1 files changed, 96 insertions, 40 deletions

diff --git a/spec/requests/api/snippets_spec.rb b/spec/requests/api/snippets_spec.rb
index 3e30dc537e4..c12c95ae2e0 100644
--- a/spec/requests/api/snippets_spec.rb
+++ b/spec/requests/api/snippets_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 describe API::Snippets do
-  let!(:user) { create(:user) }
+  let_it_be(:user) { create(:user) }
 
   describe 'GET /snippets/' do
     it 'returns snippets available' do
@@ -90,7 +90,7 @@ describe API::Snippets do
 
   describe 'GET /snippets/:id/raw' do
     let_it_be(:author) { create(:user) }
-    let_it_be(:snippet) { create(:personal_snippet, :private, author: author) }
+    let_it_be(:snippet) { create(:personal_snippet, :repository, :private, author: author) }
 
     it 'requires authentication' do
       get api("/snippets/#{snippet.id}", nil)
@@ -103,7 +103,6 @@ describe API::Snippets do
 
       expect(response).to have_gitlab_http_status(:ok)
       expect(response.content_type).to eq 'text/plain'
-      expect(response.body).to eq(snippet.content)
     end
 
     it 'forces attachment content disposition' do
@@ -134,6 +133,12 @@ describe API::Snippets do
 
       expect(response).to have_gitlab_http_status(:ok)
     end
+
+    it_behaves_like 'snippet blob content' do
+      let_it_be(:snippet_with_empty_repo) { create(:personal_snippet, :empty_repo, :private, author: author) }
+
+      subject { get api("/snippets/#{snippet.id}/raw", snippet.author) }
+    end
   end
 
   describe 'GET /snippets/:id' do
@@ -155,22 +160,12 @@ describe API::Snippets do
 
       expect(json_response['title']).to eq(private_snippet.title)
       expect(json_response['description']).to eq(private_snippet.description)
-      expect(json_response['file_name']).to eq(private_snippet.file_name)
+      expect(json_response['file_name']).to eq(private_snippet.file_name_on_repo)
       expect(json_response['visibility']).to eq(private_snippet.visibility)
       expect(json_response['ssh_url_to_repo']).to eq(private_snippet.ssh_url_to_repo)
       expect(json_response['http_url_to_repo']).to eq(private_snippet.http_url_to_repo)
     end
 
-    context 'when feature flag :version_snippets is disabled' do
-      before do
-        stub_feature_flags(version_snippets: false)
-
-        get api("/snippets/#{private_snippet.id}", author)
-      end
-
-      it_behaves_like 'snippet response without repository URLs'
-    end
-
     it 'shows private snippets to an admin' do
       get api("/snippets/#{private_snippet.id}", admin)
 
@@ -200,7 +195,7 @@ describe API::Snippets do
   end
 
   describe 'POST /snippets/' do
-    let(:params) do
+    let(:base_params) do
       {
         title: 'Test Title',
         file_name: 'test.rb',
@@ -209,12 +204,14 @@ describe API::Snippets do
         visibility: 'public'
       }
     end
+    let(:params) { base_params.merge(extra_params) }
+    let(:extra_params) { {} }
+
+    subject { post api("/snippets/", user), params: params }
 
     shared_examples 'snippet creation' do
       let(:snippet) { Snippet.find(json_response["id"]) }
 
-      subject { post api("/snippets/", user), params: params }
-
       it 'creates a new snippet' do
         expect do
           subject
@@ -240,18 +237,6 @@ describe API::Snippets do
 
         expect(blob.data).to eq params[:content]
       end
-
-      context 'when feature flag :version_snippets is disabled' do
-        it 'does not create snippet repository' do
-          stub_feature_flags(version_snippets: false)
-
-          expect do
-            subject
-          end.to change { PersonalSnippet.count }.by(1)
-
-          expect(snippet.repository_exists?).to be_falsey
-        end
-      end
     end
 
     context 'with restricted visibility settings' do
@@ -270,7 +255,7 @@ describe API::Snippets do
       let(:user) { create(:user, :external) }
 
       it 'does not create a new snippet' do
-        post api("/snippets/", user), params: params
+        subject
 
         expect(response).to have_gitlab_http_status(:forbidden)
       end
@@ -279,16 +264,44 @@ describe API::Snippets do
     it 'returns 400 for missing parameters' do
       params.delete(:title)
 
