diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-30 12:08:23 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-05-30 12:08:23 +0000 |
| commit | f1284938edfc2e033baf2c26ebadf42c526f6432 (patch) | |
| tree | 1537dfd31ad896605914c9e5aa57351d67260b1f /spec/graphql/features | |
| parent | bf774d67fc8a84f76f20494c318d7cfacb0c69ac (diff) | |
| download | gitlab-ce-f1284938edfc2e033baf2c26ebadf42c526f6432.tar.gz | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/graphql/features')
| -rw-r--r-- | spec/graphql/features/authorization_spec.rb | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/spec/graphql/features/authorization_spec.rb b/spec/graphql/features/authorization_spec.rb index 1d518e20da7..5ae497f9d37 100644 --- a/spec/graphql/features/authorization_spec.rb +++ b/spec/graphql/features/authorization_spec.rb @@ -179,7 +179,7 @@ RSpec.describe 'DeclarativePolicy authorization in GraphQL ' do describe 'type and field authorizations together' do let(:authorizing_object) { anything } let(:permission_1) { permission_collection.first } - let(:permission_2) { permission_collection.last } + let(:permission_2) { permission_collection.second } let(:type) do type_factory do |type| @@ -224,6 +224,55 @@ RSpec.describe 'DeclarativePolicy authorization in GraphQL ' do include_examples 'authorization with a collection of permissions' end + context 'when the resolver is a subclass of one that authorizes the object' do + let(:permission_object_one) { be_nil } + let(:permission_object_two) { be_nil } + let(:parent) do + parent = Class.new(Resolvers::BaseResolver) + parent.include(::Gitlab::Graphql::Authorize::AuthorizeResource) + parent.authorizes_object! + parent.authorize permission_1 + parent + end + + let(:resolver) do + simple_resolver(test_object, base_class: parent) + end + + include_examples 'authorization with a collection of permissions' + end + + context 'when the resolver is a subclass of one that authorizes the object, extra permission' do + let(:permission_object_one) { be_nil } + let(:permission_object_two) { be_nil } + let(:parent) do + parent = Class.new(Resolvers::BaseResolver) + parent.include(::Gitlab::Graphql::Authorize::AuthorizeResource) + parent.authorizes_object! + parent.authorize permission_1 + parent + end + + let(:resolver) do + resolver = simple_resolver(test_object, base_class: parent) + resolver.include(::Gitlab::Graphql::Authorize::AuthorizeResource) + resolver.authorize permission_2 + resolver + end + + context 'when the field does not define any permissions' do + let(:query_type) do + query_factory do |query| + query.field :item, type, + null: true, + resolver: resolver + end + end + + include_examples 'authorization with a collection of permissions' + end + end + context 'when the resolver does not authorize the object, but instead calls authorized_find!' do let(:permission_object_one) { test_object } let(:permission_object_two) { be_nil } |