summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Trzciński <ayufan@ayufan.eu>2017-11-28 08:57:39 +0000
committerKamil Trzciński <ayufan@ayufan.eu>2017-11-28 08:57:39 +0000
commit94c5ca71b7d1c0a47f42eea21deaedcbb3979ea7 (patch)
treec281ae85125ebf9661bce63d3b97af32a4e5bfe8
parent74b503639441613799e46965d4b0c83bcd6419ba (diff)
parentf144cce8efbbfa364106446e5302a5007bd09e98 (diff)
downloadgitlab-ce-94c5ca71b7d1c0a47f42eea21deaedcbb3979ea7.tar.gz
Merge branch 'tm/feature/namespace-by-id-api' into 'master'
Add new API endpoint - get a namespace by ID Closes #40254 See merge request gitlab-org/gitlab-ce!15442
-rw-r--r--app/policies/group_policy.rb2
-rw-r--r--app/policies/namespace_policy.rb1
-rw-r--r--changelogs/unreleased/tm-feature-namespace-by-id-api.yml5
-rw-r--r--doc/api/namespaces.md52
-rw-r--r--lib/api/helpers.rb22
-rw-r--r--lib/api/namespaces.rb10
-rw-r--r--spec/lib/api/helpers_spec.rb109
-rw-r--r--spec/policies/group_policy_spec.rb13
-rw-r--r--spec/policies/namespace_policy_spec.rb38
-rw-r--r--spec/requests/api/namespaces_spec.rb123
10 files changed, 361 insertions, 14 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index 8af9738d75c..a2518bc1080 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -34,6 +34,8 @@ class GroupPolicy < BasePolicy
rule { admin } .enable :read_group
rule { has_projects } .enable :read_group
+ rule { has_access }.enable :read_namespace
+
rule { developer }.enable :admin_milestones
rule { reporter }.enable :admin_label
diff --git a/app/policies/namespace_policy.rb b/app/policies/namespace_policy.rb
index 92213f0155e..eb01218eb0a 100644
--- a/app/policies/namespace_policy.rb
+++ b/app/policies/namespace_policy.rb
@@ -8,6 +8,7 @@ class NamespacePolicy < BasePolicy
rule { owner | admin }.policy do
enable :create_projects
enable :admin_namespace
+ enable :read_namespace
end
rule { personal_project & ~can_create_personal_project }.prevent :create_projects
diff --git a/changelogs/unreleased/tm-feature-namespace-by-id-api.yml b/changelogs/unreleased/tm-feature-namespace-by-id-api.yml
new file mode 100644
index 00000000000..bc4a8949d28
--- /dev/null
+++ b/changelogs/unreleased/tm-feature-namespace-by-id-api.yml
@@ -0,0 +1,5 @@
+---
+title: Add new API endpoint - get a namespace by ID
+merge_request: 15442
+author:
+type: added
diff --git a/doc/api/namespaces.md b/doc/api/namespaces.md
index 5c0bebbaeb0..25cae5ce1f9 100644
--- a/doc/api/namespaces.md
+++ b/doc/api/namespaces.md
@@ -89,3 +89,55 @@ Example response:
}
]
```
+
+## Get namespace by ID
+
+Get a namespace by ID.
