diff options
author | Kamil Trzciński <ayufan@ayufan.eu> | 2017-11-28 08:57:39 +0000 |
---|---|---|
committer | Kamil Trzciński <ayufan@ayufan.eu> | 2017-11-28 08:57:39 +0000 |
commit | 94c5ca71b7d1c0a47f42eea21deaedcbb3979ea7 (patch) | |
tree | c281ae85125ebf9661bce63d3b97af32a4e5bfe8 | |
parent | 74b503639441613799e46965d4b0c83bcd6419ba (diff) | |
parent | f144cce8efbbfa364106446e5302a5007bd09e98 (diff) | |
download | gitlab-ce-94c5ca71b7d1c0a47f42eea21deaedcbb3979ea7.tar.gz |
Merge branch 'tm/feature/namespace-by-id-api' into 'master'
Add new API endpoint - get a namespace by ID
Closes #40254
See merge request gitlab-org/gitlab-ce!15442
-rw-r--r-- | app/policies/group_policy.rb | 2 | ||||
-rw-r--r-- | app/policies/namespace_policy.rb | 1 | ||||
-rw-r--r-- | changelogs/unreleased/tm-feature-namespace-by-id-api.yml | 5 | ||||
-rw-r--r-- | doc/api/namespaces.md | 52 | ||||
-rw-r--r-- | lib/api/helpers.rb | 22 | ||||
-rw-r--r-- | lib/api/namespaces.rb | 10 | ||||
-rw-r--r-- | spec/lib/api/helpers_spec.rb | 109 | ||||
-rw-r--r-- | spec/policies/group_policy_spec.rb | 13 | ||||
-rw-r--r-- | spec/policies/namespace_policy_spec.rb | 38 | ||||
-rw-r--r-- | spec/requests/api/namespaces_spec.rb | 123 |
10 files changed, 361 insertions, 14 deletions
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb index 8af9738d75c..a2518bc1080 100644 --- a/app/policies/group_policy.rb +++ b/app/policies/group_policy.rb @@ -34,6 +34,8 @@ class GroupPolicy < BasePolicy rule { admin } .enable :read_group rule { has_projects } .enable :read_group + rule { has_access }.enable :read_namespace + rule { developer }.enable :admin_milestones rule { reporter }.enable :admin_label diff --git a/app/policies/namespace_policy.rb b/app/policies/namespace_policy.rb index 92213f0155e..eb01218eb0a 100644 --- a/app/policies/namespace_policy.rb +++ b/app/policies/namespace_policy.rb @@ -8,6 +8,7 @@ class NamespacePolicy < BasePolicy rule { owner | admin }.policy do enable :create_projects enable :admin_namespace + enable :read_namespace end rule { personal_project & ~can_create_personal_project }.prevent :create_projects diff --git a/changelogs/unreleased/tm-feature-namespace-by-id-api.yml b/changelogs/unreleased/tm-feature-namespace-by-id-api.yml new file mode 100644 index 00000000000..bc4a8949d28 --- /dev/null +++ b/changelogs/unreleased/tm-feature-namespace-by-id-api.yml @@ -0,0 +1,5 @@ +--- +title: Add new API endpoint - get a namespace by ID +merge_request: 15442 +author: +type: added diff --git a/doc/api/namespaces.md b/doc/api/namespaces.md index 5c0bebbaeb0..25cae5ce1f9 100644 --- a/doc/api/namespaces.md +++ b/doc/api/namespaces.md @@ -89,3 +89,55 @@ Example response: } ] ``` + +## Get namespace by ID + +Get a namespace by ID. + +``` +GET /namespaces/:id +``` + +| Attribute | Type | Required | Description | +| --------- | ---- | -------- | ----------- | +| `id` | integer/string | yes | ID or path of the namespace | + +Example request: + +```bash +curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/namespaces/2 +``` + +Example response: + +```json +{ + "id": 2, + "name": "group1", + "path": "group1", + "kind": "group", + "full_path": "group1", + "parent_id": "null", + "members_count_with_descendants": 2 +} +``` + +Example request: + +```bash +curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/namespaces/group1 +``` + +Example response: + +```json +{ + "id": 2, + "name": "group1", + "path": "group1", + "kind": "group", + "full_path": "group1", + "parent_id": "null", + "members_count_with_descendants": 2 +} +``` diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index b26c61ab8da..686bf7a3c2b 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -50,6 +50,10 @@ module API initial_current_user != current_user end + def user_namespace + @user_namespace ||= find_namespace!(params[:id]) + end + def user_group @group ||= find_group!(params[:id]) end @@ -112,6 +116,24 @@ module API end end + def find_namespace(id) + if id.to_s =~ /^\d+$/ + Namespace.find_by(id: id) + else + Namespace.find_by_full_path(id) + end + end + + def find_namespace!(id) + namespace = find_namespace(id) + + if can?(current_user, :read_namespace, namespace) + namespace + else + not_found!('Namespace') + end + end + def find_project_label(id) label = available_labels.find_by_id(id) || available_labels.find_by_title(id) label || not_found!('Label') diff --git a/lib/api/namespaces.rb b/lib/api/namespaces.rb index f1eaff6b0eb..32b77aedba8 100644 --- a/lib/api/namespaces.rb +++ b/lib/api/namespaces.rb @@ -19,6 +19,16 @@ module API present paginate(namespaces), with: Entities::Namespace, current_user: current_user end + + desc 'Get a namespace by ID' do + success Entities::Namespace + end + params do + requires :id, type: String, desc: "Namespace's ID or path" + end + get ':id' do + present user_namespace, with: Entities::Namespace, current_user: current_user + end end end end diff --git a/spec/lib/api/helpers_spec.rb b/spec/lib/api/helpers_spec.rb new file mode 100644 index 00000000000..3c4deba4712 --- /dev/null +++ b/spec/lib/api/helpers_spec.rb @@ -0,0 +1,109 @@ +require 'spec_helper' + +describe API::Helpers do + subject { Class.new.include(described_class).new } + + describe '#find_namespace' do + let(:namespace) { create(:namespace) } + + shared_examples 'namespace finder' do + context 'when namespace exists' do + it 'returns requested namespace' do + expect(subject.find_namespace(existing_id)).to eq(namespace) + end + end + + context "when namespace doesn't exists" do + it 'returns nil' do + expect(subject.find_namespace(non_existing_id)).to be_nil + end + end + end + + context 'when ID is used as an argument' do + let(:existing_id) { namespace.id } + let(:non_existing_id) { 9999 } + + it_behaves_like 'namespace finder' + end + + context 'when PATH is used as an argument' do + let(:existing_id) { namespace.path } + let(:non_existing_id) { 'non-existing-path' } + + it_behaves_like 'namespace finder' + end + end + + shared_examples 'user namespace finder' do + let(:user1) { create(:user) } + + before do + allow(subject).to receive(:current_user).and_return(user1) + allow(subject).to receive(:header).and_return(nil) + allow(subject).to receive(:not_found!).and_raise('404 Namespace not found') + end + + context 'when namespace is group' do + let(:namespace) { create(:group) } + + context 'when user has access to group' do + before do + namespace.add_guest(user1) + namespace.save! + end + + it 'returns requested namespace' do + expect(namespace_finder).to eq(namespace) + end + end + + context "when user doesn't have access to group" do + it 'raises not found error' do + expect { namespace_finder }.to raise_error(RuntimeError, '404 Namespace not found') + end + end + end + + context "when namespace is user's personal namespace" do + let(:namespace) { create(:namespace) } + + context 'when user owns the namespace' do + before do + namespace.owner = user1 + namespace.save! + end + + it 'returns requested namespace' do + expect(namespace_finder).to eq(namespace) + end + end + + context "when user doesn't own the namespace" do + it 'raises not found error' do + expect { namespace_finder }.to raise_error(RuntimeError, '404 Namespace not found') + end + end + end + end + + describe '#find_namespace!' do + let(:namespace_finder) do + subject.find_namespace!(namespace.id) + end + + it_behaves_like 'user namespace finder' + end + + describe '#user_namespace' do + let(:namespace_finder) do + subject.user_namespace + end + + before do + allow(subject).to receive(:params).and_return({ id: namespace.id }) + end + + it_behaves_like 'user namespace finder' + end +end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb index 17dc3bb4f48..4f4e634829d 100644 --- a/spec/policies/group_policy_spec.rb +++ b/spec/policies/group_policy_spec.rb @@ -56,6 +56,7 @@ describe GroupPolicy do expect_disallowed(*developer_permissions) expect_disallowed(*master_permissions) expect_disallowed(*owner_permissions) + expect_disallowed(:read_namespace) end end @@ -63,7 +64,7 @@ describe GroupPolicy do let(:current_user) { guest } it do - expect_allowed(:read_group) + expect_allowed(:read_group, :read_namespace) expect_disallowed(*reporter_permissions) expect_disallowed(*developer_permissions) expect_disallowed(*master_permissions) @@ -75,7 +76,7 @@ describe GroupPolicy do let(:current_user) { reporter } it do - expect_allowed(:read_group) + expect_allowed(:read_group, :read_namespace) expect_allowed(*reporter_permissions) expect_disallowed(*developer_permissions) expect_disallowed(*master_permissions) @@ -87,7 +88,7 @@ describe GroupPolicy do let(:current_user) { developer } it do - expect_allowed(:read_group) + expect_allowed(:read_group, :read_namespace) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) expect_disallowed(*master_permissions) @@ -99,7 +100,7 @@ describe GroupPolicy do let(:current_user) { master } it do - expect_allowed(:read_group) + expect_allowed(:read_group, :read_namespace) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) expect_allowed(*master_permissions) @@ -113,7 +114,7 @@ describe GroupPolicy do it do allow(Group).to receive(:supports_nested_groups?).and_return(true) - expect_allowed(:read_group) + expect_allowed(:read_group, :read_namespace) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) expect_allowed(*master_permissions) @@ -127,7 +128,7 @@ describe GroupPolicy do it do allow(Group).to receive(:supports_nested_groups?).and_return(true) - expect_allowed(:read_group) + expect_allowed(:read_group, :read_namespace) expect_allowed(*reporter_permissions) expect_allowed(*developer_permissions) expect_allowed(*master_permissions) diff --git a/spec/policies/namespace_policy_spec.rb b/spec/policies/namespace_policy_spec.rb index e52ff02e5f0..1fdf95ad716 100644 --- a/spec/policies/namespace_policy_spec.rb +++ b/spec/policies/namespace_policy_spec.rb @@ -1,20 +1,42 @@ require 'spec_helper' describe NamespacePolicy do - let(:current_user) { create(:user) } - let(:namespace) { current_user.namespace } + let(:user) { create(:user) } + let(:owner) { create(:user) } + let(:admin) { create(:admin) } + let(:namespace) { create(:namespace, owner: owner) } + + let(:owner_permissions) { [:create_projects, :admin_namespace, :read_namespace] } subject { described_class.new(current_user, namespace) } - context "create projects" do - context "user namespace" do - it { is_expected.to be_allowed(:create_projects) } - end + context 'with no user' do + let(:current_user) { nil } + + it { is_expected.to be_banned } + end + + context 'regular user' do + let(:current_user) { user } + + it { is_expected.to be_disallowed(*owner_permissions) } + end + + context 'owner' do + let(:current_user) { owner } + + it { is_expected.to be_allowed(*owner_permissions) } - context "user who has exceeded project limit" do - let(:current_user) { create(:user, projects_limit: 0) } + context 'user who has exceeded project limit' do + let(:owner) { create(:user, projects_limit: 0) } it { is_expected.not_to be_allowed(:create_projects) } end end + + context 'admin' do + let(:current_user) { admin } + + it { is_expected.to be_allowed(*owner_permissions) } + end end diff --git a/spec/requests/api/namespaces_spec.rb b/spec/requests/api/namespaces_spec.rb index e60716d46d7..98102fcd6a7 100644 --- a/spec/requests/api/namespaces_spec.rb +++ b/spec/requests/api/namespaces_spec.rb @@ -91,4 +91,127 @@ describe API::Namespaces do end end end + + describe 'GET /namespaces/:id' do + let(:owned_group) { group1 } + let(:user2) { create(:user) } + + shared_examples 'can access namespace' do + it 'returns namespace details' do + get api("/namespaces/#{namespace_id}", request_actor) + + expect(response).to have_gitlab_http_status(200) + + expect(json_response['id']).to eq(requested_namespace.id) + expect(json_response['path']).to eq(requested_namespace.path) + expect(json_response['name']).to eq(requested_namespace.name) + end + end + + shared_examples 'namespace reader' do + let(:requested_namespace) { owned_group } + + before do + owned_group.add_owner(request_actor) + end + + context 'when namespace exists' do + context 'when requested by ID' do + context 'when requesting group' do + let(:namespace_id) { owned_group.id } + + it_behaves_like 'can access namespace' + end + + context 'when requesting personal namespace' do + let(:namespace_id) { request_actor.namespace.id } + let(:requested_namespace) { request_actor.namespace } + + it_behaves_like 'can access namespace' + end + end + + context 'when requested by path' do + context 'when requesting group' do + let(:namespace_id) { owned_group.path } + + it_behaves_like 'can access namespace' + end + + context 'when requesting personal namespace' do + let(:namespace_id) { request_actor.namespace.path } + let(:requested_namespace) { request_actor.namespace } + + it_behaves_like 'can access namespace' + end + end + end + + context "when namespace doesn't exist" do + it 'returns not-found' do + get api('/namespaces/9999', request_actor) + + expect(response).to have_gitlab_http_status(404) + end + end + end + + context 'when unauthenticated' do + it 'returns authentication error' do + get api("/namespaces/#{group1.id}") + + expect(response).to have_gitlab_http_status(401) + end + end + + context 'when authenticated as regular user' do + let(:request_actor) { user } + + context 'when requested namespace is not owned by user' do + context 'when requesting group' do + it 'returns not-found' do + get api("/namespaces/#{group2.id}", request_actor) + + expect(response).to have_gitlab_http_status(404) + end + end + + context 'when requesting personal namespace' do + it 'returns not-found' do + get api("/namespaces/#{user2.namespace.id}", request_actor) + + expect(response).to have_gitlab_http_status(404) + end + end + end + + context 'when requested namespace is owned by user' do + it_behaves_like 'namespace reader' + end + end + + context 'when authenticated as admin' do + let(:request_actor) { admin } + + context 'when requested namespace is not owned by user' do + context 'when requesting group' do + let(:namespace_id) { group2.id } + let(:requested_namespace) { group2 } + + it_behaves_like 'can access namespace' + end + + context 'when requesting personal namespace' do + let(:namespace_id) { user2.namespace.id } + let(:requested_namespace) { user2.namespace } + + it_behaves_like 'can access namespace' + end + end + + context 'when requested namespace is owned by user' do + it_behaves_like 'namespace reader' + end + end + end end |