diff options
Diffstat (limited to 'lib/api')
| -rw-r--r-- | lib/api/helpers.rb | 6 | ||||
| -rw-r--r-- | lib/api/merge_requests.rb | 22 | ||||
| -rw-r--r-- | lib/api/milestones.rb | 16 | ||||
| -rw-r--r-- | lib/api/notes.rb | 2 | ||||
| -rw-r--r-- | lib/api/projects.rb | 96 | ||||
| -rw-r--r-- | lib/api/users.rb | 24 |
6 files changed, 140 insertions, 26 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 6bd8111c2b2..becb3bce5b0 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -55,6 +55,12 @@ module Gitlab render_api_error!('403 Forbidden', 403) end + def bad_request!(attribute) + message = ["400 (Bad request)"] + message << "\"" + attribute.to_s + "\" not given" + render_api_error!(message.join(' '), 400) + end + def not_found!(resource = nil) message = ["404"] message << resource if resource diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 7f763eb49d5..4b28094f1a4 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -5,6 +5,23 @@ module Gitlab resource :projects do + helpers do + # If an error occurred this helper method provides an appropriate status code + # + # Parameters: + # merge_request_errors (required) - The errors collection of MR + # + def handle_merge_request_error(merge_request_errors) + if merge_request_errors[:target_branch].any? + bad_request!(:target_branch) + elsif merge_request_errors[:source_branch].any? + bad_request!(:source_branch) + elsif merge_request_errors[:base].any? + error!(merge_request_errors[:base], 422) + end + end + end + # List merge requests # # Parameters: @@ -60,6 +77,7 @@ module Gitlab merge_request.reload_code present merge_request, with: Entities::MergeRequest else + handle_merge_request_error(merge_request.errors) not_found! end end @@ -88,6 +106,7 @@ module Gitlab merge_request.mark_as_unchecked present merge_request, with: Entities::MergeRequest else + handle_merge_request_error(merge_request.errors) not_found! end end @@ -109,6 +128,9 @@ module Gitlab if note.save present note, with: Entities::MRNote else + if note.errors[:note].any? + bad_request!(:note) + end not_found! end end diff --git a/lib/api/milestones.rb b/lib/api/milestones.rb index eaf0d37c18b..7f8fe053ba1 100644 --- a/lib/api/milestones.rb +++ b/lib/api/milestones.rb @@ -4,6 +4,20 @@ module Gitlab before { authenticate! } resource :projects do + + helpers do + # If an error occurs this helper method handles error codes for a given milestone + # + # Parameters: + # milestone_errors (required) - The erros collection of a milestone + # + def handle_milestone_errors(milestone_errors) + if milestone_errors[:title].any? + bad_request!(:title) + end + end + end + # Get a list of project milestones # # Parameters: @@ -47,6 +61,7 @@ module Gitlab if @milestone.save present @milestone, with: Entities::Milestone else + handle_milestone_errors(@milestone.errors) not_found! end end @@ -70,6 +85,7 @@ module Gitlab if @milestone.update_attributes attrs present @milestone, with: Entities::Milestone else + handle_milestone_errors(@milestone.errors) not_found! end end diff --git a/lib/api/notes.rb b/lib/api/notes.rb index 70344d6e381..56de6e090e5 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -43,6 +43,8 @@ module Gitlab if @note.save present @note, with: Entities::Note else + # :note is exposed as :body, but :note is set on error + bad_request!(:note) if @note.errors[:note].any? not_found! end end diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 921aa237f26..d171acc1ce1 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -4,6 +4,15 @@ module Gitlab before { authenticate! } resource :projects do + helpers do + def handle_project_member_errors(errors) + if errors[:project_access].any? + error!(errors[:project_access], 422) + end + not_found! + end + end + # Get a projects list for authenticated user # # Example Request: @@ -36,6 +45,7 @@ module Gitlab # Example Request # POST /projects post do + bad_request!(:name) if !params.has_key? :name attrs = attributes_for_keys [:name, :description, :default_branch, @@ -43,10 +53,14 @@ module Gitlab :wall_enabled, :merge_requests_enabled, :wiki_enabled] + @project = ::Projects::CreateContext.new(current_user, attrs).execute if @project.saved? present @project, with: Entities::Project else + if @project.errors[:limit_reached].present? + error!(@project.errors[:limit_reached], 403) + end not_found! end end @@ -89,16 +103,24 @@ module Gitlab # POST /projects/:id/members post ":id/members" do authorize! :admin_project, user_project - users_project = user_project.users_projects.new( - user_id: params[:user_id], - project_access: params[:access_level] - ) - if users_project.save - @member = users_project.user + bad_request!(:user_id) if !params.has_key? :user_id + bad_request!(:access_level) if !params.has_key? :access_level + + # either the user is already a team member or a new one + team_member = user_project.team_member_by_id(params[:user_id]) + if team_member.nil? + team_member = user_project.users_projects.new( + user_id: params[:user_id], + project_access: params[:access_level] + ) + end + + if team_member.save + @member = team_member.user present @member, with: Entities::ProjectMember, project: user_project else - not_found! + handle_project_member_errors team_member.errors end end @@ -112,13 +134,16 @@ module Gitlab # PUT /projects/:id/members/:user_id put ":id/members/:user_id" do authorize! :admin_project, user_project - users_project = user_project.users_projects.find_by_user_id params[:user_id] - if users_project.update_attributes(project_access: params[:access_level]) - @member = users_project.user + team_member = user_project.users_projects.find_by_user_id(params[:user_id]) + bad_request!