-      post api("/snippets/", user), params: params
+      subject
 
       expect(response).to have_gitlab_http_status(:bad_request)
     end
 
-    context 'when the snippet is spam' do
-      def create_snippet(snippet_params = {})
-        post api('/snippets', user), params: params.merge(snippet_params)
+    it 'returns 400 if content is blank' do
+      params[:content] = ''
+
+      subject
+
+      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(json_response['error']).to eq 'content is empty'
+    end
+
+    it 'returns 400 if title is blank' do
+      params[:title] = ''
+
+      subject
+
+      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(json_response['error']).to eq 'title is empty'
+    end
+
+    context 'when save fails because the repository could not be created' do
+      before do
+        allow_next_instance_of(Snippets::CreateService) do |instance|
+          allow(instance).to receive(:create_repository).and_raise(Snippets::CreateService::CreateRepositoryError)
+        end
       end
 
+      it 'returns 400' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:bad_request)
+      end
+    end
+
+    context 'when the snippet is spam' do
       before do
         allow_next_instance_of(Spam::AkismetService) do |instance|
           allow(instance).to receive(:spam?).and_return(true)
@@ -296,23 +309,25 @@ describe API::Snippets do
       end
 
       context 'when the snippet is private' do
+        let(:extra_params) { { visibility: 'private' } }
+
         it 'creates the snippet' do
-          expect { create_snippet(visibility: 'private') }
-            .to change { Snippet.count }.by(1)
+          expect { subject }.to change { Snippet.count }.by(1)
         end
       end
 
       context 'when the snippet is public' do
+        let(:extra_params) { { visibility: 'public' } }
+
         it 'rejects the shippet' do
-          expect { create_snippet(visibility: 'public') }
-            .not_to change { Snippet.count }
+          expect { subject }.not_to change { Snippet.count }
 
           expect(response).to have_gitlab_http_status(:bad_request)
           expect(json_response['message']).to eq({ "error" => "Spam detected" })
         end
 
         it 'creates a spam log' do
-          expect { create_snippet(visibility: 'public') }
+          expect { subject }
             .to log_spam(title: 'Test Title', user_id: user.id, noteable_type: 'PersonalSnippet')
         end
       end
@@ -320,8 +335,9 @@ describe API::Snippets do
   end
 
   describe 'PUT /snippets/:id' do
+    let_it_be(:other_user) { create(:user) }
+
     let(:visibility_level) { Snippet::PUBLIC }
-    let(:other_user) { create(:user) }
     let(:snippet) do
       create(:personal_snippet, :repository, author: user, visibility_level: visibility_level)
     end
@@ -373,6 +389,20 @@ describe API::Snippets do
       expect(response).to have_gitlab_http_status(:bad_request)
     end
 
+    it 'returns 400 if content is blank' do
+      update_snippet(params: { content: '' })
+
+      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(json_response['error']).to eq 'content is empty'
+    end
+
+    it 'returns 400 if title is blank' do
+      update_snippet(params: { title: '' })
+
+      expect(response).to have_gitlab_http_status(:bad_request)
+      expect(json_response['error']).to eq 'title is empty'
+    end
+
     it_behaves_like 'update with repository actions' do
       let(:snippet_without_repo) { create(:personal_snippet, author: user, visibility_level: visibility_level) }
     end
@@ -424,6 +454,32 @@ describe API::Snippets do
       end
     end
 
+    context "when admin" do
+      let(:admin) { create(:admin) }
+      let(:token) { create(:personal_access_token, user: admin, scopes: [:sudo]) }
+
+      subject do
+        put api("/snippets/#{snippet.id}", admin, personal_access_token: token), params: { visibility: 'private', sudo: user.id }
+      end
+
+      context 'when sudo is defined' do
+        it 'returns 200 and updates snippet visibility' do
+          expect(snippet.visibility).not_to eq('private')
+
+          subject
+
+          expect(response).to have_gitlab_http_status(:success)
+          expect(json_response["visibility"]).to eq 'private'
+        end
+
+        it 'does not commit data' do
+          expect_any_instance_of(SnippetRepository).not_to receive(:multi_files_action)
+
+          subject
+        end
+      end
+    end
+
     def update_snippet(snippet_id: snippet.id, params: {}, requester: user)
       put api("/snippets/#{snippet_id}", requester), params: params
     end