Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
12cc3fee
Commit
12cc3fee
authored
Aug 21, 2020
by
Philip Cunningham
Committed by
Dylan Griffith
Aug 21, 2020
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Centralise feature flag checking of on-demand DAST
Switches feature flag over to new policy with additional checks.
parent
2bd832e5
Changes
35
Show whitespace changes
Inline
Side-by-side
Showing
35 changed files
with
376 additions
and
260 deletions
+376
-260
ee/app/graphql/mutations/dast_on_demand_scans/create.rb
ee/app/graphql/mutations/dast_on_demand_scans/create.rb
+1
-2
ee/app/graphql/mutations/dast_scanner_profiles/create.rb
ee/app/graphql/mutations/dast_scanner_profiles/create.rb
+1
-2
ee/app/graphql/mutations/dast_site_profiles/create.rb
ee/app/graphql/mutations/dast_site_profiles/create.rb
+1
-2
ee/app/graphql/mutations/dast_site_profiles/delete.rb
ee/app/graphql/mutations/dast_site_profiles/delete.rb
+2
-3
ee/app/graphql/mutations/dast_site_profiles/update.rb
ee/app/graphql/mutations/dast_site_profiles/update.rb
+1
-2
ee/app/graphql/mutations/pipelines/run_dast_scan.rb
ee/app/graphql/mutations/pipelines/run_dast_scan.rb
+1
-2
ee/app/graphql/types/dast_scanner_profile_type.rb
ee/app/graphql/types/dast_scanner_profile_type.rb
+1
-1
ee/app/policies/ee/project_policy.rb
ee/app/policies/ee/project_policy.rb
+0
-1
ee/app/services/ci/run_dast_scan_service.rb
ee/app/services/ci/run_dast_scan_service.rb
+1
-1
ee/app/services/dast_scanner_profiles/create_service.rb
ee/app/services/dast_scanner_profiles/create_service.rb
+1
-1
ee/app/services/dast_site_profiles/create_service.rb
ee/app/services/dast_site_profiles/create_service.rb
+1
-1
ee/app/services/dast_site_profiles/update_service.rb
ee/app/services/dast_site_profiles/update_service.rb
+1
-1
ee/app/services/dast_sites/find_or_create_service.rb
ee/app/services/dast_sites/find_or_create_service.rb
+1
-1
ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb
...pec/graphql/mutations/dast_on_demand_scans/create_spec.rb
+12
-0
ee/spec/graphql/mutations/dast_scanner_profiles/create_spec.rb
...ec/graphql/mutations/dast_scanner_profiles/create_spec.rb
+12
-0
ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
+21
-11
ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
+12
-0
ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
+12
-0
ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
+4
-0
ee/spec/graphql/types/dast_scanner_profile_type_spec.rb
ee/spec/graphql/types/dast_scanner_profile_type_spec.rb
+1
-1
ee/spec/requests/api/graphql/mutations/dast_on_demand_scans/create_spec.rb
...api/graphql/mutations/dast_on_demand_scans/create_spec.rb
+5
-40
ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/create_spec.rb
...pi/graphql/mutations/dast_scanner_profiles/create_spec.rb
+4
-39
ee/spec/requests/api/graphql/mutations/dast_site_profiles/create_spec.rb
...s/api/graphql/mutations/dast_site_profiles/create_spec.rb
+10
-37
ee/spec/requests/api/graphql/mutations/dast_site_profiles/delete_spec.rb
...s/api/graphql/mutations/dast_site_profiles/delete_spec.rb
+14
-55
ee/spec/requests/api/graphql/mutations/dast_site_profiles/update_spec.rb
...s/api/graphql/mutations/dast_site_profiles/update_spec.rb
+15
-52
ee/spec/requests/api/graphql/mutations/pipelines/run_dast_scan_spec.rb
...sts/api/graphql/mutations/pipelines/run_dast_scan_spec.rb
+4
-0
ee/spec/requests/api/graphql/project/dast_scanner_profiles_spec.rb
...equests/api/graphql/project/dast_scanner_profiles_spec.rb
+1
-1
ee/spec/services/ci/run_dast_scan_service_spec.rb
ee/spec/services/ci/run_dast_scan_service_spec.rb
+33
-1
ee/spec/services/dast_scanner_profiles/create_service_spec.rb
...pec/services/dast_scanner_profiles/create_service_spec.rb
+32
-0
ee/spec/services/dast_site_profiles/create_service_spec.rb
ee/spec/services/dast_site_profiles/create_service_spec.rb
+33
-1
ee/spec/services/dast_site_profiles/update_service_spec.rb
ee/spec/services/dast_site_profiles/update_service_spec.rb
+33
-1
ee/spec/services/dast_sites/find_or_create_service_spec.rb
ee/spec/services/dast_sites/find_or_create_service_spec.rb
+25
-1
ee/spec/support/shared_examples/graphql/mutations/on_demand_scan_with_user_abilities_shared_examples.rb
...ons/on_demand_scan_with_user_abilities_shared_examples.rb
+45
-0
ee/spec/support/shared_examples/graphql/mutations/on_demand_scan_without_user_abilities_shared_examples.rb
.../on_demand_scan_without_user_abilities_shared_examples.rb
+28
-0
spec/support/shared_examples/graphql/mutation_shared_examples.rb
...pport/shared_examples/graphql/mutation_shared_examples.rb
+7
-0
No files found.
ee/app/graphql/mutations/dast_on_demand_scans/create.rb
View file @
12cc3fee
...
...
@@ -21,11 +21,10 @@ module Mutations
required:
true
,
description:
'ID of the site profile to be used for the scan.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
full_path
:,
dast_site_profile_id
:)
project
=
authorized_find!
(
full_path:
full_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
dast_site_profile
=
find_dast_site_profile
(
project:
project
,
dast_site_profile_id:
dast_site_profile_id
)
dast_site
=
dast_site_profile
.
dast_site
...
...
ee/app/graphql/mutations/dast_scanner_profiles/create.rb
View file @
12cc3fee
...
...
@@ -27,11 +27,10 @@ module Mutations
required:
false
,
description:
'The maximum number of seconds allowed for the site under test to respond to a request.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
full_path
:,
profile_name
:,
spider_timeout:
nil
,
target_timeout:
nil
)
project
=
authorized_find!
(
full_path:
full_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
service
=
::
DastScannerProfiles
::
CreateService
.
new
(
project
,
current_user
)
result
=
service
.
execute
(
name:
profile_name
,
spider_timeout:
spider_timeout
,
target_timeout:
target_timeout
)
...
...
ee/app/graphql/mutations/dast_site_profiles/create.rb
View file @
12cc3fee
...
...
@@ -23,11 +23,10 @@ module Mutations
required:
false
,
description:
'The URL of the target to be scanned.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
full_path
:,
profile_name
:,
target_url:
nil
)
project
=
authorized_find!
(
full_path:
full_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
service
=
::
DastSiteProfiles
::
CreateService
.
new
(
project
,
current_user
)
result
=
service
.
execute
(
name:
profile_name
,
target_url:
target_url
)
...
...
ee/app/graphql/mutations/dast_site_profiles/delete.rb
View file @
12cc3fee
...
...
@@ -15,13 +15,12 @@ module Mutations
required:
true
,
description:
'ID of the site profile to be deleted.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
full_path
:,
id
:)
project
=
authorized_find!
(
full_path:
full_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
dast_site_profile
=
find_dast_site_profile
(
project:
project
,
global_id:
id
)
return
{
errors:
dast_site_profile
.
errors
.
full_messages
}
unless
dast_site_profile
.
destroy
{
errors:
[]
}
...
...
ee/app/graphql/mutations/dast_site_profiles/update.rb
View file @
12cc3fee
...
...
@@ -27,11 +27,10 @@ module Mutations
required:
false
,
description:
'The URL of the target to be scanned.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
full_path
:,
**
service_args
)
project
=
authorized_find!
(
full_path:
full_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
service
=
::
DastSiteProfiles
::
UpdateService
.
new
(
project
,
current_user
)
result
=
service
.
execute
(
service_args
)
...
...
ee/app/graphql/mutations/pipelines/run_dast_scan.rb
View file @
12cc3fee
...
...
@@ -27,11 +27,10 @@ module Mutations
required:
true
,
description:
'The type of scan to be run.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
def
resolve
(
project_path
:,
target_url
:,
branch
:,
scan_type
:)
project
=
authorized_find!
(
full_path:
project_path
)
raise_resource_not_available_error!
unless
Feature
.
enabled?
