summaryrefslogtreecommitdiff
path: root/spec/requests/api
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/api')
-rw-r--r--spec/requests/api/branches_spec.rb10
-rw-r--r--spec/requests/api/commits_spec.rb14
-rw-r--r--spec/requests/api/graphql/mutations/award_emojis/add_spec.rb100
-rw-r--r--spec/requests/api/graphql/mutations/award_emojis/remove_spec.rb80
-rw-r--r--spec/requests/api/graphql/mutations/award_emojis/toggle_spec.rb142
-rw-r--r--spec/requests/api/graphql/namespace/projects_spec.rb4
-rw-r--r--spec/requests/api/graphql/project/repository_spec.rb24
-rw-r--r--spec/requests/api/graphql/project/tree/tree_spec.rb18
-rw-r--r--spec/requests/api/helpers_spec.rb6
-rw-r--r--spec/requests/api/issues/get_group_issues_spec.rb30
-rw-r--r--spec/requests/api/issues/get_project_issues_spec.rb58
-rw-r--r--spec/requests/api/issues/issues_spec.rb31
-rw-r--r--spec/requests/api/merge_requests_spec.rb25
-rw-r--r--spec/requests/api/project_clusters_spec.rb61
-rw-r--r--spec/requests/api/releases_spec.rb81
-rw-r--r--spec/requests/api/users_spec.rb19
16 files changed, 605 insertions, 98 deletions
diff --git a/spec/requests/api/branches_spec.rb b/spec/requests/api/branches_spec.rb
index 8b503777443..f9c8b42afa8 100644
--- a/spec/requests/api/branches_spec.rb
+++ b/spec/requests/api/branches_spec.rb
@@ -65,7 +65,7 @@ describe API::Branches do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { get api(route, current_user) }
end
end
@@ -175,7 +175,7 @@ describe API::Branches do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { get api(route, current_user) }
end
end
@@ -337,7 +337,7 @@ describe API::Branches do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { put api(route, current_user) }
end
end
@@ -471,7 +471,7 @@ describe API::Branches do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { put api(route, current_user) }
end
end
@@ -547,7 +547,7 @@ describe API::Branches do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { post api(route, current_user) }
end
end
diff --git a/spec/requests/api/commits_spec.rb b/spec/requests/api/commits_spec.rb
index f104da6ebba..3df5d9412f8 100644
--- a/spec/requests/api/commits_spec.rb
+++ b/spec/requests/api/commits_spec.rb
@@ -736,7 +736,7 @@ describe API::Commits do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { get api(route, current_user) }
end
end
@@ -825,7 +825,7 @@ describe API::Commits do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { get api(route, current_user) }
end
end
@@ -968,7 +968,7 @@ describe API::Commits do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { get api(route, current_user) }
end
end
@@ -1067,7 +1067,7 @@ describe API::Commits do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { get api(route, current_user) }
end
end
@@ -1169,7 +1169,7 @@ describe API::Commits do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { post api(route, current_user), params: { branch: 'master' } }
end
end
@@ -1324,7 +1324,7 @@ describe API::Commits do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { post api(route, current_user), params: { branch: branch } }
end
end
@@ -1435,7 +1435,7 @@ describe API::Commits do
context 'when repository is disabled' do
include_context 'disabled repository'
- it_behaves_like '403 response' do
+ it_behaves_like '404 response' do
let(:request) { post api(route, current_user), params: { note: 'My comment' } }
end
end
diff --git a/spec/requests/api/graphql/mutations/award_emojis/add_spec.rb b/spec/requests/api/graphql/mutations/award_emojis/add_spec.rb
new file mode 100644
index 00000000000..3982125a38a
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/award_emojis/add_spec.rb
@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Adding an AwardEmoji' do
+ include GraphqlHelpers
+
+ let(:current_user) { create(:user) }
+ let(:awardable) { create(:note) }
+ let(:project) { awardable.project }
+ let(:emoji_name) { 'thumbsup' }
+ let(:mutation) do
+ variables = {
+ awardable_id: GitlabSchema.id_from_object(awardable).to_s,
+ name: emoji_name
+ }
+
+ graphql_mutation(:add_award_emoji, variables)
+ end
+
+ def mutation_response
+ graphql_mutation_response(:add_award_emoji)
+ end
+
+ shared_examples 'a mutation that does not create an AwardEmoji' do
+ it do
+ expect do
+ post_graphql_mutation(mutation, current_user: current_user)
+ end.not_to change { AwardEmoji.count }
+ end
+ end
+
+ context 'when the user does not have permission' do
