diff options
| author | Stan Hu <stanhu@gmail.com> | 2017-06-21 09:43:58 -0700 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2017-06-21 09:43:58 -0700 |
| commit | 0f943c941bf0c7abc0358598f4a323b031bcca80 (patch) | |
| tree | 7dd8ea3484252d469368498846c2c2b7f7500af4 /spec/requests/api | |
| parent | 74fbc694de9a9cfe8a048c3c8d937f8e7068ce21 (diff) | |
| parent | 043f8c260f49bb14f1c40ec563179c12c3df7828 (diff) | |
| download | gitlab-ce-0f943c941bf0c7abc0358598f4a323b031bcca80.tar.gz | |
Merge branch 'master' into sh-headless-chrome-support
Diffstat (limited to 'spec/requests/api')
| -rw-r--r-- | spec/requests/api/deploy_keys_spec.rb | 10 | ||||
| -rw-r--r-- | spec/requests/api/files_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/groups_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/internal_spec.rb | 62 | ||||
| -rw-r--r-- | spec/requests/api/merge_requests_spec.rb | 30 | ||||
| -rw-r--r-- | spec/requests/api/notes_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/project_snippets_spec.rb | 32 | ||||
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 36 | ||||
| -rw-r--r-- | spec/requests/api/runner_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/snippets_spec.rb | 32 | ||||
| -rw-r--r-- | spec/requests/api/users_spec.rb | 51 | ||||
| -rw-r--r-- | spec/requests/api/v3/files_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/v3/groups_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/v3/merge_requests_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/v3/notes_spec.rb | 4 | ||||
| -rw-r--r-- | spec/requests/api/v3/project_snippets_spec.rb | 32 | ||||
| -rw-r--r-- | spec/requests/api/v3/projects_spec.rb | 32 | ||||
| -rw-r--r-- | spec/requests/api/v3/snippets_spec.rb | 12 | ||||
| -rw-r--r-- | spec/requests/api/v3/users_spec.rb | 32 |
19 files changed, 265 insertions, 128 deletions
diff --git a/spec/requests/api/deploy_keys_spec.rb b/spec/requests/api/deploy_keys_spec.rb index 9c260f88f56..32439981b60 100644 --- a/spec/requests/api/deploy_keys_spec.rb +++ b/spec/requests/api/deploy_keys_spec.rb @@ -160,6 +160,16 @@ describe API::DeployKeys do expect(json_response['title']).to eq('new title') expect(json_response['can_push']).to eq(true) end + + it 'updates a private ssh key from projects user has access with correct attributes' do + create(:deploy_keys_project, project: project2, deploy_key: private_deploy_key) + + put api("/projects/#{project.id}/deploy_keys/#{private_deploy_key.id}", admin), { title: 'new title', can_push: true } + + expect(json_response['id']).to eq(private_deploy_key.id) + expect(json_response['title']).to eq('new title') + expect(json_response['can_push']).to eq(true) + end end describe 'DELETE /projects/:id/deploy_keys/:key_id' do diff --git a/spec/requests/api/files_spec.rb b/spec/requests/api/files_spec.rb index c5ec8be4f21..9e268adf950 100644 --- a/spec/requests/api/files_spec.rb +++ b/spec/requests/api/files_spec.rb @@ -205,8 +205,8 @@ describe API::Files do end it "returns a 400 if editor fails to create file" do - allow_any_instance_of(Repository).to receive(:create_file). - and_raise(Repository::CommitError, 'Cannot create file') + allow_any_instance_of(Repository).to receive(:create_file) + .and_raise(Repository::CommitError, 'Cannot create file') post api(route("any%2Etxt"), user), valid_params diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index bb53796cbd7..656f098aea8 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -513,8 +513,8 @@ describe API::Groups do let(:project_path) { project.full_path.gsub('/', '%2F') } before(:each) do - allow_any_instance_of(Projects::TransferService). - to receive(:execute).and_return(true) + allow_any_instance_of(Projects::TransferService) + .to receive(:execute).and_return(true) end context "when authenticated as user" do diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb index 86e15d896df..6deaea956e0 100644 --- a/spec/requests/api/internal_spec.rb +++ b/spec/requests/api/internal_spec.rb @@ -321,8 +321,6 @@ describe API::Internal do end context "archived project" do - let(:personal_project) { create(:empty_project, namespace: user.namespace) } - before do project.team << [user, :developer] project.archive! @@ -445,6 +443,42 @@ describe API::Internal do expect(json_response['status']).to be_truthy end end + + context 'the project path was changed' do + let!(:old_path_to_repo) { project.repository.path_to_repo } + let!(:old_full_path) { project.full_path } + let(:project_moved_message) do + <<-MSG.strip_heredoc + Project '#{old_full_path}' was moved to '#{project.full_path}'. + + Please update your Git remote and try again: + + git remote set-url origin #{project.ssh_url_to_repo} + MSG + end + + before do + project.team << [user, :developer] + project.path = 'new_path' + project.save! + end + + it 'rejects the push' do + push_with_path(key, old_path_to_repo) + + expect(response).to have_http_status(200) + expect(json_response['status']).to be_falsey + expect(json_response['message']).to eq(project_moved_message) + end + + it 'rejects the SSH pull' do + pull_with_path(key, old_path_to_repo) + + expect(response).to have_http_status(200) + expect(json_response['status']).to be_falsey + expect(json_response['message']).to eq(project_moved_message) + end + end end describe 'GET /internal/merge_request_urls' do @@ -587,6 +621,17 @@ describe API::Internal do ) end + def pull_with_path(key, path_to_repo, protocol = 'ssh') + post( + api("/internal/allowed"), + key_id: key.id, + project: path_to_repo, + action: 'git-upload-pack', + secret_token: secret_token, + protocol: protocol + ) + end + def push(key, project, protocol = 'ssh', env: nil) post( api("/internal/allowed"), @@ -600,6 +645,19 @@ describe API::Internal do ) end + def push_with_path(key, path_to_repo, protocol = 'ssh', env: nil) + post( + api("/internal/allowed"), + changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master', + key_id: key.id, + project: path_to_repo, + action: 'git-receive-pack', + secret_token: secret_token, + protocol: protocol, + env: env + ) + end + def archive(key, project) post( api("/internal/allowed"), diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb index 16e5efb2f5b..4d0bd67c571 100644 --- a/spec/requests/api/merge_requests_spec.rb +++ b/spec/requests/api/merge_requests_spec.rb @@ -334,14 +334,13 @@ describe API::MergeRequests do target_branch: 'master', author: user, labels: 'label, label2', - milestone_id: milestone.id, - remove_source_branch: true + milestone_id: milestone.id expect(response).to have_http_status(201) expect(json_response['title']).to eq('Test merge_request') expect(json_response['labels']).to eq(%w(label label2)) expect(json_response['milestone']['id']).to eq(milestone.id) - expect(json_response['force_remove_source_branch']).to be_truthy + expect(json_response['force_remove_source_branch']).to be_falsy end it "returns 422 when source_branch equals target_branch" do @@ -404,6 +403,27 @@ describe API::MergeRequests do expect(response).to have_http_status(409) end end + + context 'accepts remove_source_branch parameter' do + let(:params) do + { title: 'Test merge_request', + source_branch: 'markdown', + target_branch: 'master', + author: user } + end + + it 'sets force_remove_source_branch to false' do + post api("/projects/#{project.id}/merge_requests", user), params.merge(remove_source_branch: false) + + expect(json_response['force_remove_source_branch']).to be_falsy + end + + it 'sets force_remove_source_branch to true' do + post api("/projects/#{project.id}/merge_requests", user), params.merge(remove_source_branch: true) + + expect(json_response['force_remove_source_branch']).to be_truthy + end + end end context 'forked projects' do @@ -540,8 +560,8 @@ describe API::MergeRequests do end it "returns 406 if branch can't be merged" do - allow_any_instance_of(MergeRequest). - to receive(:can_be_merged?).and_return(false) + allow_any_instance_of(MergeRequest) + .to receive(:can_be_merged?).and_return(false) put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/merge", user) diff --git a/spec/requests/api/notes_spec.rb b/spec/requests/api/notes_spec.rb index 03f2b5950ee..4701ad585c9 100644 --- a/spec/requests/api/notes_spec.rb +++ b/spec/requests/api/notes_spec.rb @@ -13,8 +13,8 @@ describe API::Notes do # For testing the cross-reference of a private issue in a public issue let(:private_user) { create(:user) } let(:private_project) do - create(:empty_project, namespace: private_user.namespace). - tap { |p| p.team << [private_user, :master] } + create(:empty_project, namespace: private_user.namespace) + .tap { |p| p.team << [private_user, :master] } end let(:private_issue) { create(:issue, project: private_project) } diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb index 4d4631322b1..518639f45a2 100644 --- a/spec/requests/api/project_snippets_spec.rb +++ b/spec/requests/api/project_snippets_spec.rb @@ -102,23 +102,23 @@ describe API::ProjectSnippets do context 'when the snippet is private' do it 'creates the snippet' do - expect { create_snippet(project, visibility: 'private') }. - to change { Snippet.count }.by(1) + expect { create_snippet(project, visibility: 'private') } + .to change { Snippet.count }.by(1) end end context 'when the snippet is public' do it 'rejects the snippet' do - expect { create_snippet(project, visibility: 'public') }. - not_to change { Snippet.count } + expect { create_snippet(project, visibility: 'public') } + .not_to change { Snippet.count } expect(response).to have_http_status(400) expect(json_response['message']).to eq({ "error" => "Spam detected" }) end it 'creates a spam log' do - expect { create_snippet(project, visibility: 'public') }. - to change { SpamLog.count }.by(1) + expect { create_snippet(project, visibility: 'public') } + .to change { SpamLog.count }.by(1) end end end @@ -166,8 +166,8 @@ describe API::ProjectSnippets do let(:visibility_level) { Snippet::PRIVATE } it 'creates the snippet' do - expect { update_snippet(title: 'Foo') }. - to change { snippet.reload.title }.to('Foo') + expect { update_snippet(title: 'Foo') } + .to change { snippet.reload.title }.to('Foo') end end @@ -175,13 +175,13 @@ describe API::ProjectSnippets do let(:visibility_level) { Snippet::PUBLIC } it 'rejects the snippet' do - expect { update_snippet(title: 'Foo') }. - not_to change { snippet.reload.title } + expect { update_snippet(title: 'Foo') } + .not_to change { snippet.reload.title } end it 'creates a spam log' do - expect { update_snippet(title: 'Foo') }. - to change { SpamLog.count }.by(1) + expect { update_snippet(title: 'Foo') } + .to change { SpamLog.count }.by(1) end end @@ -189,16 +189,16 @@ describe API::ProjectSnippets do let(:visibility_level) { Snippet::PRIVATE } it 'rejects the snippet' do - expect { update_snippet(title: 'Foo', visibility: 'public') }. - not_to change { snippet.reload.title } + expect { update_snippet(title: 'Foo', visibility: 'public') } + .not_to change { snippet.reload.title } expect(response).to have_http_status(400) expect(json_response['message']).to eq({ "error" => "Spam detected" }) end it 'creates a spam log' do - expect { update_snippet(title: 'Foo', visibility: 'public') }. - to change { SpamLog.count }.by(1) + expect { update_snippet(title: 'Foo', visibility: 'public') } + .to change { SpamLog.count }.by(1) end end end diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index d92262a4c99..fd7ff0b9cff 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -288,15 +288,15 @@ describe API::Projects do context 'maximum number of projects reached' do it 'does not create new project and respond with 403' do allow_any_instance_of(User).to receive(:projects_limit_left).and_return(0) - expect { post api('/projects', user2), name: 'foo' }. - to change {Project.count}.by(0) + expect { post api('/projects', user2), name: 'foo' } + .to change {Project.count}.by(0) expect(response).to have_http_status(403) end end it 'creates new project without path but with name and returns 201' do - expect { post api('/projects', user), name: 'Foo Project' }. - to change { Project.count }.by(1) + expect { post api('/projects', user), name: 'Foo Project' } + .to change { Project.count }.by(1) expect(response).to have_http_status(201) project = Project.first @@ -306,8 +306,8 @@ describe API::Projects do end it 'creates new project without name but with path and returns 201' do - expect { post api('/projects', user), path: 'foo_project' }. - to change { Project.count }.by(1) + expect { post api('/projects', user), path: 'foo_project' } + .to change { Project.count }.by(1) expect(response).to have_http_status(201) project = Project.first @@ -317,8 +317,8 @@ describe API::Projects do end it 'creates new project with name and path and returns 201' do - expect { post api('/projects', user), path: 'path-project-Foo', name: 'Foo Project' }. - to change { Project.count }.by(1) + expect { post api('/projects', user), path: 'path-project-Foo', name: 'Foo Project' } + .to change { Project.count }.by(1) expect(response).to have_http_status(201) project = Project.first @@ -491,8 +491,8 @@ describe API::Projects do end it 'creates new project with name and path and returns 201' do - expect { post api("/projects/user/#{user.id}", admin), path: 'path-project-Foo', name: 'Foo Project' }. - to change { Project.count }.by(1) + expect { post api("/projects/user/#{user.id}", admin), path: 'path-project-Foo', name: 'Foo Project' } + .to change { Project.count }.by(1) expect(response).to have_http_status(201) project = Project.first @@ -502,8 +502,8 @@ describe API::Projects do end it 'responds with 400 on failure and not project' do - expect { post api("/projects/user/#{user.id}", admin) }. - not_to change { Project.count } + expect { post api("/projects/user/#{user.id}", admin) } + .not_to change { Project.count } expect(response).to have_http_status(400) expect(json_response['error']).to eq('name is missing') @@ -740,8 +740,8 @@ describe API::Projects do get api("/projects", user) expect(response).to have_http_status(200) - expect(json_response.first['permissions']['project_access']['access_level']). - to eq(Gitlab::Access::MASTER) + expect(json_response.first['permissions']['project_access']['access_level']) + .to eq(Gitlab::Access::MASTER) expect(json_response.first['permissions']['group_access']).to be_nil end end @@ -752,8 +752,8 @@ describe API::Projects do get api("/projects/#{project.id}", user) expect(response).to have_http_status(200) - expect(json_response['permissions']['project_access']['access_level']). - to eq(Gitlab::Access::MASTER) + expect(json_response['permissions']['project_access']['access_level']) + .to eq(Gitlab::Access::MASTER) expect(json_response['permissions']['group_access']).to be_nil end end @@ -770,8 +770,8 @@ describe API::Projects do expect(response).to have_http_status(200) expect(json_response['permissions']['project_access']).to be_nil - expect(json_response['permissions']['group_access']['access_level']). - to eq(Gitlab::Access::OWNER) + expect(json_response['permissions']['group_access']['access_level']) + .to eq(Gitlab::Access::OWNER) end end end diff --git a/spec/requests/api/runner_spec.rb b/spec/requests/api/runner_spec.rb index d554c242916..339a57a1f20 100644 --- a/spec/requests/api/runner_spec.rb +++ b/spec/requests/api/runner_spec.rb @@ -414,8 +414,8 @@ describe API::Runner do context 'when concurrently updating a job' do before do - expect_any_instance_of(Ci::Build).to receive(:run!). - and_raise(ActiveRecord::StaleObjectError.new(nil, nil)) + expect_any_instance_of(Ci::Build).to receive(:run!) + .and_raise(ActiveRecord::StaleObjectError.new(nil, nil)) end it 'returns a conflict' do diff --git a/spec/requests/api/snippets_spec.rb b/spec/requests/api/snippets_spec.rb index 8741cbd4e80..b20a187acfe 100644 --- a/spec/requests/api/snippets_spec.rb +++ b/spec/requests/api/snippets_spec.rb @@ -142,23 +142,23 @@ describe API::Snippets do context 'when the snippet is private' do it 'creates the snippet' do - expect { create_snippet(visibility: 'private') }. - to change { Snippet.count }.by(1) + expect { create_snippet(visibility: 'private') } + .to change { Snippet.count }.by(1) end end context 'when the snippet is public' do it 'rejects the shippet' do - expect { create_snippet(visibility: 'public') }. - not_to change { Snippet.count } + expect { create_snippet(visibility: 'public') } + .not_to change { Snippet.count } expect(response).to have_http_status(400) expect(json_response['message']).to eq({ "error" => "Spam detected" }) end it 'creates a spam log' do - expect { create_snippet(visibility: 'public') }. - to change { SpamLog.count }.by(1) + expect { create_snippet(visibility: 'public') } + .to change { SpamLog.count }.by(1) end end end @@ -216,8 +216,8 @@ describe API::Snippets do let(:visibility_level) { Snippet::PRIVATE } it 'updates the snippet' do - expect { update_snippet(title: 'Foo') }. - to change { snippet.reload.title }.to('Foo') + expect { update_snippet(title: 'Foo') } + .to change { snippet.reload.title }.to('Foo') end end @@ -225,16 +225,16 @@ describe API::Snippets do let(:visibility_level) { Snippet::PUBLIC } it 'rejects the shippet' do - expect { update_snippet(title: 'Foo') }. - not_to change { snippet.reload.title } + expect { update_snippet(title: 'Foo') } + .not_to change { snippet.reload.title } expect(response).to have_http_status(400) expect(json_response['message']).to eq({ "error" => "Spam detected" }) end it 'creates a spam log' do - expect { update_snippet(title: 'Foo') }. - to change { SpamLog.count }.by(1) + expect { update_snippet(title: 'Foo') } + .to change { SpamLog.count }.by(1) end end @@ -242,13 +242,13 @@ describe API::Snippets do let(:visibility_level) { Snippet::PRIVATE } it 'rejects the snippet' do - expect { update_snippet(title: 'Foo', visibility: 'public') }. - not_to change { snippet.reload.title } + expect { update_snippet(title: 'Foo', visibility: 'public') } + .not_to change { snippet.reload.title } end it 'creates a spam log' do - expect { update_snippet(title: 'Foo', visibility: 'public') }. - to change { SpamLog.count }.by(1) + expect { update_snippet(title: 'Foo', visibility: 'public') } + .to change { SpamLog.count }.by(1) end end end diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index 9dc4b6972a6..18000d91795 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -11,7 +11,7 @@ describe API::Users do let(:not_existing_user_id) { (User.maximum('id') || 0 ) + 10 } let(:not_existing_pat_id) { (PersonalAccessToken.maximum('id') || 0 ) + 10 } - describe "GET /users" do + describe 'GET /users' do context "when unauthenticated" do it "returns authentication error" do get api("/users") @@ -76,6 +76,12 @@ describe API::Users do expect(response).to have_http_status(403) end + + it 'does not reveal the `is_admin` flag of the user' do + get api('/users', user) + + expect(json_response.first.keys).not_to include 'is_admin' + end end context "when admin" do @@ -92,6 +98,7 @@ describe API::Users do expect(json_response.first.keys).to include 'two_factor_enabled' expect(json_response.first.keys).to include 'last_sign_in_at' expect(json_response.first.keys).to include 'confirmed_at' + expect(json_response.first.keys).to include 'is_admin' end it "returns an array of external users" do @@ -282,14 +289,14 @@ describe API::Users do bio: 'g' * 256, projects_limit: -1 expect(response).to have_http_status(400) - expect(json_response['message']['password']). - to eq(['is too short (minimum is 8 characters)']) - expect(json_response['message']['bio']). - to eq(['is too long (maximum is 255 characters)']) - expect(json_response['message']['projects_limit']). - to eq(['must be greater than or equal to 0']) - expect(json_response['message']['username']). - to eq([Gitlab::PathRegex.namespace_format_message]) + expect(json_response['message']['password']) + .to eq(['is too short (minimum is 8 characters)']) + expect(json_response['message']['bio']) + .to eq(['is too long (maximum is 255 characters)']) + expect(json_response['message']['projects_limit']) + .to eq(['must be greater than or equal to 0']) + expect(json_response['message']['username']) + .to eq([Gitlab::PathRegex.namespace_format_message]) end it "is not available for non admin users" do @@ -377,6 +384,16 @@ describe API::Users do expect(user.reload.organization).to eq('GitLab') end + it 'updates user with avatar' do + put api("/users/#{user.id}", admin), { avatar: fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') } + + user.reload + + expect(user.avatar).to be_present + expect(response).to have_http_status(200) + expect(json_response['avatar_url']).to include(user.avatar_path) + end + it 'updates user with his own email' do put api("/users/#{user.id}", admin), email: user.email expect(response).to have_http_status(200) @@ -461,14 +478,14 @@ describe API::Users do bio: 'g' * 256, projects_limit: -1 expect(response).to have_http_status(400) - expect(json_response['message']['password']). - to eq(['is too short (minimum is 8 characters)']) - expect(json_response['message']['bio']). - to eq(['is too long (maximum is 255 characters)']) - expect(json_response['message']['projects_limit']). - to eq(['must be greater than or equal to 0']) - expect(json_response['message']['username']). - to eq([Gitlab::PathRegex.namespace_format_message]) + expect(json_response['message']['password']) + .to eq(['is too short (minimum is 8 characters)']) + expect(json_response['message']['bio']) + .to eq(['is too long (maximum is 255 characters)']) + expect(json_response['message']['projects_limit']) + .to eq(['must be greater than or equal to 0']) + expect(json_response['message']['username']) + .to eq([Gitlab::PathRegex.namespace_format_message]) end it 'returns 400 if provider is missing for identity update' do diff --git a/spec/requests/api/v3/files_spec.rb b/spec/requests/api/v3/files_spec.rb index 378ca1720ff..8b2d165c763 100644 --- a/spec/requests/api/v3/files_spec.rb +++ b/spec/requests/api/v3/files_spec.rb @@ -126,8 +126,8 @@ describe API::V3::Files do end it "returns a 400 if editor fails to create file" do - allow_any_instance_of(Repository).to receive(:create_file). - and_raise(Repository::CommitError, 'Cannot create file') + allow_any_instance_of(Repository).to receive(:create_file) + .and_raise(Repository::CommitError, 'Cannot create file') post v3_api("/projects/#{project.id}/repository/files", user), valid_params diff --git a/spec/requests/api/v3/groups_spec.rb b/spec/requests/api/v3/groups_spec.rb index 98e8c954909..63c5707b2e4 100644 --- a/spec/requests/api/v3/groups_spec.rb +++ b/spec/requests/api/v3/groups_spec.rb @@ -505,8 +505,8 @@ describe API::V3::Groups do let(:project_path) { "#{project.namespace.path}%2F#{project.path}" } before(:each) do - allow_any_instance_of(Projects::TransferService). - to receive(:execute).and_return(true) + allow_any_instance_of(Projects::TransferService) + .to receive(:execute).and_return(true) end context "when authenticated as user" do diff --git a/spec/requests/api/v3/merge_requests_spec.rb b/spec/requests/api/v3/merge_requests_spec.rb index f6ff96be566..4f9e63f2ace 100644 --- a/spec/requests/api/v3/merge_requests_spec.rb +++ b/spec/requests/api/v3/merge_requests_spec.rb @@ -432,8 +432,8 @@ describe API::MergeRequests do end it "returns 406 if branch can't be merged" do - allow_any_instance_of(MergeRequest). - to receive(:can_be_merged?).and_return(false) + allow_any_instance_of(MergeRequest) + .to receive(:can_be_merged?).and_return(false) put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user) diff --git a/spec/requests/api/v3/notes_spec.rb b/spec/requests/api/v3/notes_spec.rb index 2bae4a60931..b5f98a9a545 100644 --- a/spec/requests/api/v3/notes_spec.rb +++ b/spec/requests/api/v3/notes_spec.rb @@ -13,8 +13,8 @@ describe API::V3::Notes do # For testing the cross-reference of a private issue in a public issue let(:private_user) { create(:user) } let(:private_project) do - create(:empty_project, namespace: private_user.namespace). - tap { |p| p.team << [private_user, :master] } + create(:empty_project, namespace: private_user.namespace) + .tap { |p| p.team << [private_user, :master] } end let(:private_issue) { create(:issue, project: private_project) } diff --git a/spec/requests/api/v3/project_snippets_spec.rb b/spec/requests/api/v3/project_snippets_spec.rb index 365e7365fda..1950c64c690 100644 --- a/spec/requests/api/v3/project_snippets_spec.rb +++ b/spec/requests/api/v3/project_snippets_spec.rb @@ -85,23 +85,23 @@ describe API::ProjectSnippets do context 'when the