+
+```
+GET /namespaces/:id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id` | integer/string | yes | ID or path of the namespace |
+
+Example request:
+
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/namespaces/2
+```
+
+Example response:
+
+```json
+{
+ "id": 2,
+ "name": "group1",
+ "path": "group1",
+ "kind": "group",
+ "full_path": "group1",
+ "parent_id": "null",
+ "members_count_with_descendants": 2
+}
+```
+
+Example request:
+
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/namespaces/group1
+```
+
+Example response:
+
+```json
+{
+ "id": 2,
+ "name": "group1",
+ "path": "group1",
+ "kind": "group",
+ "full_path": "group1",
+ "parent_id": "null",
+ "members_count_with_descendants": 2
+}
+```
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index b26c61ab8da..686bf7a3c2b 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -50,6 +50,10 @@ module API
initial_current_user != current_user
end
+ def user_namespace
+ @user_namespace ||= find_namespace!(params[:id])
+ end
+
def user_group
@group ||= find_group!(params[:id])
end
@@ -112,6 +116,24 @@ module API
end
end
+ def find_namespace(id)
+ if id.to_s =~ /^\d+$/
+ Namespace.find_by(id: id)
+ else
+ Namespace.find_by_full_path(id)
+ end
+ end
+
+ def find_namespace!(id)
+ namespace = find_namespace(id)
+
+ if can?(current_user, :read_namespace, namespace)
+ namespace
+ else
+ not_found!('Namespace')
+ end
+ end
+
def find_project_label(id)
label = available_labels.find_by_id(id) || available_labels.find_by_title(id)
label || not_found!('Label')
diff --git a/lib/api/namespaces.rb b/lib/api/namespaces.rb
index f1eaff6b0eb..32b77aedba8 100644
--- a/lib/api/namespaces.rb
+++ b/lib/api/namespaces.rb
@@ -19,6 +19,16 @@ module API
present paginate(namespaces), with: Entities::Namespace, current_user: current_user
end
+
+ desc 'Get a namespace by ID' do
+ success Entities::Namespace
+ end
+ params do
+ requires :id, type: String, desc: "Namespace's ID or path"
+ end
+ get ':id' do
+ present user_namespace, with: Entities::Namespace, current_user: current_user
+ end
end
end
end
diff --git a/spec/lib/api/helpers_spec.rb b/spec/lib/api/helpers_spec.rb
new file mode 100644
index 00000000000..3c4deba4712
--- /dev/null
+++ b/spec/lib/api/helpers_spec.rb
@@ -0,0 +1,109 @@
+require 'spec_helper'
+
+describe API::Helpers do
+ subject { Class.new.include(described_class).new }
+
+ describe '#find_namespace' do
+ let(:namespace) { create(:namespace) }
+
+ shared_examples 'namespace finder' do
+ context 'when namespace exists' do
+ it 'returns requested namespace' do
+ expect(subject.find_namespace(existing_id)).to eq(namespace)
+ end
+ end
+
+ context "when namespace doesn't exists" do
+ it 'returns nil' do
+ expect(subject.find_namespace(non_existing_id)).to be_nil
+ end
+ end
+ end
+
+ context 'when ID is used as an argument' do
+ let(:existing_id) { namespace.id }
+ let(:non_existing_id) { 9999 }
+
+ it_behaves_like 'namespace finder'
+ end
+
+ context 'when PATH is used as an argument' do
+ let(:existing_id) { namespace.path }
+ let(:non_existing_id) { 'non-existing-path' }
+
+ it_behaves_like 'namespace finder'
+ end
+ end
+
+ shared_examples 'user namespace finder' do
+ let(:user1) { create(:user) }
+
+ before do
+ allow(subject).to receive(:current_user).and_return(user1)
+ allow(subject).to receive(:header).and_return(nil)
+ allow(subject).to receive(:not_found!).and_raise('404 Namespace not found')
+ end
+
+ context 'when namespace is group' do
+ let(:namespace) { create(:group) }
+
+ context 'when user has access to group' do
+ before do
+ namespace.add_guest(user1)
+ namespace.save!
+ end
+
+ it 'returns requested namespace' do
+ expect(namespace_finder).to eq(namespace)
+ end
+ end
+
+ context "when user doesn't have access to group" do
+ it 'raises not found error' do
+ expect { namespace_finder }.to raise_error(RuntimeError, '404 Namespace not found')
+ end
+ end
+ end
+
+ context "when namespace is user's personal namespace" do
+ let(:namespace) { create(:namespace) }
+
+ context 'when user owns the namespace' do
+ before do
+ namespace.owner = user1
+ namespace.save!
+ end
+
+ it 'returns requested namespace' do
+ expect(namespace_finder).to eq(namespace)
+ end
+ end
+
+ context "when user doesn't own the namespace" do
+ it 'raises not found error' do
+ expect { namespace_finder }.to raise_error(RuntimeError, '404 Namespace not found')
+ end
+ end
+ end
+ end
+
+ describe '#find_namespace!' do
+ let(:namespace_finder) do
+ subject.find_namespace!(namespace.id)
+ end
+
+ it_behaves_like 'user namespace finder'
+ end
+
+ describe '#user_namespace' do
+ let(:namespace_finder) do
+ subject.user_namespace
+ end
+
+ before do
+ allow(subject).to receive(:params).and_return({ id: namespace.id })
+ end
+
+ it_behaves_like 'user namespace finder'
+ end
+end
diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb
index 17dc3bb4f48..4f4e634829d 100644
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -56,6 +56,7 @@ describe GroupPolicy do
expect_disallowed(*developer_permissions)
expect_disallowed(*master_permissions)
expect_disallowed(*owner_permissions)
+ expect_disallowed(:read_namespace)
end
end
@@ -63,7 +64,7 @@ describe GroupPolicy do
let(:current_user) { guest }
it do
- expect_allowed(:read_group)
+ expect_allowed(:read_group, :read_namespace)
expect_disallowed(*reporter_permissions)
expect_disallowed(*developer_permissions)
expect_disallowed(*master_permissions)
@@ -75,7 +76,7 @@ describe GroupPolicy do
let(:current_user) { reporter }
it do
- expect_allowed(:read_group)
+ expect_allowed(:read_group, :read_namespace)
expect_allowed(*reporter_permissions)
expect_disallowed(*developer_permissions)
expect_disallowed(*master_permissions)
@@ -87,7 +88,7 @@ describe GroupPolicy do
let(:current_user) { developer }
it do
- expect_allowed(:read_group)
+ expect_allowed(:read_group, :read_namespace)
expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions)
expect_disallowed(*master_permissions)
@@ -99,7 +100,7 @@ describe GroupPolicy do
let(:current_user) { master }
it do
- expect_allowed(:read_group)
+ expect_allowed(:read_group, :read_namespace)
expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions)
expect_allowed(*master_permissions)
@@ -113,7 +114,7 @@ describe GroupPolicy do
it do
allow(Group).to receive(:supports_nested_groups?).and_return(true)
- expect_allowed(:read_group)
+ expect_allowed(:read_group, :read_namespace)
expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions)
expect_allowed(*master_permissions)
@@ -127,7 +128,7 @@ describe GroupPolicy do
it do
allow(Group).to receive(:supports_nested_groups?).and_return(true)
- expect_allowed(:read_group)
+ expect_allowed(:read_group, :read_namespace)
expect_allowed(*reporter_permissions)
expect_allowed(*developer_permissions)
expect_allowed(*master_permissions)
diff --git a/spec/policies/namespace_policy_spec.rb b/spec/policies/namespace_policy_spec.rb
index e52ff02e5f0..1fdf95ad716 100644
--- a/spec/policies/namespace_policy_spec.rb
+++ b/spec/policies/namespace_policy_spec.rb
@@ -1,20 +1,42 @@
require 'spec_helper'
describe NamespacePolicy do
- let(:current_user) { create(:user) }
- let(:namespace) { current_user.namespace }
+ let(:user) { create(:user) }
+ let(:owner) { create(:user) }
+ let(:admin) { create(:admin) }
+ let(:namespace) { create(:namespace, owner: owner) }
+
+ let(:owner_permissions) { [:create_projects, :admin_namespace, :read_namespace] }
subject { described_class.new(current_user, namespace) }
- context "create projects" do
- context "user namespace" do
- it { is_expected.to be_allowed(:create_projects) }
- end
+ context 'with no user' do
+ let(:current_user) { nil }
+
+ it { is_expected.to be_banned }
+ end
+
+ context 'regular user' do
+ let(:current_user) { user }
+
+ it { is_expected.to be_disallowed(*owner_permissions) }
+ end
+
+ context 'owner' do
+ let(:current_user) { owner }
+