+ it_behaves_like 'a mutation that does not create an AwardEmoji'
+
+ it_behaves_like 'a mutation that returns top-level errors',
+ errors: ['The resource that you are attempting to access does not exist or you don\'t have permission to perform this action']
+ end
+
+ context 'when the user has permission' do
+ before do
+ project.add_developer(current_user)
+ end
+
+ context 'when the given awardable is not an Awardable' do
+ let(:awardable) { create(:label) }
+
+ it_behaves_like 'a mutation that does not create an AwardEmoji'
+
+ it_behaves_like 'a mutation that returns top-level errors',
+ errors: ['Cannot award emoji to this resource']
+ end
+
+ context 'when the given awardable is an Awardable but still cannot be awarded an emoji' do
+ let(:awardable) { create(:system_note) }
+
+ it_behaves_like 'a mutation that does not create an AwardEmoji'
+
+ it_behaves_like 'a mutation that returns top-level errors',
+ errors: ['Cannot award emoji to this resource']
+ end
+
+ context 'when the given awardable an Awardable' do
+ it 'creates an emoji' do
+ expect do
+ post_graphql_mutation(mutation, current_user: current_user)
+ end.to change { AwardEmoji.count }.by(1)
+ end
+
+ it 'returns the emoji' do
+ post_graphql_mutation(mutation, current_user: current_user)
+
+ expect(mutation_response['awardEmoji']['name']).to eq(emoji_name)
+ end
+
+ context 'when there were active record validation errors' do
+ before do
+ expect_next_instance_of(AwardEmoji) do |award|
+ expect(award).to receive(:valid?).at_least(:once).and_return(false)
+ expect(award).to receive_message_chain(
+ :errors,
+ :full_messages
+ ).and_return(['Error 1', 'Error 2'])
+ end
+ end
+
+ it_behaves_like 'a mutation that does not create an AwardEmoji'
+
+ it_behaves_like 'a mutation that returns errors in the response', errors: ['Error 1', 'Error 2']
+
+ it 'returns an empty awardEmoji' do
+ post_graphql_mutation(mutation, current_user: current_user)
+
+ expect(mutation_response).to have_key('awardEmoji')
+ expect(mutation_response['awardEmoji']).to be_nil
+ end
+ end
+ end
+ end
+end
diff --git a/spec/requests/api/graphql/mutations/award_emojis/remove_spec.rb b/spec/requests/api/graphql/mutations/award_emojis/remove_spec.rb
new file mode 100644
index 00000000000..c78f0c7ca27
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/award_emojis/remove_spec.rb
@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Removing an AwardEmoji' do
+ include GraphqlHelpers
+
+ let(:current_user) { create(:user) }
+ let(:awardable) { create(:note) }
+ let(:project) { awardable.project }
+ let(:emoji_name) { 'thumbsup' }
+ let(:input) { { awardable_id: GitlabSchema.id_from_object(awardable).to_s, name: emoji_name } }
+
+ let(:mutation) do
+ graphql_mutation(:remove_award_emoji, input)
+ end
+
+ def mutation_response
+ graphql_mutation_response(:remove_award_emoji)
+ end
+
+ def create_award_emoji(user)
+ create(:award_emoji, name: emoji_name, awardable: awardable, user: user )
+ end
+
+ shared_examples 'a mutation that does not destroy an AwardEmoji' do
+ it do
+ expect do
+ post_graphql_mutation(mutation, current_user: current_user)
+ end.not_to change { AwardEmoji.count }
+ end
+ end
+
+ shared_examples 'a mutation that does not authorize the user' do
+ it_behaves_like 'a mutation that does not destroy an AwardEmoji'
+
+ it_behaves_like 'a mutation that returns top-level errors',
+ errors: ['The resource that you are attempting to access does not exist or you don\'t have permission to perform this action']
+ end
+
+ context 'when the current_user does not own the award emoji' do
+ let!(:award_emoji) { create_award_emoji(create(:user)) }
+
+ it_behaves_like 'a mutation that does not authorize the user'
+ end
+
+ context 'when the current_user owns the award emoji' do
+ let!(:award_emoji) { create_award_emoji(current_user) }
+
+ context 'when the given awardable is not an Awardable' do
+ let(:awardable) { create(:label) }
+
+ it_behaves_like 'a mutation that does not destroy an AwardEmoji'
+
+ it_behaves_like 'a mutation that returns top-level errors',
+ errors: ['Cannot award emoji to this resource']
+ end
+
+ context 'when the given awardable is an Awardable' do
+ it 'removes the emoji' do
+ expect do
+ post_graphql_mutation(mutation, current_user: current_user)
+ end.to change { AwardEmoji.count }.by(-1)
+ end
+
+ it 'returns no errors' do
+ post_graphql_mutation(mutation, current_user: current_user)
+
+ expect(graphql_errors).to be_nil
