diff options
author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-05-27 15:05:01 +0300 |
---|---|---|
committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2013-05-27 15:05:01 +0300 |
commit | c3ba0ee64b00a57490dbc9a745e2c422268a9117 (patch) | |
tree | 0f18600e1a47554f7f1c5590f5604cbc7fb0ccda /spec | |
parent | 69d70400cc8ee3ea02e5c66b92b5965dcbe6fa76 (diff) | |
parent | 0ebfa5e5a2f93cb57e00159aa20ec8bf52dba67e (diff) | |
download | gitlab-ce-c3ba0ee64b00a57490dbc9a745e2c422268a9117.tar.gz |
Merge branch 'feature_teams_api' of https://github.com/former03/gitlabhq into former03-feature_teams_api
Conflicts:
doc/api/README.md
Diffstat (limited to 'spec')
-rw-r--r-- | spec/requests/api/user_teams_spec.rb | 360 |
1 files changed, 360 insertions, 0 deletions
diff --git a/spec/requests/api/user_teams_spec.rb b/spec/requests/api/user_teams_spec.rb new file mode 100644 index 00000000000..68f05b11a83 --- /dev/null +++ b/spec/requests/api/user_teams_spec.rb @@ -0,0 +1,360 @@ +require 'spec_helper' + +describe API::API do + include ApiHelpers + + # Create test objects + let(:user1) { create(:user) } + let(:user2) { create(:user) } + let(:admin) { create(:admin) } + let!(:group1) { create(:group, owner: user1) } + let!(:group2) { create(:group, owner: user2) } + let(:user_team1) { create(:user_team, owner: user1) } + let(:user_team2) { create(:user_team, owner: user2) } + let!(:project1) { create(:project, creator_id: admin.id) } + let!(:project2) { create(:project, creator_id: admin.id) } + + + before { + # Add members to teams + user_team1.add_member(user1, UsersProject::MASTER, false) + user_team2.add_member(user2, UsersProject::MASTER, false) + + # Add projects to teams + user_team1.assign_to_projects([project1.id], UsersProject::MASTER) + user_team2.assign_to_projects([project2.id], UsersProject::MASTER) + + } + + describe "GET /user_teams" do + context "when unauthenticated" do + it "should return authentication error" do + get api("/user_teams") + response.status.should == 401 + end + end + + context "when authenticated as user" do + it "normal user: should return an array of user_teams of user1" do + get api("/user_teams", user1) + response.status.should == 200 + json_response.should be_an Array + json_response.length.should == 1 + json_response.first['name'].should == user_team1.name + end + end + + context "when authenticated as admin" do + it "admin: should return an array of all user_teams" do + get api("/user_teams", admin) + response.status.should == 200 + json_response.should be_an Array + json_response.length.should == 2 + end + end + end + + describe "GET /user_teams/:id" do + context "when authenticated as user" do + it "should return one of user1's user_teams" do + get api("/user_teams/#{user_team1.id}", user1) + response.status.should == 200 + json_response['name'] == user_team1.name + end + + it "should not return a non existing team" do + get api("/user_teams/1328", user1) + response.status.should == 404 + end + + it "should not return a user_team not attached to user1" do + get api("/user_teams/#{user_team2.id}", user1) + response.status.should == 404 + end + end + + context "when authenticated as admin" do + it "should return any existing user_team" do + get api("/user_teams/#{user_team2.id}", admin) + response.status.should == 200 + json_response['name'].should == user_team2.name + end + + it "should not return a non existing user_team" do + get api("/user_teams/1328", admin) + response.status.should == 404 + end + end + end + + describe "POST /user_teams" do + context "when authenticated as user" do + it "should not create user_team" do + count_before=UserTeam.count + post api("/user_teams", user1), attributes_for(:user_team) + response.status.should == 403 + UserTeam.count.should == count_before + end + end + + context "when authenticated as admin" do + it "should create user_team" do + count_before=UserTeam.count + post api("/user_teams", admin), attributes_for(:user_team) + response.status.should == 201 + UserTeam.count.should == count_before + 1 + end + + it "should not create user_team, duplicate" do + post api("/user_teams", admin), {:name => "Duplicate Test", :path => user_team2.path} + response.status.should == 404 + end + + it "should return 400 bad request error if name not given" do + post api("/user_teams", admin), {:path => user_team2.path} + response.status.should == 400 + end + + it "should return 400 bad request error if path not given" do + post api("/user_teams", admin), {:name => 'test'} + response.status.should == 400 + end + end + end + + # Members + + describe "GET /user_teams/:id/members" do + context "when authenticated as user" do + it "should return user1 as member of user1's user_teams" do + get api("/user_teams/#{user_team1.id}/members", user1) + response.status.should == 200 + json_response.first['name'].should == user1.name + json_response.first['access_level'].should == UsersProject::MASTER + end + end + + context "when authenticated as admin" do + it "should return member of any existing user_team" do + get api("/user_teams/#{user_team2.id}/members", admin) + response.status.should == 200 + json_response.first['name'].should == user2.name + json_response.first['access_level'].should == UsersProject::MASTER + end + end + end + + describe "POST /user_teams/:id/members" do + context "when authenticated as user" do + it "should not add user2 as member of user_team1" do + post api("/user_teams/#{user_team1.id}/members", user1), user_id: user2.id, access_level: UsersProject::MASTER + response.status.should == 403 + end + end + + context "when authenticated as admin" do + it "should return ok and add new member" do + count_before=user_team1.user_team_user_relationships.count + post api("/user_teams/#{user_team1.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER + response.status.should == 201 + json_response['name'].should == user2.name + json_response['access_level'].should == UsersProject::MASTER + user_team1.user_team_user_relationships.count.should == count_before + 1 + end + it "should return ok if member already exists" do + post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id, access_level: UsersProject::MASTER + response.status.should == 409 + end + it "should return a 400 error when user id is not given" do + post api("/user_teams/#{user_team2.id}/members", admin), access_level: UsersProject::MASTER + response.status.should == 400 + end + it "should return a 400 error when access level is not given" do + post api("/user_teams/#{user_team2.id}/members", admin), user_id: user2.id + response.status.should == 400 + end + + it "should return a 422 error when access level is not known" do + post api("/user_teams/#{user_team2.id}/members", admin), user_id: user1.id, access_level: 1234 + response.status.should == 422 + end + + end + end + + # Get single member + describe "GET /user_teams/:id/members/:user_id" do + context "when authenticated as member" do + it "should show user1's membership of user_team1" do + get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1) + response.status.should == 200 + json_response['name'].should == user1.name + json_response['access_level'].should == UsersProject::MASTER + end + it "should show that user2 is not member of user_team1" do + get api("/user_teams/#{user_team1.id}/members/#{user2.id}", user1) + response.status.should == 404 + end + end + + context "when authenticated as non-member" do + it "should not show user1's membership of user_team1" do + get api("/user_teams/#{user_team1.id}/members/#{user1.id}", user2) + response.status.should == 404 + end + end + + context "when authenticated as admin" do + it "should show user1's membership of user_team1" do + get api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin) + response.status.should == 200 + json_response['name'].should == user1.name + json_response['access_level'].should == UsersProject::MASTER + end + it "should return a 404 error when user id is not known" do + get api("/user_teams/#{user_team2.id}/members/1328", admin) + response.status.should == 404 + end + end + end + + describe "DELETE /user_teams/:id/members/:user_id" do + context "when authenticated as user" do + it "should not delete user1's membership of user_team1" do + delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", user1) + response.status.should == 403 + end + end + + context "when authenticated as admin" do + it "should delete user1's membership of user_team1" do + count_before=user_team1.user_team_user_relationships.count + delete api("/user_teams/#{user_team1.id}/members/#{user1.id}", admin) + response.status.should == 200 + user_team1.user_team_user_relationships.count.should == count_before - 1 + end + it "should return a 404 error when user id is not known" do + delete api("/user_teams/#{user_team2.id}/members/1328", admin) + response.status.should == 404 + end + end + end + + # Projects + + describe "GET /user_teams/:id/projects" do + context "when authenticated as user" do + it "should return project1 as assigned to user_team1 as member user1" do + get api("/user_teams/#{user_team1.id}/projects", user1) + response.status.should == 200 + json_response.first['name'].should == project1.name + json_response.length.should == user_team1.user_team_project_relationships.count + end + end + + context "when authenticated as admin" do + it "should return project2 as assigned to user_team2 as non-member, but admin" do + get api("/user_teams/#{user_team2.id}/projects", admin) + response.status.should == 200 + json_response.first['name'].should == project2.name + json_response.first['greatest_access_level'].should == UsersProject::MASTER + end + end + end + + describe "POST /user_teams/:id/projects" do + context "when authenticated as admin" do + it "should return ok and add new project" do + count_before=user_team1.user_team_project_relationships.count + post api("/user_teams/#{user_team1.id}/projects", admin), + project_id: project2.id, + greatest_access_level: UsersProject::MASTER + response.status.should == 201 + json_response['name'].should == project2.name + json_response['greatest_access_level'].should == UsersProject::MASTER + user_team1.user_team_project_relationships.count.should == count_before + 1 + end + it "should return ok if project already exists" do + post api("/user_teams/#{user_team2.id}/projects", admin), + project_id: project2.id, + greatest_access_level: UsersProject::MASTER + response.status.should == 409 + end + it "should return a 400 error when project id is not given" do + post api("/user_teams/#{user_team2.id}/projects", admin), greatest_access_level: UsersProject::MASTER + response.status.should == 400 + end + it "should return a 400 error when access level is not given" do + post api("/user_teams/#{user_team2.id}/projects", admin), project_id: project2.id + response.status.should == 400 + end + + it "should return a 422 error when access level is not known" do + post api("/user_teams/#{user_team2.id}/projects", admin), + project_id: project2.id, + greatest_access_level: 1234 + response.status.should == 422 + end + + end + end + + + describe "GET /user_teams/:id/projects/:project_id" do + context "when authenticated as member" do + it "should show project1's assignment to user_team1" do + get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user1) + response.status.should == 200 + json_response['name'].should == project1.name + json_response['greatest_access_level'].should == UsersProject::MASTER + end + it "should show project2's is not assigned to user_team1" do + get api("/user_teams/#{user_team1.id}/projects/#{project2.id}", user1) + response.status.should == 404 + end + end + + context "when authenticated as non-member" do + it "should not show project1's assignment to user_team1" do + get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", user2) + response.status.should == 404 + end + end + + context "when authenticated as admin" do + it "should show project1's assignment to user_team1" do + get api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin) + response.status.should == 200 + json_response['name'].should == project1.name + json_response['greatest_access_level'].should == UsersProject::MASTER + end + it "should return a 404 error when project id is not known" do + get api("/user_teams/#{user_team2.id}/projects/1328", admin) + response.status.should == 404 + end + end + end + + describe "DELETE /user_teams/:id/projects/:project_id" do + context "when authenticated as user" do + it "should not delete project1's assignment to user_team2" do + delete api("/user_teams/#{user_team2.id}/projects/#{project1.id}", user1) + response.status.should == 403 + end + end + + context "when authenticated as admin" do + it "should delete project1's assignment to user_team1" do + count_before=user_team1.user_team_project_relationships.count + delete api("/user_teams/#{user_team1.id}/projects/#{project1.id}", admin) + response.status.should == 200 + user_team1.user_team_project_relationships.count.should == count_before - 1 + end + it "should return a 404 error when project id is not known" do + delete api("/user_teams/#{user_team2.id}/projects/1328", admin) + response.status.should == 404 + end + end + end + +end |