Add mutationUpdateSalaryTest
Fixed the attribute value salary of UpdateSalaryInput of schema.graphqls to the name of SalaryInput object. Also enabled @Secured. See gh-367
This commit is contained in:
@@ -23,6 +23,11 @@ public class SalaryInput {
|
||||
|
||||
private BigDecimal newSalary;
|
||||
|
||||
public SalaryInput(String employeeId, BigDecimal newSalary) {
|
||||
this.employeeId = employeeId;
|
||||
this.newSalary = newSalary;
|
||||
}
|
||||
|
||||
public String getEmployeeId() {
|
||||
return employeeId;
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ import static org.springframework.security.config.Customizer.withDefaults;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
|
||||
public class SecurityConfig {
|
||||
|
||||
@Bean
|
||||
|
||||
@@ -14,7 +14,7 @@ type Employee {
|
||||
|
||||
input UpdateSalaryInput {
|
||||
employeeId: ID!
|
||||
salary: String!
|
||||
newSalary: String!
|
||||
}
|
||||
type UpdateSalaryPayload {
|
||||
success: Boolean!
|
||||
|
||||
@@ -8,6 +8,8 @@ import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.graphql.execution.ErrorType;
|
||||
import org.springframework.graphql.test.tester.WebGraphQlTester;
|
||||
|
||||
import java.math.BigDecimal;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
import static org.assertj.core.api.Assertions.assertThatThrownBy;
|
||||
|
||||
@@ -72,6 +74,21 @@ class WebMvcHttpSecuritySampleTests {
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
void canNotMutationUpdateSalary() {
|
||||
WebGraphQlTester tester = this.graphQlTester.mutate().build();
|
||||
SalaryInput salaryInput = new SalaryInput("1", BigDecimal.valueOf(44));
|
||||
|
||||
tester.documentName("updateSalary")
|
||||
.variable("salaryInput", salaryInput)
|
||||
.execute()
|
||||
.errors()
|
||||
.satisfy(errors -> {
|
||||
assertThat(errors).hasSize(1);
|
||||
assertThat(errors.get(0).getErrorType()).isEqualTo(ErrorType.UNAUTHORIZED);
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
void canQuerySalaryAsAdmin() {
|
||||
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
mutation updateSalary($salaryInput: UpdateSalaryInput!) {
|
||||
updateSalary(input: $salaryInput) {
|
||||
success
|
||||
employee {
|
||||
id
|
||||
name
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user