+ it { is_expected.to be_allowed(*owner_permissions) }
- context "user who has exceeded project limit" do
- let(:current_user) { create(:user, projects_limit: 0) }
+ context 'user who has exceeded project limit' do
+ let(:owner) { create(:user, projects_limit: 0) }
it { is_expected.not_to be_allowed(:create_projects) }
end
end
+
+ context 'admin' do
+ let(:current_user) { admin }
+
+ it { is_expected.to be_allowed(*owner_permissions) }
+ end
end
diff --git a/spec/requests/api/namespaces_spec.rb b/spec/requests/api/namespaces_spec.rb
index e60716d46d7..98102fcd6a7 100644
--- a/spec/requests/api/namespaces_spec.rb
+++ b/spec/requests/api/namespaces_spec.rb
@@ -91,4 +91,127 @@ describe API::Namespaces do
end
end
end
+
+ describe 'GET /namespaces/:id' do
+ let(:owned_group) { group1 }
+ let(:user2) { create(:user) }
+
+ shared_examples 'can access namespace' do
+ it 'returns namespace details' do
+ get api("/namespaces/#{namespace_id}", request_actor)
+
+ expect(response).to have_gitlab_http_status(200)
+
+ expect(json_response['id']).to eq(requested_namespace.id)
+ expect(json_response['path']).to eq(requested_namespace.path)
+ expect(json_response['name']).to eq(requested_namespace.name)
+ end
+ end
+
+ shared_examples 'namespace reader' do
+ let(:requested_namespace) { owned_group }
+
+ before do
+ owned_group.add_owner(request_actor)
+ end
+
+ context 'when namespace exists' do
+ context 'when requested by ID' do
+ context 'when requesting group' do
+ let(:namespace_id) { owned_group.id }
+
+ it_behaves_like 'can access namespace'
+ end
+
+ context 'when requesting personal namespace' do
+ let(:namespace_id) { request_actor.namespace.id }
+ let(:requested_namespace) { request_actor.namespace }
+
+ it_behaves_like 'can access namespace'
+ end
+ end
+
+ context 'when requested by path' do
+ context 'when requesting group' do
+ let(:namespace_id) { owned_group.path }
+
+ it_behaves_like 'can access namespace'
+ end
+
+ context 'when requesting personal namespace' do
+ let(:namespace_id) { request_actor.namespace.path }
+ let(:requested_namespace) { request_actor.namespace }
+
+ it_behaves_like 'can access namespace'
+ end
+ end
+ end
+
+ context "when namespace doesn't exist" do
+ it 'returns not-found' do
+ get api('/namespaces/9999', request_actor)
+
+ expect(response).to have_gitlab_http_status(404)
+ end
+ end
+ end
+
+ context 'when unauthenticated' do
+ it 'returns authentication error' do
+ get api("/namespaces/#{group1.id}")
+
+ expect(response).to have_gitlab_http_status(401)
+ end
+ end
+
+ context 'when authenticated as regular user' do
+ let(:request_actor) { user }
+
+ context 'when requested namespace is not owned by user' do
+ context 'when requesting group' do
+ it 'returns not-found' do
+ get api("/namespaces/#{group2.id}", request_actor)
+
+ expect(response).to have_gitlab_http_status(404)
+ end
+ end
+
+ context 'when requesting personal namespace' do
+ it 'returns not-found' do
+ get api("/namespaces/#{user2.namespace.id}", request_actor)
+
+ expect(response).to have_gitlab_http_status(404)
+ end
+ end
+ end
+
+ context 'when requested namespace is owned by user' do
+ it_behaves_like 'namespace reader'
+ end
+ end
+
+ context 'when authenticated as admin' do
+ let(:request_actor) { admin }
+
+ context 'when requested namespace is not owned by user' do
+ context 'when requesting group' do
+ let(:namespace_id) { group2.id }
+ let(:requested_namespace) { group2 }
+
+ it_behaves_like 'can access namespace'
+ end
+
+ context 'when requesting personal namespace' do
+ let(:namespace_id) { user2.namespace.id }
+ let(:requested_namespace) { user2.namespace }
+
+ it_behaves_like 'can access namespace'
+ end
+ end
+
+ context 'when requested namespace is owned by user' do
+ it_behaves_like 'namespace reader'
+ end
+ end
+ end
end