diff options
Diffstat (limited to 'spec/requests/api')
| -rw-r--r-- | spec/requests/api/group_members_spec.rb | 12 | ||||
| -rw-r--r-- | spec/requests/api/groups_spec.rb | 57 | ||||
| -rw-r--r-- | spec/requests/api/issues_spec.rb | 113 | ||||
| -rw-r--r-- | spec/requests/api/merge_requests_spec.rb | 42 | ||||
| -rw-r--r-- | spec/requests/api/milestones_spec.rb | 27 | ||||
| -rw-r--r-- | spec/requests/api/notes_spec.rb | 61 | ||||
| -rw-r--r-- | spec/requests/api/project_members_spec.rb | 20 | ||||
| -rw-r--r-- | spec/requests/api/projects_spec.rb | 48 | ||||
| -rw-r--r-- | spec/requests/api/tags_spec.rb | 6 |
9 files changed, 367 insertions, 19 deletions
diff --git a/spec/requests/api/group_members_spec.rb b/spec/requests/api/group_members_spec.rb index 3e8b4aa1f88..96d89e69209 100644 --- a/spec/requests/api/group_members_spec.rb +++ b/spec/requests/api/group_members_spec.rb @@ -42,9 +42,10 @@ describe API::API, api: true do end end - it "users not part of the group should get access error" do + it 'users not part of the group should get access error' do get api("/groups/#{group_with_members.id}/members", stranger) - expect(response.status).to eq(403) + + expect(response.status).to eq(404) end end end @@ -165,12 +166,13 @@ describe API::API, api: true do end end - describe "DELETE /groups/:id/members/:user_id" do - context "when not a member of the group" do + describe 'DELETE /groups/:id/members/:user_id' do + context 'when not a member of the group' do it "should not delete guest's membership of group_with_members" do random_user = create(:user) delete api("/groups/#{group_with_members.id}/members/#{owner.id}", random_user) - expect(response.status).to eq(403) + + expect(response.status).to eq(404) end end diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index 41c9cacd455..37ddab83c30 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -61,7 +61,8 @@ describe API::API, api: true do it "should not return a group not attached to user1" do get api("/groups/#{group2.id}", user1) - expect(response.status).to eq(403) + + expect(response.status).to eq(404) end end @@ -92,9 +93,54 @@ describe API::API, api: true do it 'should not return a group not attached to user1' do get api("/groups/#{group2.path}", user1) + + expect(response.status).to eq(404) + end + end + end + + describe 'PUT /groups/:id' do + let(:new_group_name) { 'New Group'} + + context 'when authenticated as the group owner' do + it 'updates the group' do + put api("/groups/#{group1.id}", user1), name: new_group_name + + expect(response.status).to eq(200) + expect(json_response['name']).to eq(new_group_name) + end + + it 'returns 404 for a non existing group' do + put api('/groups/1328', user1) + + expect(response.status).to eq(404) + end + end + + context 'when authenticated as the admin' do + it 'updates the group' do + put api("/groups/#{group1.id}", admin), name: new_group_name + + expect(response.status).to eq(200) + expect(json_response['name']).to eq(new_group_name) + end + end + + context 'when authenticated as an user that can see the group' do + it 'does not updates the group' do + put api("/groups/#{group1.id}", user2), name: new_group_name + expect(response.status).to eq(403) end end + + context 'when authenticated as an user that cannot see the group' do + it 'returns 404 when trying to update the group' do + put api("/groups/#{group2.id}", user1), name: new_group_name + + expect(response.status).to eq(404) + end + end end describe "GET /groups/:id/projects" do @@ -113,7 +159,8 @@ describe API::API, api: true do it "should not return a group not attached to user1" do get api("/groups/#{group2.id}/projects", user1) - expect(response.status).to eq(403) + + expect(response.status).to eq(404) end end @@ -145,7 +192,8 @@ describe API::API, api: true do it 'should not return a group not attached to user1' do get api("/groups/#{group2.path}/projects", user1) - expect(response.status).to eq(403) + + expect(response.status).to eq(404) end end end @@ -203,7 +251,8 @@ describe API::API, api: true do it "should not remove a group not attached to user1" do delete api("/groups/#{group2.id}", user1) - expect(response.status).to eq(403) + + expect(response.status).to eq(404) end end diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb index 822d3ad3017..86ea223f206 100644 --- a/spec/requests/api/issues_spec.rb +++ b/spec/requests/api/issues_spec.rb @@ -3,11 +3,12 @@ require 'spec_helper' describe API::API, api: true do include ApiHelpers let(:user) { create(:user) } + let(:user2) { create(:user) } let(:non_member) { create(:user) } let(:author) { create(:author) } let(:assignee) { create(:assignee) } let(:admin) { create(:user, :admin) } - let!