diff options
| author | Stan Hu <stanhu@gmail.com> | 2015-08-26 23:36:17 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2016-01-03 15:08:44 -0800 |
| commit | 086cfc8685a6489ca032899307c77f828f515fbb (patch) | |
| tree | 0e7e750f129c6604749160a3220d889e586f3236 | |
| parent | bfb3c8d936eaafc33b00f7a1fb7644e3330ffabf (diff) | |
| download | gitlab-ce-086cfc8685a6489ca032899307c77f828f515fbb.tar.gz | |
Fix API project lookups when querying with a namespace with dots
Attempting to use the /projects/:id API by specifying :id in
"namespace/project" format would always result in a 404 if the namespace
contained a dot.
The reason? From http://guides.rubyonrails.org/routing.html#specifying-constraints:
"By default the :id parameter doesn't accept dots - this is because the dot is
used as a separator for formatted routes. If you need to use a dot within an
:id add a constraint which overrides this - for example id: /[^\/]+/ allows
anything except a slash."
Closes https://github.com/gitlabhq/gitlabhq/issues/9573
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | lib/api/projects.rb | 2 | ||||
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 9 |
3 files changed, 11 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG index 2b7d5808e7e..e651aece696 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -13,6 +13,7 @@ v 8.4.0 (unreleased) - Revert back upvote and downvote button to the issue and MR pages - Swap position of Assignee and Author selector on Issuables (Zeger-Jan van de Weg) - Fix version check image in Safari + - Fix API project lookups when querying with a namespace with dots (Stan Hu) v 8.3.3 (unreleased) - Fix project transfer e-mail sending incorrect paths in e-mail notification (Stan Hu) diff --git a/lib/api/projects.rb b/lib/api/projects.rb index a9e0960872a..0781236cf6d 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -3,7 +3,7 @@ module API class Projects < Grape::API before { authenticate! } - resource :projects do + resource :projects, requirements: { id: /[^\/]+/ } do helpers do def map_public_to_visibility_level(attrs) publik = attrs.delete(:public) diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 7f0f9454b10..ab2530859ea 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -382,6 +382,15 @@ describe API::API, api: true do expect(response.status).to eq(404) end + it 'should handle users with dots' do + dot_user = create(:user, username: 'dot.user') + project = create(:project, creator_id: dot_user.id, namespace: dot_user.namespace) + + get api("/projects/#{dot_user.namespace.name}%2F#{project.path}", dot_user) + expect(response.status).to eq(200) + expect(json_response['name']).to eq(project.name) + end + describe 'permissions' do context 'all projects' do it 'Contains permission information' do |