Skip to content
This repository was archived by the owner on Jun 13, 2025. It is now read-only.

Add tests for handling anon users for token GQL resolvers #932

Merged
merged 2 commits into from
Oct 30, 2024
Merged

Add tests for handling anon users for token GQL resolvers #932

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
39a21de
Add tests for gql types
rohitvinnakota-codecov Oct 29, 2024
86cc20b
lint
rohitvinnakota-codecov Oct 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions graphql_api/tests/test_repository.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -728,6 +728,41 @@ def test_repo_upload_token_not_available_config_setting_owner_not_admin(self):

assert data["owner"]["repository"]["uploadToken"] == TOKEN_UNAVAILABLE

@override_settings(HIDE_ALL_CODECOV_TOKENS=True)
def test_repo_upload_token_not_available_config_setting_owner_is_anonymous(self):
owner = OwnerFactory(service="gitlab")

repo = RepositoryFactory(
author=owner,
author__service="gitlab",
service_id=12345,
active=True,
private=False,
)

query = """
query {
owner(username: "%s") {
repository(name: "%s") {
... on Repository {
uploadToken
}
}
}
}
""" % (
owner.username,
repo.name,
)

data = self.gql_request(
query,
variables={"name": repo.name},
provider="gitlab",
)

assert data["owner"]["repository"]["uploadToken"] == TOKEN_UNAVAILABLE

@override_settings(HIDE_ALL_CODECOV_TOKENS=True)
def test_repo_upload_token_not_available_config_setting_owner_is_admin(self):
owner = OwnerFactory(service="gitlab")
Expand Down
5 changes: 1 addition & 4 deletions graphql_api/types/owner/owner.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,10 +210,7 @@ def resolve_org_upload_token(
should_hide_tokens = settings.HIDE_ALL_CODECOV_TOKENS
current_owner = info.context["request"].current_owner
command = info.context["executor"].get_command("owner")
if not current_owner:
is_owner_admin = False
else:
is_owner_admin = current_owner.is_admin(owner)
is_owner_admin = current_owner.is_admin(owner)
if should_hide_tokens and not is_owner_admin:
return TOKEN_UNAVAILABLE

Expand Down
Loading