Add specs for non happy paths

- Non happy path specs - Address feedbacks - Update docs

Add specs for non happy paths
- Non happy path specs - Address feedbacks - Update docs
cac10f1d · Subashis · 0064b594 · 0064b594 · 0064b594 · cac10f1d
Commit cac10f1d authored Feb 18, 2021 by Subashis
4 changed files
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
--- a/ee/app/graphql/types/pipeline_security_report_finding_type.rb
+++ b/ee/app/graphql/types/pipeline_security_report_finding_type.rb
@@ -5,7 +5,7 @@ module Types
  class PipelineSecurityReportFindingType < BaseObject
    graphql_name 'PipelineSecurityReportFinding'

-    description 'Represents vulnerability finding of a security report on the pipeline'
+    description 'Represents vulnerability finding of a security report on the pipeline.'

    field :report_type, VulnerabilityReportTypeEnum, null: true,
          description: 'Type of the security report that found the vulnerability finding.'

--- a/ee/spec/requests/api/graphql/project/pipeline/security_report_finding_spec.rb
+++ b/ee/spec/requests/api/graphql/project/pipeline/security_report_finding_spec.rb
@@ -49,20 +49,25 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
    )
  end

+  subject { GitlabSchema.execute(query, context: { current_user: user }).as_json }
+
+  let(:security_report_findings) { subject.dig('data', 'project', 'pipeline', 'securityReportFindings', 'nodes') }
+
+  context 'when `sast` and `dast` features are enabled' do
    before do
      stub_licensed_features(sast: true, dast: true)
-    project.add_developer(user)
    end

-  subject { GitlabSchema.execute(query, context: { current_user: user }).as_json }
-
-  let(:security_report_findings) { subject.dig('data', 'project', 'pipeline', 'securityReportFindings', 'nodes') }
+    context 'when user is memeber of the project' do
+      before do
+        project.add_developer(user)
+      end

      it 'returns all the vulnerability findings' do
        expect(security_report_findings.length).to eq(53)
      end

-  it 'returns all the queried fields' do
+      it 'returns all the queried fields', :aggregate_failures do
        security_report_finding = security_report_findings.first

        expect(security_report_finding.dig('project', 'fullPath')).to eq(project.full_path)
@@ -77,4 +82,22 @@ RSpec.describe 'Query.project(fullPath).pipeline(iid).securityReportFinding' do
        expect(security_report_finding['solution']).not_to be_nil
        expect(security_report_finding['description']).not_to be_nil
      end
+    end
+
+    context 'when user is not memeber of the project' do
+      it 'returns no vulnerability findings' do
+        expect(security_report_findings).to be_nil
+      end
+    end
+  end
+
+  context 'when `sast` and `dast` both features are disabled' do
+    before do
+      stub_licensed_features(sast: false, dast: false)
+    end
+
+    it 'returns no vulnerability findings' do
+      expect(security_report_findings).to be_nil
+    end
+  end
 end