Add specific package policy

The policy delegates the access to package to the project

- New policy
- Use policy in PackageType
- Remove custom check from resolver
- Tests
parent b2869bcc
......@@ -13,7 +13,7 @@ module Resolvers
private
def packages_available?(object, user)
::Gitlab.config.packages.enabled && object.feature_available?(:packages) && Ability.allowed?(user, :read_package, object)
::Gitlab.config.packages.enabled && object.feature_available?(:packages)
end
end
end
# frozen_string_literal: true
module Types
# rubocop: disable Graphql/AuthorizeTypes
class PackageType < BaseObject
graphql_name 'Package'
description 'Represents a package'
authorize :read_package
field :id, GraphQL::ID_TYPE, null: false, description: 'The ID of the package'
field :name, GraphQL::STRING_TYPE, null: false, description: 'The name of the package'
......@@ -13,5 +13,4 @@ module Types
field :version, GraphQL::STRING_TYPE, null: true, description: 'The version of the package'
field :package_type, Types::PackageTypeEnum, null: false, description: 'The type of the package'
end
# rubocop: enable Graphql/AuthorizeTypes
end
# frozen_string_literal: true
module Packages
class PackagePolicy < BasePolicy
delegate { @subject.project }
end
end
......@@ -22,19 +22,9 @@ describe Resolvers::PackagesResolver do
allow(project).to receive(:feature_available?).with(:packages).and_return(true)
end
context 'when the user is authorized to read the packages' do
before do
project.add_reporter(user)
end
it { is_expected.to contain_exactly(package) }
end
context 'when the user is not authorized to read the package' do
it { is_expected.to be_nil }
end
end
context 'when the project has the package feature disabled' do
before do
allow(project).to receive(:feature_available?).with(:packages).and_return(false)
......
# frozen_string_literal: true
require 'spec_helper'
describe Packages::PackagePolicy do
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project) }
let_it_be(:package) { create(:package, project: project) }
subject(:policy) { described_class.new(user, package) }
context 'when the user is part of the project' do
before do
project.add_reporter(user)
end
it 'allows read_package' do
expect(policy).to be_allowed(:read_package)
end
end
context 'when the user is not part of the project' do
it 'disallows read_package for any Package' do
expect(policy).to be_disallowed(:read_package)
end
end
end
......@@ -36,26 +36,36 @@ describe 'getting a package list for a project' do
context 'when user has access to the project' do
before do
project.add_reporter(current_user)
post_graphql(query, current_user: current_user)
end
it_behaves_like 'a working graphql query' do
before do
post_graphql(query, current_user: current_user)
it_behaves_like 'a working graphql query'
it 'returns packages successfully' do
expect(packages_data[0]['node']['name']).to eq package.name
end
end
it 'returns packages successfully' do
context 'when the user does not have access to the project/packages' do
before do
post_graphql(query, current_user: current_user)
end
expect(graphql_errors).to be_nil
expect(packages_data[0]['node']['name']).to eq package.name
it_behaves_like 'a working graphql query'
it 'returns nil' do
expect(graphql_data['project']).to be_nil
end
end
context 'when the user does not have access to the packages' do
it 'returns nil' do
context 'when the user is not autenthicated' do
before do
post_graphql(query)
end
it_behaves_like 'a working graphql query'
it 'returns nil' do
expect(graphql_data['project']).to be_nil
end
end
......@@ -65,12 +75,13 @@ describe 'getting a package list for a project' do
before do
stub_licensed_features(packages: false)
project.add_reporter(current_user)
post_graphql(query, current_user: current_user)
end
it 'returns nil' do
post_graphql(query)
it_behaves_like 'a working graphql query'
expect(graphql_data['project']).to be_nil
it 'returns nil' do
expect(graphql_data['project']['packages']).to be_nil
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment