diff options
Diffstat (limited to 'spec/requests/api/project_snippets_spec.rb')
-rw-r--r-- | spec/requests/api/project_snippets_spec.rb | 125 |
1 files changed, 63 insertions, 62 deletions
diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb index 08c88873078..6a9cf6e16e2 100644 --- a/spec/requests/api/project_snippets_spec.rb +++ b/spec/requests/api/project_snippets_spec.rb @@ -6,21 +6,16 @@ RSpec.describe API::ProjectSnippets do include SnippetHelpers let_it_be(:project) { create(:project, :public) } - let_it_be(:user) { create(:user) } - let_it_be(:admin) { create(:admin) } let_it_be(:project_no_snippets) { create(:project, :snippets_disabled) } - - before do - project_no_snippets.add_developer(admin) - project_no_snippets.add_developer(user) - end + let_it_be(:user) { create(:user, developer_projects: [project_no_snippets]) } + let_it_be(:admin) { create(:admin, developer_projects: [project_no_snippets]) } + let_it_be(:public_snippet, reload: true) { create(:project_snippet, :public, :repository, project: project) } describe "GET /projects/:project_id/snippets/:id/user_agent_detail" do - let(:snippet) { create(:project_snippet, :public, project: project) } - let!(:user_agent_detail) { create(:user_agent_detail, subject: snippet) } + let_it_be(:user_agent_detail) { create(:user_agent_detail, subject: public_snippet) } it 'exposes known attributes' do - get api("/projects/#{project.id}/snippets/#{snippet.id}/user_agent_detail", admin) + get api("/projects/#{project.id}/snippets/#{public_snippet.id}/user_agent_detail", admin) expect(response).to have_gitlab_http_status(:ok) expect(json_response['user_agent']).to eq(user_agent_detail.user_agent) @@ -31,29 +26,27 @@ RSpec.describe API::ProjectSnippets do it 'respects project scoping' do other_project = create(:project) - get api("/projects/#{other_project.id}/snippets/#{snippet.id}/user_agent_detail", admin) + get api("/projects/#{other_project.id}/snippets/#{public_snippet.id}/user_agent_detail", admin) expect(response).to have_gitlab_http_status(:not_found) end it "returns unauthorized for non-admin users" do - get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/user_agent_detail", user) + get api("/projects/#{public_snippet.project.id}/snippets/#{public_snippet.id}/user_agent_detail", user) expect(response).to have_gitlab_http_status(:forbidden) end context 'with snippets disabled' do it_behaves_like '403 response' do - let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/123/user_agent_detail", admin) } + let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/#{non_existing_record_id}/user_agent_detail", admin) } end end end describe 'GET /projects/:project_id/snippets/' do - let(:user) { create(:user) } - it 'returns all snippets available to team member' do project.add_developer(user) - public_snippet = create(:project_snippet, :public, project: project) + internal_snippet = create(:project_snippet, :internal, project: project) private_snippet = create(:project_snippet, :private, project: project) @@ -62,8 +55,7 @@ RSpec.describe API::ProjectSnippets do expect(response).to have_gitlab_http_status(:ok) expect(response).to include_pagination_headers expect(json_response).to be_an Array - expect(json_response.size).to eq(3) - expect(json_response.map { |snippet| snippet['id'] }).to include(public_snippet.id, internal_snippet.id, private_snippet.id) + expect(json_response.map { |snippet| snippet['id'] }).to contain_exactly(public_snippet.id, internal_snippet.id, private_snippet.id) expect(json_response.last).to have_key('web_url') end @@ -75,7 +67,7 @@ RSpec.describe API::ProjectSnippets do expect(response).to have_gitlab_http_status(:ok) expect(response).to include_pagination_headers expect(json_response).to be_an Array - expect(json_response.size).to eq(0) + expect(json_response.map { |snippet| snippet['id'] }).to contain_exactly(public_snippet.id) end context 'with snippets disabled' do @@ -86,8 +78,7 @@ RSpec.describe API::ProjectSnippets do end describe 'GET /projects/:project_id/snippets/:id' do - let_it_be(:user) { create(:user) } - let_it_be(:snippet) { create(:project_snippet, :public, :repository, project: project) } + let(:snippet) { public_snippet } it 'returns snippet json' do get api("/projects/#{project.id}/snippets/#{snippet.id}", user) @@ -113,12 +104,12 @@ RSpec.describe API::ProjectSnippets do context 'with snippets disabled' do it_behaves_like '403 response' do - let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/123", user) } + let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/#{non_existing_record_id}", user) } end end - it_behaves_like 'snippet_multiple_files feature disabled' do - subject { get api("/projects/#{project.id}/snippets/#{snippet.id}", user) } + it_behaves_like 'project snippet access levels' do + let(:path) { "/projects/#{snippet.project.id}/snippets/#{snippet.id}" } end end @@ -133,37 +124,35 @@ RSpec.describe API::ProjectSnippets do let(:file_path) { 'file_1.rb' } let(:file_content) { 'puts "hello world"' } - let(:params) { base_params.merge(file_params) } let(:file_params) { { files: [{ file_path: file_path, content: file_content }] } } + let(:params) { base_params.merge(file_params) } + + subject { post api("/projects/#{project.id}/snippets/", actor), params: params } shared_examples 'project snippet repository actions' do let(:snippet) { ProjectSnippet.find(json_response['id']) } - it 'creates repository' do - subject - - expect(snippet.repository.exists?).to be_truthy - end - it 'commit the files to the repository' do subject - blob = snippet.repository.blob_at('master', file_path) + aggregate_failures do + expect(snippet.repository.exists?).to be_truthy + + blob = snippet.repository.blob_at('master', file_path) - expect(blob.data).to eq file_content + expect(blob.data).to eq file_content + end end end context 'with an external user' do - let(:user) { create(:user, :external) } + let(:actor) { create(:user, :external) } context 'that belongs to the project' do - before do - project.add_developer(user) - end - it 'creates a new snippet' do - post api("/projects/#{project.id}/snippets/", user), params: params + project.add_developer(actor) + + subject expect(response).to have_gitlab_http_status(:created) end @@ -171,7 +160,7 @@ RSpec.describe API::ProjectSnippets do context 'that does not belong to the project' do it 'does not create a new snippet' do - post api("/projects/#{project.id}/snippets/", user), params: params + subject expect(response).to have_gitlab_http_status(:forbidden) end @@ -179,16 +168,17 @@ RSpec.describe API::ProjectSnippets do end context 'with a regular user' do - let(:user) { create(:user) } + let(:actor) { user } - before do + before_all do project.add_developer(user) + end + + before do stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::PRIVATE]) params['visibility'] = 'internal' end - subject { post api("/projects/#{project.id}/snippets/", user), params: params } - it 'creates a new snippet' do subject @@ -205,7 +195,7 @@ RSpec.describe API::ProjectSnippets do end context 'with an admin' do - subject { post api("/projects/#{project.id}/snippets/", admin), params: params } + let(:actor) { admin } it 'creates a new snippet' do subject @@ -244,6 +234,8 @@ RSpec.describe API::ProjectSnippets do end context 'when save fails because the repository could not be created' do + let(:actor) { admin } + before do allow_next_instance_of(Snippets::CreateService) do |instance| allow(instance).to receive(:create_repository).and_raise(Snippets::CreateService::CreateRepositoryError) @@ -251,43 +243,44 @@ RSpec.describe API::ProjectSnippets do end it 'returns 400' do - post api("/projects/#{project.id}/snippets", admin), params: params + subject expect(response).to have_gitlab_http_status(:bad_request) end end context 'when the snippet is spam' do - def create_snippet(project, snippet_params = {}) - project.add_developer(user) - - post api("/projects/#{project.id}/snippets", user), params: params.merge(snippet_params) - end + let(:actor) { user } before do allow_next_instance_of(Spam::AkismetService) do |instance| allow(instance).to receive(:spam?).and_return(true) end + + project.add_developer(user) end context 'when the snippet is private' do it 'creates the snippet' do - expect { create_snippet(project, visibility: 'private') } - .to change { Snippet.count }.by(1) + params['visibility'] = 'private' + + expect { subject }.to change { Snippet.count }.by(1) end end context 'when the snippet is public' do - it 'rejects the snippet' do - expect { create_snippet(project, visibility: 'public') } - .not_to change { Snippet.count } + before do + params['visibility'] = 'public' + end + it 'rejects the snippet' do + expect { subject }.not_to change { Snippet.count } expect(response).to have_gitlab_http_status(:bad_request) expect(json_response['message']).to eq({ "error" => "Spam detected" }) end it 'creates a spam log' do - expect { create_snippet(project, visibility: 'public') } + expect { subject } .to log_spam(title: 'Test Title', user_id: user.id, noteable_type: 'ProjectSnippet') end end @@ -363,7 +356,7 @@ RSpec.describe API::ProjectSnippets do context 'with snippets disabled' do it_behaves_like '403 response' do - let(:request) { put api("/projects/#{project_no_snippets.id}/snippets/123", admin), params: { description: 'foo' } } + let(:request) { put api("/projects/#{project_no_snippets.id}/snippets/#{non_existing_record_id}", admin), params: { description: 'foo' } } end end @@ -373,7 +366,7 @@ RSpec.describe API::ProjectSnippets do end describe 'DELETE /projects/:project_id/snippets/:id/' do - let(:snippet) { create(:project_snippet, author: admin, project: project) } + let_it_be(:snippet, refind: true) { public_snippet } it 'deletes snippet' do delete api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin) @@ -394,13 +387,13 @@ RSpec.describe API::ProjectSnippets do context 'with snippets disabled' do it_behaves_like '403 response' do - let(:request) { delete api("/projects/#{project_no_snippets.id}/snippets/123", admin) } + let(:request) { delete api("/projects/#{project_no_snippets.id}/snippets/#{non_existing_record_id}", admin) } end end end describe 'GET /projects/:project_id/snippets/:id/raw' do - let_it_be(:snippet) { create(:project_snippet, :repository, author: admin, project: project) } + let_it_be(:snippet) { create(:project_snippet, :repository, :public, author: admin, project: project) } it 'returns raw text' do get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/raw", admin) @@ -416,9 +409,13 @@ RSpec.describe API::ProjectSnippets do expect(json_response['message']).to eq('404 Snippet Not Found') end + it_behaves_like 'project snippet access levels' do + let(:path) { "/projects/#{snippet.project.id}/snippets/#{snippet.id}/raw" } + end + context 'with snippets disabled' do it_behaves_like '403 response' do - let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/123/raw", admin) } + let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/#{non_existing_record_id}/raw", admin) } end end @@ -435,5 +432,9 @@ RSpec.describe API::ProjectSnippets do it_behaves_like 'raw snippet files' do let(:api_path) { "/projects/#{snippet.project.id}/snippets/#{snippet_id}/files/#{ref}/#{file_path}/raw" } end + + it_behaves_like 'project snippet access levels' do + let(:path) { "/projects/#{snippet.project.id}/snippets/#{snippet.id}/files/master/%2Egitattributes/raw" } + end end end |