Merge branch 'snippet-spam' into 'master'

Snippet spam Closes #26276 See merge request !8911
author: Rémy Coutable <remy@rymai.me> 2017-02-02 16:29:04 +0000
committer: Rémy Coutable <remy@rymai.me> 2017-02-02 16:29:04 +0000
commit: 29a2843c229ab5c8be4884e63f062a134eb04bef (patch)
tree: 773d1f02d1652005e93c457a17dddfe91f3cb32f /spec/requests
parent: ee59a64b2035622b02760d5ab928ea59a35cd45f (diff)
parent: 34918d94c011e8f81bd962d43d67fe8bd9f21e3e (diff)
download: gitlab-ce-29a2843c229ab5c8be4884e63f062a134eb04bef.tar.gz
2 files changed, 79 insertions, 3 deletions
diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb
index 01032c0929b..45d5ae267c5 100644
--- a/spec/requests/api/project_snippets_spec.rb
+++ b/spec/requests/api/project_snippets_spec.rb
@@ -4,6 +4,7 @@ describe API::ProjectSnippets, api: true do
   include ApiHelpers
 
   let(:project) { create(:empty_project, :public) }
+  let(:user) { create(:user) }
   let(:admin) { create(:admin) }
 
   describe 'GET /projects/:project_id/snippets/:id' do
@@ -22,7 +23,7 @@ describe API::ProjectSnippets, api: true do
     let(:user) { create(:user) }
 
     it 'returns all snippets available to team member' do
-      project.team << [user, :developer]
+      project.add_developer(user)
       public_snippet = create(:project_snippet, :public, project: project)
       internal_snippet = create(:project_snippet, :internal, project: project)
       private_snippet = create(:project_snippet, :private, project: project)
@@ -50,7 +51,7 @@ describe API::ProjectSnippets, api: true do
         title: 'Test Title',
         file_name: 'test.rb',
         code: 'puts "hello world"',
-        visibility_level: Gitlab::VisibilityLevel::PUBLIC
+        visibility_level: Snippet::PUBLIC
       }
     end
 
@@ -72,6 +73,51 @@ describe API::ProjectSnippets, api: true do
 
       expect(response).to have_http_status(400)
     end
+
+    context 'when the snippet is spam' do
+      def create_snippet(project, snippet_params = {})
+        project.add_developer(user)
+
+        post api("/projects/#{project.id}/snippets", user), params.merge(snippet_params)
+      end
+
+      before do
+        allow_any_instance_of(AkismetService).to receive(:is_spam?).and_return(true)
+      end
+
+      context 'when the project is private' do
+        let(:private_project) { create(:project_empty_repo, :private) }
+
+        context 'when the snippet is public' do
+          it 'creates the snippet' do
+            expect { create_snippet(private_project, visibility_level: Snippet::PUBLIC) }.
+              to change { Snippet.count }.by(1)
+          end
+        end
+      end
+
+      context 'when the project is public' do
+        context 'when the snippet is private' do
+          it 'creates the snippet' do
+            expect { create_snippet(project, visibility_level: Snippet::PRIVATE) }.
+              to change { Snippet.count }.by(1)
+          end
+        end
+
+        context 'when the snippet is public' do
+          it 'rejects the shippet' do
+            expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
+              not_to change { Snippet.count }
+            expect(response).to have_http_status(400)
+          end
+
+          it 'creates a spam log' do
+            expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
+              to change { SpamLog.count }.by(1)
+          end
+        end
+      end
+    end
   end
 
   describe 'PUT /projects/:project_id/snippets/:id/' do
diff --git a/spec/requests/api/snippets_spec.rb b/spec/requests/api/snippets_spec.rb
index f6fb6ea5506..6b9a739b439 100644
--- a/spec/requests/api/snippets_spec.rb
+++ b/spec/requests/api/snippets_spec.rb
@@ -80,7 +80,7 @@ describe API::Snippets, api: true do
         title: 'Test Title',
         file_name: 'test.rb',
         content: 'puts "hello world"',
-        visibility_level: Gitlab::VisibilityLevel::PUBLIC
+        visibility_level: Snippet::PUBLIC
       }
     end
 
@@ -101,6 +101,36 @@ describe API::Snippets, api: true do
 
       expect(response).to have_http_status(400)
     end
+
+    context 'when the snippet is spam' do
+      def create_snippet(snippet_params = {})
+        post api('/snippets', user), params.merge(snippet_params)
+      end
+
+      before do
+        allow_any_instance_of(AkismetService).to receive(:is_spam?).and_return(true)
+      end
+
+      context 'when the snippet is private' do
+        it 'creates the snippet' do
+          expect { create_snippet(visibility_level: Snippet::PRIVATE) }.
+            to change { Snippet.count }.by(1)
+        end
+      end
+
+      context 'when the snippet is public' do
+        it 'rejects the shippet' do
+          expect { create_snippet(visibility_level: Snippet::PUBLIC) }.
+            not_to change { Snippet.count }
+          expect(response).to have_http_status(400)
+        end
+
+        it 'creates a spam log' do
+          expect { create_snippet(visibility_level: Snippet::PUBLIC) }.
+            to change { SpamLog.count }.by(1)
+        end
+      end
+    end
   end
 
   describe 'PUT /snippets/:id' do
author	Rémy Coutable <remy@rymai.me>	2017-02-02 16:29:04 +0000
committer	Rémy Coutable <remy@rymai.me>	2017-02-02 16:29:04 +0000
commit	29a2843c229ab5c8be4884e63f062a134eb04bef (patch)
tree	773d1f02d1652005e93c457a17dddfe91f3cb32f /spec/requests
parent	ee59a64b2035622b02760d5ab928ea59a35cd45f (diff)
parent	34918d94c011e8f81bd962d43d67fe8bd9f21e3e (diff)
download	gitlab-ce-29a2843c229ab5c8be4884e63f062a134eb04bef.tar.gz