Commit 2d9476b3 authored by Luke Duncalfe's avatar Luke Duncalfe

Merge branch 'vij-auth-check-billable-count' into 'master'

Check authorization to view billableMembersCount via GraphQL

See merge request gitlab-org/gitlab!82479
parents d0fad442 1a23f5e6
...@@ -85,6 +85,7 @@ module EE ...@@ -85,6 +85,7 @@ module EE
field :billable_members_count, ::GraphQL::Types::Int, field :billable_members_count, ::GraphQL::Types::Int,
null: true, null: true,
authorize: :owner_access,
description: 'Number of billable users in the group.' do description: 'Number of billable users in the group.' do
argument :requested_hosted_plan, String, required: false, description: 'Plan from which to get billable members.' argument :requested_hosted_plan, String, required: false, description: 'Plan from which to get billable members.'
end end
......
...@@ -69,20 +69,15 @@ RSpec.describe GitlabSchema.types['Group'] do ...@@ -69,20 +69,15 @@ RSpec.describe GitlabSchema.types['Group'] do
describe 'billable members count' do describe 'billable members count' do
let_it_be(:group) { create(:group) } let_it_be(:group) { create(:group) }
let_it_be(:project) { create(:project, namespace: group) } let_it_be(:project) { create(:project, namespace: group) }
let_it_be(:user1) { create(:user) } let_it_be(:group_owner) { create(:user) }
let_it_be(:user2) { create(:user) } let_it_be(:group_developer) { create(:user) }
let_it_be(:user3) { create(:user) } let_it_be(:group_guest) { create(:user) }
let_it_be(:user4) { create(:user) } let_it_be(:project_developer) { create(:user) }
let_it_be(:project_guest) { create(:user) }
before do
group.add_developer(user1) let(:current_user) { group_owner }
group.add_guest(user2) let(:query) do
project.add_developer(user3) <<~GQL
project.add_guest(user4)
end
it "returns billable users count including guests when no plan is provided" do
query = <<~GQL
query { query {
group(fullPath: "#{group.full_path}") { group(fullPath: "#{group.full_path}") {
id, id,
...@@ -90,46 +85,63 @@ RSpec.describe GitlabSchema.types['Group'] do ...@@ -90,46 +85,63 @@ RSpec.describe GitlabSchema.types['Group'] do
} }
} }
GQL GQL
end
before do
group.add_owner(group_owner)
group.add_developer(group_developer)
group.add_guest(group_guest)
project.add_developer(project_developer)
project.add_guest(project_guest)
end
result = GitlabSchema.execute(query, context: { current_user: user1 }).as_json subject(:billable_members_count) do
result = GitlabSchema.execute(query, context: { current_user: current_user }).as_json
billable_members_count = result.dig('data', 'group', 'billableMembersCount') result.dig('data', 'group', 'billableMembersCount')
end
expect(billable_members_count).to eq(4) context 'when no plan is provided' do
it 'returns billable users count including guests' do
expect(billable_members_count).to eq(5)
end
end end
it "returns billable users count including guests when a plan that should include guests is provided" do context 'when a plan is provided' do
query = <<~GQL let(:query) do
<<~GQL
query { query {
group(fullPath: "#{group.full_path}") { group(fullPath: "#{group.full_path}") {
id, id,
billableMembersCount(requestedHostedPlan: "#{::Plan::SILVER}") billableMembersCount(requestedHostedPlan: "#{plan}")
} }
} }
GQL GQL
end
result = GitlabSchema.execute(query, context: { current_user: user1 }).as_json context 'with a plan that should include guests is provided' do
let(:plan) { ::Plan::SILVER }
billable_members_count = result.dig('data', 'group', 'billableMembersCount')
expect(billable_members_count).to eq(4) it 'returns billable users count including guests' do
expect(billable_members_count).to eq(5)
end
end end
it "returns billable users count excluding guests when a plan that should exclude guests is provided" do context 'with a plan that should exclude guests is provided' do
query = <<~GQL let(:plan) { ::Plan::ULTIMATE }
query {
group(fullPath: "#{group.full_path}") {
id,
billableMembersCount(requestedHostedPlan: "#{::Plan::ULTIMATE}")
}
}
GQL
result = GitlabSchema.execute(query, context: { current_user: user1 }).as_json it 'returns billable users count excluding guests when a plan that should exclude guests is provided' do
expect(billable_members_count).to eq(3)
end
end
end
billable_members_count = result.dig('data', 'group', 'billableMembersCount') context 'without owner authorization' do
let(:current_user) { group_developer }
expect(billable_members_count).to eq(2) it 'does not return the billable members count' do
expect(billable_members_count).to be_nil
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment