Merge branch '52559-applications-api-get-delete' into 'master'

Add Applications API endpoints for listing and deleting entries.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/52559

See merge request https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22296

1 files changed, 63 insertions, 7 deletions

diff --git a/spec/requests/api/applications_spec.rb b/spec/requests/api/applications_spec.rb
index f56bc932f40..270e12bf201 100644
--- a/spec/requests/api/applications_spec.rb
+++ b/spec/requests/api/applications_spec.rb
@@ -5,6 +5,7 @@ describe API::Applications, :api do
 
   let(:admin_user) { create(:user, admin: true) }
   let(:user) { create(:user, admin: false) }
+  let!(:application) { create(:application, name: 'another_application', redirect_uri: 'http://other_application.url', scopes: '') }
 
   describe 'POST /applications' do
     context 'authenticated and authorized user' do
@@ -15,7 +16,7 @@ describe API::Applications, :api do
 
         application = Doorkeeper::Application.find_by(name: 'application_name', redirect_uri: 'http://application.url')
 
-        expect(response).to have_http_status 201
+        expect(response).to have_gitlab_http_status(201)
         expect(json_response).to be_a Hash
         expect(json_response['application_id']).to eq application.uid
         expect(json_response['secret']).to eq application.secret
@@ -27,7 +28,7 @@ describe API::Applications, :api do
           post api('/applications', admin_user), name: 'application_name', redirect_uri: 'wrong_url_format', scopes: ''
         end.not_to change { Doorkeeper::Application.count }
 
-        expect(response).to have_http_status 400
+        expect(response).to have_gitlab_http_status(400)
         expect(json_response).to be_a Hash
         expect(json_response['message']['redirect_uri'][0]).to eq('must be an absolute URI.')
       end
@@ -37,7 +38,7 @@ describe API::Applications, :api do
           post api('/applications', admin_user), redirect_uri: 'http://application.url', scopes: ''
         end.not_to change { Doorkeeper::Application.count }
 
-        expect(response).to have_http_status 400
+        expect(response).to have_gitlab_http_status(400)
         expect(json_response).to be_a Hash
         expect(json_response['error']).to eq('name is missing')
       end
@@ -47,7 +48,7 @@ describe API::Applications, :api do
           post api('/applications', admin_user), name: 'application_name', scopes: ''
         end.not_to change { Doorkeeper::Application.count }
 
-        expect(response).to have_http_status 400
+        expect(response).to have_gitlab_http_status(400)
         expect(json_response).to be_a Hash
         expect(json_response['error']).to eq('redirect_uri is missing')
       end
@@ -57,7 +58,7 @@ describe API::Applications, :api do
           post api('/applications', admin_user), name: 'application_name', redirect_uri: 'http://application.url'
         end.not_to change { Doorkeeper::Application.count }
 
-        expect(response).to have_http_status 400
+        expect(response).to have_gitlab_http_status(400)
         expect(json_response).to be_a Hash
         expect(json_response['error']).to eq('scopes is missing')
       end
@@ -69,7 +70,7 @@ describe API::Applications, :api do
           post api('/applications', user), name: 'application_name', redirect_uri: 'http://application.url', scopes: ''
         end.not_to change { Doorkeeper::Application.count }
 
-        expect(response).to have_http_status 403
+        expect(response).to have_gitlab_http_status(403)
       end
     end
 
@@ -79,7 +80,62 @@ describe API::Applications, :api do
           post api('/applications'), name: 'application_name', redirect_uri: 'http://application.url'
         end.not_to change { Doorkeeper::Application.count }
 
-        expect(response).to have_http_status 401
+        expect(response).to have_gitlab_http_status(401)
+      end
+    end
+  end
+
+  describe 'GET /applications' do
+    context 'authenticated and authorized user' do
+      it 'can list application' do
+        get api('/applications', admin_user)
+
+        expect(response).to have_gitlab_http_status(200)
+        expect(json_response).to be_a(Array)
+      end
+    end
+
+    context 'authorized user without authorization' do
+      it 'cannot list application' do
+        get api('/applications', user)
+
+        expect(response).to have_gitlab_http_status(403)
+      end
+    end
+
+    context 'non-authenticated user' do
+      it 'cannot list application' do
+        get api('/applications')
+
+        expect(response).to have_gitlab_http_status(401)
+      end
+    end
+  end
+
+  describe 'DELETE /applications/:id' do
+    context 'authenticated and authorized user' do
+      it 'can delete an application' do
+        expect do
+          delete api("/applications/#{application.id}", admin_user)
+        end.to change { Doorkeeper::Application.count }.by(-1)
+
+        expect(response).to have_gitlab_http_status(204)
+      end
+    end
+
+    context 'authorized user without authorization' do
+      it 'cannot delete an application' do
+        delete api("/applications/#{application.id}", user)
+
+        expect(response).to have_gitlab_http_status(403)
+      end
+    end
+
+    context 'non-authenticated user' do
+      it 'cannot delete an application' do
+        delete api("/applications/#{application.id}")
+
+        expect(response).to have_gitlab_http_status(401)
       end
     end
   end