snippet is private' do it 'creates the snippet' do - expect { create_snippet(project, visibility_level: Snippet::PRIVATE) }. - to change { Snippet.count }.by(1) + expect { create_snippet(project, visibility_level: Snippet::PRIVATE) } + .to change { Snippet.count }.by(1) end end context 'when the snippet is public' do it 'rejects the shippet' do - expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }. - not_to change { Snippet.count } + expect { create_snippet(project, visibility_level: Snippet::PUBLIC) } + .not_to change { Snippet.count } expect(response).to have_http_status(400) expect(json_response['message']).to eq({ "error" => "Spam detected" }) end it 'creates a spam log' do - expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }. - to change { SpamLog.count }.by(1) + expect { create_snippet(project, visibility_level: Snippet::PUBLIC) } + .to change { SpamLog.count }.by(1) end end end @@ -147,8 +147,8 @@ describe API::ProjectSnippets do let(:visibility_level) { Snippet::PRIVATE } it 'creates the snippet' do - expect { update_snippet(title: 'Foo') }. - to change { snippet.reload.title }.to('Foo') + expect { update_snippet(title: 'Foo') } + .to change { snippet.reload.title }.to('Foo') end end @@ -156,13 +156,13 @@ describe API::ProjectSnippets do let(:visibility_level) { Snippet::PUBLIC } it 'rejects the snippet' do - expect { update_snippet(title: 'Foo') }. - not_to change { snippet.reload.title } + expect { update_snippet(title: 'Foo') } + .not_to change { snippet.reload.title } end it 'creates a spam log' do - expect { update_snippet(title: 'Foo') }. - to change { SpamLog.count }.by(1) + expect { update_snippet(title: 'Foo') } + .to change { SpamLog.count }.by(1) end end @@ -170,16 +170,16 @@ describe API::ProjectSnippets do let(:visibility_level) { Snippet::PRIVATE } it 'rejects the snippet' do - expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }. - not_to change { snippet.reload.title } + expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) } + .not_to change { snippet.reload.title } expect(response).to have_http_status(400) expect(json_response['message']).to eq({ "error" => "Spam detected" }) end it 'creates a spam log' do - expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }. - to change { SpamLog.count }.by(1) + expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) } + .to change { SpamLog.count }.by(1) end end end diff --git a/spec/requests/api/v3/projects_spec.rb b/spec/requests/api/v3/projects_spec.rb index 47cca4275af..af4b6f92b64 100644 --- a/spec/requests/api/v3/projects_spec.rb +++ b/spec/requests/api/v3/projects_spec.rb @@ -301,15 +301,15 @@ describe API::V3::Projects do context 'maximum number of projects reached' do it 'does not create new project and respond with 403' do allow_any_instance_of(User).to receive(:projects_limit_left).and_return(0) - expect { post v3_api('/projects', user2), name: 'foo' }. - to change {Project.count}.by(0) + expect { post v3_api('/projects', user2), name: 'foo' } + .to change {Project.count}.by(0) expect(response).to have_http_status(403) end end it 'creates new project without path but with name and returns 201' do - expect { post v3_api('/projects', user), name: 'Foo Project' }. - to change { Project.count }.by(1) + expect { post v3_api('/projects', user), name: 'Foo Project' } + .to change { Project.count }.by(1) expect(response).to have_http_status(201) project = Project.first @@ -319,8 +319,8 @@ describe API::V3::Projects do end it 'creates new project without name but with path and returns 201' do - expect { post v3_api('/projects', user), path: 'foo_project' }. - to change { Project.count }.by(1) + expect { post v3_api('/projects', user), path: 'foo_project' } + .to change { Project.count }.by(1) expect(response).to have_http_status(201) project = Project.first @@ -330,8 +330,8 @@ describe API::V3::Projects do end it 'creates new project name and path and returns 201' do - expect { post v3_api('/projects', user), path: 'foo-Project', name: 'Foo Project' }. - to change { Project.count }.by(1) + expect { post v3_api('/projects', user), path: 