleaseMilestonesResolver do
include GraphqlHelpers include GraphqlHelpers
let_it_be(:release) { create(:release, :with_milestones, milestones_count: 2) } let_it_be(:release) { create(:release, :with_milestones, milestones_count: 2) }
let_it_be(:current_user) { create(:user, developer_projects: [release.project]) }
let(:resolved) do let(:resolved) do
resolve(described_class, obj: release) resolve(described_class, obj: release, ctx: { current_user: current_user })
end end
describe '#resolve' do describe '#resolve' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment