Consolidate policy tests for on-demand DAST scans

Creates shared example for policy and removes redundant tests.

Consolidate policy tests for on-demand DAST scans
Creates shared example for policy and removes redundant tests.
77fce7c0 · Philip Cunningham · 1a701493 · 77fce7c0 · 77fce7c0 · 77fce7c0
Commit 77fce7c0 authored Oct 29, 2020 by Philip Cunningham
13 changed files
--- a/ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_on_demand_scans/create_spec.rb
@@ -16,6 +16,8 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
    stub_licensed_features(security_on_demand_scans: true)
  end
+  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
  describe '#resolve' do
    subject do
      mutation.resolve(
@@ -33,52 +35,6 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
        end
      end
-      context 'when the user is not associated with the project' do
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-      context 'when the user is an owner' do
-        it 'has no errors' do
-          group.add_owner(user)
-          expect(subject[:errors]).to be_empty
-        end
-      end
-      context 'when the user is a maintainer' do
-        it 'has no errors' do
-          project.add_maintainer(user)
-          expect(subject[:errors]).to be_empty
-        end
-      end
-      context 'when the user is a developer' do
-        it 'has no errors' do
-          project.add_developer(user)
-          expect(subject[:errors]).to be_empty
-        end
-      end
-      context 'when the user is a reporter' do
-        it 'raises an exception' do
-          project.add_reporter(user)
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-      context 'when the user is a guest' do
-        it 'raises an exception' do
-          project.add_guest(user)
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
      context 'when the user can run a dast scan' do
        before do
          project.add_developer(user)
@@ -152,14 +108,6 @@ RSpec.describe Mutations::DastOnDemandScans::Create do
            end
          end
        end
-        context 'when on demand scan licensed feature is not available' do
-          it 'raises an exception' do
-            stub_licensed_features(security_on_demand_scans: false)
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
      end
    end
  end

--- a/ee/spec/graphql/mutations/dast_scanner_profiles/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_scanner_profiles/create_spec.rb
@@ -16,6 +16,8 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
    stub_licensed_features(security_on_demand_scans: true)
  end
+  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
  describe '#resolve' do
    subject do
      mutation.resolve(
@@ -35,12 +37,6 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
      end
    end
-    context 'when the user is not associated with the project' do
-      it 'raises an exception' do
-        expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-      end
-    end
    context 'when the user can run a dast scan' do
      before do
        group.add_owner(user)
@@ -83,14 +79,6 @@ RSpec.describe Mutations::DastScannerProfiles::Create do
          expect(response[:errors]).to include('Name has already been taken')
        end
      end
-      context 'when on demand scan licensed feature is not available' do
-        it 'raises an exception' do
-          stub_licensed_features(security_on_demand_scans: false)
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
    end
  end
 end
--- a/ee/spec/graphql/mutations/dast_scanner_profiles/delete_spec.rb
+++ b/ee/spec/graphql/mutations/dast_scanner_profiles/delete_spec.rb
@@ -15,6 +15,8 @@ RSpec.describe Mutations::DastScannerProfiles::Delete do
    stub_licensed_features(security_on_demand_scans: true)
  end
+  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
  describe '#resolve' do
    subject do
      mutation.resolve(
@@ -54,14 +56,6 @@ RSpec.describe Mutations::DastScannerProfiles::Delete do
        end
      end
-      context 'when on demand scan licensed feature is not available' do
-        it 'raises an exception' do
-          stub_licensed_features(security_on_demand_scans: false)
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
      context 'when deletion fails' do
        it 'returns an error' do
          allow_next_instance_of(::DastScannerProfiles::DestroyService) do |service|

--- a/ee/spec/graphql/mutations/dast_scanner_profiles/update_spec.rb
+++ b/ee/spec/graphql/mutations/dast_scanner_profiles/update_spec.rb
@@ -22,6 +22,8 @@ RSpec.describe Mutations::DastScannerProfiles::Update do
    stub_licensed_features(security_on_demand_scans: true)
  end
+  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
  describe '#resolve' do
    subject do
      mutation.resolve(
@@ -47,20 +49,6 @@ RSpec.describe Mutations::DastScannerProfiles::Update do
        end
      end
-      context 'when the user is not associated with the project' do
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-      context 'when user can not run a DAST scan' do
-        it 'raises an exception' do
-          project.add_guest(user)
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
      context 'when the user can run a DAST scan' do
        before do
          project.add_developer(user)
@@ -108,14 +96,6 @@ RSpec.describe Mutations::DastScannerProfiles::Update do
            expect(subject[:errors]).to include('Scanner profile not found for given parameters')
          end
        end
-        context 'when on demand scan licensed feature is not available' do
-          it 'raises an exception' do
-            stub_licensed_features(security_on_demand_scans: false)
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
      end
    end
  end

--- a/ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_profiles/create_spec.rb
@@ -17,6 +17,8 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
    stub_licensed_features(security_on_demand_scans: true)
  end
+  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
  describe '#resolve' do
    subject do
      mutation.resolve(
@@ -35,28 +37,6 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
        end
      end
-      context 'when the user is not associated with the project' do
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-      context 'when the user is an owner' do
-        it 'returns the dast_site_profile id' do
-          group.add_owner(user)
-          expect(subject[:id]).to eq(dast_site_profile.to_global_id)
-        end
-      end
-      context 'when the user is a maintainer' do
-        it 'returns the dast_site_profile id' do
-          project.add_maintainer(user)
-          expect(subject[:id]).to eq(dast_site_profile.to_global_id)
-        end
-      end
      context 'when the user can run a dast scan' do
        before do
          project.add_developer(user)
@@ -89,14 +69,6 @@ RSpec.describe Mutations::DastSiteProfiles::Create do
            expect(response[:errors]).to include('Name has already been taken')
          end
        end
-        context 'when on demand scan licensed feature is not available' do
-          it 'raises an exception' do
-            stub_licensed_features(security_on_demand_scans: false)
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
      end
    end
  end

--- a/ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_profiles/delete_spec.rb
@@ -15,6 +15,8 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
    stub_licensed_features(security_on_demand_scans: true)
  end
+  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
  describe '#resolve' do
    subject do
      mutation.resolve(
@@ -32,52 +34,6 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
        end
      end
-      context 'when the user is not associated with the project' do
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-      context 'when the user is an owner' do
-        it 'has no errors' do
-          group.add_owner(user)
-          expect(subject[:errors]).to be_empty
-        end
-      end
-      context 'when the user is a maintainer' do
-        it 'has no errors' do
-          project.add_maintainer(user)
-          expect(subject[:errors]).to be_empty
-        end
-      end
-      context 'when the user is a developer' do
-        it 'has no errors' do
-          project.add_developer(user)
-          expect(subject[:errors]).to be_empty
-        end
-      end
-      context 'when the user is a reporter' do
-        it 'raises an exception' do
-          project.add_reporter(user)
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-      context 'when the user is a guest' do
-        it 'raises an exception' do
-          project.add_guest(user)
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
      context 'when the user can run a dast scan' do
        before do
          project.add_developer(user)
@@ -96,14 +52,6 @@ RSpec.describe Mutations::DastSiteProfiles::Delete do
            expect(subject[:errors]).to include('Name is weird')
          end
        end
-        context 'when on demand scan licensed feature is not available' do
-          it 'raises an exception' do
-            stub_licensed_features(security_on_demand_scans: false)
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
      end
    end
  end

--- a/ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_profiles/update_spec.rb
@@ -18,6 +18,8 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
    stub_licensed_features(security_on_demand_scans: true)
  end
+  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
  describe '#resolve' do
    subject do
      mutation.resolve(
@@ -37,52 +39,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
        end
      end
-      context 'when the user is not associated with the project' do
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-      context 'when the user is an owner' do
-        it 'has no errors' do
-          group.add_owner(user)
-          expect(subject[:errors]).to be_empty
-        end
-      end
-      context 'when the user is a maintainer' do
-        it 'has no errors' do
-          project.add_maintainer(user)
-          expect(subject[:errors]).to be_empty
-        end
-      end
-      context 'when the user is a developer' do
-        it 'has no errors' do
-          project.add_developer(user)
-          expect(subject[:errors]).to be_empty
-        end
-      end
-      context 'when the user is a reporter' do
-        it 'raises an exception' do
-          project.add_reporter(user)
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-      context 'when the user is a guest' do
-        it 'raises an exception' do
-          project.add_guest(user)
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
      context 'when the user can run a dast scan' do
        before do
          project.add_developer(user)
@@ -96,14 +52,6 @@ RSpec.describe Mutations::DastSiteProfiles::Update do
            expect(dast_site_profile.dast_site.url).to eq(new_target_url)
          end
        end
-        context 'when on demand scan licensed feature is not available' do
-          it 'raises an exception' do
-            stub_licensed_features(security_on_demand_scans: false)
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
      end
    end
  end

--- a/ee/spec/graphql/mutations/dast_site_tokens/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_tokens/create_spec.rb
@@ -18,6 +18,8 @@ RSpec.describe Mutations::DastSiteTokens::Create do
    allow(SecureRandom).to receive(:uuid).and_return(uuid)
  end
+  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
  describe '#resolve' do
    subject do
      mutation.resolve(
@@ -35,28 +37,6 @@ RSpec.describe Mutations::DastSiteTokens::Create do
        end
      end
-      context 'when the user is not associated with the project' do
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-      context 'when the user is an owner' do
-        it 'returns the dast_site_token id' do
-          group.add_owner(user)
-          expect(subject[:id]).to eq(dast_site_token.to_global_id)
-        end
-      end
-      context 'when the user is a maintainer' do
-        it 'returns the dast_site_token id' do
-          project.add_maintainer(user)
-          expect(subject[:id]).to eq(dast_site_token.to_global_id)
-        end
-      end
      context 'when the user can run a dast scan' do
        before do
          project.add_developer(user)
@@ -94,14 +74,6 @@ RSpec.describe Mutations::DastSiteTokens::Create do
            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
          end
        end
-        context 'when on demand scan licensed feature is not available' do
-          it 'raises an exception' do
-            stub_licensed_features(security_on_demand_scans: false)
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
      end
    end
  end

--- a/ee/spec/graphql/mutations/dast_site_validations/create_spec.rb
+++ b/ee/spec/graphql/mutations/dast_site_validations/create_spec.rb
@@ -17,6 +17,8 @@ RSpec.describe Mutations::DastSiteValidations::Create do
    stub_licensed_features(security_on_demand_scans: true)
  end
+  specify { expect(described_class).to require_graphql_authorizations(:create_on_demand_dast_scan) }
  describe '#resolve' do
    subject do
      mutation.resolve(
@@ -36,28 +38,6 @@ RSpec.describe Mutations::DastSiteValidations::Create do
        end
      end
-      context 'when the user is not associated with the project' do
-        it 'raises an exception' do
-          expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-        end
-      end
-      context 'when the user is an owner' do
-        it 'returns the dast_site_validation id' do
-          group.add_owner(user)
-          expect(subject[:id]).to eq(dast_site_validation.to_global_id)
-        end
-      end
-      context 'when the user is a maintainer' do
-        it 'returns the dast_site_validation id' do
-          project.add_maintainer(user)
-          expect(subject[:id]).to eq(dast_site_validation.to_global_id)
-        end
-      end
      context 'when the user can run a dast scan' do
        before do
          project.add_developer(user)
@@ -78,14 +58,6 @@ RSpec.describe Mutations::DastSiteValidations::Create do
            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
          end
        end
-        context 'when on demand scan licensed feature is not available' do
-          it 'raises an exception' do
-            stub_licensed_features(security_on_demand_scans: false)
-            expect { subject }.to raise_error(Gitlab::Graphql::Errors::ResourceNotAvailable)
-          end
-        end
      end
    end
  end