+ end
+
+ it 'returns an empty awardEmoji' do
+ post_graphql_mutation(mutation, current_user: current_user)
+
+ expect(mutation_response).to have_key('awardEmoji')
+ expect(mutation_response['awardEmoji']).to be_nil
+ end
+ end
+ end
+end
diff --git a/spec/requests/api/graphql/mutations/award_emojis/toggle_spec.rb b/spec/requests/api/graphql/mutations/award_emojis/toggle_spec.rb
new file mode 100644
index 00000000000..31145730f10
--- /dev/null
+++ b/spec/requests/api/graphql/mutations/award_emojis/toggle_spec.rb
@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'Toggling an AwardEmoji' do
+ include GraphqlHelpers
+
+ let(:current_user) { create(:user) }
+ let(:awardable) { create(:note) }
+ let(:project) { awardable.project }
+ let(:emoji_name) { 'thumbsup' }
+ let(:mutation) do
+ variables = {
+ awardable_id: GitlabSchema.id_from_object(awardable).to_s,
+ name: emoji_name
+ }
+
+ graphql_mutation(:toggle_award_emoji, variables)
+ end
+
+ def mutation_response
+ graphql_mutation_response(:toggle_award_emoji)
+ end
+
+ shared_examples 'a mutation that does not create or destroy an AwardEmoji' do
+ it do
+ expect do
+ post_graphql_mutation(mutation, current_user: current_user)
+ end.not_to change { AwardEmoji.count }
+ end
+ end
+
+ def create_award_emoji(user)
+ create(:award_emoji, name: emoji_name, awardable: awardable, user: user )
+ end
+
+ context 'when the user has permission' do
+ before do
+ project.add_developer(current_user)
+ end
+
+ context 'when the given awardable is not an Awardable' do
+ let(:awardable) { create(:label) }
+
+ it_behaves_like 'a mutation that does not create or destroy an AwardEmoji'
+
+ it_behaves_like 'a mutation that returns top-level errors',
+ errors: ['Cannot award emoji to this resource']
+ end
+
+ context 'when the given awardable is an Awardable but still cannot be awarded an emoji' do
+ let(:awardable) { create(:system_note) }
+
+ it_behaves_like 'a mutation that does not create or destroy an AwardEmoji'
+
+ it_behaves_like 'a mutation that returns top-level errors',
+ errors: ['Cannot award emoji to this resource']
+ end
+
+ context 'when the given awardable is an Awardable' do
+ context 'when no emoji has been awarded by the current_user yet' do
+ # Create an award emoji for another user. This therefore tests that
+ # toggling is correctly scoped to the user's emoji only.
+ let!(:award_emoji) { create_award_emoji(create(:user)) }
+
+ it 'creates an emoji' do
+ expect do
+ post_graphql_mutation(mutation, current_user: current_user)
+ end.to change { AwardEmoji.count }.by(1)
+ end
+
+ it 'returns the emoji' do
+ post_graphql_mutation(mutation, current_user: current_user)
+
+ expect(mutation_response['awardEmoji']['name']).to eq(emoji_name)
+ end
+
+ it 'returns toggledOn as true' do
+ post_graphql_mutation(mutation, current_user: current_user)
+
+ expect(mutation_response['toggledOn']).to eq(true)
+ end
+
+ context 'when there were active record validation errors' do
+ before do
+ expect_next_instance_of(AwardEmoji) do |award|
+ expect(award).to receive(:valid?).at_least(:once).and_return(false)
+ expect(award).to receive_message_chain(:errors, :full_messages).and_return(['Error 1', 'Error 2'])
+ end
+ end
+
+ it_behaves_like 'a mutation that does not create or destroy an AwardEmoji'
+
+ it_behaves_like 'a mutation that returns errors in the response', errors: ['Error 1', 'Error 2']
+
+ it 'returns an empty awardEmoji' do
+ post_graphql_mutation(mutation, current_user: current_user)
+
+ expect(mutation_response).to have_key('awardEmoji')
+ expect(mutation_response['awardEmoji']).to be_nil
+ end
+ end
+ end
+
+ context 'when an emoji has been awarded by the current_user' do
+ let!(:award_emoji) { create_award_emoji(current_user) }
+
+ it 'removes the emoji' do
+ expect do
+ post_graphql_mutation(mutation, current_user: current_user)
+ end.to change { AwardEmoji.count }.by(-1)
+ end
+
+ it 'returns no errors' do
+ post_graphql_mutation(mutation, current_user: current_user)
+
+ expect(graphql_errors).to be_nil
+ end
+
+ it 'returns an empty awardEmoji' do
+ post_graphql_mutation(mutation, current_user: current_user)
+
+ expect(mutation_response).to have_key('awardEmoji')
+ expect(mutation_response['awardEmoji']).to be_nil
+ end
+
+ it 'returns toggledOn as false' do
+ post_graphql_mutation(mutation, current_user: current_user)
+
+ expect(mutation_response['toggledOn']).to eq(false)
+ end
+ end
+ end
+ end
+
+ context 'when the user does not have permission' do
+ it_behaves_like 'a mutation that does not create or destroy an AwardEmoji'
+
+ it_behaves_like 'a mutation that returns top-level errors',
+ errors: ['The resource that you are attempting to access does not exist or you don\'t have permission to perform this action']
+ end
+end
diff --git a/spec/requests/api/graphql/namespace/projects_spec.rb b/spec/requests/api/graphql/namespace/projects_spec.rb
index de1cd9586b6..63fa16c79ca 100644
--- a/spec/requests/api/graphql/namespace/projects_spec.rb
+++ b/spec/requests/api/graphql/namespace/projects_spec.rb
@@ -58,9 +58,7 @@ describe 'getting projects', :nested_groups do
it 'finds only public projects' do
post_graphql(query, current_user: nil)
- expect(graphql_data['namespace']['projects']['edges'].size).to eq(1)
- project = graphql_data['namespace']['projects']['edges'][0]['node']
- expect(project['id']).to eq(public_project.to_global_id.to_s)
+ expect(graphql_data['namespace']).to be_nil
end
end
end
diff --git a/spec/requests/api/graphql/project/repository_spec.rb b/spec/requests/api/graphql/project/repository_spec.rb
index 67af612a4a0..261433a3d6a 100644
--- a/spec/requests/api/graphql/project/repository_spec.rb
+++ b/spec/requests/api/graphql/project/repository_spec.rb
@@ -34,4 +34,28 @@ describe 'getting a repository in a project' do
expect(graphql_data['project']).to be(nil)
end
end
+
+ context 'when the repository is only accessible to members' do
+ let(:project) do
+ create(:project, :public, :repository, repository_access_level: ProjectFeature::PRIVATE)
+ end
+
+ it 'returns a repository for the owner' do
+ post_graphql(query, current_user: current_user)
+
+ expect(graphql_data['project']['repository']).not_to be_nil
+ end
+
+ it 'returns nil for the repository for other users' do
+ post_graphql(query, current_user: create(:user))
+
+ expect(graphql_data['project']['repository']).to be_nil
+ end
+
+ it 'returns nil for the repository for other users' do
+ post_graphql(query, current_user: nil)
+
+ expect(graphql_data['project']['repository']).to be_nil
+ end
+ end
end
diff --git a/spec/requests/api/graphql/project/tree/tree_spec.rb b/spec/requests/api/graphql/project/tree/tree_spec.rb
index b07aa1e12d3..94128cc21ee 100644
--- a/spec/requests/api/graphql/project/tree/tree_spec.rb
+++ b/spec/requests/api/graphql/project/tree/tree_spec.rb
@@ -33,6 +33,12 @@ describe 'getting a tree in a project' do
expect(graphql_data['project']['repository']['tree']['submodules']['edges']).to eq([])
expect(graphql_data['project']['repository']['tree']['blobs']['edges']).to eq([])
end
+
+ it 'returns null commit' do
+ post_graphql(query, current_user: current_user)
+
+ expect(graphql_data['project']['repository']['last_commit']).to be_nil
+ end
end
context 'when ref does not exist' do
@@ -45,6 +51,12 @@ describe 'getting a tree in a project' do
expect(graphql_data['project']['repository']['tree']['submodules']['edges']).to eq([])
expect(graphql_data['project']['repository']['tree']['blobs']['edges']).to eq([])
end
+
+ it 'returns null commit' do
+ post_graphql(query, current_user: current_user)
+
+ expect(graphql_data['project']['repository']['last_commit']).to be_nil
+ end
end
context 'when ref and path exist' do
@@ -61,6 +73,12 @@ describe 'getting a tree in a project' do
expect(graphql_data['project']['repository']['tree']['blobs']['edges'].size).to be > 0
expect(graphql_data['project']['repository']['tree']['submodules']['edges'].size).to be > 0
end
+
+ it 'returns tree latest commit' do
+ post_graphql(query, current_user: current_user)
+
+ expect(graphql_data['project']['repository']['tree']['lastCommit']).to be_present
+ end
end
context 'when current user is nil' do
diff --git a/spec/requests/api/helpers_spec.rb b/spec/requests/api/helpers_spec.rb
index ed907841bd8..1c69f5dbb67 100644
--- a/spec/requests/api/helpers_spec.rb
+++ b/spec/requests/api/helpers_spec.rb
@@ -226,10 +226,8 @@ describe API::Helpers do
allow_any_instance_of(self.class).to receive(:rack_response)
allow(Gitlab::Sentry).to receive(:enabled?).and_return(true)
- stub_application_setting(
- sentry_enabled: true,
- sentry_dsn: "dummy://12345:67890@sentry.localdomain/sentry/42"
- )
+ stub_sentry_settings
+
configure_sentry
Raven.client.configuration.encoding = 'json'
end
diff --git a/spec/requests/api/issues/get_group_issues_spec.rb b/spec/requests/api/issues/get_group_issues_spec.rb
