gitlab-ce/spec/requests/api/graphql/mutations/snippets/update_spec.rb

# frozen_string_literal: true

require 'spec_helper'

describe 'Updating a Snippet' do
  include GraphqlHelpers

  let_it_be(:original_content) { 'Initial content' }
  let_it_be(:original_description) { 'Initial description' }
  let_it_be(:original_title) { 'Initial title' }
  let_it_be(:original_file_name) { 'Initial file_name' }
  let(:updated_content) { 'Updated content' }
  let(:updated_description) { 'Updated description' }
  let(:updated_title) { 'Updated_title' }
  let(:updated_file_name) { 'Updated file_name' }
  let(:current_user) { snippet.author }

  let(:mutation) do
    variables = {
      id: GitlabSchema.id_from_object(snippet).to_s,
      content: updated_content,
      description: updated_description,
      visibility_level: 'public',
      file_name: updated_file_name,
      title: updated_title
    }

    graphql_mutation(:update_snippet, variables)
  end

  def mutation_response
    graphql_mutation_response(:update_snippet)
  end

  shared_examples 'graphql update actions' do
    context 'when the user does not have permission' do
      let(:current_user) { create(:user) }

      it_behaves_like 'a mutation that returns top-level errors',
                      errors: [Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR]

      it 'does not update the Snippet' do
        expect do
          post_graphql_mutation(mutation, current_user: current_user)
        end.not_to change { snippet.reload }
      end
    end

    context 'when the user has permission' do
      it 'updates the Snippet' do
        post_graphql_mutation(mutation, current_user: current_user)

        expect(snippet.reload.title).to eq(updated_title)
      end

      it 'returns the updated Snippet' do
        post_graphql_mutation(mutation, current_user: current_user)

        expect(mutation_response['snippet']['blob']['richData']).to be_nil
        expect(mutation_response['snippet']['blob']['plainData']).to match(updated_content)
        expect(mutation_response['snippet']['title']).to eq(updated_title)
        expect(mutation_response['snippet']['description']).to eq(updated_description)
        expect(mutation_response['snippet']['fileName']).to eq(updated_file_name)
        expect(mutation_response['snippet']['visibilityLevel']).to eq('public')
      end

      context 'when there are ActiveRecord validation errors' do
        let(:updated_title) { '' }

        it_behaves_like 'a mutation that returns errors in the response', errors: ["Title can't be blank"]

        it 'does not update the Snippet' do
          post_graphql_mutation(mutation, current_user: current_user)

          expect(snippet.reload.title).to eq(original_title)
        end

        it 'returns the Snippet with its original values' do
          post_graphql_mutation(mutation, current_user: current_user)

          expect(mutation_response['snippet']['blob']['richData']).to be_nil
          expect(mutation_response['snippet']['blob']['plainData']).to match(original_content)
          expect(mutation_response['snippet']['title']).to eq(original_title)
          expect(mutation_response['snippet']['description']).to eq(original_description)
          expect(mutation_response['snippet']['fileName']).to eq(original_file_name)
          expect(mutation_response['snippet']['visibilityLevel']).to eq('private')
        end
      end
    end
  end

  describe 'PersonalSnippet' do
    it_behaves_like 'graphql update actions' do
      let(:snippet) do
        create(:personal_snippet,
               :private,
               file_name: original_file_name,
               title: original_title,
               content: original_content,
               description: original_description)
      end
    end
  end

  describe 'ProjectSnippet' do
    let_it_be(:project) { create(:project, :private) }
    let(:snippet) do
      create(:project_snippet,
             :private,
             project: project,
             author: create(:user),
             file_name: original_file_name,
             title: original_title,
             content: original_content,
             description: original_description)
    end

    context 'when the author is not a member of the project' do
      it 'returns an an error' do
        post_graphql_mutation(mutation, current_user: current_user)
        errors = json_response['errors']

        expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
      end
    end

    context 'when the author is a member of the project' do
      before do
        project.add_developer(current_user)
      end

      it_behaves_like 'graphql update actions'

      context 'when the snippet project feature is disabled' do
        it 'returns an an error' do
          project.project_feature.update_attribute(:snippets_access_level, ProjectFeature::DISABLED)

          post_graphql_mutation(mutation, current_user: current_user)
          errors = json_response['errors']

          expect(errors.first['message']).to eq(Gitlab::Graphql::Authorize::AuthorizeResource::RESOURCE_ACCESS_ERROR)
        end
      end
    end
  end
end