--- a/ee/spec/policies/dast_scanner_profile_policy_spec.rb
+++ b/ee/spec/policies/dast_scanner_profile_policy_spec.rb
+# frozen_string_literal: true
+require 'spec_helper'
+RSpec.describe DastScannerProfilePolicy do
+  it_behaves_like 'a dast on-demand scan policy' do
+    let_it_be(:record) { create(:dast_scanner_profile, project: project) }
+  end
+end
--- a/ee/spec/policies/dast_site_profile_policy_spec.rb
+++ b/ee/spec/policies/dast_site_profile_policy_spec.rb
@@ -3,43 +3,7 @@
 require 'spec_helper'
 RSpec.describe DastSiteProfilePolicy do
-  describe 'create_on_demand_dast_scan' do
+  it_behaves_like 'a dast on-demand scan policy' do
-    let(:dast_site_profile) { create(:dast_site_profile) }
+    let_it_be(:record) { create(:dast_site_profile, project: project) }
-    let(:project) { dast_site_profile.project }
-    let(:user) { create(:user) }
-    subject { described_class.new(user, dast_site_profile) }
-    before do
-      stub_licensed_features(security_on_demand_scans: true)
-    end
-    context 'when a user does not have access to the project' do
-      it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
-    end
-    context 'when a user does not have access to dast_site_profiles' do
-      before do
-        project.add_guest(user)
-      end
-      it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
-    end
-    context 'when a user has access dast_site_profiles' do
-      before do
-        project.add_developer(user)
-      end
-      it { is_expected.to be_allowed(:create_on_demand_dast_scan) }
-      context 'when on demand scan licensed feature is not available' do
-        before do
-          stub_licensed_features(security_on_demand_scans: false)
-        end
-        it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
-      end
-    end
  end
 end
--- a/ee/spec/policies/dast_site_validation_policy_spec.rb
+++ b/ee/spec/policies/dast_site_validation_policy_spec.rb
@@ -3,43 +3,7 @@
 require 'spec_helper'
 RSpec.describe DastSiteValidationPolicy do
-  describe 'create_on_demand_dast_scan' do
+  it_behaves_like 'a dast on-demand scan policy' do
-    let_it_be(:dast_site_validation, reload: true) { create(:dast_site_validation) }
+    let_it_be(:record) { create(:dast_site_validation, dast_site_token: create(:dast_site_token, project: project)) }
-    let_it_be(:project) { dast_site_validation.dast_site_token.project }
-    let_it_be(:user) { create(:user) }
-    subject { described_class.new(user, dast_site_validation) }
-    before do
-      stub_licensed_features(security_on_demand_scans: true)
-    end
-    context 'when a user does not have access to the project' do
-      it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
-    end
-    context 'when a user does not have access to dast_site_validations' do
-      before do
-        project.add_guest(user)
-      end
-      it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
-    end
-    context 'when a user has access dast_site_validations' do
-      before do
-        project.add_developer(user)
-      end
-      it { is_expected.to be_allowed(:create_on_demand_dast_scan) }
-      context 'when on demand scan licensed feature is not available' do
-        before do
-          stub_licensed_features(security_on_demand_scans: false)
-        end
-        it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
-      end
-    end
  end
 end
--- a/ee/spec/support/shared_examples/policies/dast_on_demand_scans_shared_examples.rb
+++ b/ee/spec/support/shared_examples/policies/dast_on_demand_scans_shared_examples.rb
+# frozen_string_literal: true
+RSpec.shared_examples 'a dast on-demand scan policy' do
+  let_it_be(:group) { create(:group) }
+  let_it_be(:project) { create(:project, group: group) }
+  let_it_be(:user) { create(:user) }
+  subject { described_class.new(user, record) }
+  before do
+    stub_licensed_features(security_on_demand_scans: true)
+  end
+  describe 'create_on_demand_dast_scan' do
+    context 'when a user does not have access to the project' do
+      it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
+    end
+    context 'when the user is a guest' do
+      before do
+        project.add_guest(user)
+      end
+      it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
+    end
+    context 'when the user is a reporter' do
+      before do
+        project.add_reporter(user)
+      end
+      it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
+    end
+    context 'when the user is a developer' do
+      before do
+        project.add_developer(user)
+      end
+      it { is_expected.to be_allowed(:create_on_demand_dast_scan) }
+    end
+    context 'when the user is a maintainer' do
+      before do
+        project.add_maintainer(user)
+      end
+      it { is_expected.to be_allowed(:create_on_demand_dast_scan) }
+    end
+    context 'when the user is an owner' do
+      before do
+        group.add_owner(user)
+      end
+      it { is_expected.to be_allowed(:create_on_demand_dast_scan) }
+    end
+    context 'when the user is allowed' do
+      before do
+        project.add_developer(user)
+      end
+      context 'when on demand scan licensed feature is not available' do
+        let(:project) { create(:project, group: group) } # allows license stub to work correctly
+        before do
+          stub_licensed_features(security_on_demand_scans: false)
+        end
+        it { is_expected.to be_disallowed(:create_on_demand_dast_scan) }
+      end
+    end
+  end
+end