(
:security_on_demand_scans_feature_flag
,
project
,
default_enabled:
true
)
service
=
Ci
::
RunDastScanService
.
new
(
project
,
current_user
)
result
=
service
.
execute
(
branch:
branch
,
target_url:
target_url
)
...
...
ee/app/graphql/types/dast_scanner_profile_type.rb
View file @
12cc3fee
...
...
@@ -5,7 +5,7 @@ module Types
graphql_name
'DastScannerProfile'
description
'Represents a DAST scanner profile.'
authorize
:
run_on
demand_dast_scan
authorize
:
create_on_
demand_dast_scan
field
:id
,
GraphQL
::
ID_TYPE
,
null:
false
,
description:
'ID of the DAST scanner profile'
...
...
ee/app/policies/ee/project_policy.rb
View file @
12cc3fee
...
...
@@ -219,7 +219,6 @@ module EE
enable
:admin_feature_flag
enable
:admin_feature_flags_user_lists
enable
:read_ci_minutes_quota
enable
:run_ondemand_dast_scan
end
rule
{
can?
(
:developer_access
)
&
iterations_available
}.
policy
do
...
...
ee/app/services/ci/run_dast_scan_service.rb
View file @
12cc3fee
...
...
@@ -29,7 +29,7 @@ module Ci
private
def
allowed?
Ability
.
allowed?
(
current_user
,
:
run_on
demand_dast_scan
,
project
)
Ability
.
allowed?
(
current_user
,
:
create_on_
demand_dast_scan
,
project
)
end
def
ci_yaml
(
target_url
)
...
...
ee/app/services/dast_scanner_profiles/create_service.rb
View file @
12cc3fee
...
...
@@ -19,7 +19,7 @@ module DastScannerProfiles
private
def
allowed?
Ability
.
allowed?
(
current_user
,
:
run_on
demand_dast_scan
,
project
)
Ability
.
allowed?
(
current_user
,
:
create_on_
demand_dast_scan
,
project
)
end
end
end
ee/app/services/dast_site_profiles/create_service.rb
View file @
12cc3fee
...
...
@@ -20,7 +20,7 @@ module DastSiteProfiles
private
def
allowed?
Ability
.
allowed?
(
current_user
,
:
run_on
demand_dast_scan
,
project
)
Ability
.
allowed?
(
current_user
,
:
create_on_
demand_dast_scan
,
project
)
end
end
end
ee/app/services/dast_site_profiles/update_service.rb
View file @
12cc3fee
...
...
@@ -25,7 +25,7 @@ module DastSiteProfiles
private
def
allowed?
Ability
.
allowed?
(
current_user
,
:
run_on
demand_dast_scan
,
project
)
Ability
.
allowed?
(
current_user
,
:
create_on_
demand_dast_scan
,
project
)
end
# rubocop: disable CodeReuse/ActiveRecord
...
...
ee/app/services/dast_sites/find_or_create_service.rb
View file @
12cc3fee
...
...
@@ -13,7 +13,7 @@ module DastSites
private
def
allowed?
Ability
.
allowed?
(
current_user
,
:
run_on
demand_dast_scan
,
project
)
Ability
.
allowed?
(
current_user
,
:
create_on_
demand_dast_scan
,
project
)
end
def
find_or_create_by!
(
url
)
...
...
ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb
View file @
12cc3fee
...
...
@@ -12,6 +12,10 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
subject
do
mutation
.
resolve
(
...
...
@@ -105,6 +109,14 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
end
...
...
ee/spec/graphql/mutations/dast_scanner_profiles/create_spec.rb
View file @
12cc3fee
...
...
@@ -12,6 +12,10 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
subject
do
mutation
.
resolve
(
...
...
@@ -75,6 +79,14 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
end
ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
View file @
12cc3fee
...
...
@@ -13,6 +13,10 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
subject
do
mutation
.
resolve
(
...
...
@@ -22,17 +26,7 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
)
end
context
'when on demand scan feature is not enabled'
do
it
'raises an exception'
do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
context
'when on demand scan feature is enabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
true
)
end
context
'when the project does not exist'
do
let
(
:full_path
)
{
SecureRandom
.
hex
}
...
...
@@ -63,7 +57,7 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
end
end
context
'when the user
is a developer
'
do
context
'when the user
can run a dast scan
'
do
before
do
project
.
add_developer
(
user
)
end
...
...
@@ -95,6 +89,22 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
expect
(
response
[
:errors
]).
to
include
(
'Name has already been taken'
)
end
end
context
'when on demand scan feature is not enabled'
do
it
'raises an exception'
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
end
...
...
ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
View file @
12cc3fee
...
...
@@ -11,6 +11,10 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
subject
do
mutation
.
resolve
(
...
...
@@ -100,6 +104,14 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
end
...
...
ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
View file @
12cc3fee
...
...
@@ -14,6 +14,10 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
subject
do
mutation
.
resolve
(
...
...
@@ -100,6 +104,14 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
)
end
end
end
end
end
...
...
ee/spec/graphql/mutations/pipelines/run_dast_scan_spec.rb
View file @
12cc3fee
...
...
@@ -13,6 +13,10 @@ RSpec.describe Mutations::Pipelines::RunDastScan do
subject
(
:mutation
)
{
described_class
.
new
(
object:
nil
,
context:
{
current_user:
user
},
field:
nil
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#resolve'
do
subject
do
mutation
.
resolve
(
...
...
ee/spec/graphql/types/dast_scanner_profile_type_spec.rb
View file @
12cc3fee
...
...
@@ -27,7 +27,7 @@ RSpec.describe GitlabSchema.types['DastScannerProfile'] do
end
specify
{
expect
(
described_class
.
graphql_name
).
to
eq
(
'DastScannerProfile'
)
}
specify
{
expect
(
described_class
).
to
require_graphql_authorizations
(
:
run_on
demand_dast_scan
)
}
specify
{
expect
(
described_class
).
to
require_graphql_authorizations
(
:
create_on_
demand_dast_scan
)
}
it
{
expect
(
described_class
).
to
have_graphql_fields
(
fields
)
}
...
...
ee/spec/requests/api/graphql/mutations/dast_on_demand_scans/create_spec.rb
View file @
12cc3fee
...
...
@@ -5,44 +5,19 @@ require 'spec_helper'
RSpec
.
describe
'Running a DAST Scan'
do
include
GraphqlHelpers
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
let
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let
(
:mutation_name
)
{
:dast_on_demand_scan_create
}
let
(
:mutation
)
do
graphql_mutation
(
:dast_on_demand_scan_creat
e
,
mutation_nam
e
,
full_path:
full_path
,
dast_site_profile_id:
dast_site_profile
.
to_global_id
.
to_s
)
end
def
mutation_response
graphql_mutation_response
(
:dast_on_demand_scan_create
)
end
context
'when a user does not have access to the project'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when a user does not have access to run a dast scan on the project'
do
before
do
project
.
add_guest
(
current_user
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
"exist or you don't have permission to perform this action"
]
end
context
'when a user has access to run a dast scan on the project'
do
before
do
project
.
add_developer
(
current_user
)
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'returns a pipeline_url containing the correct path'
do
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
pipeline
=
Ci
::
Pipeline
.
last
...
...
@@ -56,7 +31,7 @@ RSpec.describe 'Running a DAST Scan' do
context
'when wrong type of global id is passed'
do
let
(
:mutation
)
do
graphql_mutation
(
:dast_on_demand_scan_creat
e
,
mutation_nam
e
,
full_path:
full_path
,
dast_site_profile_id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
)
...
...
@@ -81,15 +56,5 @@ RSpec.describe 'Running a DAST Scan' do
it_behaves_like
'a mutation that returns errors in the response'
,
errors:
[
'error message'
]
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
"exist or you don't have permission to perform this action"
]
end
end
end
ee/spec/requests/api/graphql/mutations/dast_scanner_profiles/create_spec.rb
View file @
12cc3fee
...
...
@@ -5,45 +5,20 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Scanner Profile'
do
include
GraphqlHelpers
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
let
(
:profile_name
)
{
FFaker
::
Company
.
catch_phrase
}
let
(
:dast_scanner_profile
)
{
DastScannerProfile
.
find_by
(
project:
project
,
name:
profile_name
)
}
let
(
:mutation_name
)
{
:dast_scanner_profile_create
}
let
(
:mutation
)
do
graphql_mutation
(
:dast_scanner_profile_creat
e
,
mutation_nam
e
,
full_path:
full_path
,
profile_name:
profile_name
)
end
def
mutation_response
graphql_mutation_response
(
:dast_scanner_profile_create
)
end
context
'when a user does not have access to the project'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
"exist or you don't have permission to perform this action"
]
end
context
'when a user does not have access to run a dast scan on the project'
do
before
do
project
.
add_guest
(
current_user
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
"exist or you don't have permission to perform this action"
]
end
context
'when a user has access to run a DAST scan on the project'
do
before
do
project
.
add_developer
(
current_user
)
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'returns the dast_scanner_profile id'
do
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
...
...
@@ -61,15 +36,5 @@ RSpec.describe 'Creating a DAST Scanner Profile' do
expect
(
mutation_response
[
"errors"
]).
to
include
(
'Name has already been taken'
)
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
"exist or you don't have permission to perform this action"
]
end
end
end
ee/spec/requests/api/graphql/mutations/dast_site_profiles/create_spec.rb
View file @
12cc3fee
...
...
@@ -5,50 +5,24 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Profile'
do
include
GraphqlHelpers
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
let
(
:profile_name
)
{
FFaker
::
Company
.
catch_phrase
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
let
(
:dast_site_profile
)
{
DastSiteProfile
.
find_by
(
project:
project
,
name:
profile_name
)
}
let
(
:mutation_name
)
{
:dast_site_profile_create
}
let
(
:mutation
)
do
graphql_mutation
(
:dast_site_profile_creat
e
,
mutation_nam
e
,
full_path:
full_path
,
profile_name:
profile_name
,
target_url:
target_url
)
end
def
mutation_response
graphql_mutation_response
(
:dast_site_profile_create
)
end
context
'when on demand scan feature is not enabled'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when on demand scan feature is enabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
true
)
end
context
'when the user does not have permission to run a dast scan'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when the user can run a dast scan'
do
before
do
project
.
add_developer
(
current_user
)
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'returns the dast_site_profile id'
do
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
subject
expect
(
mutation_response
[
"id"
]).
to
eq
(
dast_site_profile
.
to_global_id
.
to_s
)
end
...
...
@@ -61,5 +35,4 @@ RSpec.describe 'Creating a DAST Site Profile' do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'Internal server error'
]
end
end
end
end
ee/spec/requests/api/graphql/mutations/dast_site_profiles/delete_spec.rb
View file @
12cc3fee
...
...
@@ -5,52 +5,19 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Profile'
do
include
GraphqlHelpers
let
(
:project
)
{
create
(
:project
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
let!
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let
(
:mutation_name
)
{
:dast_site_profile_delete
}
let
(
:mutation
)
do
graphql_mutation
(
:dast_site_profile_delet
e
,
mutation_nam
e
,
full_path:
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
)
end
def
mutation_response
graphql_mutation_response
(
:dast_site_profile_delete
)
end
subject
{
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
}
context
'when a user does not have access to the project'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when a user does not have access to run a dast scan on the project'
do
before
do
project
.
add_guest
(
current_user
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when a user has access to run a dast scan on the project'
do
before
do
project
.
add_developer
(
current_user
)
end
it
'returns an empty errors array'
do
subject
expect
(
mutation_response
[
"errors"
]).
to
be_empty
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'deletes the dast_site_profile'
do
expect
{
subject
}.
to
change
{
DastSiteProfile
.
count
}.
by
(
-
1
)
end
...
...
@@ -77,41 +44,33 @@ RSpec.describe 'Creating a DAST Site Profile' do
context
'when wrong type of global id is passed'
do
let
(
:mutation
)
do
graphql_mutation
(
:dast_site_profile_delet
e
,
mutation_nam
e
,
full_path:
full_path
,
id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
)
end
it
'returns a top-level error'
do
subject
it_behaves_like
'a mutation that returns top-level errors'
do
let
(
:match_errors
)
do
gid
=
dast_site_profile
.
dast_site
.
to_global_id
expect
(
graphql_errors
.
dig
(
0
,
'message'
)).
to
include
(
'does not represent an instance of DastSiteProfile'
)
eq
([
"Variable $dastSiteProfileDeleteInput of type DastSiteProfileDeleteInput! "
\
"was provided invalid value for id (
\"
#{
gid
}
\"
does not represent an instance "
\
"of DastSiteProfile)"
])
end
end
end
context
'when the dast_site_profile belongs to a different project'
do
let
(
:mutation
)
do
graphql_mutation
(
:dast_site_profile_delet
e
,
mutation_nam
e
,
full_path:
create
(
:project
).
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
it_behaves_like
'a mutation that returns a top-level access error'
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
end
ee/spec/requests/api/graphql/mutations/dast_site_profiles/update_spec.rb
View file @
12cc3fee
...
...
@@ -5,17 +5,15 @@ require 'spec_helper'
RSpec
.
describe
'Creating a DAST Site Profile'
do
include
GraphqlHelpers
let
(
:project
)
{
create
(
:project
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
let!
(
:dast_site_profile
)
{
create
(
:dast_site_profile
,
project:
project
)
}
let
(
:new_profile_name
)
{
SecureRandom
.
hex
}
let
(
:new_target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
let
(
:mutation_name
)
{
:dast_site_profile_update
}
let
(
:mutation
)
do
graphql_mutation
(
:dast_site_profile_updat
e
,
mutation_nam
e
,
full_path:
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
,
profile_name:
new_profile_name
,
...
...
@@ -24,38 +22,11 @@ RSpec.describe 'Creating a DAST Site Profile' do
end
def
mutation_response
graphql_mutation_response
(
:dast_site_profile_update
)
end
subject
{
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
}
context
'when a user does not have access to the project'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when a user does not have access to run a dast scan on the project'
do
before
do
project
.
add_guest
(
current_user
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
context
'when a user has access to run a dast scan on the project'
do
before
do
project
.
add_developer
(
current_user
)
end
it
'returns an empty errors array'
do
subject
expect
(
mutation_response
[
"errors"
]).
to
be_empty
graphql_mutation_response
(
mutation_name
)
end
it_behaves_like
'an on-demand scan mutation when user cannot run an on-demand scan'
it_behaves_like
'an on-demand scan mutation when user can run an on-demand scan'
do
it
'updates the dast_site_profile'
do
subject
...
...
@@ -84,7 +55,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
context
'when wrong type of global id is passed'
do
let
(
:mutation
)
do
graphql_mutation
(
:dast_site_profile_updat
e
,
mutation_nam
e
,
full_path:
full_path
,
id:
dast_site_profile
.
dast_site
.
to_global_id
.
to_s
,
profile_name:
new_profile_name
,
...
...
@@ -92,17 +63,21 @@ RSpec.describe 'Creating a DAST Site Profile' do
)
end
it
'returns a top-level error'
do
subject
it_behaves_like
'a mutation that returns top-level errors'
do
let
(
:match_errors
)
do
gid
=
dast_site_profile
.
dast_site
.
to_global_id
expect
(
graphql_errors
.
dig
(
0
,
'message'
)).
to
include
(
'does not represent an instance of DastSiteProfile'
)
eq
([
"Variable $dastSiteProfileUpdateInput of type DastSiteProfileUpdateInput! "
\
"was provided invalid value for id (
\"
#{
gid
}
\"
does not represent an instance "
\
"of DastSiteProfile)"
])
end
end
end
context
'when the dast_site_profile belongs to a different project'
do
let
(
:mutation
)
do
graphql_mutation
(
:dast_site_profile_updat
e
,
mutation_nam
e
,
full_path:
create
(
:project
).
full_path
,
id:
dast_site_profile
.
to_global_id
.
to_s
,
profile_name:
new_profile_name
,
...
...
@@ -110,19 +85,7 @@ RSpec.describe 'Creating a DAST Site Profile' do
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
it_behaves_like
'a mutation that returns a top-level access error'
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
'exist or you don\'t have permission to perform this action'
]
end
end
ee/spec/requests/api/graphql/mutations/pipelines/run_dast_scan_spec.rb
View file @
12cc3fee
...
...
@@ -26,6 +26,10 @@ RSpec.describe 'Running a DAST Scan' do
graphql_mutation_response
(
:run_dast_scan
)
end
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
context
'when on demand scan feature is not enabled'
do
it_behaves_like
'a mutation that returns top-level errors'
,
errors:
[
'The resource that you are attempting to access does not '
\
...
...
ee/spec/requests/api/graphql/project/dast_scanner_profiles_spec.rb
View file @
12cc3fee
...
...
@@ -40,7 +40,7 @@ RSpec.describe 'Query.project(fullPath).dastScannerProfiles' do
end
end
context
'when
a user does not have access to run_ondemand_dast_
scan'
do
context
'when
the user can run a dast
scan'
do
before
do
project
.
add_guest
(
current_user
)
end
...
...
ee/spec/services/ci/run_dast_scan_service_spec.rb
View file @
12cc3fee
...