'foo-Project', name: 'Foo Project' } + .to change { Project.count }.by(1) expect(response).to have_http_status(201) project = Project.first @@ -489,8 +489,8 @@ describe API::V3::Projects do end it 'responds with 400 on failure and not project' do - expect { post v3_api("/projects/user/#{user.id}", admin) }. - not_to change { Project.count } + expect { post v3_api("/projects/user/#{user.id}", admin) } + .not_to change { Project.count } expect(response).to have_http_status(400) expect(json_response['error']).to eq('name is missing') @@ -716,8 +716,8 @@ describe API::V3::Projects do get v3_api("/projects", user) expect(response).to have_http_status(200) - expect(json_response.first['permissions']['project_access']['access_level']). - to eq(Gitlab::Access::MASTER) + expect(json_response.first['permissions']['project_access']['access_level']) + .to eq(Gitlab::Access::MASTER) expect(json_response.first['permissions']['group_access']).to be_nil end end @@ -728,8 +728,8 @@ describe API::V3::Projects do get v3_api("/projects/#{project.id}", user) expect(response).to have_http_status(200) - expect(json_response['permissions']['project_access']['access_level']). - to eq(Gitlab::Access::MASTER) + expect(json_response['permissions']['project_access']['access_level']) + .to eq(Gitlab::Access::MASTER) expect(json_response['permissions']['group_access']).to be_nil end end @@ -744,8 +744,8 @@ describe API::V3::Projects do expect(response).to have_http_status(200) expect(json_response['permissions']['project_access']).to be_nil - expect(json_response['permissions']['group_access']['access_level']). - to eq(Gitlab::Access::OWNER) + expect(json_response['permissions']['group_access']['access_level']) + .to eq(Gitlab::Access::OWNER) end end end diff --git a/spec/requests/api/v3/snippets_spec.rb b/spec/requests/api/v3/snippets_spec.rb index 4f02b7b1a54..1bc2258ebd3 100644 --- a/spec/requests/api/v3/snippets_spec.rb +++ b/spec/requests/api/v3/snippets_spec.rb @@ -112,21 +112,21 @@ describe API::V3::Snippets do context 'when the snippet is private' do it 'creates the snippet' do - expect { create_snippet(visibility_level: Snippet::PRIVATE) }. - to change { Snippet.count }.by(1) + expect { create_snippet(visibility_level: Snippet::PRIVATE) } + .to change { Snippet.count }.by(1) end end context 'when the snippet is public' do it 'rejects the shippet' do - expect { create_snippet(visibility_level: Snippet::PUBLIC) }. - not_to change { Snippet.count } + expect { create_snippet(visibility_level: Snippet::PUBLIC) } + .not_to change { Snippet.count } expect(response).to have_http_status(400) end it 'creates a spam log' do - expect { create_snippet(visibility_level: Snippet::PUBLIC) }. - to change { SpamLog.count }.by(1) + expect { create_snippet(visibility_level: Snippet::PUBLIC) } + .to change { SpamLog.count }.by(1) end end end diff --git a/spec/requests/api/v3/users_spec.rb b/spec/requests/api/v3/users_spec.rb index e9c57f7c6c3..6d7401f9764 100644 --- a/spec/requests/api/v3/users_spec.rb +++ b/spec/requests/api/v3/users_spec.rb @@ -7,6 +7,38 @@ describe API::V3::Users do let(:email) { create(:email, user: user) } let(:ldap_blocked_user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') } + describe 'GET /users' do + context 'when authenticated' do + it 'returns an array of users' do + get v3_api('/users', user) + + expect(response).to have_http_status(200) + expect(response).to include_pagination_headers + expect(json_response).to be_an Array + username = user.username + expect(json_response.detect do |user| + user['username'] == username + end['username']).to eq(username) + end + end + + context 'when authenticated as user' do + it 'does not reveal the `is_admin` flag of the user' do + get v3_api('/users', user) + + expect(json_response.first.keys).not_to include 'is_admin' + end + end + + context 'when authenticated as admin' do + it 'reveals the `is_admin` flag of the user' do + get v3_api('/users', admin) + + expect(json_response.first.keys).to include 'is_admin' + end + end + end + describe 'GET /user/:id/keys' do before { admin } |