diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-01-22 23:02:50 +0000 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-01-22 23:02:50 +0000 |
| commit | e49b636497f5e2f8f6c4c7ec2b1ce8b881f4f147 (patch) | |
| tree | 047aa99cef23005c61e9bbf389725ccf7b655448 /spec | |
| parent | 4a10b7509adb9190bae2e93c8c6508cadf06cf3e (diff) | |
| parent | 47625ab75e2cbb55ad7a7c95dcce507b3f992e4c (diff) | |
| download | gitlab-ce-e49b636497f5e2f8f6c4c7ec2b1ce8b881f4f147.tar.gz | |
Merge branch 'feature_api_project_edit' into 'master'
API: Implement edit via API for projects
I've picked up https://github.com/gitlabhq/gitlabhq/pull/8055 fixed the few hound warnings and replaced all double quotes in the spec file where possible.
# From the original PR:
Implements edit via API for projects. Edit was part of missing features in feature request Full CRUD operations via API for projects.
http://feedback.gitlab.com/forums/176466-general/suggestions/3904506-full-crud-operations-via-api-for-projects
Feature is implemented using existing UpdateService for projects. Permission to change visibility level and name are checked in addition to check for permission to administer project.
Doesn't allow updating project namespace id, because there was existing API-method for transferring project to a group.
Documentation added to doc/api/projects.md. Uses API request PUT /projects/:id .
Tests included for:
1. Success for changing path
2. Success for changing name
3. Success for changing visibility level
4. Success for changing all other attributes
5. Success for changing name & path to existing name & path but in different namespace
6. Failure if not authenticated
7. Failure if path exists in project's namespace
8. Failure if name exists in project's namespace
9. Failure if not sufficient permission to change name
10. Failure if not sufficient permission to change visibility level
11. Failure if not sufficient permission to change other attributes
Allows updating following parameters:
* name
* path
* visibility_level
* public
* default_branch
* issues_enabled
* wiki_enabled
* snippets_enabled
* merge_requests_enabled
* description
See merge request !310
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 415 |
1 files changed, 276 insertions, 139 deletions
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index 3098b0f77f9..dc410107410 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -1,3 +1,4 @@ +# -*- coding: utf-8 -*- require 'spec_helper' describe API::API, api: true do @@ -12,43 +13,67 @@ describe API::API, api: true do let(:snippet) { create(:project_snippet, author: user, project: project, title: 'example') } let(:project_member) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) } let(:project_member2) { create(:project_member, user: user3, project: project, access_level: ProjectMember::DEVELOPER) } + let(:user4) { create(:user) } + let(:project3) do + create(:project, + name: 'second_project', + path: 'second_project', + creator_id: user.id, + namespace: user.namespace, + merge_requests_enabled: false, + issues_enabled: false, wiki_enabled: false, + snippets_enabled: false, visibility_level: 0) + end + let(:project_member3) do + create(:project_member, + user: user4, + project: project3, + access_level: ProjectMember::MASTER) + end + let(:project4) do + create(:project, + name: 'third_project', + path: 'third_project', + creator_id: user4.id, + namespace: user4.namespace) + end - describe "GET /projects" do + describe 'GET /projects' do before { project } - context "when unauthenticated" do - it "should return authentication error" do - get api("/projects") + context 'when unauthenticated' do + it 'should return authentication error' do + get api('/projects') response.status.should == 401 end end - context "when authenticated" do - it "should return an array of projects" do - get api("/projects", user) + context 'when authenticated' do + it 'should return an array of projects' do + get api('/projects', user) response.status.should == 200 json_response.should be_an Array json_response.first['name'].should == project.name json_response.first['owner']['username'].should == user.username end - context "and using search" do - it "should return searched project" do - get api("/projects", user), { search: project.name } + context 'and using search' do + it 'should return searched project' do + get api('/projects', user), { search: project.name } response.status.should eq(200) json_response.should be_an Array json_response.length.should eq(1) end end - context "and using sorting" do + context 'and using sorting' do before do project2 project3 end - it "should return the correct order when sorted by id" do - get api("/projects", user), { order_by: 'id', sort: 'desc'} + it 'should return the correct order when sorted by id' do + get api('/projects', user), { order_by: 'id', sort: 'desc'} response.status.should eq(200) json_response.should be_an Array json_response.first['id'].should eq(project3.id) @@ -57,26 +82,26 @@ describe API::API, api: true do end end - describe "GET /projects/all" do + describe 'GET /projects/all' do before { project } - context "when unauthenticated" do - it "should return authentication error" do - get api("/projects/all") + context 'when unauthenticated' do + it 'should return authentication error' do + get api('/projects/all') response.status.should == 401 end end - context "when authenticated as regular user" do - it "should return authentication error" do - get api("/projects/all", user) + context 'when authenticated as regular user' do + it 'should return authentication error' do + get api('/projects/all', user) response.status.should == 403 end end - context "when authenticated as admin" do - it "should return an array of all projects" do - get api("/projects/all", admin) + context 'when authenticated as admin' do + it 'should return an array of all projects' do + get api('/projects/all', admin) response.status.should == 200 json_response.should be_an Array project_name = project.name @@ -92,59 +117,59 @@ describe API::API, api: true do end end - describe "POST /projects" do - context "maximum number of projects reached" do + describe 'POST /projects' do + context 'maximum number of projects reached' do before do (1..user2.projects_limit).each do |project| - post api("/projects", user2), name: "foo#{project}" + post api('/projects', user2), name: "foo#{project}" end end - it "should not create new project" do + it 'should not create new project' do expect { - post api("/projects", user2), name: 'foo' + post api('/projects', user2), name: 'foo' }.to change {Project.count}.by(0) end end - it "should create new project without path" do - expect { post api("/projects", user), name: 'foo' }.to change {Project.count}.by(1) + it 'should create new project without path' do + expect { post api('/projects', user), name: 'foo' }.to change {Project.count}.by(1) end - it "should not create new project without name" do - expect { post api("/projects", user) }.to_not change {Project.count} + it 'should not create new project without name' do + expect { post api('/projects', user) }.to_not change {Project.count} end - it "should return a 400 error if name not given" do - post api("/projects", user) + it 'should return a 400 error if name not given' do + post api('/projects', user) response.status.should == 400 end - it "should create last project before reaching project limit" do - (1..user2.projects_limit-1).each { |p| post api("/projects", user2), name: "foo#{p}" } - post api("/projects", user2), name: "foo" + it 'should create last project before reaching project limit' do + (1..user2.projects_limit-1).each { |p| post api('/projects', user2), name: "foo#{p}" } + post api('/projects', user2), name: 'foo' response.status.should == 201 end - it "should respond with 201 on success" do - post api("/projects", user), name: 'foo' + it 'should respond with 201 on success' do + post api('/projects', user), name: 'foo' response.status.should == 201 end - it "should respond with 400 if name is not given" do - post api("/projects", user) + it 'should respond with 400 if name is not given' do + post api('/projects', user) response.status.should == 400 end - it "should return a 403 error if project limit reached" do + it 'should return a 403 error if project limit reached' do (1..user.projects_limit).each do |p| - post api("/projects", user), name: "foo#{p}" + post api('/projects', user), name: "foo#{p}" end - post api("/projects", user), name: 'bar' + post api('/projects', user), name: 'bar' response.status.should == 403 end - it "should assign attributes to project" do + it 'should assign attributes to project' do project = attributes_for(:project, { path: 'camelCasePath', description: Faker::Lorem.sentence, @@ -153,69 +178,69 @@ describe API::API, api: true do wiki_enabled: false }) - post api("/projects", user), project + post api('/projects', user), project project.each_pair do |k,v| json_response[k.to_s].should == v end end - it "should set a project as public" do + it 'should set a project as public' do project = attributes_for(:project, :public) - post api("/projects", user), project + post api('/projects', user), project json_response['public'].should be_true json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC end - it "should set a project as public using :public" do + it 'should set a project as public using :public' do project = attributes_for(:project, { public: true }) - post api("/projects", user), project + post api('/projects', user), project json_response['public'].should be_true json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC end - it "should set a project as internal" do + it 'should set a project as internal' do project = attributes_for(:project, :internal) - post api("/projects", user), project + post api('/projects', user), project json_response['public'].should be_false json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL end - it "should set a project as internal overriding :public" do + it 'should set a project as internal overriding :public' do project = attributes_for(:project, :internal, { public: true }) - post api("/projects", user), project + post api('/projects', user), project json_response['public'].should be_false json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL end - it "should set a project as private" do + it 'should set a project as private' do project = attributes_for(:project, :private) - post api("/projects", user), project + post api('/projects', user), project json_response['public'].should be_false json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE end - it "should set a project as private using :public" do + it 'should set a project as private using :public' do project = attributes_for(:project, { public: false }) - post api("/projects", user), project + post api('/projects', user), project json_response['public'].should be_false json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE end end - describe "POST /projects/user/:id" do + describe 'POST /projects/user/:id' do before { project } before { admin } - it "should create new project without path" do + it 'should create new project without path' do expect { post api("/projects/user/#{user.id}", admin), name: 'foo' }.to change {Project.count}.by(1) end - it "should not create new project without name" do + it 'should not create new project without name' do expect { post api("/projects/user/#{user.id}", admin) }.to_not change {Project.count} end - it "should respond with 201 on success" do + it 'should respond with 201 on success' do post api("/projects/user/#{user.id}", admin), name: 'foo' response.status.should == 201 end @@ -235,7 +260,7 @@ describe API::API, api: true do ] end - it "should assign attributes to project" do + it 'should assign attributes to project' do project = attributes_for(:project, { description: Faker::Lorem.sentence, issues_enabled: false, @@ -251,42 +276,42 @@ describe API::API, api: true do end end - it "should set a project as public" do + it 'should set a project as public' do project = attributes_for(:project, :public) post api("/projects/user/#{user.id}", admin), project json_response['public'].should be_true json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC end - it "should set a project as public using :public" do + it 'should set a project as public using :public' do project = attributes_for(:project, { public: true }) post api("/projects/user/#{user.id}", admin), project json_response['public'].should be_true json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC end - it "should set a project as internal" do + it 'should set a project as internal' do project = attributes_for(:project, :internal) post api("/projects/user/#{user.id}", admin), project json_response['public'].should be_false json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL end - it "should set a project as internal overriding :public" do + it 'should set a project as internal overriding :public' do project = attributes_for(:project, :internal, { public: true }) post api("/projects/user/#{user.id}", admin), project json_response['public'].should be_false json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL end - it "should set a project as private" do + it 'should set a project as private' do project = attributes_for(:project, :private) post api("/projects/user/#{user.id}", admin), project json_response['public'].should be_false json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE end - it "should set a project as private using :public" do + it 'should set a project as private using :public' do project = attributes_for(:project, { public: false }) post api("/projects/user/#{user.id}", admin), project json_response['public'].should be_false @@ -294,30 +319,30 @@ describe API::API, api: true do end end - describe "GET /projects/:id" do + describe 'GET /projects/:id' do before { project } before { project_member } - it "should return a project by id" do + it 'should return a project by id' do get api("/projects/#{project.id}", user) response.status.should == 200 json_response['name'].should == project.name json_response['owner']['username'].should == user.username end - it "should return a project by path name" do + it 'should return a project by path name' do get api("/projects/#{project.id}", user) response.status.should == 200 json_response['name'].should == project.name end - it "should return a 404 error if not found" do - get api("/projects/42", user) + it 'should return a 404 error if not found' do + get api('/projects/42', user) response.status.should == 404 json_response['message'].should == '404 Project Not Found' end - it "should return a 404 error if user is not a member" do + it 'should return a 404 error if user is not a member' do other_user = create(:user) get api("/projects/#{project.id}", other_user) response.status.should == 404 @@ -331,8 +356,8 @@ describe API::API, api: true do end it { response.status.should == 200 } - it { json_response['permissions']["project_access"]["access_level"].should == Gitlab::Access::MASTER } - it { json_response['permissions']["group_access"].should be_nil } + it { json_response['permissions']['project_access']['access_level'].should == Gitlab::Access::MASTER } + it { json_response['permissions']['group_access'].should be_nil } end context 'group project' do @@ -343,16 +368,16 @@ describe API::API, api: true do end it { response.status.should == 200 } - it { json_response['permissions']["project_access"].should be_nil } - it { json_response['permissions']["group_access"]["access_level"].should == Gitlab::Access::OWNER } + it { json_response['permissions']['project_access'].should be_nil } + it { json_response['permissions']['group_access']['access_level'].should == Gitlab::Access::OWNER } end end end - describe "GET /projects/:id/events" do + describe 'GET /projects/:id/events' do before { project_member } - it "should return a project events" do + it 'should return a project events' do get api("/projects/#{project.id}/events", user) response.status.should == 200 json_event = json_response.first @@ -362,23 +387,23 @@ describe API::API, api: true do json_event['author_username'].should == user.username end - it "should return a 404 error if not found" do - get api("/projects/42/events", user) + it 'should return a 404 error if not found' do + get api('/projects/42/events', user) response.status.should == 404 json_response['message'].should == '404 Project Not Found' end - it "should return a 404 error if user is not a member" do + it 'should return a 404 error if user is not a member' do other_user = create(:user) get api("/projects/#{project.id}/events", other_user) response.status.should == 404 end end - describe "GET /projects/:id/snippets" do + describe 'GET /projects/:id/snippets' do before { snippet } - it "should return an array of project snippets" do + it 'should return an array of project snippets' do get api("/projects/#{project.id}/snippets", user) response.status.should == 200 json_response.should be_an Array @@ -386,48 +411,48 @@ describe API::API, api: true do end end - describe "GET /projects/:id/snippets/:snippet_id" do - it "should return a project snippet" do + describe 'GET /projects/:id/snippets/:snippet_id' do + it 'should return a project snippet' do get api("/projects/#{project.id}/snippets/#{snippet.id}", user) response.status.should == 200 json_response['title'].should == snippet.title end - it "should return a 404 error if snippet id not found" do + it 'should return a 404 error if snippet id not found' do get api("/projects/#{project.id}/snippets/1234", user) response.status.should == 404 end end - describe "POST /projects/:id/snippets" do - it "should create a new project snippet" do + describe 'POST /projects/:id/snippets' do + it 'should create a new project snippet' do post api("/projects/#{project.id}/snippets", user), title: 'api test', file_name: 'sample.rb', code: 'test' response.status.should == 201 json_response['title'].should == 'api test' end - it "should return a 400 error if title is not given" do + it 'should return a 400 error if title is not given' do post api("/projects/#{project.id}/snippets", user), file_name: 'sample.rb', code: 'test' response.status.should == 400 end - it "should return a 400 error if file_name not given" do + it 'should return a 400 error if file_name not given' do post api("/projects/#{project.id}/snippets", user), title: 'api test', code: 'test' response.status.should == 400 end - it "should return a 400 error if code not given" do + it 'should return a 400 error if code not given' do post api("/projects/#{project.id}/snippets", user), title: 'api test', file_name: 'sample.rb' response.status.should == 400 end end - describe "PUT /projects/:id/snippets/:shippet_id" do - it "should update an existing project snippet" do + describe 'PUT /projects/:id/snippets/:shippet_id' do + it 'should update an existing project snippet' do put api("/projects/#{project.id}/snippets/#{snippet.id}", user), code: 'updated code' response.status.should == 200 @@ -435,7 +460,7 @@ describe API::API, api: true do snippet.reload.content.should == 'updated code' end - it "should update an existing project snippet with new title" do + it 'should update an existing project snippet with new title' do put api("/projects/#{project.id}/snippets/#{snippet.id}", user), title: 'other api test' response.status.should == 200 @@ -443,10 +468,10 @@ describe API::API, api: true do end end - describe "DELETE /projects/:id/snippets/:snippet_id" do + describe 'DELETE /projects/:id/snippets/:snippet_id' do before { snippet } - it "should delete existing project snippet" do + it 'should delete existing project snippet' do expect { delete api("/projects/#{project.id}/snippets/#{snippet.id}", user) }.to change { Snippet.count }.by(-1) @@ -459,13 +484,13 @@ describe API::API, api: true do end end - describe "GET /projects/:id/snippets/:snippet_id/raw" do - it "should get a raw project snippet" do + describe 'GET /projects/:id/snippets/:snippet_id/raw' do + it 'should get a raw project snippet' do get api("/projects/#{project.id}/snippets/#{snippet.id}/raw", user) response.status.should == 200 end - it "should return a 404 error if raw project snippet not found" do + it 'should return a 404 error if raw project snippet not found' do get api("/projects/#{project.id}/snippets/5555/raw", user) response.status.should == 404 end @@ -475,10 +500,10 @@ describe API::API, api: true do let(:deploy_keys_project) { create(:deploy_keys_project, project: project) } let(:deploy_key) { deploy_keys_project.deploy_key } - describe "GET /projects/:id/keys" do + describe 'GET /projects/:id/keys' do before { deploy_key } - it "should return array of ssh keys" do + it 'should return array of ssh keys' do get api("/projects/#{project.id}/keys", user) response.status.should == 200 json_response.should be_an Array @@ -486,22 +511,22 @@ describe API::API, api: true do end end - describe "GET /projects/:id/keys/:key_id" do - it "should return a single key" do + describe 'GET /projects/:id/keys/:key_id' do + it 'should return a single key' do get api("/projects/#{project.id}/keys/#{deploy_key.id}", user) response.status.should == 200 json_response['title'].should == deploy_key.title end - it "should return 404 Not Found with invalid ID" do + it 'should return 404 Not Found with invalid ID' do get api("/projects/#{project.id}/keys/404", user) response.status.should == 404 end end - describe "POST /projects/:id/keys" do - it "should not create an invalid ssh key" do - post api("/projects/#{project.id}/keys", user), { title: "invalid key" } + describe 'POST /projects/:id/keys' do + it 'should not create an invalid ssh key' do + post api("/projects/#{project.id}/keys", user), { title: 'invalid key' } response.status.should == 400 json_response['message']['key'].should == [ 'can\'t be blank', @@ -519,7 +544,7 @@ describe API::API, api: true do ] end - it "should create new ssh key" do + it 'should create new ssh key' do key_attrs = attributes_for :key expect { post api("/projects/#{project.id}/keys", user), key_attrs @@ -527,16 +552,16 @@ describe API::API, api: true do end end - describe "DELETE /projects/:id/keys/:key_id" do + describe 'DELETE /projects/:id/keys/:key_id' do before { deploy_key } - it "should delete existing key" do + it 'should delete existing key' do expect { delete api("/projects/#{project.id}/keys/#{deploy_key.id}", user) }.to change{ project.deploy_keys.count }.by(-1) end - it "should return 404 Not Found with invalid ID" do + it 'should return 404 Not Found with invalid ID' do delete api("/projects/#{project.id}/keys/404", user) response.status.should == 404 end @@ -547,7 +572,7 @@ describe API::API, api: true do let(:project_fork_target) { create(:project) } let(:project_fork_source) { create(:project, :public) } - describe "POST /projects/:id/fork/:forked_from_id" do + describe 'POST /projects/:id/fork/:forked_from_id' do let(:new_project_fork_source) { create(:project, :public) } it "shouldn't available for non admin users" do @@ -555,7 +580,7 @@ describe API::API, api: true do response.status.should == 403 end - it "should allow project to be forked from an existing project" do + it 'should allow project to be forked from an existing project' do project_fork_target.forked?.should_not be_true post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) response.status.should == 201 @@ -565,12 +590,12 @@ describe API::API, api: true do project_fork_target.forked?.should be_true end - it "should fail if forked_from project which does not exist" do + it 'should fail if forked_from project which does not exist' do post api("/projects/#{project_fork_target.id}/fork/9999", admin) response.status.should == 404 end - it "should fail with 409 if already forked" do + it 'should fail with 409 if already forked' do post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) project_fork_target.reload project_fork_target.forked_from_project.id.should == project_fork_source.id @@ -582,14 +607,14 @@ describe API::API, api: true do end end - describe "DELETE /projects/:id/fork" do + describe 'DELETE /projects/:id/fork' do it "shouldn't available for non admin users" do delete api("/projects/#{project_fork_target.id}/fork", user) response.status.should == 403 end - it "should make forked project unforked" do + it 'should make forked project unforked' do post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) project_fork_target.reload project_fork_target.forked_from_project.should_not be_nil @@ -601,7 +626,7 @@ describe API::API, api: true do project_fork_target.forked?.should_not be_true end - it "should be idempotent if not forked" do + it 'should be idempotent if not forked' do project_fork_target.forked_from_project.should be_nil delete api("/projects/#{project_fork_target.id}/fork", admin) response.status.should == 200 @@ -610,7 +635,7 @@ describe API::API, api: true do end end - describe "GET /projects/search/:query" do + describe 'GET /projects/search/:query' do let!(:query) { 'query'} let!(:search) { create(:empty_project, name: query, creator_id: user.id, namespace: user.namespace) } let!(:pre) { create(:empty_project, name: "pre_#{query}", creator_id: user.id, namespace: user.namespace) } @@ -622,15 +647,15 @@ describe API::API, api: true do let!(:public) { create(:empty_project, :public, name: "public #{query}") } let!