index 8b02cf56e9f..9a41d790945 100644
--- a/spec/requests/api/issues/get_group_issues_spec.rb
+++ b/spec/requests/api/issues/get_group_issues_spec.rb
@@ -23,7 +23,11 @@ describe API::Issues do
describe 'GET /groups/:id/issues' do
let!(:group) { create(:group) }
- let!(:group_project) { create(:project, :public, creator_id: user.id, namespace: group) }
+ let!(:group_project) { create(:project, :public, :repository, creator_id: user.id, namespace: group) }
+ let!(:private_mrs_project) do
+ create(:project, :public, :repository, creator_id: user.id, namespace: group, merge_requests_access_level: ProjectFeature::PRIVATE)
+ end
+
let!(:group_closed_issue) do
create :closed_issue,
author: user,
@@ -234,6 +238,30 @@ describe API::Issues do
it_behaves_like 'group issues statistics'
end
end
+
+ context "when returns issue merge_requests_count for different access levels" do
+ let!(:merge_request1) do
+ create(:merge_request,
+ :simple,
+ author: user,
+ source_project: private_mrs_project,
+ target_project: private_mrs_project,
+ description: "closes #{group_issue.to_reference(private_mrs_project)}")
+ end
+ let!(:merge_request2) do
+ create(:merge_request,
+ :simple,
+ author: user,
+ source_project: group_project,
+ target_project: group_project,
+ description: "closes #{group_issue.to_reference}")
+ end
+
+ it_behaves_like 'accessible merge requests count' do
+ let(:api_url) { base_url }
+ let(:target_issue) { group_issue }
+ end
+ end
end
end
diff --git a/spec/requests/api/issues/get_project_issues_spec.rb b/spec/requests/api/issues/get_project_issues_spec.rb
index 0b0f754ab57..f7ca6fd1e0a 100644
--- a/spec/requests/api/issues/get_project_issues_spec.rb
+++ b/spec/requests/api/issues/get_project_issues_spec.rb
@@ -4,8 +4,9 @@ require 'spec_helper'
describe API::Issues do
set(:user) { create(:user) }
- set(:project) do
- create(:project, :public, creator_id: user.id, namespace: user.namespace)
+ set(:project) { create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace) }
+ set(:private_mrs_project) do
+ create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace, merge_requests_access_level: ProjectFeature::PRIVATE)
end
let(:user2) { create(:user) }
@@ -60,9 +61,28 @@ describe API::Issues do
let(:no_milestone_title) { 'None' }
let(:any_milestone_title) { 'Any' }
+ let!(:merge_request1) do
+ create(:merge_request,
+ :simple,
+ author: user,
+ source_project: project,
+ target_project: project,
+ description: "closes #{issue.to_reference}")
+ end
+ let!(:merge_request2) do
+ create(:merge_request,
+ :simple,
+ author: user,
+ source_project: private_mrs_project,
+ target_project: private_mrs_project,
+ description: "closes #{issue.to_reference(private_mrs_project)}")
+ end
+
before(:all) do
project.add_reporter(user)
project.add_guest(guest)
+ private_mrs_project.add_reporter(user)
+ private_mrs_project.add_guest(guest)
end
before do
@@ -257,6 +277,11 @@ describe API::Issues do
expect_paginated_array_response(issue.id)
end
+ it_behaves_like 'accessible merge requests count' do
+ let(:api_url) { "/projects/#{project.id}/issues" }
+ let(:target_issue) { issue }
+ end
+
context 'with labeled issues' do
let(:label_b) { create(:label, title: 'foo', project: project) }
let(:label_c) { create(:label, title: 'bar', project: project) }
@@ -636,34 +661,26 @@ describe API::Issues do
expect(json_response['iid']).to eq(confidential_issue.iid)
end
end
- end
-
- describe 'GET :id/issues/:issue_iid/closed_by' do
- let(:merge_request) do
- create(:merge_request,
- :simple,
- author: user,
- source_project: project,
- target_project: project,
- description: "closes #{issue.to_reference}")
- end
- before do
- create(:merge_requests_closing_issues, issue: issue, merge_request: merge_request)
+ it_behaves_like 'accessible merge requests count' do
+ let(:api_url) { "/projects/#{project.id}/issues/#{issue.iid}" }
+ let(:target_issue) { issue }
end
+ end
+ describe 'GET :id/issues/:issue_iid/closed_by' do
context 'when unauthenticated' do
it 'return public project issues' do
get api("/projects/#{project.id}/issues/#{issue.iid}/closed_by")
- expect_paginated_array_response(merge_request.id)
+ expect_paginated_array_response(merge_request1.id)
end
end
it 'returns merge requests that will close issue on merge' do
get api("/projects/#{project.id}/issues/#{issue.iid}/closed_by", user)
- expect_paginated_array_response(merge_request.id)
+ expect_paginated_array_response(merge_request1.id)
end
context 'when no merge requests will close issue' do
@@ -721,13 +738,6 @@ describe API::Issues do
end
it 'returns merge requests that mentioned a issue' do
- create(:merge_request,
- :simple,
- author: user,
- source_project: project,
- target_project: project,
- description: 'Some description')
-
get_related_merge_requests(project.id, issue.iid, user)
expect_paginated_array_response(related_mr.id)
diff --git a/spec/requests/api/issues/issues_spec.rb b/spec/requests/api/issues/issues_spec.rb
index f32ffd1c77b..d195f54be11 100644
--- a/spec/requests/api/issues/issues_spec.rb
+++ b/spec/requests/api/issues/issues_spec.rb
@@ -4,8 +4,9 @@ require 'spec_helper'
describe API::Issues do
set(:user) { create(:user) }
- set(:project) do
- create(:project, :public, creator_id: user.id, namespace: user.namespace)
+ set(:project) { create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace) }
+ set(:private_mrs_project) do
+ create(:project, :public, :repository, creator_id: user.id, namespace: user.namespace, merge_requests_access_level: ProjectFeature::PRIVATE)
end
let(:user2) { create(:user) }
@@ -63,6 +64,8 @@ describe API::Issues do
before(:all) do
project.add_reporter(user)
project.add_guest(guest)
+ private_mrs_project.add_reporter(user)
+ private_mrs_project.add_guest(guest)
end
before do
@@ -725,6 +728,30 @@ describe API::Issues do
end
end
end
+
+ context "when returns issue merge_requests_count for different access levels" do
+ let!(:merge_request1) do
+ create(:merge_request,
+ :simple,
+ author: user,
+ source_project: private_mrs_project,
+ target_project: private_mrs_project,
+ description: "closes #{issue.to_reference(private_mrs_project)}")
+ end
+ let!(:merge_request2) do
+ create(:merge_request,
+ :simple,
+ author: user,
+ source_project: project,
+ target_project: project,
+ description: "closes #{issue.to_reference}")
+ end
+
+ it_behaves_like 'accessible merge requests count' do
+ let(:api_url) { "/issues" }
+ let(:target_issue) { issue }
+ end
+ end
end
describe 'DELETE /projects/:id/issues/:issue_iid' do
diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb
index 76d093e0774..a82ecb4fd63 100644
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -834,6 +834,31 @@ describe API::MergeRequests do
end
end
+ context 'head_pipeline' do
+ before do
+ merge_request.update(head_pipeline: create(:ci_pipeline))
+ merge_request.project.project_feature.update(builds_access_level: 10)
+ end
+
+ context 'when user can read the pipeline' do
+ it 'exposes pipeline information' do
+ get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}", user)
+
+ expect(json_response).to include('head_pipeline')
+ end
+ end
+
+ context 'when user can not read the pipeline' do
+ let(:guest) { create(:user) }
+
+ it 'does not expose pipeline information' do
+ get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}", guest)
+
+ expect(json_response).not_to include('head_pipeline')
+ end
+ end
+ end
+
it 'returns the commits behind the target branch when include_diverged_commits_count is present' do
allow_any_instance_of(merge_request.class).to receive(:diverged_commits_count).and_return(1)
diff --git a/spec/requests/api/project_clusters_spec.rb b/spec/requests/api/project_clusters_spec.rb
index fc0381159dd..a6e08ab3ab6 100644
--- a/spec/requests/api/project_clusters_spec.rb
+++ b/spec/requests/api/project_clusters_spec.rb
@@ -6,11 +6,12 @@ describe API::ProjectClusters do
include KubernetesHelpers
let(:current_user) { create(:user) }
- let(:non_member) { create(:user) }
- let(:project) { create(:project, :repository) }
+ let(:developer_user) { create(:user) }
+ let(:project) { create(:project) }
before do
project.add_maintainer(current_user)
+ project.add_developer(developer_user)
end
describe 'GET /projects/:id/clusters' do
@@ -22,10 +23,10 @@ describe API::ProjectClusters do
end
context 'non-authorized user' do
- it 'responds with 404' do
- get api("/projects/#{project.id}/clusters", non_member)
+ it 'responds with 403' do
+ get api("/projects/#{project.id}/clusters", developer_user)
- expect(response).to have_gitlab_http_status(404)
+ expect(response).to have_gitlab_http_status(403)
end
end
@@ -67,10 +68,10 @@ describe API::ProjectClusters do
end
context 'non-authorized user' do
- it 'responds with 404' do
- get api("/projects/#{project.id}/clusters/#{cluster_id}", non_member)
+ it 'responds with 403' do
+ get api("/projects/#{project.id}/clusters/#{cluster_id}", developer_user)