(:project) { create(:project, :public, namespace: user.namespace ) } + let!(:project) { create(:project, :public, creator_id: user.id, namespace: user.namespace ) } let!(:closed_issue) do create :closed_issue, author: user, @@ -501,4 +502,114 @@ describe API::API, api: true do end end end + + describe '/projects/:id/issues/:issue_id/move' do + let!(:target_project) { create(:project, path: 'project2', creator_id: user.id, namespace: user.namespace ) } + let!(:target_project2) { create(:project, creator_id: non_member.id, namespace: non_member.namespace ) } + + it 'moves an issue' do + post api("/projects/#{project.id}/issues/#{issue.id}/move", user), + to_project_id: target_project.id + + expect(response.status).to eq(201) + expect(json_response['project_id']).to eq(target_project.id) + end + + context 'when source and target projects are the same' do + it 'returns 400 when trying to move an issue' do + post api("/projects/#{project.id}/issues/#{issue.id}/move", user), + to_project_id: project.id + + expect(response.status).to eq(400) + expect(json_response['message']).to eq('Cannot move issue to project it originates from!') + end + end + + context 'when the user does not have the permission to move issues' do + it 'returns 400 when trying to move an issue' do + post api("/projects/#{project.id}/issues/#{issue.id}/move", user), + to_project_id: target_project2.id + + expect(response.status).to eq(400) + expect(json_response['message']).to eq('Cannot move issue due to insufficient permissions!') + end + end + + it 'moves the issue to another namespace if I am admin' do + post api("/projects/#{project.id}/issues/#{issue.id}/move", admin), + to_project_id: target_project2.id + + expect(response.status).to eq(201) + expect(json_response['project_id']).to eq(target_project2.id) + end + + context 'when issue does not exist' do + it 'returns 404 when trying to move an issue' do + post api("/projects/#{project.id}/issues/123/move", user), + to_project_id: target_project.id + + expect(response.status).to eq(404) + end + end + + context 'when source project does not exist' do + it 'returns 404 when trying to move an issue' do + post api("/projects/123/issues/#{issue.id}/move", user), + to_project_id: target_project.id + + expect(response.status).to eq(404) + end + end + + context 'when target project does not exist' do + it 'returns 404 when trying to move an issue' do + post api("/projects/#{project.id}/issues/#{issue.id}/move", user), + to_project_id: 123 + + expect(response.status).to eq(404) + end + end + end + + describe 'POST :id/issues/:issue_id/subscription' do + it 'subscribes to an issue' do + post api("/projects/#{project.id}/issues/#{issue.id}/subscription", user2) + + expect(response.status).to eq(201) + expect(json_response['subscribed']).to eq(true) + end + + it 'returns 304 if already subscribed' do + post api("/projects/#{project.id}/issues/#{issue.id}/subscription", user) + + expect(response.status).to eq(304) + end + + it 'returns 404 if the issue is not found' do + post api("/projects/#{project.id}/issues/123/subscription", user) + + expect(response.status).to eq(404) + end + end + + describe 'DELETE :id/issues/:issue_id/subscription' do + it 'unsubscribes from an issue' do + delete api("/projects/#{project.id}/issues/#{issue.id}/subscription", user) + + expect(response.status).to eq(200) + expect(json_response['subscribed']).to eq(false) + end + + it 'returns 304 if not subscribed' do + delete api("/projects/#{project.id}/issues/#{issue.id}/subscription", user2) + + expect(response.status).to eq(304) + end + + it 'returns 404 if the issue is not found' do + delete api("/projects/#{project.id}/issues/123/subscription", user) + + expect(response.status).to eq(404) + end + end end diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb index 25fa30b2f21..1fa7e76894f 100644 --- a/spec/requests/api/merge_requests_spec.rb +++ b/spec/requests/api/merge_requests_spec.rb @@ -516,6 +516,48 @@ describe API::API, api: true do end end + describe 'POST :id/merge_requests/:merge_request_id/subscription' do + it 'subscribes to a merge request' do + post api("/projects/#{project.id}/merge_requests/#{merge_request.id}/subscription", admin) + + expect(response.status).to eq(201) + expect(json_response['subscribed']).to eq(true) + end + + it 'returns 304 if already subscribed' do + post api("/projects/#{project.id}/merge_requests/#{merge_request.id}/subscription", user) + + expect(response.status).to eq(304) + end + + it 'returns 404 if the merge request is not found' do + post api("/projects/#{project.id}/merge_requests/123/subscription", user) + + expect(response.status).to eq(404) + end + end + + describe 'DELETE :id/merge_requests/:merge_request_id/subscription' do + it 'unsubscribes from a merge request' do + delete api("/projects/#{project.id}/merge_requests/#{merge_request.id}/subscription", user) + + expect(response.status).to eq(200) + expect(json_response['subscribed']).to eq(false) + end + + it 'returns 304 if not subscribed' do + delete api("/projects/#{project.id}/merge_requests/#{merge_request.id}/subscription", admin) + + expect(response.status).to eq(304) + end + + it 'returns 404 if the merge request is not found' do + post api("/projects/#{project.id}/merge_requests/123/subscription", user) + + expect(response.status).to eq(404) + end + end + def mr_with_later_created_and_updated_at_time merge_request merge_request.created_at += 1.hour diff --git a/spec/requests/api/milestones_spec.rb b/spec/requests/api/milestones_spec.rb index db0f6e3c0f5..344f0fe0b7f 100644 --- a/spec/requests/api/milestones_spec.rb +++ b/spec/requests/api/milestones_spec.rb @@ -4,6 +4,7 @@ describe API::API, api: true do include ApiHelpers let(:user) { create(:user) } let!(:project) { create(:project, namespace: user.namespace ) } + let!(:closed_milestone) { create(:closed_milestone, project: project) } let!(:milestone) { create(:milestone, project: project) } before { project.team << [user, :developer] } @@ -20,6 +21,24 @@ describe API::API, api: true do get api("/projects/#{project.id}/milestones") expect(response.status).to eq(401) end + + it 'returns an array of active milestones' do + get api("/projects/#{project.id}/milestones?state=active", user) + + expect(response.status).to eq(200) + expect(json_response).to be_an Array + expect(json_response.length).to eq(1) + expect(json_response.first['id']).to eq(milestone.id) + end + + it 'returns an array of closed milestones' do + get api("/projects/#{project.id}/milestones?state=closed", user) + + expect(response.status).to eq(200) + expect(json_response).to be_an Array + expect(json_response.length).to eq(1) + expect(json_response.first['id']).to eq(closed_milestone.id) + end end describe 'GET /projects/:id/milestones/:milestone_id' do @@ -31,10 +50,12 @@ describe API::API, api: true do end it 'should return a project milestone by iid' do - get api("/projects/#{project.id}/milestones?iid=#{milestone.iid}", user) + get api("/projects/#{project.id}/milestones?iid=#{closed_milestone.iid}", user) + expect(response.status).to eq 200 - expect(json_response.first['title']).to eq milestone.title - expect(json_response.first['id']).to eq milestone.id + expect(json_response.size).to eq(1) + expect(json_response.first['title']).to eq closed_milestone.title + expect(json_response.first['id']).to eq closed_milestone.id end it 'should return 401 error if user not authenticated' do diff --git a/spec/requests/api/notes_spec.rb b/spec/requests/api/notes_spec.rb index 39f9a06fe1b..a467bc935af 100644 --- a/spec/requests/api/notes_spec.rb +++ b/spec/requests/api/notes_spec.rb @@ -241,4 +241,65 @@ describe API::API, api: true do end end + describe 'DELETE /projects/:id/noteable/:noteable_id/notes/:note_id' do + context 'when noteable is an Issue' do + it 'deletes a note' do + delete api("/projects/#{project.id}/issues/#{issue.id}/"\ + "notes/#{issue_note.id}", user) + + expect(response.status).to eq(200) + # Check if note is really deleted + delete api("/projects/#{project.id}/issues/#{issue.id}/"\ + "notes/#{issue_note.id}", user) + expect(response.status).to eq(404) + end + + it 'returns a 404 error when note id not found' do + delete api("/projects/#{project.id}/issues/#{issue.id}/notes/123", user) + + expect(response.status).to eq(404) + end + end + + context 'when noteable is a Snippet' do + it 'deletes a note' do + delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\ + "notes/#{snippet_note.id}", user) + + expect(response.status).to eq(200) + # Check if note is really deleted + delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\ + "notes/#{snippet_note.id}", user) + expect(response.status).to eq(404) + end + + it 'returns a 404 error when note id not found' do + delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\ + "notes/123", user) + + expect(response.status).to eq(404) + end + end + + context 'when noteable is a Merge Request' do + it 'deletes a note' do + delete api("/projects/#{project.id}/merge_requests/"\ + "#{merge_request.id}/notes/#{merge_request_note.id}", user) + + expect(response.status).to eq(200) + # Check if note is really deleted + delete api("/projects/#{project.id}/merge_requests/"\ + "#{merge_request.id}/notes/#{merge_request_note.id}", user) + expect(response.status).to eq(404) + end + + it 'returns a 404 error when note id not found' do + delete api("/projects/#{project.id}/merge_requests/"\ + "#{merge_request.id}/notes/123", user) + + expect(response.status).to eq(404) + end + end + end + end diff --git a/spec/requests/api/project_members_spec.rb b/spec/requests/api/project_members_spec.rb index 4301588b16a..c112ca5e3ca 100644 --- a/spec/requests/api/project_members_spec.rb +++ b/spec/requests/api/project_members_spec.rb @@ -118,8 +118,10 @@ describe API::API, api: true do end describe "DELETE /projects/:id/members/:user_id" do - before { project_member } - before { project_member2 } + before do + project_member + project_member2 + end it "should remove user from project team" do expect do @@ -132,6 +134,7 @@ describe API::API, api: true do expect do delete api("/projects/#{project.id}/members/#{user3.id}", user) end.to_not change { ProjectMember.count } + expect(response.status).to eq(200) end it "should return 200 if team member already removed" do @@ -145,8 +148,19 @@ describe API::API, api: true do delete api("/projects/#{project.id}/members/1000000", user) end.to change { ProjectMember.count }.by(0) expect(response.status).to eq(200) - expect(json_response['message']).to eq("Access revoked") expect(json_response['id']).to eq(1000000) + expect(json_response['message']).to eq('Access revoked') + end + + context 'when the user is not an admin or owner' do + it 'can leave the project' do + expect do + delete api("/projects/#{project.id}/members/#{user3.id}", user3) + end.to change { ProjectMember.count }.by(-1) + + expect(response.status).to eq(200) + expect(json_response['id']).to eq(project_member2.id) + end end end end diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index be2034e0f39..fccd08bd6da 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -1020,6 +1020,54 @@ describe API::API, api: true do end end + describe 'POST /projects/:id/star' do + context 'on an unstarred project' do + it 'stars the project' do + expect { post api("/projects/#{project.id}/star", user) }.to change { project.reload.star_count }.by(1) + + expect(response.status).to eq(201) + expect(json_response['star_count']).to eq(1) + end + end + + context 'on a starred project' do + before do + user.toggle_star(project) + project.reload + end + + it 'does not modify the star count' do + expect { post api("/projects/#{project.id}/star", user) }.not_to change { project.reload.star_count } + + expect(response.status).to eq(304) + end + end + end + + describe 'DELETE /projects/:id/star' do + context 'on a starred project' do + before do + user.toggle_star(project) + project.reload + end + + it 'unstars the project' do + expect { delete api("/projects/#{project.id}/star", user) }.to change { project.reload.star_count }.by(-1) + + expect(response.status).to eq(200) + expect(json_response['star_count']).to eq(0) + end + end + + context 'on an unstarred project' do + it 'does not modify the star count' do + expect { delete api("/projects/#{project.id}/star", user) }.not_to change { project.reload.star_count } + + expect(response.status).to eq(304) + end + end + end + describe 'DELETE /projects/:id' do context 'when authenticated as user' do it 'should remove project' do diff --git a/spec/requests/api/tags_spec.rb b/spec/requests/api/tags_spec.rb index acbd9c3e332..9f9c3b1cf4c 100644 --- a/spec/requests/api/tags_spec.rb +++ b/spec/requests/api/tags_spec.rb @@ -40,17 +40,17 @@ describe API::API, api: true do end end - describe "GET /projects/:id/repository/tags/:tag_name" do + describe 'GET /projects/:id/repository/tags/:tag_name' do let(:tag_name) { project.repository.tag_names.sort.reverse.first } - it 'should return a specific tag' do + it 'returns a specific tag' do get api("/projects/#{project.id}/repository/tags/#{tag_name}", user) expect(response.status).to eq(200) expect(json_response['name']).to eq(tag_name) end - it 'should return 404 for an invalid tag name' do + it 'returns 404 for an invalid tag name' do get api("/projects/#{project.id}/repository/tags/foobar", user) expect(response.status).to eq(404) |