Use custom resolver for createProject mutation (#3372)

This PR re-implements the `createProject` mutation with a custom
resolver which is backed up by the `ProjectService`. This ensures that
there's a single source of truth about what it means to create a project
and associated records. I also moved the relevant tests to a dedicated
file, to bring this in line with the rest of the mutations. I plan to
change the return signature in CDash 5.0 to align this mutation with the
rest of the mutations.

Author: williamjallen

app/GraphQL/Mutations/CreateProject.php

@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\GraphQL\Mutations;
+
+use App\Models\Project;
+use App\Services\ProjectService;
+use Illuminate\Support\Facades\Gate;
+
+class CreateProject
+{
+    /**
+     * @param array<string,mixed> $args
+     */
+    public function __invoke(null $_, array $args): Project
+    {
+        Gate::authorize('create', Project::class);
+        return ProjectService::create($args);
+    }
+}

app/cdash/tests/CMakeLists.txt

@@ -320,6 +320,8 @@ add_feature_test(/Feature/Mail/AuthTokenExpiringTest)
 
 add_feature_test(/Feature/Mail/AuthTokenExpiredTest)
 
+add_feature_test(/Feature/GraphQL/Mutations/CreateProjectTest)
+
 add_feature_test(/Feature/GraphQL/Mutations/UpdateSiteDescriptionTest)
 
 add_feature_test(/Feature/GraphQL/Mutations/InviteToProjectTest)

graphql/schema.graphql

@@ -64,8 +64,9 @@ type Query {
 
 
 type Mutation {
+  # TODO: Change the return type to be a payload type instead of a project
   "Create a new project."
-  createProject(input: CreateProjectInput! @spread): Project @create @canModel(ability: "create")
+  createProject(input: CreateProjectInput! @spread): Project @field(resolver: "CreateProject")
 
   "Subscribe the current user to the specified site."
   claimSite(input: ClaimSiteInput! @spread): ClaimSiteMutationPayload! @field(resolver: "ClaimSite")

tests/Feature/GraphQL/Mutations/CreateProjectTest.php

@@ -0,0 +1,350 @@
+<?php
+
+namespace Tests\Feature\GraphQL\Mutations;
+
+use App\Models\Project;
+use App\Models\User;
+use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Str;
+use PHPUnit\Framework\Attributes\DataProvider;
+use Tests\TestCase;
+use Tests\Traits\CreatesUsers;
+
+class CreateProjectTest extends TestCase
+{
+    use CreatesUsers;
+
+    /**
+     * @var array<Project>
+     */
+    private array $projects = [];
+
+    /**
+     * @var array<User>
+     */
+    private array $users = [];
+
+    protected function tearDown(): void
+    {
+        foreach ($this->projects as $project) {
+            $project->delete();
+        }
+        $this->projects = [];
+
+        foreach ($this->users as $user) {
+            $user->delete();
+        }
+        $this->users = [];
+
+        parent::tearDown();
+    }
+
+    public function testCreateProjectNoUser(): void
+    {
+        $name = 'test-project' . Str::uuid();
+        $this->graphQL('
+            mutation CreateProject($input: CreateProjectInput!) {
+                createProject(input: $input) {
+                    id
+                    name
+                }
+            }
+        ', [
+            'input' => [
+                'name' => $name,
+                'description' => 'test',
+                'homeUrl' => 'https://cdash.org',
+                'visibility' => 'PUBLIC',
+                'authenticateSubmissions' => false,
+            ],
+        ])->assertGraphQLErrorMessage('This action is unauthorized.');
+
+        // A final check to ensure this project wasn't created anyway
+        $this->assertDatabaseMissing(Project::class, [
+            'name' => $name,
+        ]);
+    }
+
+    public function testCreateProjectUnauthorizedUser(): void
+    {
+        $this->users['normal'] = $this->makeNormalUser();
+
+        $name = 'test-project' . Str::uuid();
+        $this->actingAs($this->users['normal'])->graphQL('
+            mutation CreateProject($input: CreateProjectInput!) {
+                createProject(input: $input) {
+                    id
+                    name
+                }
+            }
+        ', [
+            'input' => [
+                'name' => $name,
+                'description' => 'test',
+                'homeUrl' => 'https://cdash.org',
+                'visibility' => 'PUBLIC',
+                'authenticateSubmissions' => false,
+            ],
+        ])->assertGraphQLErrorMessage('This action is unauthorized.');
+
+        // A final check to ensure this project wasn't created anyway
+        $this->assertDatabaseMissing(Project::class, [
+            'name' => $name,
+        ]);
+    }
+
+    public function testCreateProjectUserCreateProjectNoUser(): void
+    {
+        Config::set('cdash.user_create_projects', true);
+
+        $name = 'test-project' . Str::uuid();
+        $this->graphQL('
+            mutation CreateProject($input: CreateProjectInput!) {
+                createProject(input: $input) {
+                    id
+                    name
+                }
+            }
+        ', [
+            'input' => [
+                'name' => $name,
+                'description' => 'test',
+                'homeUrl' => 'https://cdash.org',
+                'visibility' => 'PUBLIC',
+                'authenticateSubmissions' => false,
+            ],
+        ])->assertGraphQLErrorMessage('This action is unauthorized.');
+
+        // A final check to ensure this project wasn't created anyway
+        $this->assertDatabaseMissing(Project::class, [
+            'name' => $name,
+        ]);
+    }
+
+    public function testCreateProjectUserCreateProject(): void
+    {
+        Config::set('cdash.user_create_projects', true);
+
+        $this->users['normal'] = $this->makeNormalUser();
+
+        $name = 'test-project' . Str::uuid();
+        $response = $this->actingAs($this->users['normal'])->graphQL('
+            mutation CreateProject($input: CreateProjectInput!) {
+                createProject(input: $input) {
+                    id
+                    name
+                }
+            }
+        ', [
+            'input' => [
+                'name' => $name,
+                'description' => 'test',
+                'homeUrl' => 'https://cdash.org',
+                'visibility' => 'PUBLIC',
+                'authenticateSubmissions' => false,
+            ],
+        ]);
+
+        $project = Project::where('name', $name)->firstOrFail();
+        $this->projects[] = $project;
+
+        $response->assertExactJson([
+            'data' => [
+                'createProject' => [
+                    'id' => (string) $project->id,
+                    'name' => $name,
+                ],
+            ],
+        ]);
+
+        $project->delete();
+    }
+
+    public function testCreateProjectAdmin(): void
+    {
+        $this->users['admin'] = $this->makeAdminUser();
+
+        $name = 'test-project' . Str::uuid();
+        $response = $this->actingAs($this->users['admin'])->graphQL('
+            mutation CreateProject($input: CreateProjectInput!) {
+                createProject(input: $input) {
+                    id
+                    name
+                }
+            }
+        ', [
+            'input' => [
+                'name' => $name,
+                'description' => 'test',
+                'homeUrl' => 'https://cdash.org',
+                'visibility' => 'PUBLIC',
+                'authenticateSubmissions' => false,
+            ],
+        ]);
+
+        $project = Project::where('name', $name)->firstOrFail();
+        $this->projects[] = $project;
+
+        $response->assertExactJson([
+            'data' => [
+                'createProject' => [
+                    'id' => (string) $project->id,
+                    'name' => $name,
+                ],
+            ],
+        ]);
+
+        $project->delete();
+    }
+
+    /**
+     * @return array{
+     *     array{
+     *         string,
+     *         string,
+     *         string,
+     *         bool
+     *     }
+     * }
+     */
+    public static function createProjectVisibilityRules(): array
+    {
+        return [
+            ['normal', 'PUBLIC', 'PUBLIC',  true],
+            ['normal', 'PROTECTED', 'PUBLIC', true],
+            ['normal', 'PRIVATE', 'PUBLIC', true],
+            ['normal', 'PUBLIC', 'PROTECTED', false],
+            ['normal', 'PROTECTED', 'PROTECTED', true],
+            ['normal', 'PRIVATE', 'PROTECTED', true],
+            ['normal', 'PUBLIC', 'PRIVATE', false],
+            ['normal', 'PROTECTED', 'PRIVATE', false],
+            ['normal', 'PRIVATE', 'PRIVATE', true],
+            ['admin', 'PUBLIC', 'PUBLIC', true],
+            ['admin', 'PROTECTED', 'PUBLIC', true],
+            ['admin', 'PRIVATE', 'PUBLIC', true],
+            ['admin', 'PUBLIC', 'PROTECTED', true],
+            ['admin', 'PROTECTED', 'PROTECTED', true],
+            ['admin', 'PRIVATE', 'PROTECTED', true],
+            ['admin', 'PUBLIC', 'PRIVATE', true],
+            ['admin', 'PROTECTED', 'PRIVATE',  true],
+            ['admin', 'PRIVATE', 'PRIVATE',  true],
+        ];
+    }
+
+    #[DataProvider('createProjectVisibilityRules')]
+    public function testCreateProjectMaxVisibility(string $user, string $visibility, string $max_visibility, bool $can_create): void
+    {
+        Config::set('cdash.user_create_projects', true);
+        Config::set('cdash.max_project_visibility', $max_visibility);
+
+        $this->users['normal'] = $this->makeNormalUser();
+        $this->users['admin'] = $this->makeAdminUser();
+
+        $name = 'test-project' . Str::uuid();
+        $response = $this->actingAs($this->users[$user])->graphQL('
+            mutation CreateProject($input: CreateProjectInput!) {
+                createProject(input: $input) {
+                    visibility
+                }
+            }
+        ', [
+            'input' => [
+                'name' => $name,
+                'description' => 'test',
+                'homeUrl' => 'https://cdash.org',
+                'visibility' => $visibility,
+                'authenticateSubmissions' => false,
+            ],
+        ]);
+
+        if ($can_create) {
+            $this->projects[] = Project::where('name', $name)->firstOrFail();
+            $response->assertExactJson([
+                'data' => [
+                    'createProject' => [
+                        'visibility' => $visibility,
+                    ],
+                ],
+            ]);
+        } else {
+            // A final check to ensure this project wasn't created anyway
+            $this->assertDatabaseMissing(Project::class, [
+                'name' => $name,
+            ]);
+            $response->assertGraphQLErrorMessage('Validation failed for the field [createProject].');
+        }
+    }
+
+    /**
+     * @return array{
+     *     array{
+     *         string,
+     *         bool,
+     *         bool,
+     *         bool
+     *     }
+     * }
+     */
+    public static function authenticatedSubmissionRules(): array
+    {
+        return [
+            ['normal', false, false,  true],
+            ['normal', true, false,  true],
+            ['normal', false, true,  false],
+            ['normal', true, true,  true],
+            // Instance admins can set any value
+            ['admin', false, false,  true],
+            ['admin', true, false,  true],
+            ['admin', false, true,  true],
+            ['admin', true, true,  true],
+        ];
+    }
+
+    #[DataProvider('authenticatedSubmissionRules')]
+    public function testRequireAuthenticatedSubmissions(
+        string $user,
+        bool $use_authenticated_submits,
+        bool $require_authenticated_submissions,
+        bool $result,
+    ): void {
+        Config::set('cdash.user_create_projects', true);
+        Config::set('cdash.require_authenticated_submissions', $require_authenticated_submissions);
+
+        $this->users['normal'] = $this->makeNormalUser();
+        $this->users['admin'] = $this->makeAdminUser();
+
+        $name = 'test-project' . Str::uuid();
+        $response = $this->actingAs($this->users[$user])->graphQL('
+            mutation CreateProject($input: CreateProjectInput!) {
+                createProject(input: $input) {
+                    authenticateSubmissions
+                }
+            }
+        ', [
+            'input' => [
+                'name' => $name,
+                'description' => 'test',
+                'homeUrl' => 'https://cdash.org',
+                'visibility' => 'PUBLIC',
+                'authenticateSubmissions' => $use_authenticated_submits,
+            ],
+        ]);
+
+        if ($result) {
+            $this->projects[] = Project::where('name', $name)->firstOrFail();
+            $response->assertExactJson([
+                'data' => [
+                    'createProject' => [
+                        'authenticateSubmissions' => $use_authenticated_submits,
+                    ],
+                ],
+            ]);
+        } else {
+            // A final check to ensure this project wasn't created anyway
+            $this->assertDatabaseMissing(Project::class, [
+                'name' => $name,
+            ]);
+            $response->assertGraphQLErrorMessage('Validation failed for the field [createProject].');
+        }
+    }
+}