(:access_level) if !params.has_key? :access_level + not_found!("User can not be found") if team_member.nil? + + if team_member.update_attributes(project_access: params[:access_level]) + @member = team_member.user present @member, with: Entities::ProjectMember, project: user_project else - not_found! + handle_project_member_errors team_member.errors end end @@ -131,8 +156,12 @@ module Gitlab # DELETE /projects/:id/members/:user_id delete ":id/members/:user_id" do authorize! :admin_project, user_project - users_project = user_project.users_projects.find_by_user_id params[:user_id] - users_project.destroy + team_member = user_project.users_projects.find_by_user_id(params[:user_id]) + unless team_member.nil? + team_member.destroy + else + {:message => "Access revoked", :id => params[:user_id].to_i} + end end # Get project hooks @@ -170,11 +199,17 @@ module Gitlab # POST /projects/:id/hooks post ":id/hooks" do authorize! :admin_project, user_project + + bad_request!(:url) unless params.has_key? :url + @hook = user_project.hooks.new({"url" => params[:url]}) if @hook.save present @hook, with: Entities::Hook else - error!({'message' => '404 Not found'}, 404) + if @hook.errors[:url].present? + error!("Invalid url given", 422) + end + not_found! end end @@ -190,11 +225,15 @@ module Gitlab @hook = user_project.hooks.find(params[:hook_id]) authorize! :admin_project, user_project - attrs = attributes_for_keys [:url] + bad_request!(:url) unless params.has_key? :url + attrs = attributes_for_keys [:url] if @hook.update_attributes attrs present @hook, with: Entities::Hook else + if @hook.errors[:url].present? + error!("Invalid url given", 422) + end not_found! end end @@ -208,8 +247,13 @@ module Gitlab # DELETE /projects/:id/hooks delete ":id/hooks" do authorize! :admin_project, user_project - @hook = user_project.hooks.find(params[:hook_id]) - @hook.destroy + bad_request!(:hook_id) unless params.has_key? :hook_id + + begin + @hook = ProjectHook.find(params[:hook_id]) + @hook.destroy + rescue + end end # Get a project repository branches @@ -244,6 +288,7 @@ module Gitlab # PUT /projects/:id/repository/branches/:branch/protect put ":id/repository/branches/:branch/protect" do @branch = user_project.repo.heads.find { |item| item.name == params[:branch] } + not_found! unless @branch protected = user_project.protected_branches.find_by_name(@branch.name) unless protected @@ -262,6 +307,7 @@ module Gitlab # PUT /projects/:id/repository/branches/:branch/unprotect put ":id/repository/branches/:branch/unprotect" do @branch = user_project.repo.heads.find { |item| item.name == params[:branch] } + not_found! unless @branch protected = user_project.protected_branches.find_by_name(@branch.name) if protected @@ -334,6 +380,10 @@ module Gitlab post ":id/snippets" do authorize! :write_snippet, user_project + bad_request!(:title) if !params[:title].present? + bad_request!(:file_name) if !params[:file_name].present? + bad_request!(:code) if !params[:code].present? + attrs = attributes_for_keys [:title, :file_name] attrs[:expires_at] = params[:lifetime] if params[:lifetime].present? attrs[:content] = params[:code] if params[:code].present? @@ -381,10 +431,12 @@ module Gitlab # Example Request: # DELETE /projects/:id/snippets/:snippet_id delete ":id/snippets/:snippet_id" do - @snippet = user_project.snippets.find(params[:snippet_id]) - authorize! :modify_snippet, @snippet - - @snippet.destroy + begin + @snippet = user_project.snippets.find(params[:snippet_id]) + authorize! :modify_snippet, user_project + @snippet.destroy + rescue + end end # Get a raw project snippet @@ -411,6 +463,8 @@ module Gitlab get ":id/repository/commits/:sha/blob" do authorize! :download_code, user_project + bad_request!(:filepath) if !params.has_key? :filepath + ref = params[:sha] commit = user_project.repository.commit ref diff --git a/lib/api/users.rb b/lib/api/users.rb index 7ea90c75e9e..b9dce58a13d 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -41,6 +41,12 @@ module Gitlab # POST /users post do authenticated_as_admin! + + bad_request!(:email) if !params.has_key? :email + bad_request!(:password) if !params.has_key? :password + bad_request!(:name) if !params.has_key? :name + bad_request!(:username) if !params.has_key? :username + attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] user = User.new attrs, as: :admin if user.save @@ -67,10 +73,12 @@ module Gitlab # PUT /users/:id put ":id" do authenticated_as_admin! + attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] - user = User.find_by_id(params[:id]) + user = User.find(params[:id]) + not_found!("User not found") unless user - if user && user.update_attributes(attrs) + if user.update_attributes(attrs) present user, with: Entities::User else not_found! @@ -127,6 +135,9 @@ module Gitlab # Example Request: # POST /user/keys post "keys" do + bad_request!(:title) unless params[:title].present? + bad_request!(:key) unless params[:key].present? + attrs = attributes_for_keys [:title, :key] key = current_user.keys.new attrs if key.save @@ -136,15 +147,18 @@ module Gitlab end end - # Delete existed ssh key of currently authenticated user + # Delete existing ssh key of currently authenticated user # # Parameters: # id (required) - SSH Key ID # Example Request: # DELETE /user/keys/:id delete "keys/:id" do - key = current_user.keys.find params[:id] - key.delete + begin + key = current_user.keys.find params[:id] + key.delete + rescue + end end end end |