Instead of returning all or nothing, return whichever passed

And add tests
2019-02-14 01:26:00 +08:00 · 2019-02-14 01:26:00 +08:00 · 50491d3241
commit 50491d3241
parent 30918929ad
3 changed files with 70 additions and 13 deletions
--- a/lib/gitlab/graphql/authorize/instrumentation.rb
+++ b/lib/gitlab/graphql/authorize/instrumentation.rb
@ -45,15 +45,12 @@ module Gitlab
              end
            end

-            checked =
-              case value
-              when Array
-                value.all?(&check)
-              else
-                check.call(value)
-              end
-
-            value if checked
+            case value
+            when Array
+              value.select(&check)
+            else
+              value if check.call(value)
+            end
          end
        end
      end
--- a/spec/lib/gitlab/graphql/authorize/instrumentation_spec.rb
+++ b/spec/lib/gitlab/graphql/authorize/instrumentation_spec.rb
@ -15,7 +15,7 @@ describe Gitlab::Graphql::Authorize::Instrumentation do
      object = double(:object)

      abilities.each do |ability|
-        spy_ability_check_for(ability, object)
+        spy_ability_check_for(ability, object, passed: true)
      end

      expect(checker.call(object)).to eq(object)
@ -26,18 +26,42 @@ describe Gitlab::Graphql::Authorize::Instrumentation do

      abilities.each do |ability|
        objects.each do |object|
-          spy_ability_check_for(ability, object)
+          spy_ability_check_for(ability, object, passed: true)
        end
      end

      expect(checker.call(objects)).to eq(objects)
    end

-    def spy_ability_check_for(ability, object)
+    context 'when some objects would not pass the check' do
+      it 'returns nil when it is single object' do
+        disallowed = double(:object)
+
+        spy_ability_check_for(abilities.first, disallowed, passed: false)
+
+        expect(checker.call(disallowed)).to be_nil
+      end
+
+      it 'returns only objects which passed when there are more than one' do
+        allowed = double(:allowed)
+        disallowed = double(:disallowed)
+
+        spy_ability_check_for(abilities.first, disallowed, passed: false)
+
+        abilities.each do |ability|
+          spy_ability_check_for(ability, allowed, passed: true)
+        end
+
+        expect(checker.call([disallowed, allowed]))
+          .to contain_exactly(allowed)
+      end
+    end
+
+    def spy_ability_check_for(ability, object, passed: true)
      expect(Ability)
        .to receive(:allowed?)
        .with(current_user, ability, object)
-        .and_return(true)
+        .and_return(passed)
    end
  end
 end
--- a/spec/requests/api/graphql/project/issues_spec.rb
+++ b/spec/requests/api/graphql/project/issues_spec.rb
@ -56,4 +56,40 @@ describe 'getting an issue list for a project' do
      expect(issues_data).to eq []
    end
  end
+
+  context 'when there is a confidential issue' do
+    let!(:confidential_issue) do
+      create(:issue, :confidential, project: project)
+    end
+
+    context 'when the user cannot see confidential issues' do
+      it 'returns issues without confidential issues' do
+        post_graphql(query, current_user: current_user)
+
+        expect(issues_data.size).to eq(2)
+
+        issues_data.each do |issue|
+          expect(issue.dig('node', 'confidential')).to eq(false)
+        end
+      end
+    end
+
+    context 'when the user can see confidential issues' do
+      before do
+        project.add_developer(current_user)
+      end
+
+      it 'returns issues with confidential issues' do
+        post_graphql(query, current_user: current_user)
+
+        expect(issues_data.size).to eq(3)
+
+        confidentials = issues_data.map do |issue|
+          issue.dig('node', 'confidential')
+        end
+
+        expect(confidentials).to eq([true, false, false])
+      end
+    end
+  end
 end