From 576fa8a3bc97169f24fd5264dc4f4114027308c6 Mon Sep 17 00:00:00 2001
From: Tyler McGoffin <jtmcg@github.com>
Date: Thu, 2 Jan 2025 22:29:45 -0800
Subject: [PATCH] Add test for permissions check for security and analysis
 edits (#1)

---
 pkg/cmd/repo/edit/edit.go      |  2 +-
 pkg/cmd/repo/edit/edit_test.go | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/pkg/cmd/repo/edit/edit.go b/pkg/cmd/repo/edit/edit.go
index cacc9420d..daa700cfb 100644
--- a/pkg/cmd/repo/edit/edit.go
+++ b/pkg/cmd/repo/edit/edit.go
@@ -252,7 +252,7 @@ func editRun(ctx context.Context, opts *EditOptions) error {
 		}
 	}
 
-	if hasSecurityEdits(opts.Edits) {
+	if opts.Edits.SecurityAndAnalysis != nil {
 		apiClient := api.NewClientFromHTTP(opts.HTTPClient)
 		repo, err := api.FetchRepository(apiClient, opts.Repository, []string{"viewerCanAdminister"})
 		if err != nil {
diff --git a/pkg/cmd/repo/edit/edit_test.go b/pkg/cmd/repo/edit/edit_test.go
index 93b256465..868e300fa 100644
--- a/pkg/cmd/repo/edit/edit_test.go
+++ b/pkg/cmd/repo/edit/edit_test.go
@@ -220,6 +220,10 @@ func Test_editRun(t *testing.T) {
 				},
 			},
 			httpStubs: func(t *testing.T, r *httpmock.Registry) {
+				r.Register(
+					httpmock.GraphQL(`query RepositoryInfo\b`),
+					httpmock.StringResponse(`{"data": { "repository": { "viewerCanAdminister": true } } }`))
+
 				r.Register(
 					httpmock.REST("PATCH", "repos/OWNER/REPO"),
 					httpmock.RESTPayload(200, `{}`, func(payload map[string]interface{}) {
@@ -231,6 +235,31 @@ func Test_editRun(t *testing.T) {
 					}))
 			},
 		},
+		{
+			name: "does not have sufficient permissions for security edits",
+			opts: EditOptions{
+				Repository: ghrepo.NewWithHost("OWNER", "REPO", "github.com"),
+				Edits: EditRepositoryInput{
+					SecurityAndAnalysis: &SecurityAndAnalysisInput{
+						EnableAdvancedSecurity: &SecurityAndAnalysisStatus{
+							Status: sp("enabled"),
+						},
+						EnableSecretScanning: &SecurityAndAnalysisStatus{
+							Status: sp("enabled"),
+						},
+						EnableSecretScanningPushProtection: &SecurityAndAnalysisStatus{
+							Status: sp("disabled"),
+						},
+					},
+				},
+			},
+			httpStubs: func(t *testing.T, r *httpmock.Registry) {
+				r.Register(
+					httpmock.GraphQL(`query RepositoryInfo\b`),
+					httpmock.StringResponse(`{"data": { "repository": { "viewerCanAdminister": false } } }`))
+			},
+			wantsErr: "you do not have sufficient permissions to edit repository security and analysis features",
+		},
 	}
 
 	for _, tt := range tests {