Commit 0b36e395 authored by Paul Slaughter's avatar Paul Slaughter

Expose project.pushRules.rejectUnsignedCommits in gql

- Also overwrites reject_unsigned_commits in
  the graphql type so that we are consistent
  if the license changes ([see comment][1]).

[1]: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54113#note_508701781
parent c3ab4a2f
...@@ -2279,6 +2279,7 @@ Gitlab/NamespacedClass: ...@@ -2279,6 +2279,7 @@ Gitlab/NamespacedClass:
- 'ee/app/policies/instance_security_dashboard_policy.rb' - 'ee/app/policies/instance_security_dashboard_policy.rb'
- 'ee/app/policies/issuable_metric_image_policy.rb' - 'ee/app/policies/issuable_metric_image_policy.rb'
- 'ee/app/policies/iteration_policy.rb' - 'ee/app/policies/iteration_policy.rb'
- 'ee/app/policies/push_rule_policy.rb'
- 'ee/app/policies/saml_provider_policy.rb' - 'ee/app/policies/saml_provider_policy.rb'
- 'ee/app/policies/timelog_policy.rb' - 'ee/app/policies/timelog_policy.rb'
- 'ee/app/policies/vulnerability_policy.rb' - 'ee/app/policies/vulnerability_policy.rb'
......
...@@ -3388,6 +3388,7 @@ Represents vulnerability finding of a security report on the pipeline. ...@@ -3388,6 +3388,7 @@ Represents vulnerability finding of a security report on the pipeline.
| `printingMergeRequestLinkEnabled` | Boolean | Indicates if a link to create or view a merge request should display after a push to Git repositories of the project from the command line. | | `printingMergeRequestLinkEnabled` | Boolean | Indicates if a link to create or view a merge request should display after a push to Git repositories of the project from the command line. |
| `projectMembers` | MemberInterfaceConnection | Members of the project. | | `projectMembers` | MemberInterfaceConnection | Members of the project. |
| `publicJobs` | Boolean | Indicates if there is public access to pipelines and job details of the project, including output logs and artifacts. | | `publicJobs` | Boolean | Indicates if there is public access to pipelines and job details of the project, including output logs and artifacts. |
| `pushRules` | PushRules | The project's push rules settings. |
| `release` | Release | A single release of the project. | | `release` | Release | A single release of the project. |
| `releases` | ReleaseConnection | Releases of the project. | | `releases` | ReleaseConnection | Releases of the project. |
| `removeSourceBranchAfterMerge` | Boolean | Indicates if `Delete source branch` option should be enabled by default for all new merge requests of the project. | | `removeSourceBranchAfterMerge` | Boolean | Indicates if `Delete source branch` option should be enabled by default for all new merge requests of the project. |
...@@ -3561,6 +3562,14 @@ Autogenerated return type of PromoteToEpic. ...@@ -3561,6 +3562,14 @@ Autogenerated return type of PromoteToEpic.
| `errors` | String! => Array | Errors encountered during execution of the mutation. | | `errors` | String! => Array | Errors encountered during execution of the mutation. |
| `issue` | Issue | The issue after mutation. | | `issue` | Issue | The issue after mutation. |
### `PushRules`
Represents rules that commit pushes must follow.
| Field | Type | Description |
| ----- | ---- | ----------- |
| `rejectUnsignedCommits` | Boolean! | Indicates whether commits not signed through GPG will be rejected. |
### `Release` ### `Release`
Represents a release. Represents a release.
......
...@@ -132,6 +132,12 @@ module EE ...@@ -132,6 +132,12 @@ module EE
null: true, null: true,
description: 'API fuzzing configuration for the project.', description: 'API fuzzing configuration for the project.',
feature_flag: :api_fuzzing_configuration_ui feature_flag: :api_fuzzing_configuration_ui
field :push_rules,
::Types::PushRulesType,
null: true,
description: "The project's push rules settings.",
method: :push_rule
end end
def api_fuzzing_ci_configuration def api_fuzzing_ci_configuration
......
# frozen_string_literal: true
module Types
class PushRulesType < BaseObject
graphql_name 'PushRules'
description 'Represents rules that commit pushes must follow.'
accepts ::PushRule
authorize :read_project
field :reject_unsigned_commits,
GraphQL::BOOLEAN_TYPE,
null: false,
description: 'Indicates whether commits not signed through GPG will be rejected.'
def reject_unsigned_commits
!!(object.available?(:reject_unsigned_commits) && object.reject_unsigned_commits)
end
end
end
# frozen_string_literal: true
class PushRulePolicy < BasePolicy
delegate { @subject.project }
end
...@@ -222,6 +222,12 @@ RSpec.describe GitlabSchema.types['Project'] do ...@@ -222,6 +222,12 @@ RSpec.describe GitlabSchema.types['Project'] do
end end
end end
describe 'push rules field' do
subject { described_class.fields['pushRules'] }
it { is_expected.to have_graphql_type(Types::PushRulesType) }
end
private private
def query_for_project(project) def query_for_project(project)
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe GitlabSchema.types['PushRules'] do
it { expect(described_class.graphql_name).to eq('PushRules') }
it { expect(described_class).to require_graphql_authorizations(:read_project) }
it 'has the expected fields' do
expect(described_class).to have_graphql_fields(:reject_unsigned_commits)
end
end
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Query.project(fullPath).pushRules' do
using RSpec::Parameterized::TableSyntax
include GraphqlHelpers
let_it_be(:user) { create(:user) }
let_it_be(:project) { create(:project, namespace: user.namespace) }
subject(:push_rules_response) do
post_graphql(
graphql_query_for(
:project, { full_path: project.full_path }, "pushRules { #{all_graphql_fields_for('PushRules')} }"
),
current_user: user
)
graphql_dig_at(graphql_data, 'project', 'pushRules')
end
it 'returns nil when push_rules license is false' do
create(:push_rule, project: project)
stub_licensed_features(push_rules: false)
expect(push_rules_response).to be_nil
end
describe 'pushRules.rejectUnsignedCommits' do
where(:field_value, :license_value, :expected) do
true | true | true
true | false | false
false | true | false
false | false | false
end
with_them do
before do
create(:push_rule, project: project, reject_unsigned_commits: field_value)
stub_licensed_features(reject_unsigned_commits: license_value)
end
it "returns" do
expect(push_rules_response).to eq("rejectUnsignedCommits" => expected)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment