From 0b36e39529312d9e967dcbf9da5f502edc4c67a6 Mon Sep 17 00:00:00 2001 From: Paul Slaughter Date: Fri, 12 Feb 2021 14:44:39 -0600 Subject: [PATCH 1/2] Expose project.pushRules.rejectUnsignedCommits in gql - Also overwrites reject_unsigned_commits in the graphql type so that we are consistent if the license changes ([see comment][1]). [1]: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54113#note_508701781 --- .rubocop_manual_todo.yml | 1 + doc/api/graphql/reference/index.md | 9 ++++ ee/app/graphql/ee/types/project_type.rb | 6 +++ ee/app/graphql/types/push_rules_type.rb | 20 ++++++++ ee/app/policies/push_rule_policy.rb | 5 ++ ee/spec/graphql/types/project_type_spec.rb | 6 +++ ee/spec/graphql/types/push_rules_type_spec.rb | 13 +++++ .../api/graphql/project/push_rules_spec.rb | 50 +++++++++++++++++++ 8 files changed, 110 insertions(+) create mode 100644 ee/app/graphql/types/push_rules_type.rb create mode 100644 ee/app/policies/push_rule_policy.rb create mode 100644 ee/spec/graphql/types/push_rules_type_spec.rb create mode 100644 ee/spec/requests/api/graphql/project/push_rules_spec.rb diff --git a/.rubocop_manual_todo.yml b/.rubocop_manual_todo.yml index 67dfeebaf7dea0..10dd605cd96a03 100644 --- a/.rubocop_manual_todo.yml +++ b/.rubocop_manual_todo.yml @@ -2279,6 +2279,7 @@ Gitlab/NamespacedClass: - 'ee/app/policies/instance_security_dashboard_policy.rb' - 'ee/app/policies/issuable_metric_image_policy.rb' - 'ee/app/policies/iteration_policy.rb' + - 'ee/app/policies/push_rule_policy.rb' - 'ee/app/policies/saml_provider_policy.rb' - 'ee/app/policies/timelog_policy.rb' - 'ee/app/policies/vulnerability_policy.rb' diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md index eceff6d09c2a9a..6cd21b96084a82 100644 --- a/doc/api/graphql/reference/index.md +++ b/doc/api/graphql/reference/index.md @@ -3388,6 +3388,7 @@ Represents vulnerability finding of a security report on the pipeline. | `printingMergeRequestLinkEnabled` | Boolean | Indicates if a link to create or view a merge request should display after a push to Git repositories of the project from the command line. | | `projectMembers` | MemberInterfaceConnection | Members of the project. | | `publicJobs` | Boolean | Indicates if there is public access to pipelines and job details of the project, including output logs and artifacts. | +| `pushRules` | PushRules | The project's push rules settings. | | `release` | Release | A single release of the project. | | `releases` | ReleaseConnection | Releases of the project. | | `removeSourceBranchAfterMerge` | Boolean | Indicates if `Delete source branch` option should be enabled by default for all new merge requests of the project. | @@ -3561,6 +3562,14 @@ Autogenerated return type of PromoteToEpic. | `errors` | String! => Array | Errors encountered during execution of the mutation. | | `issue` | Issue | The issue after mutation. | +### `PushRules` + +Represents rules that commit pushes must follow. + +| Field | Type | Description | +| ----- | ---- | ----------- | +| `rejectUnsignedCommits` | Boolean! | Indicates whether commits not signed through GPG will be rejected. | + ### `Release` Represents a release. diff --git a/ee/app/graphql/ee/types/project_type.rb b/ee/app/graphql/ee/types/project_type.rb index d30a5415cca2f6..defe25f2a16c0e 100644 --- a/ee/app/graphql/ee/types/project_type.rb +++ b/ee/app/graphql/ee/types/project_type.rb @@ -132,6 +132,12 @@ module ProjectType null: true, description: 'API fuzzing configuration for the project.', feature_flag: :api_fuzzing_configuration_ui + + field :push_rules, + ::Types::PushRulesType, + null: true, + description: "The project's push rules settings.", + method: :push_rule end def api_fuzzing_ci_configuration diff --git a/ee/app/graphql/types/push_rules_type.rb b/ee/app/graphql/types/push_rules_type.rb new file mode 100644 index 00000000000000..57595975589399 --- /dev/null +++ b/ee/app/graphql/types/push_rules_type.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +module Types + class PushRulesType < BaseObject + graphql_name 'PushRules' + description 'Represents rules that commit pushes must follow.' + accepts ::PushRule + + authorize :read_project + + field :reject_unsigned_commits, + GraphQL::BOOLEAN_TYPE, + null: false, + description: 'Indicates whether commits not signed through GPG will be rejected.' + + def reject_unsigned_commits + !!(object.available?(:reject_unsigned_commits) && object.reject_unsigned_commits) + end + end +end diff --git a/ee/app/policies/push_rule_policy.rb b/ee/app/policies/push_rule_policy.rb new file mode 100644 index 00000000000000..739c62bd408ff1 --- /dev/null +++ b/ee/app/policies/push_rule_policy.rb @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +class PushRulePolicy < BasePolicy + delegate { @subject.project } +end diff --git a/ee/spec/graphql/types/project_type_spec.rb b/ee/spec/graphql/types/project_type_spec.rb index 337a3ddd2b3fd0..b69e110675c6fe 100644 --- a/ee/spec/graphql/types/project_type_spec.rb +++ b/ee/spec/graphql/types/project_type_spec.rb @@ -222,6 +222,12 @@ end end + describe 'push rules field' do + subject { described_class.fields['pushRules'] } + + it { is_expected.to have_graphql_type(Types::PushRulesType) } + end + private def query_for_project(project) diff --git a/ee/spec/graphql/types/push_rules_type_spec.rb b/ee/spec/graphql/types/push_rules_type_spec.rb new file mode 100644 index 00000000000000..05c5543902ed1e --- /dev/null +++ b/ee/spec/graphql/types/push_rules_type_spec.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe GitlabSchema.types['PushRules'] do + it { expect(described_class.graphql_name).to eq('PushRules') } + + it { expect(described_class).to require_graphql_authorizations(:read_project) } + + it 'has the expected fields' do + expect(described_class).to have_graphql_fields(:reject_unsigned_commits) + end +end diff --git a/ee/spec/requests/api/graphql/project/push_rules_spec.rb b/ee/spec/requests/api/graphql/project/push_rules_spec.rb new file mode 100644 index 00000000000000..10a6d182ced036 --- /dev/null +++ b/ee/spec/requests/api/graphql/project/push_rules_spec.rb @@ -0,0 +1,50 @@ + +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Query.project(fullPath).pushRules' do + using RSpec::Parameterized::TableSyntax + include GraphqlHelpers + + let_it_be(:user) { create(:user) } + let_it_be(:project) { create(:project, namespace: user.namespace) } + + subject(:push_rules_response) do + post_graphql( + graphql_query_for( + :project, { full_path: project.full_path }, "pushRules { #{all_graphql_fields_for('PushRules')} }" + ), + current_user: user + ) + + graphql_dig_at(graphql_data, 'project', 'pushRules') + end + + it 'returns nil when push_rules license is false' do + create(:push_rule, project: project) + stub_licensed_features(push_rules: false) + + expect(push_rules_response).to be_nil + end + + describe 'pushRules.rejectUnsignedCommits' do + where(:field_value, :license_value, :expected) do + true | true | true + true | false | false + false | true | false + false | false | false + end + + with_them do + before do + create(:push_rule, project: project, reject_unsigned_commits: field_value) + stub_licensed_features(reject_unsigned_commits: license_value) + end + + it "returns" do + expect(push_rules_response).to eq("rejectUnsignedCommits" => expected) + end + end + end +end -- GitLab From 40f540b35234698b1c8993ae2e8e0bc152cb64aa Mon Sep 17 00:00:00 2001 From: Paul Slaughter Date: Tue, 9 Mar 2021 04:16:48 +0000 Subject: [PATCH 2/2] Fix LeadingEmptyLine in push_rules_spec.rb --- ee/spec/requests/api/graphql/project/push_rules_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/ee/spec/requests/api/graphql/project/push_rules_spec.rb b/ee/spec/requests/api/graphql/project/push_rules_spec.rb index 10a6d182ced036..a29624647d8384 100644 --- a/ee/spec/requests/api/graphql/project/push_rules_spec.rb +++ b/ee/spec/requests/api/graphql/project/push_rules_spec.rb @@ -1,4 +1,3 @@ - # frozen_string_literal: true require 'spec_helper' -- GitLab