- expect(response).to have_gitlab_http_status(404)
+ expect(response).to have_gitlab_http_status(403)
end
end
@@ -147,31 +148,7 @@ describe API::ProjectClusters do
end
end
- shared_context 'kubernetes calls stubbed' do
- before do
- stub_kubeclient_discover(api_url)
- stub_kubeclient_get_namespace(api_url, namespace: namespace)
- stub_kubeclient_get_service_account(api_url, "#{namespace}-service-account", namespace: namespace)
- stub_kubeclient_put_service_account(api_url, "#{namespace}-service-account", namespace: namespace)
-
- stub_kubeclient_get_secret(
- api_url,
- {
- metadata_name: "#{namespace}-token",
- token: Base64.encode64('sample-token'),
- namespace: namespace
- }
- )
-
- stub_kubeclient_put_secret(api_url, "#{namespace}-token", namespace: namespace)
- stub_kubeclient_get_role_binding(api_url, "gitlab-#{namespace}", namespace: namespace)
- stub_kubeclient_put_role_binding(api_url, "gitlab-#{namespace}", namespace: namespace)
- end
- end
-
describe 'POST /projects/:id/clusters/user' do
- include_context 'kubernetes calls stubbed'
-
let(:api_url) { 'https://kubernetes.example.com' }
let(:namespace) { project.path }
let(:authorization_type) { 'rbac' }
@@ -195,10 +172,10 @@ describe API::ProjectClusters do
end
context 'non-authorized user' do
- it 'responds with 404' do
- post api("/projects/#{project.id}/clusters/user", non_member), params: cluster_params
+ it 'responds with 403' do
+ post api("/projects/#{project.id}/clusters/user", developer_user), params: cluster_params
- expect(response).to have_gitlab_http_status(404)
+ expect(response).to have_gitlab_http_status(403)
end
end
@@ -291,8 +268,6 @@ describe API::ProjectClusters do
end
describe 'PUT /projects/:id/clusters/:cluster_id' do
- include_context 'kubernetes calls stubbed'
-
let(:api_url) { 'https://kubernetes.example.com' }
let(:namespace) { 'new-namespace' }
let(:platform_kubernetes_attributes) { { namespace: namespace } }
@@ -316,10 +291,10 @@ describe API::ProjectClusters do
end
context 'non-authorized user' do
- it 'responds with 404' do
- put api("/projects/#{project.id}/clusters/#{cluster.id}", non_member), params: update_params
+ it 'responds with 403' do
+ put api("/projects/#{project.id}/clusters/#{cluster.id}", developer_user), params: update_params
- expect(response).to have_gitlab_http_status(404)
+ expect(response).to have_gitlab_http_status(403)
end
end
@@ -442,10 +417,10 @@ describe API::ProjectClusters do
end
context 'non-authorized user' do
- it 'responds with 404' do
- delete api("/projects/#{project.id}/clusters/#{cluster.id}", non_member), params: cluster_params
+ it 'responds with 403' do
+ delete api("/projects/#{project.id}/clusters/#{cluster.id}", developer_user), params: cluster_params
- expect(response).to have_gitlab_http_status(404)
+ expect(response).to have_gitlab_http_status(403)
end
end
diff --git a/spec/requests/api/releases_spec.rb b/spec/requests/api/releases_spec.rb
index 8603fa2a73d..206e898381d 100644
--- a/spec/requests/api/releases_spec.rb
+++ b/spec/requests/api/releases_spec.rb
@@ -24,7 +24,7 @@ describe API::Releases do
project: project,
tag: 'v0.1',
author: maintainer,
- created_at: 2.days.ago)
+ released_at: 2.days.ago)
end
let!(:release_2) do
@@ -32,7 +32,7 @@ describe API::Releases do
project: project,
tag: 'v0.2',
author: maintainer,
- created_at: 1.day.ago)
+ released_at: 1.day.ago)
end
it 'returns 200 HTTP status' do
@@ -41,7 +41,7 @@ describe API::Releases do
expect(response).to have_gitlab_http_status(:ok)
end
- it 'returns releases ordered by created_at' do
+ it 'returns releases ordered by released_at' do
get api("/projects/#{project.id}/releases", maintainer)
expect(json_response.count).to eq(2)
@@ -56,6 +56,26 @@ describe API::Releases do
end
end
+ it 'returns an upcoming_release status for a future release' do
+ tomorrow = Time.now.utc + 1.day
+ create(:release, project: project, tag: 'v0.1', author: maintainer, released_at: tomorrow)
+
+ get api("/projects/#{project.id}/releases", maintainer)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(json_response.first['upcoming_release']).to eq(true)
+ end
+
+ it 'returns an upcoming_release status for a past release' do
+ yesterday = Time.now.utc - 1.day
+ create(:release, project: project, tag: 'v0.1', author: maintainer, released_at: yesterday)
+
+ get api("/projects/#{project.id}/releases", maintainer)
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(json_response.first['upcoming_release']).to eq(false)
