Exclude ProjectNamespaces from GraphQL namespace results

Changelog: other

Exclude ProjectNamespaces from GraphQL namespace results
Changelog: other
baf4ef77 · charlie ablett · e31ec46d · baf4ef77 · baf4ef77
Commit baf4ef77 authored Oct 29, 2021 by charlie ablett
Showing with 90 additions and 1 deletion

lib/gitlab/graphql/loaders/full_path_model_loader.rb lib/gitlab/graphql/loaders/full_path_model_loader.rb +4 -1

spec/requests/api/graphql/namespace_query_spec.rb spec/requests/api/graphql/namespace_query_spec.rb +86 -0

No files found.
--- a/lib/gitlab/graphql/loaders/full_path_model_loader.rb
+++ b/lib/gitlab/graphql/loaders/full_path_model_loader.rb
@@ -16,8 +16,11 @@ module Gitlab

        def find
          BatchLoader::GraphQL.for(full_path).batch(key: model_class) do |full_paths, loader, args|
+            scope = args[:key]
+            # this logic cannot be placed in the NamespaceResolver due to N+1
+            scope = scope.without_project_namespaces if scope == Namespace
            # `with_route` avoids an N+1 calculating full_path
-            args[:key].where_full_path_in(full_paths).with_route.each do |model_instance|
+            scope.where_full_path_in(full_paths).with_route.each do |model_instance|
              loader.call(model_instance.full_path.downcase, model_instance)
            end
          end

--- a/spec/requests/api/graphql/namespace_query_spec.rb
+++ b/spec/requests/api/graphql/namespace_query_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Query' do
+  include GraphqlHelpers
+
+  let_it_be(:user) { create(:user) }
+  let_it_be(:other_user) { create(:user) }
+
+  let_it_be(:group_namespace) { create(:group) }
+  let_it_be(:user_namespace) { create(:user_namespace, owner: user) }
+  let_it_be(:project_namespace) { create(:project_namespace, parent: group_namespace) }
+
+  describe '.namespace' do
+    subject { post_graphql(query, current_user: current_user) }
+
+    let(:current_user) { user }
+
+    let(:query) { graphql_query_for(:namespace, { 'fullPath' => target_namespace.full_path }, all_graphql_fields_for('Namespace')) }
+    let(:query_result) { graphql_data['namespace'] }
+
+    shared_examples 'retrieving a namespace' do
+      context 'authorised query' do
+        before do
+          subject
+        end
+
+        it_behaves_like 'a working graphql query'
+
+        it 'fetches the expected data' do
+          expect(query_result).to include(
+            'fullPath' => target_namespace.full_path,
+            'name' => target_namespace.name
+          )
+        end
+      end
+
+      context 'unauthorised query' do
+        before do
+          subject
+        end
+
+        context 'anonymous user' do
+          let(:current_user) { nil }
+
+          it 'does not retrieve the record' do
+            expect(query_result).to be_nil
+          end
+        end
+
+        context 'the current user does not have permission' do
+          let(:current_user) { other_user }
+
+          it 'does not retrieve the record' do
+            expect(query_result).to be_nil
+          end
+        end
+      end
+    end
+
+    it_behaves_like 'retrieving a namespace' do
+      let(:target_namespace) { group_namespace }
+
+      before do
+        group_namespace.add_developer(user)
+      end
+    end
+
+    it_behaves_like 'retrieving a namespace' do
+      let(:target_namespace) { user_namespace }
+    end
+
+    context 'does not retrieve project namespace' do
+      let(:target_namespace) { project_namespace }
+
+      before do
+        subject
+      end
+
+      it 'does not retrieve the record' do
+        expect(query_result).to be_nil
+      end
+    end
+  end
+end