gitlab-org--gitlab-foss/spec/requests/api/graphql/project/project_members_spec.rb

265 lines
8.2 KiB
Ruby

# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'getting project members information' do
include GraphqlHelpers
let_it_be(:parent_group) { create(:group, :public) }
let_it_be(:parent_project) { create(:project, :public, group: parent_group) }
let_it_be(:user) { create(:user) }
let_it_be(:user_1) { create(:user, username: 'user', name: 'Same Name') }
let_it_be(:user_2) { create(:user, username: 'test', name: 'Same Name') }
before_all do
[user_1, user_2].each { |user| parent_group.add_guest(user) }
end
context 'when the request is correct' do
it_behaves_like 'a working graphql query' do
before do
fetch_members(project: parent_project)
end
end
it 'returns project members successfully' do
fetch_members(project: parent_project)
expect(graphql_errors).to be_nil
expect_array_response(user_1, user_2)
end
describe 'search argument' do
it 'returns members that match the search query' do
fetch_members(project: parent_project, args: { search: 'test' })
expect(graphql_errors).to be_nil
expect_array_response(user_2)
end
context 'when paginating' do
it 'returns correct results' do
fetch_members(project: parent_project, args: { search: 'Same Name', first: 1 })
expect_array_response(user_1)
next_cursor = graphql_data_at(:project, :projectMembers, :pageInfo, :endCursor)
fetch_members(project: parent_project, args: { search: 'Same Name', first: 1, after: next_cursor })
expect_array_response(user_2)
end
end
end
end
context 'member relations' do
let_it_be(:child_group) { create(:group, :public, parent: parent_group) }
let_it_be(:child_project) { create(:project, :public, group: child_group) }
let_it_be(:invited_group) { create(:group, :public) }
let_it_be(:child_user) { create(:user) }
let_it_be(:invited_user) { create(:user) }
let_it_be(:group_link) { create(:project_group_link, project: child_project, group: invited_group) }
before_all do
child_project.add_guest(child_user)
invited_group.add_guest(invited_user)
end
context 'when a member is invited only via email and current_user is a maintainer' do
before do
parent_project.add_maintainer(user)
create(:project_member, :invited, source: parent_project)
end
it 'returns null in the user field' do
fetch_members(project: parent_project, args: { relations: [:DIRECT] })
expect(graphql_errors).to be_nil
expect(graphql_data_at(:project, :project_members, :edges, :node)).to contain_exactly(
a_graphql_entity_for(user: a_graphql_entity_for(user)),
{ 'user' => nil }
)
end
end
it 'returns direct members' do
fetch_members(project: child_project, args: { relations: [:DIRECT] })
expect(graphql_errors).to be_nil
expect_array_response(child_user)
end
it 'returns invited members plus inherited members' do
fetch_members(project: child_project, args: { relations: [:INVITED_GROUPS] })
expect(graphql_errors).to be_nil
expect_array_response(invited_user, user_1, user_2)
end
it 'returns direct, inherited, descendant, and invited members' do
fetch_members(project: child_project, args: { relations: [:DIRECT, :INHERITED, :DESCENDANTS, :INVITED_GROUPS] })
expect(graphql_errors).to be_nil
expect_array_response(child_user, user_1, user_2, invited_user)
end
it 'returns an error for an invalid member relation' do
fetch_members(project: child_project, args: { relations: [:OBLIQUE] })
expect(graphql_errors.first)
.to include('path' => %w[query project projectMembers relations],
'message' => a_string_including('invalid value ([OBLIQUE])'))
end
context 'when project is owned by a member' do
let_it_be(:project) { create(:project, namespace: user.namespace) }
before_all do
project.add_guest(child_user)
project.add_guest(invited_user)
end
it 'returns the owner in the response' do
fetch_members(project: project)
expect(graphql_errors).to be_nil
expect_array_response(user, child_user, invited_user)
end
end
end
context 'merge request interactions' do
let(:project_path) { var('ID!').with(parent_project.full_path) }
let(:mr_a) do
var('MergeRequestID!')
.with(global_id_of(create(:merge_request, source_project: parent_project, source_branch: 'branch-1')))
end
let(:mr_b) do
var('MergeRequestID!')
.with(global_id_of(create(:merge_request, source_project: parent_project, source_branch: 'branch-2')))
end
let(:interaction_query) do
<<~HEREDOC
edges {
node {
user {
id
}
mrA: #{query_graphql_field(:merge_request_interaction, { id: mr_a }, 'canMerge')}
}
}
HEREDOC
end
let(:interaction_b_query) do
<<~HEREDOC
edges {
node {
user {
id
}
mrA: #{query_graphql_field(:merge_request_interaction, { id: mr_a }, 'canMerge')}
mrB: #{query_graphql_field(:merge_request_interaction, { id: mr_b }, 'canMerge')}
}
}
HEREDOC
end
it 'avoids N+1 queries, when requesting multiple MRs' do
control_query = with_signature(
[project_path, mr_a],
graphql_query_for(:project, { full_path: project_path },
query_graphql_field(:project_members, nil, interaction_query))
)
query_two = with_signature(
[project_path, mr_a, mr_b],
graphql_query_for(:project, { full_path: project_path },
query_graphql_field(:project_members, nil, interaction_b_query))
)
control_count = ActiveRecord::QueryRecorder.new do
post_graphql(control_query, current_user: user, variables: [project_path, mr_a])
end
# two project members, neither of whom can merge
expect(can_merge(:mrA)).to eq [false, false]
expect do
post_graphql(query_two, current_user: user, variables: [project_path, mr_a, mr_b])
expect(can_merge(:mrA)).to eq [false, false]
expect(can_merge(:mrB)).to eq [false, false]
end.not_to exceed_query_limit(control_count)
end
it 'avoids N+1 queries, when more users are involved' do
new_user = create(:user)
query = with_signature(
[project_path, mr_a],
graphql_query_for(:project, { full_path: project_path },
query_graphql_field(:project_members, nil, interaction_query))
)
control_count = ActiveRecord::QueryRecorder.new do
post_graphql(query, current_user: user, variables: [project_path, mr_a])
end
# two project members, neither of whom can merge
expect(can_merge(:mrA)).to eq [false, false]
parent_project.add_guest(new_user)
expect do
post_graphql(query, current_user: user, variables: [project_path, mr_a])
expect(can_merge(:mrA)).to eq [false, false, false]
end.not_to exceed_query_limit(control_count)
end
def can_merge(name)
graphql_data_at(:project, :project_members, :edges, :node, name, :can_merge)
end
end
context 'when unauthenticated' do
it 'returns members' do
fetch_members(current_user: nil, project: parent_project)
expect(graphql_errors).to be_nil
expect_array_response(user_1, user_2)
end
end
def fetch_members(project:, current_user: user, args: {})
post_graphql(members_query(project.full_path, args), current_user: current_user)
end
def members_query(group_path, args = {})
members_node = <<~NODE
edges {
node {
user {
id
}
}
}
pageInfo {
endCursor
}
NODE
graphql_query_for('project',
{ full_path: group_path },
[query_graphql_field('projectMembers', args, members_node)]
)
end
def expect_array_response(*items)
expect(response).to have_gitlab_http_status(:success)
members = graphql_data_at(:project, :project_members, :edges, :node, :user)
expect(members).to match_array(items.map { |u| a_graphql_entity_for(u) })
end
end