Stub out DAST site profile creation mutation

c5ea95a1 · Philip Cunningham · 01682e0e · c5ea95a1 · c5ea95a1
Commit c5ea95a1 authored Jul 02, 2020 by Philip Cunningham
2 changed files
--- a/ee/app/graphql/mutations/dast_site_profiles/create.rb
+++ b/ee/app/graphql/mutations/dast_site_profiles/create.rb
+# frozen_string_literal: true
+
+module Mutations
+  module DastSiteProfiles
+    class Create < BaseMutation
+      include ResolvesProject
+
+      graphql_name 'DastSiteProfileCreate'
+
+      field :id, GraphQL::ID_TYPE,
+            null: false,
+            description: 'ID of the site profile.'
+
+      argument :full_path, GraphQL::ID_TYPE,
+               required: true,
+               description: 'The project the site profile belongs to.'
+
+      argument :profile_name, GraphQL::STRING_TYPE,
+               required: true,
+               description: 'The name of the site profile.'
+
+      argument :target_url, GraphQL::STRING_TYPE,
+               required: false,
+               description: 'The URL of the target to be scanned.'
+
+      authorize :run_ondemand_dast_scan
+
+      def resolve(full_path:, profile_name:, target_url: nil)
+        project = authorized_find!(full_path: full_path)
+        raise_resource_not_available_error! unless Feature.enabled?(:security_on_demand_scans_feature_flag, project)
+
+        {
+          errors: ['Not implemented']
+        }
+      end
+
+      private
+
+      def find_object(full_path:)
+        resolve_project(full_path: full_path)
+      end
+    end
+  end
+end
--- a/ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Mutations::DastSiteProfiles::Create do
+  let(:group) { create(:group) }
+  let(:project) { create(:project, group: group) }
+  let(:user) { create(:user) }
+  let(:full_path) { project.full_path }
+  let(:profile_name) { SecureRandom.hex }
+  let(:target_url) { FFaker::Internet.uri(:https) }
+
+  subject(:mutation) { described_class.new(object: nil, context: { current_user: user }, field: nil) }
+
+  describe '#resolve' do
+    subject do
+      mutation.resolve(
+        full_path: full_path,
+        profile_name: profile_name,
+        target_url: target_url
+      )
+    end
+
+    context 'when on demand scan feature is not enabled' do
+      it 'raises an exception' do
+        expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+      end
+    end
+
+    context 'when on demand scan feature is enabled' do
+      before do
+        stub_feature_flags(security_on_demand_scans_feature_flag: true)
+      end
+
+      context 'when the project does not exist' do
+        let(:full_path) { SecureRandom.hex }
+
+        it 'raises an exception' do
+          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+        end
+      end
+
+      context 'when the user is not associated with the project' do
+        it 'raises an exception' do
+          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
+        end
+      end
+
+      context 'when the user is an owner' do
+        it 'stubs out the response' do
+          group.add_owner(user)
+
+          expect(subject[:errors]).to eq(['Not implemented'])
+        end
+      end
+
+      context 'when the user is a maintainer' do
+        it 'stubs out the response' do
+          project.add_maintainer(user)
+
+          expect(subject[:errors]).to eq(['Not implemented'])
+        end
+      end
+
+      context 'when the user is a developer' do
+        it 'stubs out the response' do
+          project.add_developer(user)
+
+          expect(subject[:errors]).to eq(['Not implemented'])
+        end
+      end
+    end
+  end
+end