+ end
+
context 'when tag does not exist in git repository' do
let!(:release) { create(:release, project: project, tag: 'v1.1.5') }
@@ -316,6 +336,51 @@ describe API::Releases do
expect(project.releases.last.description).to eq('Super nice release')
end
+ it 'sets the released_at to the current time if the released_at parameter is not provided' do
+ now = Time.zone.parse('2015-08-25 06:00:00Z')
+ Timecop.freeze(now) do
+ post api("/projects/#{project.id}/releases", maintainer), params: params
+
+ expect(project.releases.last.released_at).to eq(now)
+ end
+ end
+
+ it 'sets the released_at to the value in the parameters if specified' do
+ params = {
+ name: 'New release',
+ tag_name: 'v0.1',
+ description: 'Super nice release',
+ released_at: '2019-03-20T10:00:00Z'
+ }
+ post api("/projects/#{project.id}/releases", maintainer), params: params
+
+ expect(project.releases.last.released_at).to eq('2019-03-20T10:00:00Z')
+ end
+
+ it 'assumes the utc timezone for released_at if the timezone is not provided' do
+ params = {
+ name: 'New release',
+ tag_name: 'v0.1',
+ description: 'Super nice release',
+ released_at: '2019-03-25 10:00:00'
+ }
+ post api("/projects/#{project.id}/releases", maintainer), params: params
+
+ expect(project.releases.last.released_at).to eq('2019-03-25T10:00:00Z')
+ end
+
+ it 'allows specifying a released_at with a local time zone' do
+ params = {
+ name: 'New release',
+ tag_name: 'v0.1',
+ description: 'Super nice release',
+ released_at: '2019-03-25T10:00:00+09:00'
+ }
+ post api("/projects/#{project.id}/releases", maintainer), params: params
+
+ expect(project.releases.last.released_at).to eq('2019-03-25T01:00:00Z')
+ end
+
context 'when description is empty' do
let(:params) do
{
@@ -540,6 +605,7 @@ describe API::Releases do
project: project,
tag: 'v0.1',
name: 'New release',
+ released_at: '2018-03-01T22:00:00Z',
description: 'Super nice release')
end
@@ -560,6 +626,7 @@ describe API::Releases do
expect(project.releases.last.tag).to eq('v0.1')
expect(project.releases.last.name).to eq('New release')
+ expect(project.releases.last.released_at).to eq('2018-03-01T22:00:00Z')
end
it 'matches response schema' do
@@ -568,6 +635,14 @@ describe API::Releases do
expect(response).to match_response_schema('public_api/v4/release')
end
+ it 'updates released_at' do
+ params = { released_at: '2015-10-10T05:00:00Z' }
+
+ put api("/projects/#{project.id}/releases/v0.1", maintainer), params: params
+
+ expect(project.releases.last.released_at).to eq('2015-10-10T05:00:00Z')
+ end
+
context 'when user tries to update sha' do
let(:params) { { sha: 'xxx' } }
diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb
index bab1520b960..46925daf40a 100644
--- a/spec/requests/api/users_spec.rb
+++ b/spec/requests/api/users_spec.rb
@@ -416,7 +416,6 @@ describe API::Users do
expect(response).to have_gitlab_http_status(201)
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq(nil)
expect(new_user.admin).to eq(true)
expect(new_user.can_create_group).to eq(true)
end
@@ -435,7 +434,6 @@ describe API::Users do
expect(response).to have_gitlab_http_status(201)
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq(nil)
expect(new_user.admin).to eq(false)
expect(new_user.can_create_group).to eq(false)
end
@@ -445,7 +443,6 @@ describe API::Users do
expect(response).to have_gitlab_http_status(201)
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq(nil)
expect(new_user.admin).to eq(false)
end
@@ -460,7 +457,6 @@ describe API::Users do
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq nil
expect(new_user.external).to be_falsy
end
@@ -470,7 +466,6 @@ describe API::Users do
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq nil
expect(new_user.external).to be_truthy
end
@@ -482,7 +477,19 @@ describe API::Users do
user_id = json_response['id']
new_user = User.find(user_id)
- expect(new_user).not_to eq(nil)
+ expect(new_user.recently_sent_password_reset?).to eq(true)
+ end
+
+ it "creates user with random password" do
+ params = attributes_for(:user, force_random_password: true, reset_password: true)
+ post api('/users', admin), params: params
+
+ expect(response).to have_gitlab_http_status(201)
+
+ user_id = json_response['id']
+ new_user = User.find(user_id)
+
+ expect(new_user.valid_password?(params[:password])).to eq(false)
expect(new_user.recently_sent_password_reset?).to eq(true)
end
View Lorry Controller Status