Merge branch '213581-expose-project-push-rules-in-gql' into 'master'

Expose project.pushRules.rejectUnsignedCommits in gql See merge request gitlab-org/gitlab!54113

Merge branch '213581-expose-project-push-rules-in-gql' into 'master'
Expose project.pushRules.rejectUnsignedCommits in gql See merge request gitlab-org/gitlab!54113
c7b2d3b9 · charlie ablett · 7af349e3 · 40f540b3 · c7b2d3b9 · c7b2d3b9
Commit c7b2d3b9 authored Mar 09, 2021 by charlie ablett
8 changed files
--- a/.rubocop_manual_todo.yml
+++ b/.rubocop_manual_todo.yml
@@ -2278,6 +2278,7 @@ Gitlab/NamespacedClass:
    - 'ee/app/policies/instance_security_dashboard_policy.rb'
    - 'ee/app/policies/issuable_metric_image_policy.rb'
    - 'ee/app/policies/iteration_policy.rb'
+    - 'ee/app/policies/push_rule_policy.rb'
    - 'ee/app/policies/saml_provider_policy.rb'
    - 'ee/app/policies/timelog_policy.rb'
    - 'ee/app/policies/vulnerability_policy.rb'

--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -3431,6 +3431,7 @@ Represents vulnerability finding of a security report on the pipeline.
 | `printingMergeRequestLinkEnabled` | Boolean | Indicates if a link to create or view a merge request should display after a push to Git repositories of the project from the command line. |
 | `projectMembers` | MemberInterfaceConnection | Members of the project. |
 | `publicJobs` | Boolean | Indicates if there is public access to pipelines and job details of the project, including output logs and artifacts. |
+| `pushRules` | PushRules | The project's push rules settings. |
 | `release` | Release | A single release of the project. |
 | `releases` | ReleaseConnection | Releases of the project. |
 | `removeSourceBranchAfterMerge` | Boolean | Indicates if `Delete source branch` option should be enabled by default for all new merge requests of the project. |
@@ -3604,6 +3605,14 @@ Autogenerated return type of PromoteToEpic.
 | `errors` | String! => Array | Errors encountered during execution of the mutation. |
 | `issue` | Issue | The issue after mutation. |

+### `PushRules`
+
+Represents rules that commit pushes must follow.
+
+| Field | Type | Description |
+| ----- | ---- | ----------- |
+| `rejectUnsignedCommits` | Boolean! | Indicates whether commits not signed through GPG will be rejected. |
+
 ### `Release`

 Represents a release.

--- a/ee/app/graphql/ee/types/project_type.rb
+++ b/ee/app/graphql/ee/types/project_type.rb
@@ -132,6 +132,12 @@ module EE
              null: true,
              description: 'API fuzzing configuration for the project.',
              feature_flag: :api_fuzzing_configuration_ui
+
+        field :push_rules,
+              ::Types::PushRulesType,
+              null: true,
+              description: "The project's push rules settings.",
+              method: :push_rule
      end

      def api_fuzzing_ci_configuration

--- a/ee/app/graphql/types/push_rules_type.rb
+++ b/ee/app/graphql/types/push_rules_type.rb
+# frozen_string_literal: true
+
+module Types
+  class PushRulesType < BaseObject
+    graphql_name 'PushRules'
+    description 'Represents rules that commit pushes must follow.'
+    accepts ::PushRule
+
+    authorize :read_project
+
+    field :reject_unsigned_commits,
+      GraphQL::BOOLEAN_TYPE,
+      null: false,
+      description: 'Indicates whether commits not signed through GPG will be rejected.'
+
+    def reject_unsigned_commits
+      !!(object.available?(:reject_unsigned_commits) && object.reject_unsigned_commits)
+    end
+  end
+end
--- a/ee/app/policies/push_rule_policy.rb
+++ b/ee/app/policies/push_rule_policy.rb
+# frozen_string_literal: true
+
+class PushRulePolicy < BasePolicy
+  delegate { @subject.project }
+end
--- a/ee/spec/graphql/types/project_type_spec.rb
+++ b/ee/spec/graphql/types/project_type_spec.rb
@@ -222,6 +222,12 @@ RSpec.describe GitlabSchema.types['Project'] do
    end
  end

+  describe 'push rules field' do
+    subject { described_class.fields['pushRules'] }
+
+    it { is_expected.to have_graphql_type(Types::PushRulesType) }
+  end
+
  private

  def query_for_project(project)

--- a/ee/spec/graphql/types/push_rules_type_spec.rb
+++ b/ee/spec/graphql/types/push_rules_type_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe GitlabSchema.types['PushRules'] do
+  it { expect(described_class.graphql_name).to eq('PushRules') }
+
+  it { expect(described_class).to require_graphql_authorizations(:read_project) }
+
+  it 'has the expected fields' do
+    expect(described_class).to have_graphql_fields(:reject_unsigned_commits)
+  end
+end
--- a/ee/spec/requests/api/graphql/project/push_rules_spec.rb
+++ b/ee/spec/requests/api/graphql/project/push_rules_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Query.project(fullPath).pushRules' do
+  using RSpec::Parameterized::TableSyntax
+  include GraphqlHelpers
+
+  let_it_be(:user) { create(:user) }
+  let_it_be(:project) { create(:project, namespace: user.namespace) }
+
+  subject(:push_rules_response) do
+    post_graphql(
+      graphql_query_for(
+        :project, { full_path: project.full_path }, "pushRules { #{all_graphql_fields_for('PushRules')} }"
+      ),
+      current_user: user
+    )
+
+    graphql_dig_at(graphql_data, 'project', 'pushRules')
+  end
+
+  it 'returns nil when push_rules license is false' do
+    create(:push_rule, project: project)
+    stub_licensed_features(push_rules: false)
+
+    expect(push_rules_response).to be_nil
+  end
+
+  describe 'pushRules.rejectUnsignedCommits' do
+    where(:field_value, :license_value, :expected) do
+      true | true | true
+      true | false | false
+      false | true | false
+      false | false | false
+    end
+
+    with_them do
+      before do
+        create(:push_rule, project: project, reject_unsigned_commits: field_value)
+        stub_licensed_features(reject_unsigned_commits: license_value)
+      end
+
+      it "returns" do
+        expect(push_rules_response).to eq("rejectUnsignedCommits" => expected)
+      end
+    end
+  end
+end