(:unfound_public) { create(:empty_project, :public, name: 'unfound public') } - context "when unauthenticated" do - it "should return authentication error" do + context 'when unauthenticated' do + it 'should return authentication error' do get api("/projects/search/#{query}") response.status.should == 401 end end - context "when authenticated" do - it "should return an array of projects" do + context 'when authenticated' do + it 'should return an array of projects' do get api("/projects/search/#{query}",user) response.status.should == 200 json_response.should be_an Array @@ -639,8 +664,8 @@ describe API::API, api: true do end end - context "when authenticated as a different user" do - it "should return matching public projects" do + context 'when authenticated as a different user' do + it 'should return matching public projects' do get api("/projects/search/#{query}", user2) response.status.should == 200 json_response.should be_an Array @@ -650,9 +675,121 @@ describe API::API, api: true do end end - describe "DELETE /projects/:id" do - context "when authenticated as user" do - it "should remove project" do + describe 'PUT /projects/:id̈́' do + before { project } + before { user } + before { user3 } + before { user4 } + before { project3 } + before { project4 } + before { project_member3 } + before { project_member2 } + + context 'when unauthenticated' do + it 'should return authentication error' do + project_param = { name: 'bar' } + put api("/projects/#{project.id}"), project_param + response.status.should == 401 + end + end + + context 'when authenticated as project owner' do + it 'should update name' do + project_param = { name: 'bar' } + put api("/projects/#{project.id}", user), project_param + response.status.should == 200 + project_param.each_pair do |k, v| + json_response[k.to_s].should == v + end + end + + it 'should update visibility_level' do + project_param = { visibility_level: 20 } + put api("/projects/#{project3.id}", user), project_param + response.status.should == 200 + project_param.each_pair do |k, v| + json_response[k.to_s].should == v + end + end + + it 'should not update name to existing name' do + project_param = { name: project3.name } + put api("/projects/#{project.id}", user), project_param + response.status.should == 400 + json_response['message']['name'].should == ['has already been taken'] + end + + it 'should update path & name to existing path & name in different namespace' do + project_param = { path: project4.path, name: project4.name } + put api("/projects/#{project3.id}", user), project_param + response.status.should == 200 + project_param.each_pair do |k, v| + json_response[k.to_s].should == v + end + end + end + + context 'when authenticated as project master' do + it 'should update path' do + project_param = { path: 'bar' } + put api("/projects/#{project3.id}", user4), project_param + response.status.should == 200 + project_param.each_pair do |k, v| + json_response[k.to_s].should == v + end + end + + it 'should update other attributes' do + project_param = { issues_enabled: true, + wiki_enabled: true, + snippets_enabled: true, + merge_requests_enabled: true, + description: 'new description' } + + put api("/projects/#{project3.id}", user4), project_param + response.status.should == 200 + project_param.each_pair do |k, v| + json_response[k.to_s].should == v + end + end + + it 'should not update path to existing path' do + project_param = { path: project.path } + put api("/projects/#{project3.id}", user4), project_param + response.status.should == 400 + json_response['message']['path'].should == ['has already been taken'] + end + + it 'should not update name' do + project_param = { name: 'bar' } + put api("/projects/#{project3.id}", user4), project_param + response.status.should == 403 + end + + it 'should not update visibility_level' do + project_param = { visibility_level: 20 } + put api("/projects/#{project3.id}", user4), project_param + response.status.should == 403 + end + end + + context 'when authenticated as project developer' do + it 'should not update other attributes' do + project_param = { path: 'bar', + issues_enabled: true, + wiki_enabled: true, + snippets_enabled: true, + merge_requests_enabled: true, + description: 'new description' } + put api("/projects/#{project.id}", user3), project_param + response.status.should == 403 + end + end + end + + describe 'DELETE /projects/:id' do + context 'when authenticated as user' do + it 'should remove project' do expect(GitlabShellWorker).to( receive(:perform_async).with(:remove_repository, /#{project.path_with_namespace}/) @@ -662,32 +799,32 @@ describe API::API, api: true do response.status.should == 200 end - it "should not remove a project if not an owner" do + it 'should not remove a project if not an owner' do user3 = create(:user) project.team << [user3, :developer] delete api("/projects/#{project.id}", user3) response.status.should == 403 end - it "should not remove a non existing project" do - delete api("/projects/1328", user) + it 'should not remove a non existing project' do + delete api('/projects/1328', user) response.status.should == 404 end - it "should not remove a project not attached to user" do + it 'should not remove a project not attached to user' do delete api("/projects/#{project.id}", user2) response.status.should == 404 end end - context "when authenticated as admin" do - it "should remove any existing project" do + context 'when authenticated as admin' do + it 'should remove any existing project' do delete api("/projects/#{project.id}", admin) response.status.should == 200 end - it "should not remove a non existing project" do - delete api("/projects/1328", admin) + it 'should not remove a non existing project' do + delete api('/projects/1328', admin) response.status.should == 404 end end |