...
@@ -8,6 +8,10 @@ RSpec.describe Ci::RunDastScanService do
let
(
:branch
)
{
project
.
default_branch
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:http
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'.ci_template'
do
it
'builds a hash'
do
expect
(
described_class
.
ci_template
).
to
be_a
(
Hash
)
...
...
@@ -29,7 +33,7 @@ RSpec.describe Ci::RunDastScanService do
let
(
:pipeline
)
{
subject
.
payload
}
let
(
:message
)
{
subject
.
message
}
context
'when
the user does not have permission to run a dast scan
'
do
context
'when
a user does not have access to the project
'
do
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
...
...
@@ -142,6 +146,34 @@ RSpec.describe Ci::RunDastScanService do
expect
(
message
).
to
eq
(
full_error_messages
)
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
context
'when on demand scan licensed feature is not available'
do
before
do
stub_licensed_features
(
security_on_demand_scans:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
end
end
end
ee/spec/services/dast_scanner_profiles/create_service_spec.rb
View file @
12cc3fee
...
...
@@ -9,6 +9,10 @@ RSpec.describe DastScannerProfiles::CreateService do
let
(
:target_timeout
)
{
60
}
let
(
:spider_timeout
)
{
600
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#execute'
do
subject
do
described_class
.
new
(
project
,
user
).
execute
(
...
...
@@ -83,6 +87,34 @@ RSpec.describe DastScannerProfiles::CreateService do
expect
(
message
).
to
eq
([
'Name has already been taken'
])
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
context
'when on demand scan licensed feature is not available'
do
before
do
stub_licensed_features
(
security_on_demand_scans:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
end
end
end
ee/spec/services/dast_site_profiles/create_service_spec.rb
View file @
12cc3fee
...
...
@@ -8,6 +8,10 @@ RSpec.describe DastSiteProfiles::CreateService do
let
(
:name
)
{
FFaker
::
Company
.
catch_phrase
}
let
(
:target_url
)
{
FFaker
::
Internet
.
uri
(
:http
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#execute'
do
subject
{
described_class
.
new
(
project
,
user
).
execute
(
name:
name
,
target_url:
target_url
)
}
...
...
@@ -16,7 +20,7 @@ RSpec.describe DastSiteProfiles::CreateService do
let
(
:errors
)
{
subject
.
errors
}
let
(
:payload
)
{
subject
.
payload
}
context
'when
the user does not have permission to run a dast scan
'
do
context
'when
a user does not have access to the project
'
do
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
...
...
@@ -72,6 +76,34 @@ RSpec.describe DastSiteProfiles::CreateService do
expect
(
errors
).
to
include
(
'Url is blocked: Requests to localhost are not allowed'
)
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
context
'when on demand scan licensed feature is not available'
do
before
do
stub_licensed_features
(
security_on_demand_scans:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
end
end
end
ee/spec/services/dast_site_profiles/update_service_spec.rb
View file @
12cc3fee
...
...
@@ -10,6 +10,10 @@ RSpec.describe DastSiteProfiles::UpdateService do
let
(
:new_profile_name
)
{
SecureRandom
.
hex
}
let
(
:new_target_url
)
{
FFaker
::
Internet
.
uri
(
:https
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#execute'
do
subject
do
described_class
.
new
(
project
,
user
).
execute
(
...
...
@@ -24,7 +28,7 @@ RSpec.describe DastSiteProfiles::UpdateService do
let
(
:errors
)
{
subject
.
errors
}
let
(
:payload
)
{
subject
.
payload
}
context
'when
the user does not have permission to run a dast scan
'
do
context
'when
a user does not have access to the project
'
do
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
...
...
@@ -81,6 +85,34 @@ RSpec.describe DastSiteProfiles::UpdateService do
expect
(
message
).
to
eq
(
'DastSiteProfile not found'
)
end
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
context
'when on demand scan licensed feature is not available'
do
before
do
stub_licensed_features
(
security_on_demand_scans:
false
)
end
it
'returns an error status'
do
expect
(
status
).
to
eq
(
:error
)
end
it
'populates message'
do
expect
(
message
).
to
eq
(
'Insufficient permissions'
)
end
end
end
end
end
ee/spec/services/dast_sites/find_or_create_service_spec.rb
View file @
12cc3fee
...
...
