2 files changed, 64 insertions, 9 deletions

diff --git a/lib/api/variables.rb b/lib/api/variables.rb
index 6517150f6f4..6522ecba70c 100644
--- a/lib/api/variables.rb
+++ b/lib/api/variables.rb
@@ -24,7 +24,7 @@ module API
       #   id (required) - The ID of a project
       #   variable_id (required) - The ID OR `key` of variable to show; if variable_id contains only digits it's treated
       #                            as ID other ways it's treated as `key`
-      # Example Reuest:
+      # Example Request:
       #   GET /projects/:id/variables/:variable_id
       get ':id/variables/:variable_id' do
         variable_id = params[:variable_id]
@@ -38,6 +38,25 @@ module API
 
         present variables.first, with: Entities::Variable
       end
+
+      # Update existing variable of a project
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   variable_id (required) - The ID of a variable
+      #   key (optional) - new value for `key` field of variable
+      #   value (optional) - new value for `value` field of variable
+      # Example Request:
+      #   PUT /projects/:id/variables/:variable_id
+      put ':id/variables/:variable_id' do
+        variable = user_project.variables.where(id: params[:variable_id].to_i).first
+
+        variable.key = params[:key]
+        variable.value = params[:value]
+        variable.save!
+
+        present variable, with: Entities::Variable
+      end
     end
   end
 end
diff --git a/spec/requests/api/variables_spec.rb b/spec/requests/api/variables_spec.rb
index 8f66f5432b6..3f58277c4ae 100644
--- a/spec/requests/api/variables_spec.rb
+++ b/spec/requests/api/variables_spec.rb
@@ -40,25 +40,25 @@ describe API::API, api: true do
   describe 'GET /projects/:id/variables/:variable_id' do
     context 'authorized user with proper permissions' do
       it 'should return project variable details when ID is used as :variable_id' do
-        get api("/projects/#{project.id}/variables/1", user)
+        get api("/projects/#{project.id}/variables/#{variable.id}", user)
 
         expect(response.status).to eq(200)
-        expect(json_response['key']).to eq('TEST_VARIABLE_1')
-        expect(json_response['value']).to eq('VALUE_1')
+        expect(json_response['key']).to eq(variable.key)
+        expect(json_response['value']).to eq(variable.value)
       end
 
       it 'should return project variable details when `key` is used as :variable_id' do
-        get api("/projects/#{project.id}/variables/TEST_VARIABLE_1", user)
+        get api("/projects/#{project.id}/variables/#{variable.key}", user)
 
         expect(response.status).to eq(200)
-        expect(json_response['id']).to eq(1)
-        expect(json_response['value']).to eq('VALUE_1')
+        expect(json_response['id']).to eq(variable.id)
+        expect(json_response['value']).to eq(variable.value)
       end
     end
 
     context 'authorized user with invalid permissions' do
       it 'should not return project variable details' do
-        get api("/projects/#{project.id}/variables/1", user2)
+        get api("/projects/#{project.id}/variables/#{variable.id}", user2)
 
         expect(response.status).to eq(403)
       end
@@ -66,7 +66,43 @@ describe API::API, api: true do
 
     context 'unauthorized user' do
       it 'should not return project variable details' do
-        get api("/projects/#{project.id}/variables/1")
+        get api("/projects/#{project.id}/variables/#{variable.id}")
+
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+
+  describe 'PUT /projects/:id/variables/:variable_id' do
+    context 'authorized user with proper permissions' do
+      it 'should update variable data' do
+        initial_variable = project.variables.first
+        key_before = initial_variable.key
+        value_before = initial_variable.value
+
+        put api("/projects/#{project.id}/variables/#{variable.id}", user), key: 'TEST_VARIABLE_1_UP', value: 'VALUE_1_UP'
+
+        updated_variable = project.variables.first
+
+        expect(response.status).to eq(200)
+        expect(key_before).to eq(variable.key)
+        expect(value_before).to eq(variable.value)
+        expect(updated_variable.key).to eq('TEST_VARIABLE_1_UP')
+        expect(updated_variable.value).to eq('VALUE_1_UP')
+      end
+    end
+
+    context 'authorized user with invalid permissions' do
+      it 'should not update variable' do
+        put api("/projects/#{project.id}/variables/#{variable.id}", user2)
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'unauthorized user' do
+      it 'should not return project variable details' do
+        put api("/projects/#{project.id}/variables/#{variable.id}")
 
         expect(response.status).to eq(401)
       end