@@ -7,10 +7,14 @@ RSpec.describe DastSites::FindOrCreateService do
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
user
)
}
let
(
:url
)
{
FFaker
::
Internet
.
uri
(
:http
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
describe
'#execute!'
do
subject
{
described_class
.
new
(
project
,
user
).
execute!
(
url:
url
)
}
context
'when
the user does not have permission to run a dast scan
'
do
context
'when
a user does not have access to the project
'
do
it
'raises an exception'
do
expect
{
subject
}.
to
raise_error
(
DastSites
::
FindOrCreateService
::
PermissionsError
)
do
|
err
|
expect
(
err
.
message
).
to
include
(
'Insufficient permissions'
)
...
...
@@ -54,6 +58,26 @@ RSpec.describe DastSites::FindOrCreateService do
end
end
end
context
'when on demand scan feature is disabled'
do
it
'raises an exception'
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
expect
{
subject
}.
to
raise_error
(
DastSites
::
FindOrCreateService
::
PermissionsError
)
do
|
err
|
expect
(
err
.
message
).
to
include
(
'Insufficient permissions'
)
end
end
end
context
'when on demand scan licensed feature is not available'
do
it
'raises an exception'
do
stub_licensed_features
(
security_on_demand_scans:
false
)
expect
{
subject
}.
to
raise_error
(
DastSites
::
FindOrCreateService
::
PermissionsError
)
do
|
err
|
expect
(
err
.
message
).
to
include
(
'Insufficient permissions'
)
end
end
end
end
end
end
ee/spec/support/shared_examples/graphql/mutations/on_demand_scan_with_user_abilities_shared_examples.rb
0 → 100644
View file @
12cc3fee
# frozen_string_literal: true
require
'spec_helper'
# There must be a method or let called `mutation` defined that executes
# the mutation and one called `mutation_name` that is the name of the
# mutation being executed.
RSpec
.
shared_examples
'an on-demand scan mutation when user can run an on-demand scan'
do
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
def
mutation_response
graphql_mutation_response
(
mutation_name
)
end
subject
{
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
project
.
add_developer
(
current_user
)
end
it
'returns an empty errors array'
do
subject
expect
(
mutation_response
[
"errors"
]).
to
be_empty
end
context
'when on demand scan feature is disabled'
do
before
do
stub_feature_flags
(
security_on_demand_scans_feature_flag:
false
)
end
it_behaves_like
'a mutation that returns a top-level access error'
end
context
'when on demand scan licensed feature is not available'
do
before
do
stub_licensed_features
(
security_on_demand_scans:
false
)
end
it_behaves_like
'a mutation that returns a top-level access error'
end
end
ee/spec/support/shared_examples/graphql/mutations/on_demand_scan_without_user_abilities_shared_examples.rb
0 → 100644
View file @
12cc3fee
# frozen_string_literal: true
require
'spec_helper'
# There must be a method or let called `mutation` defined that executes
# the mutation and one called `mutation_name` that is the name of the
# mutation being executed.
RSpec
.
shared_examples
'an on-demand scan mutation when user cannot run an on-demand scan'
do
let
(
:project
)
{
create
(
:project
,
:repository
,
creator:
current_user
)
}
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:full_path
)
{
project
.
full_path
}
before
do
stub_licensed_features
(
security_on_demand_scans:
true
)
end
context
'when a user does not have access to the project'
do
it_behaves_like
'a mutation that returns a top-level access error'
end
context
'when a user does not have access to run a dast scan on the project'
do
before
do
project
.
add_guest
(
current_user
)
end
it_behaves_like
'a mutation that returns a top-level access error'
end
end
spec/support/shared_examples/graphql/mutation_shared_examples.rb
View file @
12cc3fee
...
...
@@ -19,6 +19,13 @@ RSpec.shared_examples 'a mutation that returns top-level errors' do |errors: []|
end
end
# There must be a method or let called `mutation` defined that executes
# the mutation.
RSpec
.
shared_examples
'a mutation that returns a top-level access error'
do
include_examples
'a mutation that returns top-level errors'
,
errors:
[
Gitlab
::
Graphql
::
Authorize
::
AuthorizeResource
::
RESOURCE_ACCESS_ERROR
]
end
RSpec
.
shared_examples
'an invalid argument to the mutation'
do
|
argument_name
:|
it_behaves_like
'a mutation that returns top-level errors'
do
let
(
:match_errors
)
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment