diff options
Diffstat (limited to 'spec/requests/api')
70 files changed, 2206 insertions, 10975 deletions
diff --git a/spec/requests/api/avatar_spec.rb b/spec/requests/api/avatar_spec.rb new file mode 100644 index 00000000000..26e0435a6d5 --- /dev/null +++ b/spec/requests/api/avatar_spec.rb @@ -0,0 +1,106 @@ +require 'spec_helper' + +describe API::Avatar do + let(:gravatar_service) { double('GravatarService') } + + describe 'GET /avatar' do + context 'avatar uploaded to GitLab' do + context 'user with matching public email address' do + let(:user) { create(:user, :with_avatar, email: 'public@example.com', public_email: 'public@example.com') } + + before do + user + end + + it 'returns the avatar url' do + get api('/avatar'), { email: 'public@example.com' } + + expect(response.status).to eq 200 + expect(json_response['avatar_url']).to eql("#{::Settings.gitlab.base_url}#{user.avatar.local_url}") + end + end + + context 'no user with matching public email address' do + before do + expect(GravatarService).to receive(:new).and_return(gravatar_service) + expect(gravatar_service).to( + receive(:execute) + .with('private@example.com', nil, 2, { username: nil }) + .and_return('https://gravatar')) + end + + it 'returns the avatar url from Gravatar' do + get api('/avatar'), { email: 'private@example.com' } + + expect(response.status).to eq 200 + expect(json_response['avatar_url']).to eq('https://gravatar') + end + end + end + + context 'avatar uploaded to Gravatar' do + context 'user with matching public email address' do + let(:user) { create(:user, email: 'public@example.com', public_email: 'public@example.com') } + + before do + user + + expect(GravatarService).to receive(:new).and_return(gravatar_service) + expect(gravatar_service).to( + receive(:execute) + .with('public@example.com', nil, 2, { username: user.username }) + .and_return('https://gravatar')) + end + + it 'returns the avatar url from Gravatar' do + get api('/avatar'), { email: 'public@example.com' } + + expect(response.status).to eq 200 + expect(json_response['avatar_url']).to eq('https://gravatar') + end + end + + context 'no user with matching public email address' do + before do + expect(GravatarService).to receive(:new).and_return(gravatar_service) + expect(gravatar_service).to( + receive(:execute) + .with('private@example.com', nil, 2, { username: nil }) + .and_return('https://gravatar')) + end + + it 'returns the avatar url from Gravatar' do + get api('/avatar'), { email: 'private@example.com' } + + expect(response.status).to eq 200 + expect(json_response['avatar_url']).to eq('https://gravatar') + end + end + + context 'public visibility level restricted' do + let(:user) { create(:user, :with_avatar, email: 'public@example.com', public_email: 'public@example.com') } + + before do + user + + stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC]) + end + + context 'when authenticated' do + it 'returns the avatar url' do + get api('/avatar', user), { email: 'public@example.com' } + + expect(response.status).to eq 200 + expect(json_response['avatar_url']).to eql("#{::Settings.gitlab.base_url}#{user.avatar.local_url}") + end + end + + context 'when unauthenticated' do + it_behaves_like '403 response' do + let(:request) { get api('/avatar'), { email: 'public@example.com' } } + end + end + end + end + end +end diff --git a/spec/requests/api/boards_spec.rb b/spec/requests/api/boards_spec.rb index c6c10025f7f..7710f19ce4e 100644 --- a/spec/requests/api/boards_spec.rb +++ b/spec/requests/api/boards_spec.rb @@ -2,7 +2,6 @@ require 'spec_helper' describe API::Boards do set(:user) { create(:user) } - set(:user2) { create(:user) } set(:non_member) { create(:user) } set(:guest) { create(:user) } set(:admin) { create(:user, :admin) } @@ -48,5 +47,36 @@ describe API::Boards do expect(json_response['label']['name']).to eq(group_label.title) expect(json_response['position']).to eq(3) end + + it 'creates a new board list for ancestor group labels' do + group = create(:group) + sub_group = create(:group, parent: group) + group_label = create(:group_label, group: group) + board_parent.update(group: sub_group) + group.add_developer(user) + sub_group.add_developer(user) + + post api(url, user), label_id: group_label.id + + expect(response).to have_gitlab_http_status(201) + expect(json_response['label']['name']).to eq(group_label.title) + end + end + + describe "POST /groups/:id/boards/lists", :nested_groups do + set(:group) { create(:group) } + set(:board_parent) { create(:group, parent: group ) } + let(:url) { "/groups/#{board_parent.id}/boards/#{board.id}/lists" } + set(:board) { create(:board, group: board_parent) } + + it 'creates a new board list for ancestor group labels' do + group.add_developer(user) + group_label = create(:group_label, group: group) + + post api(url, user), label_id: group_label.id + + expect(response).to have_gitlab_http_status(201) + expect(json_response['label']['name']).to eq(group_label.title) + end end end diff --git a/spec/requests/api/branches_spec.rb b/spec/requests/api/branches_spec.rb index 64f51d9843d..9bb6ed62393 100644 --- a/spec/requests/api/branches_spec.rb +++ b/spec/requests/api/branches_spec.rb @@ -155,6 +155,12 @@ describe API::Branches do end it_behaves_like 'repository branch' + + it 'returns that the current user cannot push' do + get api(route, current_user) + + expect(json_response['can_push']).to eq(false) + end end context 'when unauthenticated', 'and project is private' do @@ -169,6 +175,12 @@ describe API::Branches do it_behaves_like 'repository branch' + it 'returns that the current user can push' do + get api(route, current_user) + + expect(json_response['can_push']).to eq(true) + end + context 'when branch contains a dot' do let(:branch_name) { branch_with_dot.name } @@ -202,6 +214,23 @@ describe API::Branches do end end + context 'when authenticated', 'as a developer and branch is protected' do + let(:current_user) { create(:user) } + let!(:protected_branch) { create(:protected_branch, project: project, name: branch_name) } + + before do + project.add_developer(current_user) + end + + it_behaves_like 'repository branch' + + it 'returns that the current user cannot push' do + get api(route, current_user) + + expect(json_response['can_push']).to eq(false) + end + end + context 'when authenticated', 'as a guest' do it_behaves_like '403 response' do let(:request) { get api(route, guest) } diff --git a/spec/requests/api/commit_statuses_spec.rb b/spec/requests/api/commit_statuses_spec.rb index f246bb79ab7..cd43bec35df 100644 --- a/spec/requests/api/commit_statuses_spec.rb +++ b/spec/requests/api/commit_statuses_spec.rb @@ -304,7 +304,7 @@ describe API::CommitStatuses do it 'responds with bad request status and validation errors' do expect(response).to have_gitlab_http_status(400) expect(json_response['message']['target_url']) - .to include 'must be a valid URL' + .to include 'is blocked: Only allowed protocols are http, https' end end end diff --git a/spec/requests/api/commits_spec.rb b/spec/requests/api/commits_spec.rb index 852f67db958..e73d1a252f5 100644 --- a/spec/requests/api/commits_spec.rb +++ b/spec/requests/api/commits_spec.rb @@ -18,14 +18,14 @@ describe API::Commits do describe 'GET /projects/:id/repository/commits' do let(:route) { "/projects/#{project_id}/repository/commits" } - shared_examples_for 'project commits' do + shared_examples_for 'project commits' do |schema: 'public_api/v4/commits'| it "returns project commits" do commit = project.repository.commit get api(route, current_user) expect(response).to have_gitlab_http_status(200) - expect(response).to match_response_schema('public_api/v4/commits') + expect(response).to match_response_schema(schema) expect(json_response.first['id']).to eq(commit.id) expect(json_response.first['committer_name']).to eq(commit.committer_name) expect(json_response.first['committer_email']).to eq(commit.committer_email) @@ -161,6 +161,23 @@ describe API::Commits do end end + context 'with_stats optional parameter' do + let(:project) { create(:project, :public, :repository) } + + it_behaves_like 'project commits', schema: 'public_api/v4/commits_with_stats' do + let(:route) { "/projects/#{project_id}/repository/commits?with_stats=true" } + + it 'include commits details' do + commit = project.repository.commit + get api(route, current_user) + + expect(json_response.first['stats']['additions']).to eq(commit.stats.additions) + expect(json_response.first['stats']['deletions']).to eq(commit.stats.deletions) + expect(json_response.first['stats']['total']).to eq(commit.stats.total) + end + end + end + context 'with pagination params' do let(:page) { 1 } let(:per_page) { 5 } @@ -247,6 +264,19 @@ describe API::Commits do ] } end + let!(:valid_utf8_c_params) do + { + branch: 'master', + commit_message: message, + actions: [ + { + action: 'create', + file_path: 'foo/bar/baz.txt', + content: 'puts 🦊' + } + ] + } + end it 'a new file in project repo' do post api(url, user), valid_c_params @@ -257,6 +287,15 @@ describe API::Commits do expect(json_response['committer_email']).to eq(user.email) end + it 'a new file with utf8 chars in project repo' do + post api(url, user), valid_utf8_c_params + + expect(response).to have_gitlab_http_status(201) + expect(json_response['title']).to eq(message) + expect(json_response['committer_name']).to eq(user.name) + expect(json_response['committer_email']).to eq(user.email) + end + it 'returns a 400 bad request if file exists' do post api(url, user), invalid_c_params @@ -1141,4 +1180,33 @@ describe API::Commits do end end end + + describe 'GET /projects/:id/repository/commits/:sha/merge_requests' do + let!(:project) { create(:project, :repository, :private) } + let!(:merged_mr) { create(:merge_request, source_project: project, source_branch: 'master', target_branch: 'feature') } + let(:commit) { merged_mr.merge_request_diff.commits.last } + + it 'returns the correct merge request' do + get api("/projects/#{project.id}/repository/commits/#{commit.id}/merge_requests", user) + + expect(response).to have_gitlab_http_status(200) + expect(response).to include_pagination_headers + expect(json_response.length).to eq(1) + expect(json_response[0]['id']).to eq(merged_mr.id) + end + + it 'returns 403 for an unauthorized user' do + project.add_guest(user) + + get api("/projects/#{project.id}/repository/commits/#{commit.id}/merge_requests", user) + + expect(response).to have_gitlab_http_status(403) + end + + it 'responds 404 when the commit does not exist' do + get api("/projects/#{project.id}/repository/commits/a7d26f00c35b/merge_requests", user) + + expect(response).to have_gitlab_http_status(404) + end + end end diff --git a/spec/requests/api/deploy_keys_spec.rb b/spec/requests/api/deploy_keys_spec.rb index 0772b3f2e64..32fc704a79b 100644 --- a/spec/requests/api/deploy_keys_spec.rb +++ b/spec/requests/api/deploy_keys_spec.rb @@ -91,6 +91,10 @@ describe API::DeployKeys do expect do post api("/projects/#{project.id}/deploy_keys", admin), key_attrs end.to change { project.deploy_keys.count }.by(1) + + new_key = project.deploy_keys.last + expect(new_key.key).to eq(key_attrs[:key]) + expect(new_key.user).to eq(admin) end it 'returns an existing ssh key when attempting to add a duplicate' do @@ -167,7 +171,7 @@ describe API::DeployKeys do deploy_key end - it 'deletes existing key' do + it 'removes existing key from project' do expect do delete api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", admin) @@ -175,6 +179,44 @@ describe API::DeployKeys do end.to change { project.deploy_keys.count }.by(-1) end + context 'when the deploy key is public' do + it 'does not delete the deploy key' do + expect do + delete api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", admin) + + expect(response).to have_gitlab_http_status(204) + end.not_to change { DeployKey.count } + end + end + + context 'when the deploy key is not public' do + let!(:deploy_key) { create(:deploy_key, public: false) } + + context 'when the deploy key is only used by this project' do + it 'deletes the deploy key' do + expect do + delete api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", admin) + + expect(response).to have_gitlab_http_status(204) + end.to change { DeployKey.count }.by(-1) + end + end + + context 'when the deploy key is used by other projects' do + before do + create(:deploy_keys_project, project: project2, deploy_key: deploy_key) + end + + it 'does not delete the deploy key' do + expect do + delete api("/projects/#{project.id}/deploy_keys/#{deploy_key.id}", admin) + + expect(response).to have_gitlab_http_status(204) + end.not_to change { DeployKey.count } + end + end + end + it 'returns 404 Not Found with invalid ID' do delete api("/projects/#{project.id}/deploy_keys/404", admin) diff --git a/spec/requests/api/discussions_spec.rb b/spec/requests/api/discussions_spec.rb index 4a44b219a67..ef34192f888 100644 --- a/spec/requests/api/discussions_spec.rb +++ b/spec/requests/api/discussions_spec.rb @@ -2,32 +2,53 @@ require 'spec_helper' describe API::Discussions do let(:user) { create(:user) } - let!(:project) { create(:project, :public, namespace: user.namespace) } + let!(:project) { create(:project, :public, :repository, namespace: user.namespace) } let(:private_user) { create(:user) } before do - project.add_reporter(user) + project.add_developer(user) end - context "when noteable is an Issue" do + context 'when noteable is an Issue' do let!(:issue) { create(:issue, project: project, author: user) } let!(:issue_note) { create(:discussion_note_on_issue, noteable: issue, project: project, author: user) } - it_behaves_like "discussions API", 'projects', 'issues', 'iid' do + it_behaves_like 'discussions API', 'projects', 'issues', 'iid' do let(:parent) { project } let(:noteable) { issue } let(:note) { issue_note } end end - context "when noteable is a Snippet" do + context 'when noteable is a Snippet' do let!(:snippet) { create(:project_snippet, project: project, author: user) } let!(:snippet_note) { create(:discussion_note_on_snippet, noteable: snippet, project: project, author: user) } - it_behaves_like "discussions API", 'projects', 'snippets', 'id' do + it_behaves_like 'discussions API', 'projects', 'snippets', 'id' do let(:parent) { project } let(:noteable) { snippet } let(:note) { snippet_note } end end + + context 'when noteable is a Merge Request' do + let!(:noteable) { create(:merge_request_with_diffs, source_project: project, target_project: project, author: user) } + let!(:note) { create(:discussion_note_on_merge_request, noteable: noteable, project: project, author: user) } + let!(:diff_note) { create(:diff_note_on_merge_request, noteable: noteable, project: project, author: user) } + let(:parent) { project } + + it_behaves_like 'discussions API', 'projects', 'merge_requests', 'iid' + it_behaves_like 'diff discussions API', 'projects', 'merge_requests', 'iid' + it_behaves_like 'resolvable discussions API', 'projects', 'merge_requests', 'iid' + end + + context 'when noteable is a Commit' do + let!(:noteable) { create(:commit, project: project, author: user) } + let!(:note) { create(:discussion_note_on_commit, commit_id: noteable.id, project: project, author: user) } + let!(:diff_note) { create(:diff_note_on_commit, commit_id: noteable.id, project: project, author: user) } + let(:parent) { project } + + it_behaves_like 'discussions API', 'projects', 'repository/commits', 'id' + it_behaves_like 'diff discussions API', 'projects', 'repository/commits', 'id' + end end diff --git a/spec/requests/api/environments_spec.rb b/spec/requests/api/environments_spec.rb index 53d48a91007..fdddca5d0ef 100644 --- a/spec/requests/api/environments_spec.rb +++ b/spec/requests/api/environments_spec.rb @@ -15,7 +15,7 @@ describe API::Environments do it 'returns project environments' do project_data_keys = %w( id description default_branch tag_list - ssh_url_to_repo http_url_to_repo web_url + ssh_url_to_repo http_url_to_repo web_url readme_url name name_with_namespace path path_with_namespace star_count forks_count diff --git a/spec/requests/api/events_spec.rb b/spec/requests/api/events_spec.rb index 962c845f36d..e6a61fdcf39 100644 --- a/spec/requests/api/events_spec.rb +++ b/spec/requests/api/events_spec.rb @@ -176,7 +176,7 @@ describe API::Events do end it 'avoids N+1 queries' do - control_count = ActiveRecord::QueryRecorder.new do + control_count = ActiveRecord::QueryRecorder.new(skip_cached: false) do get api("/projects/#{private_project.id}/events", user), target_type: :merge_request end.count @@ -184,7 +184,7 @@ describe API::Events do expect do get api("/projects/#{private_project.id}/events", user), target_type: :merge_request - end.not_to exceed_query_limit(control_count) + end.not_to exceed_all_query_limit(control_count) expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers diff --git a/spec/requests/api/features_spec.rb b/spec/requests/api/features_spec.rb index 267058d98ee..c5354c2d639 100644 --- a/spec/requests/api/features_spec.rb +++ b/spec/requests/api/features_spec.rb @@ -1,8 +1,8 @@ require 'spec_helper' describe API::Features do - let(:user) { create(:user) } - let(:admin) { create(:admin) } + set(:user) { create(:user) } + set(:admin) { create(:admin) } before do Flipper.unregister_groups @@ -249,4 +249,43 @@ describe API::Features do end end end + + describe 'DELETE /feature/:name' do + let(:feature_name) { 'my_feature' } + + context 'when the user has no access' do + it 'returns a 401 for anonymous users' do + delete api("/features/#{feature_name}") + + expect(response).to have_gitlab_http_status(401) + end + + it 'returns a 403 for users' do + delete api("/features/#{feature_name}", user) + + expect(response).to have_gitlab_http_status(403) + end + end + + context 'when the user has access' do + it 'returns 204 when the value is not set' do + delete api("/features/#{feature_name}", admin) + + expect(response).to have_gitlab_http_status(204) + end + + context 'when the gate value was set' do + before do + Feature.get(feature_name).enable + end + + it 'deletes an enabled feature' do + delete api("/features/#{feature_name}", admin) + + expect(response).to have_gitlab_http_status(204) + expect(Feature.get(feature_name)).not_to be_enabled + end + end + end + end end diff --git a/spec/requests/api/graphql/project_query_spec.rb b/spec/requests/api/graphql/project_query_spec.rb new file mode 100644 index 00000000000..796ffc9d569 --- /dev/null +++ b/spec/requests/api/graphql/project_query_spec.rb @@ -0,0 +1,88 @@ +require 'spec_helper' + +describe 'getting project information' do + include GraphqlHelpers + + let(:project) { create(:project, :repository) } + let(:current_user) { create(:user) } + + let(:query) do + graphql_query_for('project', 'fullPath' => project.full_path) + end + + context 'when the user has access to the project' do + before do + project.add_developer(current_user) + end + + it 'includes the project' do + post_graphql(query, current_user: current_user) + + expect(graphql_data['project']).not_to be_nil + end + + it_behaves_like 'a working graphql query' do + before do + post_graphql(query, current_user: current_user) + end + end + + context 'when requesting a nested merge request' do + let(:merge_request) { create(:merge_request, source_project: project) } + let(:merge_request_graphql_data) { graphql_data['project']['mergeRequest'] } + + let(:query) do + graphql_query_for( + 'project', + { 'fullPath' => project.full_path }, + query_graphql_field('mergeRequest', iid: merge_request.iid) + ) + end + + it_behaves_like 'a working graphql query' do + before do + post_graphql(query, current_user: current_user) + end + end + + it 'contains merge request information' do + post_graphql(query, current_user: current_user) + + expect(merge_request_graphql_data).not_to be_nil + end + + # This is a field coming from the `MergeRequestPresenter` + it 'includes a web_url' do + post_graphql(query, current_user: current_user) + + expect(merge_request_graphql_data['webUrl']).to be_present + end + + context 'when the user does not have access to the merge request' do + let(:project) { create(:project, :public, :repository) } + + it 'returns nil' do + project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE) + + post_graphql(query) + + expect(merge_request_graphql_data).to be_nil + end + end + end + end + + context 'when the user does not have access to the project' do + it 'returns an empty field' do + post_graphql(query, current_user: current_user) + + expect(graphql_data['project']).to be_nil + end + + it_behaves_like 'a working graphql query' do + before do + post_graphql(query, current_user: current_user) + end + end + end +end diff --git a/spec/requests/api/groups_spec.rb b/spec/requests/api/groups_spec.rb index bb0034e3237..da23fdd7dca 100644 --- a/spec/requests/api/groups_spec.rb +++ b/spec/requests/api/groups_spec.rb @@ -138,10 +138,15 @@ describe API::Groups do context "when using sorting" do let(:group3) { create(:group, name: "a#{group1.name}", path: "z#{group1.path}") } + let(:group4) { create(:group, name: "same-name", path: "y#{group1.path}") } + let(:group5) { create(:group, name: "same-name") } let(:response_groups) { json_response.map { |group| group['name'] } } + let(:response_groups_ids) { json_response.map { |group| group['id'] } } before do group3.add_owner(user1) + group4.add_owner(user1) + group5.add_owner(user1) end it "sorts by name ascending by default" do @@ -150,7 +155,7 @@ describe API::Groups do expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers expect(json_response).to be_an Array - expect(response_groups).to eq([group3.name, group1.name]) + expect(response_groups).to eq(Group.visible_to_user(user1).order(:name).pluck(:name)) end it "sorts in descending order when passed" do @@ -159,16 +164,52 @@ describe API::Groups do expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers expect(json_response).to be_an Array - expect(response_groups).to eq([group1.name, group3.name]) + expect(response_groups).to eq(Group.visible_to_user(user1).order(name: :desc).pluck(:name)) end - it "sorts by the order_by param" do + it "sorts by path in order_by param" do get api("/groups", user1), order_by: "path" expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers expect(json_response).to be_an Array - expect(response_groups).to eq([group1.name, group3.name]) + expect(response_groups).to eq(Group.visible_to_user(user1).order(:path).pluck(:name)) + end + + it "sorts by id in the order_by param" do + get api("/groups", user1), order_by: "id" + + expect(response).to have_gitlab_http_status(200) + expect(response).to include_pagination_headers + expect(json_response).to be_an Array + expect(response_groups).to eq(Group.visible_to_user(user1).order(:id).pluck(:name)) + end + + it "sorts also by descending id with pagination fix" do + get api("/groups", user1), order_by: "id", sort: "desc" + + expect(response).to have_gitlab_http_status(200) + expect(response).to include_pagination_headers + expect(json_response).to be_an Array + expect(response_groups).to eq(Group.visible_to_user(user1).order(id: :desc).pluck(:name)) + end + + it "sorts identical keys by id for good pagination" do + get api("/groups", user1), search: "same-name", order_by: "name" + + expect(response).to have_gitlab_http_status(200) + expect(response).to include_pagination_headers + expect(json_response).to be_an Array + expect(response_groups_ids).to eq(Group.select { |group| group['name'] == 'same-name' }.map { |group| group['id'] }.sort) + end + + it "sorts descending identical keys by id for good pagination" do + get api("/groups", user1), search: "same-name", order_by: "name", sort: "desc" + + expect(response).to have_gitlab_http_status(200) + expect(response).to include_pagination_headers + expect(json_response).to be_an Array + expect(response_groups_ids).to eq(Group.select { |group| group['name'] == 'same-name' }.map { |group| group['id'] }.sort) end end @@ -738,13 +779,16 @@ describe API::Groups do describe "DELETE /groups/:id" do context "when authenticated as user" do it "removes group" do - delete api("/groups/#{group1.id}", user1) + Sidekiq::Testing.fake! do + expect { delete api("/groups/#{group1.id}", user1) }.to change(GroupDestroyWorker.jobs, :size).by(1) + end - expect(response).to have_gitlab_http_status(204) + expect(response).to have_gitlab_http_status(202) end it_behaves_like '412 response' do let(:request) { api("/groups/#{group1.id}", user1) } + let(:success_status) { 202 } end it "does not remove a group if not an owner" do @@ -773,7 +817,7 @@ describe API::Groups do it "removes any existing group" do delete api("/groups/#{group2.id}", admin) - expect(response).to have_gitlab_http_status(204) + expect(response).to have_gitlab_http_status(202) end it "does not remove a non existing group" do diff --git a/spec/requests/api/helpers_spec.rb b/spec/requests/api/helpers_spec.rb index 837389451e8..d8a51f36dba 100644 --- a/spec/requests/api/helpers_spec.rb +++ b/spec/requests/api/helpers_spec.rb @@ -6,6 +6,7 @@ describe API::Helpers do include API::APIGuard::HelperMethods include described_class include SentryHelper + include TermsHelper let(:user) { create(:user) } let(:admin) { create(:admin) } @@ -163,6 +164,23 @@ describe API::Helpers do expect { current_user }.to raise_error /403/ end + context 'when terms are enforced' do + before do + enforce_terms + env[Gitlab::Auth::UserAuthFinders::PRIVATE_TOKEN_HEADER] = personal_access_token.token + end + + it 'returns a 403 when a user has not accepted the terms' do + expect { current_user }.to raise_error /must accept the Terms of Service/ + end + + it 'sets the current user when the user accepted the terms' do + accept_terms(user) + + expect(current_user).to eq(user) + end + end + it "sets current_user" do env[Gitlab::Auth::UserAuthFinders::PRIVATE_TOKEN_HEADER] = personal_access_token.token expect(current_user).to eq(user) diff --git a/spec/requests/api/internal_spec.rb b/spec/requests/api/internal_spec.rb index 3cb90a1b8ef..a56b913198c 100644 --- a/spec/requests/api/internal_spec.rb +++ b/spec/requests/api/internal_spec.rb @@ -1,9 +1,9 @@ require 'spec_helper' describe API::Internal do - let(:user) { create(:user) } + set(:user) { create(:user) } let(:key) { create(:key, user: user) } - let(:project) { create(:project, :repository, :wiki_repo) } + set(:project) { create(:project, :repository, :wiki_repo) } let(:secret_token) { Gitlab::Shell.secret_token } let(:gl_repository) { "project-#{project.id}" } let(:reference_counter) { double('ReferenceCounter') } @@ -251,44 +251,23 @@ describe API::Internal do end context 'with env passed as a JSON' do - context 'when relative path envs are not set' do - it 'sets env in RequestStore' do - expect(Gitlab::Git::Env).to receive(:set).with({ - 'GIT_OBJECT_DIRECTORY' => 'foo', - 'GIT_ALTERNATE_OBJECT_DIRECTORIES' => 'bar' - }) - - push(key, project.wiki, env: { - GIT_OBJECT_DIRECTORY: 'foo', - GIT_ALTERNATE_OBJECT_DIRECTORIES: 'bar' - }.to_json) + let(:gl_repository) { project.gl_repository(is_wiki: true) } - expect(response).to have_gitlab_http_status(200) - end - end + it 'sets env in RequestStore' do + obj_dir_relative = './objects' + alt_obj_dirs_relative = ['./alt-objects-1', './alt-objects-2'] - context 'when relative path envs are set' do - it 'sets env in RequestStore' do - obj_dir_relative = './objects' - alt_obj_dirs_relative = ['./alt-objects-1', './alt-objects-2'] - repo_path = project.wiki.repository.path_to_repo - - expect(Gitlab::Git::Env).to receive(:set).with({ - 'GIT_OBJECT_DIRECTORY' => File.join(repo_path, obj_dir_relative), - 'GIT_ALTERNATE_OBJECT_DIRECTORIES' => alt_obj_dirs_relative.map { |d| File.join(repo_path, d) }, - 'GIT_OBJECT_DIRECTORY_RELATIVE' => obj_dir_relative, - 'GIT_ALTERNATE_OBJECT_DIRECTORIES_RELATIVE' => alt_obj_dirs_relative - }) - - push(key, project.wiki, env: { - GIT_OBJECT_DIRECTORY: 'foo', - GIT_ALTERNATE_OBJECT_DIRECTORIES: 'bar', - GIT_OBJECT_DIRECTORY_RELATIVE: obj_dir_relative, - GIT_ALTERNATE_OBJECT_DIRECTORIES_RELATIVE: alt_obj_dirs_relative - }.to_json) + expect(Gitlab::Git::HookEnv).to receive(:set).with(gl_repository, { + 'GIT_OBJECT_DIRECTORY_RELATIVE' => obj_dir_relative, + 'GIT_ALTERNATE_OBJECT_DIRECTORIES_RELATIVE' => alt_obj_dirs_relative + }) - expect(response).to have_gitlab_http_status(200) - end + push(key, project.wiki, env: { + GIT_OBJECT_DIRECTORY_RELATIVE: obj_dir_relative, + GIT_ALTERNATE_OBJECT_DIRECTORIES_RELATIVE: alt_obj_dirs_relative + }.to_json) + + expect(response).to have_gitlab_http_status(200) end end @@ -298,7 +277,7 @@ describe API::Internal do expect(response).to have_gitlab_http_status(200) expect(json_response["status"]).to be_truthy - expect(json_response["repository_path"]).to eq(project.wiki.repository.path_to_repo) + expect(json_response["repository_path"]).to eq('/') expect(json_response["gl_repository"]).to eq("wiki-#{project.id}") expect(user).not_to have_an_activity_record end @@ -310,7 +289,7 @@ describe API::Internal do expect(response).to have_gitlab_http_status(200) expect(json_response["status"]).to be_truthy - expect(json_response["repository_path"]).to eq(project.wiki.repository.path_to_repo) + expect(json_response["repository_path"]).to eq('/') expect(json_response["gl_repository"]).to eq("wiki-#{project.id}") expect(user).to have_an_activity_record end @@ -322,7 +301,7 @@ describe API::Internal do expect(response).to have_gitlab_http_status(200) expect(json_response["status"]).to be_truthy - expect(json_response["repository_path"]).to eq(project.repository.path_to_repo) + expect(json_response["repository_path"]).to eq('/') expect(json_response["gl_repository"]).to eq("project-#{project.id}") expect(json_response["gitaly"]).not_to be_nil expect(json_response["gitaly"]["repository"]).not_to be_nil @@ -341,7 +320,7 @@ describe API::Internal do expect(response).to have_gitlab_http_status(200) expect(json_response["status"]).to be_truthy - expect(json_response["repository_path"]).to eq(project.repository.path_to_repo) + expect(json_response["repository_path"]).to eq('/') expect(json_response["gl_repository"]).to eq("project-#{project.id}") expect(json_response["gitaly"]).not_to be_nil expect(json_response["gitaly"]["repository"]).not_to be_nil @@ -543,7 +522,6 @@ describe API::Internal do context 'the project path was changed' do let(:project) { create(:project, :repository, :legacy_storage) } - let!(:old_path_to_repo) { project.repository.path_to_repo } let!(:repository) { project.repository } before do @@ -856,8 +834,7 @@ describe API::Internal do end def push(key, project, protocol = 'ssh', env: nil) - post( - api("/internal/allowed"), + params = { changes: 'd14d6c0abdd253381df51a723d58691b2ee1ab08 570e7b2abdd848b95f2f578043fc23bd6f6fd24d refs/heads/master', key_id: key.id, project: project.full_path, @@ -866,7 +843,19 @@ describe API::Internal do secret_token: secret_token, protocol: protocol, env: env - ) + } + + if Gitlab.rails5? + post( + api("/internal/allowed"), + params: params + ) + else + post( + api("/internal/allowed"), + params + ) + end end def archive(key, project) diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb index 6614e8cea43..a15d60aafe0 100644 --- a/spec/requests/api/issues_spec.rb +++ b/spec/requests/api/issues_spec.rb @@ -64,12 +64,32 @@ describe API::Issues do describe "GET /issues" do context "when unauthenticated" do - it "returns authentication error" do + it "returns an array of all issues" do + get api("/issues"), scope: 'all' + + expect(response).to have_http_status(200) + expect(json_response).to be_an Array + end + + it "returns authentication error without any scope" do get api("/issues") - expect(response).to have_gitlab_http_status(401) + expect(response).to have_http_status(401) + end + + it "returns authentication error when scope is assigned-to-me" do + get api("/issues"), scope: 'assigned-to-me' + + expect(response).to have_http_status(401) + end + + it "returns authentication error when scope is created-by-me" do + get api("/issues"), scope: 'created-by-me' + + expect(response).to have_http_status(401) end end + context "when authenticated" do let(:first_issue) { json_response.first } @@ -106,6 +126,15 @@ describe API::Issues do it 'returns issues assigned to me' do issue2 = create(:issue, assignees: [user2], project: project) + get api('/issues', user2), scope: 'assigned_to_me' + + expect_paginated_array_response(size: 1) + expect(first_issue['id']).to eq(issue2.id) + end + + it 'returns issues assigned to me (kebab-case)' do + issue2 = create(:issue, assignees: [user2], project: project) + get api('/issues', user2), scope: 'assigned-to-me' expect_paginated_array_response(size: 1) @@ -379,193 +408,239 @@ describe API::Issues do end let!(:group_note) { create(:note_on_issue, author: user, project: group_project, noteable: group_issue) } - before do - group_project.add_reporter(user) - end let(:base_url) { "/groups/#{group.id}/issues" } - it 'returns all group issues (including opened and closed)' do - get api(base_url, admin) + context 'when group has subgroups', :nested_groups do + let(:subgroup_1) { create(:group, parent: group) } + let(:subgroup_2) { create(:group, parent: subgroup_1) } - expect_paginated_array_response(size: 3) - end + let(:subgroup_1_project) { create(:project, namespace: subgroup_1) } + let(:subgroup_2_project) { create(:project, namespace: subgroup_2) } - it 'returns group issues without confidential issues for non project members' do - get api("#{base_url}?state=opened", non_member) + let!(:issue_1) { create(:issue, project: subgroup_1_project) } + let!(:issue_2) { create(:issue, project: subgroup_2_project) } - expect_paginated_array_response(size: 1) - expect(json_response.first['title']).to eq(group_issue.title) - end + before do + group.add_developer(user) + end - it 'returns group confidential issues for author' do - get api("#{base_url}?state=opened", author) + it 'also returns subgroups projects issues' do + get api(base_url, user) - expect_paginated_array_response(size: 2) + issue_ids = json_response.map { |issue| issue['id'] } + + expect_paginated_array_response(size: 5) + expect(issue_ids).to include(issue_1.id, issue_2.id) + end end - it 'returns group confidential issues for assignee' do - get api("#{base_url}?state=opened", assignee) + context 'when user is unauthenticated' do + it 'lists all issues in public projects' do + get api(base_url) - expect_paginated_array_response(size: 2) + expect_paginated_array_response(size: 2) + end end - it 'returns group issues with confidential issues for project members' do - get api("#{base_url}?state=opened", user) + context 'when user is a group member' do + before do + group_project.add_reporter(user) + end - expect_paginated_array_response(size: 2) - end + it 'returns all group issues (including opened and closed)' do + get api(base_url, admin) - it 'returns group confidential issues for admin' do - get api("#{base_url}?state=opened", admin) + expect_paginated_array_response(size: 3) + end - expect_paginated_array_response(size: 2) - end + it 'returns group issues without confidential issues for non project members' do + get api("#{base_url}?state=opened", non_member) - it 'returns an array of labeled group issues' do - get api("#{base_url}?labels=#{group_label.title}", user) + expect_paginated_array_response(size: 1) + expect(json_response.first['title']).to eq(group_issue.title) + end - expect_paginated_array_response(size: 1) - expect(json_response.first['labels']).to eq([group_label.title]) - end + it 'returns group confidential issues for author' do + get api("#{base_url}?state=opened", author) - it 'returns an array of labeled group issues where all labels match' do - get api("#{base_url}?labels=#{group_label.title},foo,bar", user) + expect_paginated_array_response(size: 2) + end - expect_paginated_array_response(size: 0) - end + it 'returns group confidential issues for assignee' do + get api("#{base_url}?state=opened", assignee) - it 'returns issues matching given search string for title' do - get api("#{base_url}?search=#{group_issue.title}", user) + expect_paginated_array_response(size: 2) + end - expect_paginated_array_response(size: 1) - expect(json_response.first['id']).to eq(group_issue.id) - end + it 'returns group issues with confidential issues for project members' do + get api("#{base_url}?state=opened", user) - it 'returns issues matching given search string for description' do - get api("#{base_url}?search=#{group_issue.description}", user) + expect_paginated_array_response(size: 2) + end - expect_paginated_array_response(size: 1) - expect(json_response.first['id']).to eq(group_issue.id) - end + it 'returns group confidential issues for admin' do + get api("#{base_url}?state=opened", admin) - it 'returns an array of labeled issues when all labels matches' do - label_b = create(:label, title: 'foo', project: group_project) - label_c = create(:label, title: 'bar', project: group_project) + expect_paginated_array_response(size: 2) + end - create(:label_link, label: label_b, target: group_issue) - create(:label_link, label: label_c, target: group_issue) + it 'returns an array of labeled group issues' do + get api("#{base_url}?labels=#{group_label.title}", user) - get api("#{base_url}", user), labels: "#{group_label.title},#{label_b.title},#{label_c.title}" + expect_paginated_array_response(size: 1) + expect(json_response.first['labels']).to eq([group_label.title]) + end - expect_paginated_array_response(size: 1) - expect(json_response.first['labels']).to eq([label_c.title, label_b.title, group_label.title]) - end + it 'returns an array of labeled group issues where all labels match' do + get api("#{base_url}?labels=#{group_label.title},foo,bar", user) - it 'returns an array of issues found by iids' do - get api(base_url, user), iids: [group_issue.iid] + expect_paginated_array_response(size: 0) + end - expect_paginated_array_response(size: 1) - expect(json_response.first['id']).to eq(group_issue.id) - end + it 'returns issues matching given search string for title' do + get api("#{base_url}?search=#{group_issue.title}", user) - it 'returns an empty array if iid does not exist' do - get api(base_url, user), iids: [99999] + expect_paginated_array_response(size: 1) + expect(json_response.first['id']).to eq(group_issue.id) + end - expect_paginated_array_response(size: 0) - end + it 'returns issues matching given search string for description' do + get api("#{base_url}?search=#{group_issue.description}", user) - it 'returns an empty array if no group issue matches labels' do - get api("#{base_url}?labels=foo,bar", user) + expect_paginated_array_response(size: 1) + expect(json_response.first['id']).to eq(group_issue.id) + end - expect_paginated_array_response(size: 0) - end + it 'returns an array of labeled issues when all labels matches' do + label_b = create(:label, title: 'foo', project: group_project) + label_c = create(:label, title: 'bar', project: group_project) - it 'returns an empty array if no issue matches milestone' do - get api("#{base_url}?milestone=#{group_empty_milestone.title}", user) + create(:label_link, label: label_b, target: group_issue) + create(:label_link, label: label_c, target: group_issue) - expect_paginated_array_response(size: 0) - end + get api("#{base_url}", user), labels: "#{group_label.title},#{label_b.title},#{label_c.title}" - it 'returns an empty array if milestone does not exist' do - get api("#{base_url}?milestone=foo", user) + expect_paginated_array_response(size: 1) + expect(json_response.first['labels']).to eq([label_c.title, label_b.title, group_label.title]) + end - expect_paginated_array_response(size: 0) - end + it 'returns an array of issues found by iids' do + get api(base_url, user), iids: [group_issue.iid] - it 'returns an array of issues in given milestone' do - get api("#{base_url}?state=opened&milestone=#{group_milestone.title}", user) + expect_paginated_array_response(size: 1) + expect(json_response.first['id']).to eq(group_issue.id) + end - expect_paginated_array_response(size: 1) - expect(json_response.first['id']).to eq(group_issue.id) - end + it 'returns an empty array if iid does not exist' do + get api(base_url, user), iids: [99999] - it 'returns an array of issues matching state in milestone' do - get api("#{base_url}?milestone=#{group_milestone.title}"\ - '&state=closed', user) + expect_paginated_array_response(size: 0) + end - expect_paginated_array_response(size: 1) - expect(json_response.first['id']).to eq(group_closed_issue.id) - end + it 'returns an empty array if no group issue matches labels' do + get api("#{base_url}?labels=foo,bar", user) - it 'returns an array of issues with no milestone' do - get api("#{base_url}?milestone=#{no_milestone_title}", user) + expect_paginated_array_response(size: 0) + end - expect(response).to have_gitlab_http_status(200) + it 'returns an empty array if no issue matches milestone' do + get api("#{base_url}?milestone=#{group_empty_milestone.title}", user) - expect_paginated_array_response(size: 1) - expect(json_response.first['id']).to eq(group_confidential_issue.id) - end + expect_paginated_array_response(size: 0) + end - it 'sorts by created_at descending by default' do - get api(base_url, user) + it 'returns an empty array if milestone does not exist' do + get api("#{base_url}?milestone=foo", user) - response_dates = json_response.map { |issue| issue['created_at'] } + expect_paginated_array_response(size: 0) + end - expect_paginated_array_response(size: 3) - expect(response_dates).to eq(response_dates.sort.reverse) - end + it 'returns an array of issues in given milestone' do + get api("#{base_url}?state=opened&milestone=#{group_milestone.title}", user) - it 'sorts ascending when requested' do - get api("#{base_url}?sort=asc", user) + expect_paginated_array_response(size: 1) + expect(json_response.first['id']).to eq(group_issue.id) + end - response_dates = json_response.map { |issue| issue['created_at'] } + it 'returns an array of issues matching state in milestone' do + get api("#{base_url}?milestone=#{group_milestone.title}"\ + '&state=closed', user) - expect_paginated_array_response(size: 3) - expect(response_dates).to eq(response_dates.sort) - end + expect_paginated_array_response(size: 1) + expect(json_response.first['id']).to eq(group_closed_issue.id) + end - it 'sorts by updated_at descending when requested' do - get api("#{base_url}?order_by=updated_at", user) + it 'returns an array of issues with no milestone' do + get api("#{base_url}?milestone=#{no_milestone_title}", user) - response_dates = json_response.map { |issue| issue['updated_at'] } + expect(response).to have_gitlab_http_status(200) - expect_paginated_array_response(size: 3) - expect(response_dates).to eq(response_dates.sort.reverse) - end + expect_paginated_array_response(size: 1) + expect(json_response.first['id']).to eq(group_confidential_issue.id) + end - it 'sorts by updated_at ascending when requested' do - get api("#{base_url}?order_by=updated_at&sort=asc", user) + it 'sorts by created_at descending by default' do + get api(base_url, user) - response_dates = json_response.map { |issue| issue['updated_at'] } + response_dates = json_response.map { |issue| issue['created_at'] } - expect_paginated_array_response(size: 3) - expect(response_dates).to eq(response_dates.sort) + expect_paginated_array_response(size: 3) + expect(response_dates).to eq(response_dates.sort.reverse) + end + + it 'sorts ascending when requested' do + get api("#{base_url}?sort=asc", user) + + response_dates = json_response.map { |issue| issue['created_at'] } + + expect_paginated_array_response(size: 3) + expect(response_dates).to eq(response_dates.sort) + end + + it 'sorts by updated_at descending when requested' do + get api("#{base_url}?order_by=updated_at", user) + + response_dates = json_response.map { |issue| issue['updated_at'] } + + expect_paginated_array_response(size: 3) + expect(response_dates).to eq(response_dates.sort.reverse) + end + + it 'sorts by updated_at ascending when requested' do + get api("#{base_url}?order_by=updated_at&sort=asc", user) + + response_dates = json_response.map { |issue| issue['updated_at'] } + + expect_paginated_array_response(size: 3) + expect(response_dates).to eq(response_dates.sort) + end end end describe "GET /projects/:id/issues" do let(:base_url) { "/projects/#{project.id}" } + context 'when unauthenticated' do + it 'returns public project issues' do + get api("/projects/#{project.id}/issues") + + expect_paginated_array_response(size: 2) + expect(json_response.first['title']).to eq(issue.title) + end + end + it 'avoids N+1 queries' do - control_count = ActiveRecord::QueryRecorder.new do + get api("/projects/#{project.id}/issues", user) + + control_count = ActiveRecord::QueryRecorder.new(skip_cached: false) do get api("/projects/#{project.id}/issues", user) end.count - create(:issue, author: user, project: project) + create_list(:issue, 3, project: project) expect do get api("/projects/#{project.id}/issues", user) - end.not_to exceed_query_limit(control_count) + end.not_to exceed_all_query_limit(control_count) end it 'returns 404 when project does not exist' do @@ -765,6 +840,14 @@ describe API::Issues do end describe "GET /projects/:id/issues/:issue_iid" do + context 'when unauthenticated' do + it 'returns public issues' do + get api("/projects/#{project.id}/issues/#{issue.iid}") + + expect(response).to have_gitlab_http_status(200) + end + end + it 'exposes known attributes' do get api("/projects/#{project.id}/issues/#{issue.iid}", user) @@ -1270,19 +1353,25 @@ describe API::Issues do expect(json_response['labels']).to eq([label.title]) end - it 'removes all labels' do - put api("/projects/#{project.id}/issues/#{issue.iid}", user), labels: '' + it 'removes all labels and touches the record' do + Timecop.travel(1.minute.from_now) do + put api("/projects/#{project.id}/issues/#{issue.iid}", user), labels: '' + end expect(response).to have_gitlab_http_status(200) expect(json_response['labels']).to eq([]) + expect(json_response['updated_at']).to be > Time.now end - it 'updates labels' do - put api("/projects/#{project.id}/issues/#{issue.iid}", user), + it 'updates labels and touches the record' do + Timecop.travel(1.minute.from_now) do + put api("/projects/#{project.id}/issues/#{issue.iid}", user), labels: 'foo,bar' + end expect(response).to have_gitlab_http_status(200) expect(json_response['labels']).to include 'foo' expect(json_response['labels']).to include 'bar' + expect(json_response['updated_at']).to be > Time.now end it 'allows special label names' do @@ -1557,6 +1646,14 @@ describe API::Issues do create(:merge_requests_closing_issues, issue: issue, merge_request: merge_request) end + context 'when unauthenticated' do + it 'return public project issues' do + get api("/projects/#{project.id}/issues/#{issue.iid}/closed_by") + + expect_paginated_array_response(size: 1) + end + end + it 'returns merge requests that will close issue on merge' do get api("/projects/#{project.id}/issues/#{issue.iid}/closed_by", user) @@ -1581,6 +1678,14 @@ describe API::Issues do describe "GET /projects/:id/issues/:issue_iid/user_agent_detail" do let!(:user_agent_detail) { create(:user_agent_detail, subject: issue) } + context 'when unauthenticated' do + it "returns unautorized" do + get api("/projects/#{project.id}/issues/#{issue.iid}/user_agent_detail") + + expect(response).to have_gitlab_http_status(401) + end + end + it 'exposes known attributes' do get api("/projects/#{project.id}/issues/#{issue.iid}/user_agent_detail", admin) diff --git a/spec/requests/api/jobs_spec.rb b/spec/requests/api/jobs_spec.rb index 6192bbd4abb..50d6f4b4d99 100644 --- a/spec/requests/api/jobs_spec.rb +++ b/spec/requests/api/jobs_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe API::Jobs do + include HttpIOHelpers + set(:project) do create(:project, :repository, public_builds: false) end @@ -11,7 +13,10 @@ describe API::Jobs do ref: project.default_branch) end - let!(:job) { create(:ci_build, :success, pipeline: pipeline) } + let!(:job) do + create(:ci_build, :success, pipeline: pipeline, + artifacts_expire_at: 1.day.since) + end let(:user) { create(:user) } let(:api_user) { user } @@ -41,6 +46,7 @@ describe API::Jobs do it 'returns correct values' do expect(json_response).not_to be_empty expect(json_response.first['commit']['id']).to eq project.commit.id + expect(Time.parse(json_response.first['artifacts_expire_at'])).to be_like_time(job.artifacts_expire_at) end it 'returns pipeline data' do @@ -112,6 +118,7 @@ describe API::Jobs do let(:query) { Hash.new } before do + job get api("/projects/#{project.id}/pipelines/#{pipeline.id}/jobs", api_user), query end @@ -125,6 +132,7 @@ describe API::Jobs do it 'returns correct values' do expect(json_response).not_to be_empty expect(json_response.first['commit']['id']).to eq project.commit.id + expect(Time.parse(json_response.first['artifacts_expire_at'])).to be_like_time(job.artifacts_expire_at) end it 'returns pipeline data' do @@ -169,6 +177,18 @@ describe API::Jobs do json_response.each { |job| expect(job['pipeline']['id']).to eq(pipeline.id) } end end + + it 'avoids N+1 queries' do + control_count = ActiveRecord::QueryRecorder.new(skip_cached: false) do + get api("/projects/#{project.id}/pipelines/#{pipeline.id}/jobs", api_user), query + end.count + + 3.times { create(:ci_build, :artifacts, pipeline: pipeline) } + + expect do + get api("/projects/#{project.id}/pipelines/#{pipeline.id}/jobs", api_user), query + end.not_to exceed_all_query_limit(control_count) + end end context 'unauthorized user' do @@ -198,6 +218,7 @@ describe API::Jobs do expect(Time.parse(json_response['created_at'])).to be_like_time(job.created_at) expect(Time.parse(json_response['started_at'])).to be_like_time(job.started_at) expect(Time.parse(json_response['finished_at'])).to be_like_time(job.finished_at) + expect(Time.parse(json_response['artifacts_expire_at'])).to be_like_time(job.artifacts_expire_at) expect(json_response['duration']).to eq(job.duration) end @@ -278,7 +299,7 @@ describe API::Jobs do get_artifact_file(artifact) expect(response).to have_gitlab_http_status(200) - expect(response.headers) + expect(response.headers.to_h) .to include('Content-Type' => 'application/json', 'Gitlab-Workhorse-Send-Data' => /artifacts-entry/) end @@ -308,7 +329,7 @@ describe API::Jobs do it 'returns specific job artifacts' do expect(response).to have_gitlab_http_status(200) - expect(response.headers).to include(download_headers) + expect(response.headers.to_h).to include(download_headers) expect(response.body).to match_file(job.artifacts_file.file.file) end end @@ -335,10 +356,55 @@ describe API::Jobs do end end + context 'when artifacts are stored remotely' do + let(:proxy_download) { false } + + before do + stub_artifacts_object_storage(proxy_download: proxy_download) + end + + let(:job) { create(:ci_build, pipeline: pipeline) } + let!(:artifact) { create(:ci_job_artifact, :archive, :remote_store, job: job) } + + before do + job.reload + + get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) + end + + context 'when proxy download is enabled' do + let(:proxy_download) { true } + + it 'responds with the workhorse send-url' do + expect(response.headers[Gitlab::Workhorse::SEND_DATA_HEADER]).to start_with("send-url:") + end + end + + context 'when proxy download is disabled' do + it 'returns location redirect' do + expect(response).to have_gitlab_http_status(302) + end + end + + context 'authorized user' do + it 'returns the file remote URL' do + expect(response).to redirect_to(artifact.file.url) + end + end + + context 'unauthorized user' do + let(:api_user) { nil } + + it 'does not return specific job artifacts' do + expect(response).to have_gitlab_http_status(404) + end + end + end + it 'does not return job artifacts if not uploaded' do get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) - expect(response).to have_gitlab_http_status(404) + expect(response).to have_gitlab_http_status(:not_found) end end end @@ -349,6 +415,7 @@ describe API::Jobs do let(:job) { create(:ci_build, :artifacts, pipeline: pipeline, user: api_user) } before do + stub_artifacts_object_storage job.success end @@ -412,8 +479,23 @@ describe API::Jobs do "attachment; filename=#{job.artifacts_file.filename}" } end - it { expect(response).to have_gitlab_http_status(200) } - it { expect(response.headers).to include(download_headers) } + it { expect(response).to have_http_status(:ok) } + it { expect(response.headers.to_h).to include(download_headers) } + end + + context 'when artifacts are stored remotely' do + let(:job) { create(:ci_build, pipeline: pipeline, user: api_user) } + let!(:artifact) { create(:ci_job_artifact, :archive, :remote_store, job: job) } + + before do + job.reload + + get api("/projects/#{project.id}/jobs/#{job.id}/artifacts", api_user) + end + + it 'returns location redirect' do + expect(response).to have_http_status(:found) + end end end @@ -451,6 +533,22 @@ describe API::Jobs do end context 'authorized user' do + context 'when trace is in ObjectStorage' do + let!(:job) { create(:ci_build, :trace_artifact, pipeline: pipeline) } + + before do + stub_remote_trace_206 + allow_any_instance_of(JobArtifactUploader).to receive(:file_storage?) { false } + allow_any_instance_of(JobArtifactUploader).to receive(:url) { remote_trace_url } + allow_any_instance_of(JobArtifactUploader).to receive(:size) { remote_trace_size } + end + + it 'returns specific job trace' do + expect(response).to have_gitlab_http_status(200) + expect(response.body).to eq(job.trace.raw) + end + end + context 'when trace is artifact' do let(:job) { create(:ci_build, :trace_artifact, pipeline: pipeline) } diff --git a/spec/requests/api/markdown_spec.rb b/spec/requests/api/markdown_spec.rb new file mode 100644 index 00000000000..a55796cf343 --- /dev/null +++ b/spec/requests/api/markdown_spec.rb @@ -0,0 +1,112 @@ +require "spec_helper" + +describe API::Markdown do + RSpec::Matchers.define_negated_matcher :exclude, :include + + describe "POST /markdown" do + let(:user) {} # No-op. It gets overwritten in the contexts below. + + before do + post api("/markdown", user), params + end + + shared_examples "rendered markdown text without GFM" do + it "renders markdown text" do + expect(response).to have_http_status(201) + expect(response.headers["Content-Type"]).to eq("application/json") + expect(json_response).to be_a(Hash) + expect(json_response["html"]).to eq("<p>#{text}</p>") + end + end + + shared_examples "404 Project Not Found" do + it "responses with 404 Not Found" do + expect(response).to have_http_status(404) + expect(response.headers["Content-Type"]).to eq("application/json") + expect(json_response).to be_a(Hash) + expect(json_response["message"]).to eq("404 Project Not Found") + end + end + + context "when arguments are invalid" do + context "when text is missing" do + let(:params) { {} } + + it "responses with 400 Bad Request" do + expect(response).to have_http_status(400) + expect(response.headers["Content-Type"]).to eq("application/json") + expect(json_response).to be_a(Hash) + expect(json_response["error"]).to eq("text is missing") + end + end + + context "when project is not found" do + let(:params) { { text: "Hello world!", gfm: true, project: "Dummy project" } } + + it_behaves_like "404 Project Not Found" + end + end + + context "when arguments are valid" do + set(:project) { create(:project) } + set(:issue) { create(:issue, project: project) } + let(:text) { ":tada: Hello world! :100: #{issue.to_reference}" } + + context "when not using gfm" do + context "without project" do + let(:params) { { text: text } } + + it_behaves_like "rendered markdown text without GFM" + end + + context "with project" do + let(:params) { { text: text, project: project.full_path } } + + context "when not authorized" do + it_behaves_like "404 Project Not Found" + end + + context "when authorized" do + let(:user) { project.owner } + + it_behaves_like "rendered markdown text without GFM" + end + end + end + + context "when using gfm" do + context "without project" do + let(:params) { { text: text, gfm: true } } + + it "renders markdown text" do + expect(response).to have_http_status(201) + expect(response.headers["Content-Type"]).to eq("application/json") + expect(json_response).to be_a(Hash) + expect(json_response["html"]).to include("Hello world!") + .and include('data-name="tada"') + .and include('data-name="100"') + .and include("#1") + .and exclude("<a href=\"#{IssuesHelper.url_for_issue(issue.iid, project)}\"") + .and exclude("#1</a>") + end + end + + context "with project" do + let(:params) { { text: text, gfm: true, project: project.full_path } } + let(:user) { project.owner } + + it "renders markdown text" do + expect(response).to have_http_status(201) + expect(response.headers["Content-Type"]).to eq("application/json") + expect(json_response).to be_a(Hash) + expect(json_response["html"]).to include("Hello world!") + .and include('data-name="tada"') + .and include('data-name="100"') + .and include("<a href=\"#{IssuesHelper.url_for_issue(issue.iid, project)}\"") + .and include("#1</a>") + end + end + end + end + end +end diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb index 3764aec0c71..d4ebfc3f782 100644 --- a/spec/requests/api/merge_requests_spec.rb +++ b/spec/requests/api/merge_requests_spec.rb @@ -29,13 +29,24 @@ describe API::MergeRequests do project.add_reporter(user) end + describe 'route shadowing' do + include GrapePathHelpers::NamedRouteMatcher + + it 'does not occur' do + path = api_v4_projects_merge_requests_path(id: 1) + expect(path).to eq('/api/v4/projects/1/merge_requests') + + path = api_v4_projects_merge_requests_path(id: 1, merge_request_iid: 3) + expect(path).to eq('/api/v4/projects/1/merge_requests/3') + end + end + describe 'GET /merge_requests' do context 'when unauthenticated' do it 'returns an array of all merge requests' do get api('/merge_requests', user), scope: 'all' - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array + expect_paginated_array_response end it "returns authentication error without any scope" do @@ -50,6 +61,12 @@ describe API::MergeRequests do expect(response).to have_gitlab_http_status(401) end + it "returns authentication error when scope is assigned_to_me" do + get api("/merge_requests"), scope: 'assigned_to_me' + + expect(response).to have_gitlab_http_status(401) + end + it "returns authentication error when scope is created-by-me" do get api("/merge_requests"), scope: 'created-by-me' @@ -62,27 +79,14 @@ describe API::MergeRequests do let!(:merge_request2) { create(:merge_request, :simple, author: user, assignee: user, source_project: project2, target_project: project2) } let(:user2) { create(:user) } - it 'returns an array of all merge requests' do - get api('/merge_requests', user), scope: :all - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.map { |mr| mr['id'] }) - .to contain_exactly(merge_request.id, merge_request_closed.id, merge_request_merged.id, merge_request2.id) - end - - it 'does not return unauthorized merge requests' do + it 'returns an array of all merge requests except unauthorized ones' do private_project = create(:project, :private) merge_request3 = create(:merge_request, :simple, source_project: private_project, target_project: private_project, source_branch: 'other-branch') get api('/merge_requests', user), scope: :all - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.map { |mr| mr['id'] }) - .not_to include(merge_request3.id) + expect_response_contain_exactly(merge_request2, merge_request_merged, merge_request_closed, merge_request) + expect(json_response.map { |mr| mr['id'] }).not_to include(merge_request3.id) end it 'returns an array of merge requests created by current user if no scope is given' do @@ -90,10 +94,7 @@ describe API::MergeRequests do get api('/merge_requests', user2) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(merge_request3.id) + expect_response_ordered_exactly(merge_request3) end it 'returns an array of merge requests authored by the given user' do @@ -101,10 +102,7 @@ describe API::MergeRequests do get api('/merge_requests', user), author_id: user2.id, scope: :all - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(merge_request3.id) + expect_response_ordered_exactly(merge_request3) end it 'returns an array of merge requests assigned to the given user' do @@ -112,32 +110,39 @@ describe API::MergeRequests do get api('/merge_requests', user), assignee_id: user2.id, scope: :all - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(merge_request3.id) + expect_response_ordered_exactly(merge_request3) end it 'returns an array of merge requests assigned to me' do merge_request3 = create(:merge_request, :simple, author: user, assignee: user2, source_project: project2, target_project: project2, source_branch: 'other-branch') + get api('/merge_requests', user2), scope: 'assigned_to_me' + + expect_response_ordered_exactly(merge_request3) + end + + it 'returns an array of merge requests assigned to me (kebab-case)' do + merge_request3 = create(:merge_request, :simple, author: user, assignee: user2, source_project: project2, target_project: project2, source_branch: 'other-branch') + get api('/merge_requests', user2), scope: 'assigned-to-me' - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(merge_request3.id) + expect_response_ordered_exactly(merge_request3) end it 'returns an array of merge requests created by me' do merge_request3 = create(:merge_request, :simple, author: user2, assignee: user, source_project: project2, target_project: project2, source_branch: 'other-branch') + get api('/merge_requests', user2), scope: 'created_by_me' + + expect_response_ordered_exactly(merge_request3) + end + + it 'returns an array of merge requests created by me (kebab-case)' do + merge_request3 = create(:merge_request, :simple, author: user2, assignee: user, source_project: project2, target_project: project2, source_branch: 'other-branch') + get api('/merge_requests', user2), scope: 'created-by-me' - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(merge_request3.id) + expect_response_ordered_exactly(merge_request3) end it 'returns merge requests reacted by the authenticated user by the given emoji' do @@ -146,19 +151,14 @@ describe API::MergeRequests do get api('/merge_requests', user2), my_reaction_emoji: award_emoji.name, scope: 'all' - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(merge_request3.id) + expect_response_ordered_exactly(merge_request3) end context 'source_branch param' do it 'returns merge requests with the given source branch' do get api('/merge_requests', user), source_branch: merge_request_closed.source_branch, state: 'all' - expect(json_response.length).to eq(2) - expect(json_response.map { |mr| mr['id'] }) - .to contain_exactly(merge_request_closed.id, merge_request_merged.id) + expect_response_contain_exactly(merge_request_closed, merge_request_merged) end end @@ -166,9 +166,7 @@ describe API::MergeRequests do it 'returns merge requests with the given target branch' do get api('/merge_requests', user), target_branch: merge_request_closed.target_branch, state: 'all' - expect(json_response.length).to eq(2) - expect(json_response.map { |mr| mr['id'] }) - .to contain_exactly(merge_request_closed.id, merge_request_merged.id) + expect_response_contain_exactly(merge_request_closed, merge_request_merged) end end @@ -177,8 +175,7 @@ describe API::MergeRequests do get api('/merge_requests?created_before=2000-01-02T00:00:00.060Z', user) - expect(json_response.size).to eq(1) - expect(json_response.first['id']).to eq(merge_request2.id) + expect_response_ordered_exactly(merge_request2) end it 'returns merge requests created after a specific date' do @@ -186,8 +183,7 @@ describe API::MergeRequests do get api("/merge_requests?created_after=#{merge_request2.created_at}", user) - expect(json_response.size).to eq(1) - expect(json_response.first['id']).to eq(merge_request2.id) + expect_response_ordered_exactly(merge_request2) end it 'returns merge requests updated before a specific date' do @@ -195,8 +191,7 @@ describe API::MergeRequests do get api('/merge_requests?updated_before=2000-01-02T00:00:00.060Z', user) - expect(json_response.size).to eq(1) - expect(json_response.first['id']).to eq(merge_request2.id) + expect_response_ordered_exactly(merge_request2) end it 'returns merge requests updated after a specific date' do @@ -204,8 +199,7 @@ describe API::MergeRequests do get api("/merge_requests?updated_after=#{merge_request2.updated_at}", user) - expect(json_response.size).to eq(1) - expect(json_response.first['id']).to eq(merge_request2.id) + expect_response_ordered_exactly(merge_request2) end context 'search params' do @@ -216,293 +210,59 @@ describe API::MergeRequests do it 'returns merge requests matching given search string for title' do get api("/merge_requests", user), search: merge_request.title - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(merge_request.id) + expect_response_ordered_exactly(merge_request) end it 'returns merge requests for project matching given search string for description' do get api("/merge_requests", user), project_id: project.id, search: merge_request.description - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(merge_request.id) + expect_response_ordered_exactly(merge_request) end end end end describe "GET /projects/:id/merge_requests" do - context "when unauthenticated" do - it 'returns merge requests for public projects' do - get api("/projects/#{project.id}/merge_requests") - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - end + let(:endpoint_path) { "/projects/#{project.id}/merge_requests" } - it "returns 404 for non public projects" do - project = create(:project, :private) - get api("/projects/#{project.id}/merge_requests") + it_behaves_like 'merge requests list' - expect(response).to have_gitlab_http_status(404) - end - end - - context "when authenticated" do - it 'avoids N+1 queries' do - control = ActiveRecord::QueryRecorder.new do - get api("/projects/#{project.id}/merge_requests", user) - end - - create(:merge_request, state: 'closed', milestone: milestone1, author: user, assignee: user, source_project: project, target_project: project, title: "Test", created_at: base_time) - - create(:merge_request, milestone: milestone1, author: user, assignee: user, source_project: project, target_project: project, title: "Test", created_at: base_time) - - expect do - get api("/projects/#{project.id}/merge_requests", user) - end.not_to exceed_query_limit(control) - end - - it "returns an array of all merge_requests" do - get api("/projects/#{project.id}/merge_requests", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.last['title']).to eq(merge_request.title) - expect(json_response.last).to have_key('web_url') - expect(json_response.last['sha']).to eq(merge_request.diff_head_sha) - expect(json_response.last['merge_commit_sha']).to be_nil - expect(json_response.last['merge_commit_sha']).to eq(merge_request.merge_commit_sha) - expect(json_response.last['downvotes']).to eq(1) - expect(json_response.last['upvotes']).to eq(1) - expect(json_response.last['labels']).to eq([label2.title, label.title]) - expect(json_response.first['title']).to eq(merge_request_merged.title) - expect(json_response.first['sha']).to eq(merge_request_merged.diff_head_sha) - expect(json_response.first['merge_commit_sha']).not_to be_nil - expect(json_response.first['merge_commit_sha']).to eq(merge_request_merged.merge_commit_sha) - end - - it "returns an array of all merge_requests using simple mode" do - get api("/projects/#{project.id}/merge_requests?view=simple", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response.last.keys).to match_array(%w(id iid title web_url created_at description project_id state updated_at)) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.last['iid']).to eq(merge_request.iid) - expect(json_response.last['title']).to eq(merge_request.title) - expect(json_response.last).to have_key('web_url') - expect(json_response.first['iid']).to eq(merge_request_merged.iid) - expect(json_response.first['title']).to eq(merge_request_merged.title) - expect(json_response.first).to have_key('web_url') - end - - it "returns an array of all merge_requests" do - get api("/projects/#{project.id}/merge_requests?state", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.last['title']).to eq(merge_request.title) - end - - it "returns an array of open merge_requests" do - get api("/projects/#{project.id}/merge_requests?state=opened", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.last['title']).to eq(merge_request.title) - end - - it "returns an array of closed merge_requests" do - get api("/projects/#{project.id}/merge_requests?state=closed", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['title']).to eq(merge_request_closed.title) - end - - it "returns an array of merged merge_requests" do - get api("/projects/#{project.id}/merge_requests?state=merged", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['title']).to eq(merge_request_merged.title) - end - - it 'returns merge_request by "iids" array' do - get api("/projects/#{project.id}/merge_requests", user), iids: [merge_request.iid, merge_request_closed.iid] - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['title']).to eq merge_request_closed.title - expect(json_response.first['id']).to eq merge_request_closed.id - end - - it 'matches V4 response schema' do - get api("/projects/#{project.id}/merge_requests", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to match_response_schema('public_api/v4/merge_requests') - end - - it 'returns an empty array if no issue matches milestone' do - get api("/projects/#{project.id}/merge_requests", user), milestone: '1.0.0' - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an empty array if milestone does not exist' do - get api("/projects/#{project.id}/merge_requests", user), milestone: 'foo' - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an array of merge requests in given milestone' do - get api("/projects/#{project.id}/merge_requests", user), milestone: '0.9' - - expect(json_response.first['title']).to eq merge_request_closed.title - expect(json_response.first['id']).to eq merge_request_closed.id - end - - it 'returns an array of merge requests matching state in milestone' do - get api("/projects/#{project.id}/merge_requests", user), milestone: '0.9', state: 'closed' - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(merge_request_closed.id) - end - - it 'returns an array of labeled merge requests' do - get api("/projects/#{project.id}/merge_requests?labels=#{label.title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label2.title, label.title]) - end - - it 'returns an array of labeled merge requests where all labels match' do - get api("/projects/#{project.id}/merge_requests?labels=#{label.title},foo,bar", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an empty array if no merge request matches labels' do - get api("/projects/#{project.id}/merge_requests?labels=foo,bar", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an array of labeled merge requests that are merged for a milestone' do - bug_label = create(:label, title: 'bug', color: '#FFAABB', project: project) - - mr1 = create(:merge_request, state: "merged", source_project: project, target_project: project, milestone: milestone) - mr2 = create(:merge_request, state: "merged", source_project: project, target_project: project, milestone: milestone1) - mr3 = create(:merge_request, state: "closed", source_project: project, target_project: project, milestone: milestone1) - _mr = create(:merge_request, state: "merged", source_project: project, target_project: project, milestone: milestone1) - - create(:label_link, label: bug_label, target: mr1) - create(:label_link, label: bug_label, target: mr2) - create(:label_link, label: bug_label, target: mr3) - - get api("/projects/#{project.id}/merge_requests?labels=#{bug_label.title}&milestone=#{milestone1.title}&state=merged", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(mr2.id) - end - - context "with ordering" do - before do - @mr_later = mr_with_later_created_and_updated_at_time - @mr_earlier = mr_with_earlier_created_and_updated_at_time - end - - it "returns an array of merge_requests in ascending order" do - get api("/projects/#{project.id}/merge_requests?sort=asc", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - response_dates = json_response.map { |merge_request| merge_request['created_at'] } - expect(response_dates).to eq(response_dates.sort) - end + it "returns 404 for non public projects" do + project = create(:project, :private) - it "returns an array of merge_requests in descending order" do - get api("/projects/#{project.id}/merge_requests?sort=desc", user) + get api("/projects/#{project.id}/merge_requests") - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - response_dates = json_response.map { |merge_request| merge_request['created_at'] } - expect(response_dates).to eq(response_dates.sort.reverse) - end + expect(response).to have_gitlab_http_status(404) + end - it "returns an array of merge_requests ordered by updated_at" do - get api("/projects/#{project.id}/merge_requests?order_by=updated_at", user) + it 'returns merge_request by "iids" array' do + get api(endpoint_path, user), iids: [merge_request.iid, merge_request_closed.iid] - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - response_dates = json_response.map { |merge_request| merge_request['updated_at'] } - expect(response_dates).to eq(response_dates.sort.reverse) - end + expect(response).to have_gitlab_http_status(200) + expect(json_response).to be_an Array + expect(json_response.length).to eq(2) + expect(json_response.first['title']).to eq merge_request_closed.title + expect(json_response.first['id']).to eq merge_request_closed.id + end + end - it "returns an array of merge_requests ordered by created_at" do - get api("/projects/#{project.id}/merge_requests?order_by=created_at&sort=asc", user) + describe "GET /groups/:id/merge_requests" do + let!(:group) { create(:group, :public) } + let!(:project) { create(:project, :public, :repository, creator: user, namespace: group, only_allow_merge_if_pipeline_succeeds: false) } + let(:endpoint_path) { "/groups/#{group.id}/merge_requests" } - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - response_dates = json_response.map { |merge_request| merge_request['created_at'] } - expect(response_dates).to eq(response_dates.sort) - end - end + before do + group.add_reporter(user) + end - context 'source_branch param' do - it 'returns merge requests with the given source branch' do - get api('/merge_requests', user), source_branch: merge_request_closed.source_branch, state: 'all' + it_behaves_like 'merge requests list' - expect(json_response.length).to eq(2) - expect(json_response.map { |mr| mr['id'] }) - .to contain_exactly(merge_request_closed.id, merge_request_merged.id) - end - end + context 'when have subgroups', :nested_groups do + let!(:group) { create(:group, :public) } + let!(:subgroup) { create(:group, parent: group) } + let!(:project) { create(:project, :public, :repository, creator: user, namespace: subgroup, only_allow_merge_if_pipeline_succeeds: false) } - context 'target_branch param' do - it 'returns merge requests with the given target branch' do - get api('/merge_requests', user), target_branch: merge_request_closed.target_branch, state: 'all' - - expect(json_response.length).to eq(2) - expect(json_response.map { |mr| mr['id'] }) - .to contain_exactly(merge_request_closed.id, merge_request_merged.id) - end - end + it_behaves_like 'merge requests list' end end @@ -626,12 +386,13 @@ describe API::MergeRequests do source_project: forked_project, target_project: project, source_branch: 'fixes', - allow_maintainer_to_push: true) + allow_collaboration: true) end - it 'includes the `allow_maintainer_to_push` field' do + it 'includes the `allow_collaboration` field' do get api("/projects/#{project.id}/merge_requests/#{merge_request.iid}", user) + expect(json_response['allow_collaboration']).to be_truthy expect(json_response['allow_maintainer_to_push']).to be_truthy end end @@ -740,12 +501,14 @@ describe API::MergeRequests do target_branch: 'master', author: user, labels: 'label, label2', - milestone_id: milestone.id + milestone_id: milestone.id, + squash: true expect(response).to have_gitlab_http_status(201) expect(json_response['title']).to eq('Test merge_request') expect(json_response['labels']).to eq(%w(label label2)) expect(json_response['milestone']['id']).to eq(milestone.id) + expect(json_response['squash']).to be_truthy expect(json_response['force_remove_source_branch']).to be_falsy end @@ -861,7 +624,7 @@ describe API::MergeRequests do expect(json_response['title']).to eq('Test merge_request') end - it 'returns 422 when target project has disabled merge requests' do + it 'returns 403 when target project has disabled merge requests' do project.project_feature.update(merge_requests_access_level: 0) post api("/projects/#{forked_project.id}/merge_requests", user2), @@ -871,7 +634,7 @@ describe API::MergeRequests do author: user2, target_project_id: project.id - expect(response).to have_gitlab_http_status(422) + expect(response).to have_gitlab_http_status(403) end it "returns 400 when source_branch is missing" do @@ -892,11 +655,12 @@ describe API::MergeRequests do expect(response).to have_gitlab_http_status(400) end - it 'allows setting `allow_maintainer_to_push`' do + it 'allows setting `allow_collaboration`' do post api("/projects/#{forked_project.id}/merge_requests", user2), - title: 'Test merge_request', source_branch: "feature_conflict", target_branch: "master", - author: user2, target_project_id: project.id, allow_maintainer_to_push: true + title: 'Test merge_request', source_branch: "feature_conflict", target_branch: "master", + author: user2, target_project_id: project.id, allow_collaboration: true expect(response).to have_gitlab_http_status(201) + expect(json_response['allow_collaboration']).to be_truthy expect(json_response['allow_maintainer_to_push']).to be_truthy end @@ -1034,6 +798,14 @@ describe API::MergeRequests do expect(response).to have_gitlab_http_status(200) end + it "updates the MR's squash attribute" do + expect do + put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/merge", user), squash: true + end.to change { merge_request.reload.squash } + + expect(response).to have_gitlab_http_status(200) + end + it "enables merge when pipeline succeeds if the pipeline is active" do allow_any_instance_of(MergeRequest).to receive(:head_pipeline).and_return(pipeline) allow(pipeline).to receive(:active?).and_return(true) @@ -1098,6 +870,13 @@ describe API::MergeRequests do expect(json_response['milestone']['id']).to eq(milestone.id) end + it "updates squash and returns merge_request" do + put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}", user), squash: true + + expect(response).to have_gitlab_http_status(200) + expect(json_response['squash']).to be_truthy + end + it "returns merge_request with renamed target_branch" do put api("/projects/#{project.id}/merge_requests/#{merge_request.iid}", user), target_branch: "wiki" expect(response).to have_gitlab_http_status(200) @@ -1341,4 +1120,22 @@ describe API::MergeRequests do merge_request_closed.save merge_request_closed end + + def expect_response_contain_exactly(*items) + expect_paginated_array_response + expect(json_response.length).to eq(items.size) + expect(json_response.map { |element| element['id'] }).to contain_exactly(*items.map(&:id)) + end + + def expect_response_ordered_exactly(*items) + expect_paginated_array_response + expect(json_response.length).to eq(items.size) + expect(json_response.map { |element| element['id'] }).to eq(items.map(&:id)) + end + + def expect_paginated_array_response + expect(response).to have_gitlab_http_status(200) + expect(response).to include_pagination_headers + expect(json_response).to be_an Array + end end diff --git a/spec/requests/api/pages_domains_spec.rb b/spec/requests/api/pages_domains_spec.rb index dc3a116c060..a9ccbb32666 100644 --- a/spec/requests/api/pages_domains_spec.rb +++ b/spec/requests/api/pages_domains_spec.rb @@ -1,17 +1,17 @@ require 'rails_helper' describe API::PagesDomains do - set(:project) { create(:project, path: 'my.project') } + set(:project) { create(:project, path: 'my.project', pages_https_only: false) } set(:user) { create(:user) } set(:admin) { create(:admin) } - set(:pages_domain) { create(:pages_domain, domain: 'www.domain.test', project: project) } - set(:pages_domain_secure) { create(:pages_domain, :with_certificate, :with_key, domain: 'ssl.domain.test', project: project) } - set(:pages_domain_expired) { create(:pages_domain, :with_expired_certificate, :with_key, domain: 'expired.domain.test', project: project) } + set(:pages_domain) { create(:pages_domain, :without_key, :without_certificate, domain: 'www.domain.test', project: project) } + set(:pages_domain_secure) { create(:pages_domain, domain: 'ssl.domain.test', project: project) } + set(:pages_domain_expired) { create(:pages_domain, :with_expired_certificate, domain: 'expired.domain.test', project: project) } - let(:pages_domain_params) { build(:pages_domain, domain: 'www.other-domain.test').slice(:domain) } - let(:pages_domain_secure_params) { build(:pages_domain, :with_certificate, :with_key, domain: 'ssl.other-domain.test', project: project).slice(:domain, :certificate, :key) } - let(:pages_domain_secure_key_missmatch_params) {build(:pages_domain, :with_trusted_chain, :with_key, project: project).slice(:domain, :certificate, :key) } + let(:pages_domain_params) { build(:pages_domain, :without_key, :without_certificate, domain: 'www.other-domain.test').slice(:domain) } + let(:pages_domain_secure_params) { build(:pages_domain, domain: 'ssl.other-domain.test', project: project).slice(:domain, :certificate, :key) } + let(:pages_domain_secure_key_missmatch_params) {build(:pages_domain, :with_trusted_chain, project: project).slice(:domain, :certificate, :key) } let(:pages_domain_secure_missing_chain_params) {build(:pages_domain, :with_missing_chain, project: project).slice(:certificate) } let(:route) { "/projects/#{project.id}/pages/domains" } diff --git a/spec/requests/api/pipeline_schedules_spec.rb b/spec/requests/api/pipeline_schedules_spec.rb index 7ea25059756..91d4d5d3de9 100644 --- a/spec/requests/api/pipeline_schedules_spec.rb +++ b/spec/requests/api/pipeline_schedules_spec.rb @@ -17,6 +17,17 @@ describe API::PipelineSchedules do pipeline_schedule.pipelines << build(:ci_pipeline, project: project) end + def create_pipeline_schedules(count) + create_list(:ci_pipeline_schedule, count, project: project) + .each do |pipeline_schedule| + create(:user).tap do |user| + project.add_developer(user) + pipeline_schedule.update_attributes(owner: user) + end + pipeline_schedule.pipelines << build(:ci_pipeline, project: project) + end + end + it 'returns list of pipeline_schedules' do get api("/projects/#{project.id}/pipeline_schedules", developer) @@ -26,18 +37,14 @@ describe API::PipelineSchedules do end it 'avoids N + 1 queries' do + # We need at least two users to trigger a preload for that relation. + create_pipeline_schedules(1) + control_count = ActiveRecord::QueryRecorder.new do get api("/projects/#{project.id}/pipeline_schedules", developer) end.count - create_list(:ci_pipeline_schedule, 10, project: project) - .each do |pipeline_schedule| - create(:user).tap do |user| - project.add_developer(user) - pipeline_schedule.update_attributes(owner: user) - end - pipeline_schedule.pipelines << build(:ci_pipeline, project: project) - end + create_pipeline_schedules(10) expect do get api("/projects/#{project.id}/pipeline_schedules", developer) diff --git a/spec/requests/api/pipelines_spec.rb b/spec/requests/api/pipelines_spec.rb index 0736329f9fd..78ea77cb3bb 100644 --- a/spec/requests/api/pipelines_spec.rb +++ b/spec/requests/api/pipelines_spec.rb @@ -285,6 +285,15 @@ describe API::Pipelines do end describe 'POST /projects/:id/pipeline ' do + def expect_variables(variables, expected_variables) + variables.each_with_index do |variable, index| + expected_variable = expected_variables[index] + + expect(variable.key).to eq(expected_variable['key']) + expect(variable.value).to eq(expected_variable['value']) + end + end + context 'authorized user' do context 'with gitlab-ci.yml' do before do @@ -294,13 +303,62 @@ describe API::Pipelines do it 'creates and returns a new pipeline' do expect do post api("/projects/#{project.id}/pipeline", user), ref: project.default_branch - end.to change { Ci::Pipeline.count }.by(1) + end.to change { project.pipelines.count }.by(1) expect(response).to have_gitlab_http_status(201) expect(json_response).to be_a Hash expect(json_response['sha']).to eq project.commit.id end + context 'variables given' do + let(:variables) { [{ 'key' => 'UPLOAD_TO_S3', 'value' => 'true' }] } + + it 'creates and returns a new pipeline using the given variables' do + expect do + post api("/projects/#{project.id}/pipeline", user), ref: project.default_branch, variables: variables + end.to change { project.pipelines.count }.by(1) + expect_variables(project.pipelines.last.variables, variables) + + expect(response).to have_gitlab_http_status(201) + expect(json_response).to be_a Hash + expect(json_response['sha']).to eq project.commit.id + expect(json_response).not_to have_key('variables') + end + end + + describe 'using variables conditions' do + let(:variables) { [{ 'key' => 'STAGING', 'value' => 'true' }] } + + before do + config = YAML.dump(test: { script: 'test', only: { variables: ['$STAGING'] } }) + stub_ci_pipeline_yaml_file(config) + end + + it 'creates and returns a new pipeline using the given variables' do + expect do + post api("/projects/#{project.id}/pipeline", user), ref: project.default_branch, variables: variables + end.to change { project.pipelines.count }.by(1) + expect_variables(project.pipelines.last.variables, variables) + + expect(response).to have_gitlab_http_status(201) + expect(json_response).to be_a Hash + expect(json_response['sha']).to eq project.commit.id + expect(json_response).not_to have_key('variables') + end + + context 'condition unmatch' do + let(:variables) { [{ 'key' => 'STAGING', 'value' => 'false' }] } + + it "doesn't create a job" do + expect do + post api("/projects/#{project.id}/pipeline", user), ref: project.default_branch + end.not_to change { project.pipelines.count } + + expect(response).to have_gitlab_http_status(400) + end + end + end + it 'fails when using an invalid ref' do post api("/projects/#{project.id}/pipeline", user), ref: 'invalid_ref' diff --git a/spec/requests/api/project_export_spec.rb b/spec/requests/api/project_export_spec.rb index 12583109b59..3834d27d0a9 100644 --- a/spec/requests/api/project_export_spec.rb +++ b/spec/requests/api/project_export_spec.rb @@ -5,6 +5,7 @@ describe API::ProjectExport do set(:project_none) { create(:project) } set(:project_started) { create(:project) } set(:project_finished) { create(:project) } + set(:project_after_export) { create(:project) } set(:user) { create(:user) } set(:admin) { create(:admin) } @@ -12,11 +13,13 @@ describe API::ProjectExport do let(:path_none) { "/projects/#{project_none.id}/export" } let(:path_started) { "/projects/#{project_started.id}/export" } let(:path_finished) { "/projects/#{project_finished.id}/export" } + let(:path_after_export) { "/projects/#{project_after_export.id}/export" } let(:download_path) { "/projects/#{project.id}/export/download" } let(:download_path_none) { "/projects/#{project_none.id}/export/download" } let(:download_path_started) { "/projects/#{project_started.id}/export/download" } let(:download_path_finished) { "/projects/#{project_finished.id}/export/download" } + let(:download_path_export_action) { "/projects/#{project_after_export.id}/export/download" } let(:export_path) { "#{Dir.tmpdir}/project_export_spec" } @@ -29,6 +32,11 @@ describe API::ProjectExport do # simulate exported FileUtils.mkdir_p project_finished.export_path FileUtils.touch File.join(project_finished.export_path, '_export.tar.gz') + + # simulate in after export action + FileUtils.mkdir_p project_after_export.export_path + FileUtils.touch File.join(project_after_export.export_path, '_export.tar.gz') + FileUtils.touch Gitlab::ImportExport::AfterExportStrategies::BaseAfterExportStrategy.lock_file_path(project_after_export) end after do @@ -73,6 +81,14 @@ describe API::ProjectExport do expect(json_response['export_status']).to eq('started') end + it 'is after_export' do + get api(path_after_export, user) + + expect(response).to have_gitlab_http_status(200) + expect(response).to match_response_schema('public_api/v4/project/export_status') + expect(json_response['export_status']).to eq('after_export_action') + end + it 'is finished' do get api(path_finished, user) @@ -99,6 +115,7 @@ describe API::ProjectExport do project_none.add_master(user) project_started.add_master(user) project_finished.add_master(user) + project_after_export.add_master(user) end it_behaves_like 'get project export status ok' @@ -163,6 +180,36 @@ describe API::ProjectExport do end end + shared_examples_for 'get project export upload after action' do + context 'and is uploading' do + it 'downloads' do + get api(download_path_export_action, user) + + expect(response).to have_gitlab_http_status(200) + end + end + + context 'when upload complete' do + before do + FileUtils.rm_rf(project_after_export.export_path) + end + + it_behaves_like '404 response' do + let(:request) { get api(download_path_export_action, user) } + end + end + end + + shared_examples_for 'get project download by strategy' do + context 'when upload strategy set' do + it_behaves_like 'get project export upload after action' + end + + context 'when download strategy set' do + it_behaves_like 'get project export download' + end + end + it_behaves_like 'when project export is disabled' do let(:request) { get api(download_path, admin) } end @@ -171,7 +218,7 @@ describe API::ProjectExport do context 'when user is an admin' do let(:user) { admin } - it_behaves_like 'get project export download' + it_behaves_like 'get project download by strategy' end context 'when user is a master' do @@ -180,9 +227,10 @@ describe API::ProjectExport do project_none.add_master(user) project_started.add_master(user) project_finished.add_master(user) + project_after_export.add_master(user) end - it_behaves_like 'get project export download' + it_behaves_like 'get project download by strategy' end context 'when user is a developer' do @@ -229,10 +277,30 @@ describe API::ProjectExport do end shared_examples_for 'post project export start' do - it 'starts' do - post api(path, user) + context 'with upload strategy' do + context 'when params invalid' do + it_behaves_like '400 response' do + let(:request) { post(api(path, user), 'upload[url]' => 'whatever') } + end + end + + it 'starts' do + allow_any_instance_of(Gitlab::ImportExport::AfterExportStrategies::WebUploadStrategy).to receive(:send_file) + + post(api(path, user), 'upload[url]' => 'http://gitlab.com') - expect(response).to have_gitlab_http_status(202) + expect(response).to have_gitlab_http_status(202) + end + end + + context 'with download strategy' do + it 'starts' do + expect_any_instance_of(Gitlab::ImportExport::AfterExportStrategies::WebUploadStrategy).not_to receive(:send_file) + + post api(path, user) + + expect(response).to have_gitlab_http_status(202) + end end end @@ -253,6 +321,7 @@ describe API::ProjectExport do project_none.add_master(user) project_started.add_master(user) project_finished.add_master(user) + project_after_export.add_master(user) end it_behaves_like 'post project export start' diff --git a/spec/requests/api/project_hooks_spec.rb b/spec/requests/api/project_hooks_spec.rb index 392cad667be..12a183fed1e 100644 --- a/spec/requests/api/project_hooks_spec.rb +++ b/spec/requests/api/project_hooks_spec.rb @@ -33,6 +33,7 @@ describe API::ProjectHooks, 'ProjectHooks' do expect(json_response.first['merge_requests_events']).to eq(true) expect(json_response.first['tag_push_events']).to eq(true) expect(json_response.first['note_events']).to eq(true) + expect(json_response.first['confidential_note_events']).to eq(true) expect(json_response.first['job_events']).to eq(true) expect(json_response.first['pipeline_events']).to eq(true) expect(json_response.first['wiki_page_events']).to eq(true) @@ -62,6 +63,7 @@ describe API::ProjectHooks, 'ProjectHooks' do expect(json_response['merge_requests_events']).to eq(hook.merge_requests_events) expect(json_response['tag_push_events']).to eq(hook.tag_push_events) expect(json_response['note_events']).to eq(hook.note_events) + expect(json_response['confidential_note_events']).to eq(hook.confidential_note_events) expect(json_response['job_events']).to eq(hook.job_events) expect(json_response['pipeline_events']).to eq(hook.pipeline_events) expect(json_response['wiki_page_events']).to eq(hook.wiki_page_events) @@ -104,6 +106,7 @@ describe API::ProjectHooks, 'ProjectHooks' do expect(json_response['merge_requests_events']).to eq(false) expect(json_response['tag_push_events']).to eq(false) expect(json_response['note_events']).to eq(false) + expect(json_response['confidential_note_events']).to eq(nil) expect(json_response['job_events']).to eq(true) expect(json_response['pipeline_events']).to eq(false) expect(json_response['wiki_page_events']).to eq(true) @@ -152,6 +155,7 @@ describe API::ProjectHooks, 'ProjectHooks' do expect(json_response['merge_requests_events']).to eq(hook.merge_requests_events) expect(json_response['tag_push_events']).to eq(hook.tag_push_events) expect(json_response['note_events']).to eq(hook.note_events) + expect(json_response['confidential_note_events']).to eq(hook.confidential_note_events) expect(json_response['job_events']).to eq(hook.job_events) expect(json_response['pipeline_events']).to eq(hook.pipeline_events) expect(json_response['wiki_page_events']).to eq(hook.wiki_page_events) diff --git a/spec/requests/api/project_import_spec.rb b/spec/requests/api/project_import_spec.rb index 987f6e26971..97dffdc9233 100644 --- a/spec/requests/api/project_import_spec.rb +++ b/spec/requests/api/project_import_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe API::ProjectImport do let(:export_path) { "#{Dir.tmpdir}/project_export_spec" } let(:user) { create(:user) } - let(:file) { File.join(Rails.root, 'spec', 'features', 'projects', 'import_export', 'test_project_export.tar.gz') } + let(:file) { File.join('spec', 'features', 'projects', 'import_export', 'test_project_export.tar.gz') } let(:namespace) { create(:group) } before do allow_any_instance_of(Gitlab::ImportExport).to receive(:storage_path).and_return(export_path) @@ -40,7 +40,7 @@ describe API::ProjectImport do expect(response).to have_gitlab_http_status(201) end - it 'schedules an import at the user namespace level' do + it 'does not shedule an import for a nampespace that does not exist' do expect_any_instance_of(Project).not_to receive(:import_schedule) expect(::Projects::CreateService).not_to receive(:new) @@ -71,6 +71,72 @@ describe API::ProjectImport do expect(json_response['error']).to eq('file is invalid') end + it 'stores params that can be overridden' do + stub_import(namespace) + override_params = { 'description' => 'Hello world' } + + post api('/projects/import', user), + path: 'test-import', + file: fixture_file_upload(file), + namespace: namespace.id, + override_params: override_params + import_project = Project.find(json_response['id']) + + expect(import_project.import_data.data['override_params']).to eq(override_params) + end + + it 'does not store params that are not allowed' do + stub_import(namespace) + override_params = { 'not_allowed' => 'Hello world' } + + post api('/projects/import', user), + path: 'test-import', + file: fixture_file_upload(file), + namespace: namespace.id, + override_params: override_params + import_project = Project.find(json_response['id']) + + expect(import_project.import_data.data['override_params']).to be_empty + end + + it 'correctly overrides params during the import' do + override_params = { 'description' => 'Hello world' } + + Sidekiq::Testing.inline! do + post api('/projects/import', user), + path: 'test-import', + file: fixture_file_upload(file), + namespace: namespace.id, + override_params: override_params + end + import_project = Project.find(json_response['id']) + + expect(import_project.description).to eq('Hello world') + end + + context 'when target path already exists in namespace' do + let(:existing_project) { create(:project, namespace: user.namespace) } + + it 'does not schedule an import' do + expect_any_instance_of(Project).not_to receive(:import_schedule) + + post api('/projects/import', user), path: existing_project.path, file: fixture_file_upload(file) + + expect(response).to have_gitlab_http_status(400) + expect(json_response['message']).to eq('Name has already been taken') + end + + context 'when param overwrite is true' do + it 'schedules an import' do + stub_import(user.namespace) + + post api('/projects/import', user), path: existing_project.path, file: fixture_file_upload(file), overwrite: true + + expect(response).to have_gitlab_http_status(201) + end + end + end + def stub_import(namespace) expect_any_instance_of(Project).to receive(:import_schedule) expect(::Projects::CreateService).to receive(:new).with(user, hash_including(namespace_id: namespace.id)).and_call_original @@ -79,7 +145,7 @@ describe API::ProjectImport do describe 'GET /projects/:id/import' do it 'returns the import status' do - project = create(:project, import_status: 'started') + project = create(:project, :import_started) project.add_master(user) get api("/projects/#{project.id}/import", user) @@ -89,8 +155,9 @@ describe API::ProjectImport do end it 'returns the import status and the error if failed' do - project = create(:project, import_status: 'failed', import_error: 'error') + project = create(:project, :import_failed) project.add_master(user) + project.import_state.update_attributes(last_error: 'error') get api("/projects/#{project.id}/import", user) diff --git a/spec/requests/api/project_snapshots_spec.rb b/spec/requests/api/project_snapshots_spec.rb new file mode 100644 index 00000000000..07a920f8d28 --- /dev/null +++ b/spec/requests/api/project_snapshots_spec.rb @@ -0,0 +1,51 @@ +require 'spec_helper' + +describe API::ProjectSnapshots do + include WorkhorseHelpers + + let(:project) { create(:project) } + let(:admin) { create(:admin) } + + describe 'GET /projects/:id/snapshot' do + def expect_snapshot_response_for(repository) + type, params = workhorse_send_data + + expect(type).to eq('git-snapshot') + expect(params).to eq( + 'GitalyServer' => { + 'address' => Gitlab::GitalyClient.address(repository.project.repository_storage), + 'token' => Gitlab::GitalyClient.token(repository.project.repository_storage) + }, + 'GetSnapshotRequest' => Gitaly::GetSnapshotRequest.new( + repository: repository.gitaly_repository + ).to_json + ) + end + + it 'returns authentication error as project owner' do + get api("/projects/#{project.id}/snapshot", project.owner) + + expect(response).to have_gitlab_http_status(403) + end + + it 'returns authentication error as unauthenticated user' do + get api("/projects/#{project.id}/snapshot", nil) + + expect(response).to have_gitlab_http_status(401) + end + + it 'requests project repository raw archive as administrator' do + get api("/projects/#{project.id}/snapshot", admin), wiki: '0' + + expect(response).to have_gitlab_http_status(200) + expect_snapshot_response_for(project.repository) + end + + it 'requests wiki repository raw archive as administrator' do + get api("/projects/#{project.id}/snapshot", admin), wiki: '1' + + expect(response).to have_gitlab_http_status(200) + expect_snapshot_response_for(project.wiki.repository) + end + end +end diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index cee93f6ed14..99103039f77 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -1,12 +1,24 @@ # -*- coding: utf-8 -*- require 'spec_helper' +shared_examples 'languages and percentages JSON response' do + let(:expected_languages) { project.repository.languages.map { |language| language.values_at(:label, :value)}.to_h } + + it 'returns expected language values' do + get api("/projects/#{project.id}/languages", user) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response).to eq(expected_languages) + expect(json_response.count).to be > 1 + end +end + describe API::Projects do let(:user) { create(:user) } let(:user2) { create(:user) } let(:user3) { create(:user) } let(:admin) { create(:admin) } - let(:project) { create(:project, namespace: user.namespace) } + let(:project) { create(:project, :repository, namespace: user.namespace) } let(:project2) { create(:project, namespace: user.namespace) } let(:snippet) { create(:project_snippet, :public, author: user, project: project, title: 'example') } let(:project_member) { create(:project_member, :developer, user: user3, project: project) } @@ -208,7 +220,7 @@ describe API::Projects do it 'returns a simplified version of all the projects' do expected_keys = %w( id description default_branch tag_list - ssh_url_to_repo http_url_to_repo web_url + ssh_url_to_repo http_url_to_repo web_url readme_url name name_with_namespace path path_with_namespace star_count forks_count @@ -452,7 +464,8 @@ describe API::Projects do only_allow_merge_if_pipeline_succeeds: false, request_access_enabled: true, only_allow_merge_if_all_discussions_are_resolved: false, - ci_config_path: 'a/custom/path' + ci_config_path: 'a/custom/path', + merge_method: 'ff' }) post api('/projects', user), project @@ -505,7 +518,7 @@ describe API::Projects do end it 'uploads avatar for project a project' do - project = attributes_for(:project, avatar: fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif')) + project = attributes_for(:project, avatar: fixture_file_upload('spec/fixtures/banana_sample.gif', 'image/gif')) post api('/projects', user), project @@ -569,6 +582,22 @@ describe API::Projects do expect(json_response['only_allow_merge_if_all_discussions_are_resolved']).to be_truthy end + it 'sets the merge method of a project to rebase merge' do + project = attributes_for(:project, merge_method: 'rebase_merge') + + post api('/projects', user), project + + expect(json_response['merge_method']).to eq('rebase_merge') + end + + it 'rejects invalid values for merge_method' do + project = attributes_for(:project, merge_method: 'totally_not_valid_method') + + post api('/projects', user), project + + expect(response).to have_gitlab_http_status(400) + end + it 'ignores import_url when it is nil' do project = attributes_for(:project, import_url: nil) @@ -656,7 +685,8 @@ describe API::Projects do issues_enabled: false, merge_requests_enabled: false, wiki_enabled: false, - request_access_enabled: true + request_access_enabled: true, + jobs_enabled: true }) post api("/projects/user/#{user.id}", admin), project @@ -747,7 +777,7 @@ describe API::Projects do end it "uploads the file and returns its info" do - post api("/projects/#{project.id}/uploads", user), file: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png") + post api("/projects/#{project.id}/uploads", user), file: fixture_file_upload("spec/fixtures/dk.png", "image/png") expect(response).to have_gitlab_http_status(201) expect(json_response['alt']).to eq("dk") @@ -823,6 +853,8 @@ describe API::Projects do expect(json_response['shared_with_groups'][0]['group_access_level']).to eq(link.group_access) expect(json_response['only_allow_merge_if_pipeline_succeeds']).to eq(project.only_allow_merge_if_pipeline_succeeds) expect(json_response['only_allow_merge_if_all_discussions_are_resolved']).to eq(project.only_allow_merge_if_all_discussions_are_resolved) + expect(json_response['merge_method']).to eq(project.merge_method.to_s) + expect(json_response['readme_url']).to eq(project.readme_url) end it 'returns a project by path name' do @@ -1474,6 +1506,26 @@ describe API::Projects do expect(json_response[k.to_s]).to eq(v) end end + + it 'updates merge_method' do + project_param = { merge_method: 'ff' } + + put api("/projects/#{project3.id}", user), project_param + + expect(response).to have_gitlab_http_status(200) + + project_param.each_pair do |k, v| + expect(json_response[k.to_s]).to eq(v) + end + end + + it 'rejects to update merge_method when merge_method is invalid' do + project_param = { merge_method: 'invalid' } + + put api("/projects/#{project3.id}", user), project_param + + expect(response).to have_gitlab_http_status(400) + end end context 'when authenticated as project master' do @@ -1491,6 +1543,7 @@ describe API::Projects do wiki_enabled: true, snippets_enabled: true, merge_requests_enabled: true, + merge_method: 'ff', description: 'new description' } put api("/projects/#{project3.id}", user4), project_param @@ -1655,6 +1708,42 @@ describe API::Projects do end end + describe 'GET /projects/:id/languages' do + context 'with an authorized user' do + it_behaves_like 'languages and percentages JSON response' do + let(:project) { project3 } + end + + it 'returns not_found(404) for not existing project' do + get api("/projects/9999999999/languages", user) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'with not authorized user' do + it 'returns not_found for existing but unauthorized project' do + get api("/projects/#{project3.id}/languages", user3) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + + context 'without user' do + let(:project_public) { create(:project, :public, :repository) } + + it_behaves_like 'languages and percentages JSON response' do + let(:project) { project_public } + end + + it 'returns not_found for existing but unauthorized project' do + get api("/projects/#{project3.id}/languages", nil) + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + describe 'DELETE /projects/:id' do context 'when authenticated as user' do it 'removes project' do @@ -1718,6 +1807,12 @@ describe API::Projects do group end + let(:group3) do + group = create(:group, name: 'group3_name', parent: group2) + group.add_owner(user2) + group + end + before do project.add_reporter(user2) end @@ -1813,6 +1908,15 @@ describe API::Projects do expect(json_response['namespace']['name']).to eq(group2.name) end + it 'forks to owned subgroup' do + full_path = "#{group2.path}/#{group3.path}" + post api("/projects/#{project.id}/fork", user2), namespace: full_path + + expect(response).to have_gitlab_http_status(201) + expect(json_response['namespace']['name']).to eq(group3.name) + expect(json_response['namespace']['full_path']).to eq(full_path) + end + it 'fails to fork to not owned group' do post api("/projects/#{project.id}/fork", user2), namespace: group.name diff --git a/spec/requests/api/protected_branches_spec.rb b/spec/requests/api/protected_branches_spec.rb index 1d23e023bb6..576fde46615 100644 --- a/spec/requests/api/protected_branches_spec.rb +++ b/spec/requests/api/protected_branches_spec.rb @@ -193,6 +193,19 @@ describe API::ProtectedBranches do expect(json_response['merge_access_levels'][0]['access_level']).to eq(Gitlab::Access::MASTER) end end + + context 'when a policy restricts rule deletion' do + before do + policy = instance_double(ProtectedBranchPolicy, can?: false) + expect(ProtectedBranchPolicy).to receive(:new).and_return(policy) + end + + it "prevents deletion of the protected branch rule" do + post post_endpoint, name: branch_name + + expect(response).to have_gitlab_http_status(403) + end + end end context 'when authenticated as a guest' do @@ -209,18 +222,20 @@ describe API::ProtectedBranches do end describe "DELETE /projects/:id/protected_branches/unprotect/:branch" do + let(:delete_endpoint) { api("/projects/#{project.id}/protected_branches/#{branch_name}", user) } + before do project.add_master(user) end it "unprotects a single branch" do - delete api("/projects/#{project.id}/protected_branches/#{branch_name}", user) + delete delete_endpoint expect(response).to have_gitlab_http_status(204) end it_behaves_like '412 response' do - let(:request) { api("/projects/#{project.id}/protected_branches/#{branch_name}", user) } + let(:request) { delete_endpoint } end it "returns 404 if branch does not exist" do @@ -229,11 +244,24 @@ describe API::ProtectedBranches do expect(response).to have_gitlab_http_status(404) end + context 'when a policy restricts rule deletion' do + before do + policy = instance_double(ProtectedBranchPolicy, can?: false) + expect(ProtectedBranchPolicy).to receive(:new).and_return(policy) + end + + it "prevents deletion of the protected branch rule" do + delete delete_endpoint + + expect(response).to have_gitlab_http_status(403) + end + end + context 'when branch has a wildcard in its name' do let(:protected_name) { 'feature*' } it "unprotects a wildcard branch" do - delete api("/projects/#{project.id}/protected_branches/#{branch_name}", user) + delete delete_endpoint expect(response).to have_gitlab_http_status(204) end diff --git a/spec/requests/api/repositories_spec.rb b/spec/requests/api/repositories_spec.rb index 741800ff61d..cd135dfc32a 100644 --- a/spec/requests/api/repositories_spec.rb +++ b/spec/requests/api/repositories_spec.rb @@ -220,11 +220,10 @@ describe API::Repositories do expect(response).to have_gitlab_http_status(200) - repo_name = project.repository.name.gsub("\.git", "") type, params = workhorse_send_data expect(type).to eq('git-archive') - expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.tar.gz/) + expect(params['ArchivePath']).to match(/#{project.path}\-[^\.]+\.tar.gz/) end it 'returns the repository archive archive.zip' do @@ -232,11 +231,10 @@ describe API::Repositories do expect(response).to have_gitlab_http_status(200) - repo_name = project.repository.name.gsub("\.git", "") type, params = workhorse_send_data expect(type).to eq('git-archive') - expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.zip/) + expect(params['ArchivePath']).to match(/#{project.path}\-[^\.]+\.zip/) end it 'returns the repository archive archive.tar.bz2' do @@ -244,11 +242,10 @@ describe API::Repositories do expect(response).to have_gitlab_http_status(200) - repo_name = project.repository.name.gsub("\.git", "") type, params = workhorse_send_data expect(type).to eq('git-archive') - expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.tar.bz2/) + expect(params['ArchivePath']).to match(/#{project.path}\-[^\.]+\.tar.bz2/) end context 'when sha does not exist' do @@ -427,5 +424,20 @@ describe API::Repositories do let(:request) { get api(route, guest) } end end + + # Regression: https://gitlab.com/gitlab-org/gitlab-ce/issues/45363 + describe 'Links header contains working URLs when no `order_by` nor `sort` is given' do + let(:project) { create(:project, :public, :repository) } + let(:current_user) { nil } + + it 'returns `Link` header that includes URLs with default value for `order_by` & `sort`' do + get api(route, current_user) + + first_link_url = response.headers['Link'].split(';').first + + expect(first_link_url).to include('order_by=commits') + expect(first_link_url).to include('sort=asc') + end + end end end diff --git a/spec/requests/api/runner_spec.rb b/spec/requests/api/runner_spec.rb index 95c23726a79..e7639599874 100644 --- a/spec/requests/api/runner_spec.rb +++ b/spec/requests/api/runner_spec.rb @@ -1,11 +1,13 @@ require 'spec_helper' -describe API::Runner do +describe API::Runner, :clean_gitlab_redis_shared_state do include StubGitlabCalls + include RedisHelpers let(:registration_token) { 'abcdefg123456' } before do + stub_feature_flags(ci_enable_live_trace: true) stub_gitlab_calls stub_application_setting(runners_registration_token: registration_token) allow_any_instance_of(Ci::Runner).to receive(:cache_attributes) @@ -39,19 +41,38 @@ describe API::Runner do expect(json_response['id']).to eq(runner.id) expect(json_response['token']).to eq(runner.token) expect(runner.run_untagged).to be true + expect(runner.active).to be true expect(runner.token).not_to eq(registration_token) + expect(runner).to be_instance_type end context 'when project token is used' do let(:project) { create(:project) } - it 'creates runner' do + it 'creates project runner' do post api('/runners'), token: project.runners_token expect(response).to have_gitlab_http_status 201 expect(project.runners.size).to eq(1) - expect(Ci::Runner.first.token).not_to eq(registration_token) - expect(Ci::Runner.first.token).not_to eq(project.runners_token) + runner = Ci::Runner.first + expect(runner.token).not_to eq(registration_token) + expect(runner.token).not_to eq(project.runners_token) + expect(runner).to be_project_type + end + end + + context 'when group token is used' do + let(:group) { create(:group) } + + it 'creates a group runner' do + post api('/runners'), token: group.runners_token + + expect(response).to have_http_status 201 + expect(group.runners.size).to eq(1) + runner = Ci::Runner.first + expect(runner.token).not_to eq(registration_token) + expect(runner.token).not_to eq(group.runners_token) + expect(runner).to be_group_type end end end @@ -90,11 +111,13 @@ describe API::Runner do end context 'when tags are not provided' do - it 'returns 404 error' do + it 'returns 400 error' do post api('/runners'), token: registration_token, run_untagged: false - expect(response).to have_gitlab_http_status 404 + expect(response).to have_gitlab_http_status 400 + expect(json_response['message']).to include( + 'tags_list' => ['can not be empty when runner is not allowed to pick untagged jobs']) end end end @@ -109,6 +132,48 @@ describe API::Runner do end end + context 'when option for activating a Runner is provided' do + context 'when active is set to true' do + it 'creates runner' do + post api('/runners'), token: registration_token, + active: true + + expect(response).to have_gitlab_http_status 201 + expect(Ci::Runner.first.active).to be true + end + end + + context 'when active is set to false' do + it 'creates runner' do + post api('/runners'), token: registration_token, + active: false + + expect(response).to have_gitlab_http_status 201 + expect(Ci::Runner.first.active).to be false + end + end + end + + context 'when maximum job timeout is specified' do + it 'creates runner' do + post api('/runners'), token: registration_token, + maximum_timeout: 9000 + + expect(response).to have_gitlab_http_status 201 + expect(Ci::Runner.first.maximum_timeout).to eq(9000) + end + + context 'when maximum job timeout is empty' do + it 'creates runner' do + post api('/runners'), token: registration_token, + maximum_timeout: '' + + expect(response).to have_gitlab_http_status 201 + expect(Ci::Runner.first.maximum_timeout).to be_nil + end + end + end + %w(name version revision platform architecture).each do |param| context "when info parameter '#{param}' info is present" do let(:value) { "#{param}_value" } @@ -199,22 +264,19 @@ describe API::Runner do describe '/api/v4/jobs' do let(:project) { create(:project, shared_runners_enabled: false) } let(:pipeline) { create(:ci_pipeline_without_jobs, project: project, ref: 'master') } - let(:runner) { create(:ci_runner) } - let!(:job) do + let(:runner) { create(:ci_runner, :project, projects: [project]) } + let(:job) do create(:ci_build, :artifacts, :extended_options, pipeline: pipeline, name: 'spinach', stage: 'test', stage_idx: 0, commands: "ls\ndate") end - before do - project.runners << runner - end - describe 'POST /api/v4/jobs/request' do let!(:last_update) {} let!(:new_update) { } let(:user_agent) { 'gitlab-runner 9.0.0 (9-0-stable; go1.7.4; linux/amd64)' } before do + job stub_container_registry_config(enabled: false) end @@ -289,11 +351,13 @@ describe API::Runner do context 'when valid token is provided' do context 'when Runner is not active' do let(:runner) { create(:ci_runner, :inactive) } + let(:update_value) { runner.ensure_runner_queue_value } it 'returns 204 error' do request_job - expect(response).to have_gitlab_http_status 204 + expect(response).to have_gitlab_http_status(204) + expect(response.header['X-GitLab-Last-Update']).to eq(update_value) end end @@ -315,7 +379,7 @@ describe API::Runner do end context 'when shared runner requests job for project without shared_runners_enabled' do - let(:runner) { create(:ci_runner, :shared) } + let(:runner) { create(:ci_runner, :instance) } it_behaves_like 'no jobs available' end @@ -339,12 +403,12 @@ describe API::Runner do let(:expected_steps) do [{ 'name' => 'script', 'script' => %w(ls date), - 'timeout' => job.timeout, + 'timeout' => job.metadata_timeout, 'when' => 'on_success', 'allow_failure' => false }, { 'name' => 'after_script', 'script' => %w(ls date), - 'timeout' => job.timeout, + 'timeout' => job.metadata_timeout, 'when' => 'always', 'allow_failure' => true }] end @@ -385,7 +449,7 @@ describe API::Runner do expect(json_response['image']).to eq({ 'name' => 'ruby:2.1', 'entrypoint' => '/bin/sh' }) expect(json_response['services']).to eq([{ 'name' => 'postgres', 'entrypoint' => nil, 'alias' => nil, 'command' => nil }, - { 'name' => 'docker:dind', 'entrypoint' => '/bin/sh', + { 'name' => 'docker:stable-dind', 'entrypoint' => '/bin/sh', 'alias' => 'docker', 'command' => 'sleep 30' }]) expect(json_response['steps']).to eq(expected_steps) expect(json_response['artifacts']).to eq(expected_artifacts) @@ -647,6 +711,41 @@ describe API::Runner do end end end + + describe 'timeout support' do + context 'when project specifies job timeout' do + let(:project) { create(:project, shared_runners_enabled: false, build_timeout: 1234) } + + it 'contains info about timeout taken from project' do + request_job + + expect(response).to have_gitlab_http_status(201) + expect(json_response['runner_info']).to include({ 'timeout' => 1234 }) + end + + context 'when runner specifies lower timeout' do + let(:runner) { create(:ci_runner, :project, maximum_timeout: 1000, projects: [project]) } + + it 'contains info about timeout overridden by runner' do + request_job + + expect(response).to have_gitlab_http_status(201) + expect(json_response['runner_info']).to include({ 'timeout' => 1000 }) + end + end + + context 'when runner specifies bigger timeout' do + let(:runner) { create(:ci_runner, :project, maximum_timeout: 2000, projects: [project]) } + + it 'contains info about timeout not overridden by runner' do + request_job + + expect(response).to have_gitlab_http_status(201) + expect(json_response['runner_info']).to include({ 'timeout' => 1234 }) + end + end + end + end end def request_job(token = runner.token, **params) @@ -719,6 +818,18 @@ describe API::Runner do expect(job.reload.trace.raw).to eq 'BUILD TRACE' end + + context 'when running state is sent' do + it 'updates update_at value' do + expect { update_job_after_time }.to change { job.reload.updated_at } + end + end + + context 'when other state is sent' do + it "doesn't update update_at value" do + expect { update_job_after_time(20.minutes, state: 'success') }.not_to change { job.reload.updated_at } + end + end end context 'when job has been erased' do @@ -731,10 +842,32 @@ describe API::Runner do end end + context 'when job has already been finished' do + before do + job.trace.set('Job failed') + job.drop!(:script_failure) + end + + it 'does not update job status and job trace' do + update_job(state: 'success', trace: 'BUILD TRACE UPDATED') + + expect(response).to have_gitlab_http_status(403) + expect(response.header['Job-Status']).to eq 'failed' + expect(job.trace.raw).to eq 'Job failed' + expect(job).to be_failed + end + end + def update_job(token = job.token, **params) new_params = params.merge(token: token) put api("/jobs/#{job.id}"), new_params end + + def update_job_after_time(update_interval = 20.minutes, state = 'running') + Timecop.travel(job.updated_at + update_interval) do + update_job(job.token, state: state) + end + end end describe 'PATCH /api/v4/jobs/:id/trace' do @@ -808,6 +941,76 @@ describe API::Runner do expect(response.status).to eq(403) end end + + context 'when trace is patched' do + before do + patch_the_trace + end + + it 'has valid trace' do + expect(response.status).to eq(202) + expect(job.reload.trace.raw).to eq 'BUILD TRACE appended appended' + end + + context 'when job is cancelled' do + before do + job.cancel + end + + context 'when trace is patched' do + before do + patch_the_trace + end + + it 'returns Forbidden ' do + expect(response.status).to eq(403) + end + end + end + + context 'when redis data are flushed' do + before do + redis_shared_state_cleanup! + end + + it 'has empty trace' do + expect(job.reload.trace.raw).to eq '' + end + + context 'when we perform partial patch' do + before do + patch_the_trace('hello', headers.merge({ 'Content-Range' => "28-32/5" })) + end + + it 'returns an error' do + expect(response.status).to eq(416) + expect(response.header['Range']).to eq('0-0') + end + end + + context 'when we resend full trace' do + before do + patch_the_trace('BUILD TRACE appended appended hello', headers.merge({ 'Content-Range' => "0-34/35" })) + end + + it 'succeeds with updating trace' do + expect(response.status).to eq(202) + expect(job.reload.trace.raw).to eq 'BUILD TRACE appended appended hello' + end + end + end + end + + context 'when the job is canceled' do + before do + job.cancel + patch_the_trace + end + + it 'receives status in header' do + expect(response.header['Job-Status']).to eq 'canceled' + end + end end context 'when Runner makes a force-patch' do @@ -824,7 +1027,7 @@ describe API::Runner do end context 'when content-range start is too big' do - let(:headers_with_range) { headers.merge({ 'Content-Range' => '15-20' }) } + let(:headers_with_range) { headers.merge({ 'Content-Range' => '15-20/6' }) } it 'gets 416 error response with range headers' do expect(response.status).to eq 416 @@ -834,7 +1037,7 @@ describe API::Runner do end context 'when content-range start is too small' do - let(:headers_with_range) { headers.merge({ 'Content-Range' => '8-20' }) } + let(:headers_with_range) { headers.merge({ 'Content-Range' => '8-20/13' }) } it 'gets 416 error response with range headers' do expect(response.status).to eq 416 @@ -884,21 +1087,64 @@ describe API::Runner do let(:jwt_token) { JWT.encode({ 'iss' => 'gitlab-workhorse' }, Gitlab::Workhorse.secret, 'HS256') } let(:headers) { { 'GitLab-Workhorse' => '1.0', Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER => jwt_token } } let(:headers_with_token) { headers.merge(API::Helpers::Runner::JOB_TOKEN_HEADER => job.token) } - let(:file_upload) { fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') } - let(:file_upload2) { fixture_file_upload(Rails.root + 'spec/fixtures/dk.png', 'image/gif') } + let(:file_upload) { fixture_file_upload('spec/fixtures/banana_sample.gif', 'image/gif') } + let(:file_upload2) { fixture_file_upload('spec/fixtures/dk.png', 'image/gif') } before do + stub_artifacts_object_storage job.run! end describe 'POST /api/v4/jobs/:id/artifacts/authorize' do context 'when using token as parameter' do - it 'authorizes posting artifacts to running job' do - authorize_artifacts_with_token_in_params + context 'posting artifacts to running job' do + subject do + authorize_artifacts_with_token_in_params + end - expect(response).to have_gitlab_http_status(200) - expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE) - expect(json_response['TempPath']).not_to be_nil + shared_examples 'authorizes local file' do + it 'succeeds' do + subject + + expect(response).to have_gitlab_http_status(200) + expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE) + expect(json_response['TempPath']).to eq(JobArtifactUploader.workhorse_local_upload_path) + expect(json_response['RemoteObject']).to be_nil + end + end + + context 'when using local storage' do + it_behaves_like 'authorizes local file' + end + + context 'when using remote storage' do + context 'when direct upload is enabled' do + before do + stub_artifacts_object_storage(enabled: true, direct_upload: true) + end + + it 'succeeds' do + subject + + expect(response).to have_gitlab_http_status(200) + expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE) + expect(json_response['TempPath']).to eq(JobArtifactUploader.workhorse_local_upload_path) + expect(json_response['RemoteObject']).to have_key('ID') + expect(json_response['RemoteObject']).to have_key('GetURL') + expect(json_response['RemoteObject']).to have_key('StoreURL') + expect(json_response['RemoteObject']).to have_key('DeleteURL') + expect(json_response['RemoteObject']).to have_key('MultipartUpload') + end + end + + context 'when direct upload is disabled' do + before do + stub_artifacts_object_storage(enabled: true, direct_upload: false) + end + + it_behaves_like 'authorizes local file' + end + end end it 'fails to post too large artifact' do @@ -994,20 +1240,45 @@ describe API::Runner do end end - context 'when uses regular file post' do - before do - upload_artifacts(file_upload, headers_with_token, false) + context 'when uses accelerated file post' do + context 'for file stored locally' do + before do + upload_artifacts(file_upload, headers_with_token) + end + + it_behaves_like 'successful artifacts upload' end - it_behaves_like 'successful artifacts upload' - end + context 'for file stored remotelly' do + let!(:fog_connection) do + stub_artifacts_object_storage(direct_upload: true) + end - context 'when uses accelerated file post' do - before do - upload_artifacts(file_upload, headers_with_token, true) - end + before do + fog_connection.directories.get('artifacts').files.create( + key: 'tmp/uploads/12312300', + body: 'content' + ) + + upload_artifacts(file_upload, headers_with_token, + { 'file.remote_id' => remote_id }) + end + + context 'when valid remote_id is used' do + let(:remote_id) { '12312300' } + + it_behaves_like 'successful artifacts upload' + end + + context 'when invalid remote_id is used' do + let(:remote_id) { 'invalid id' } - it_behaves_like 'successful artifacts upload' + it 'responds with bad request' do + expect(response).to have_gitlab_http_status(500) + expect(json_response['message']).to eq("Missing file") + end + end + end end context 'when using runners token' do @@ -1102,11 +1373,13 @@ describe API::Runner do let!(:artifacts) { file_upload } let!(:artifacts_sha256) { Digest::SHA256.file(artifacts.path).hexdigest } let!(:metadata) { file_upload2 } + let!(:metadata_sha256) { Digest::SHA256.file(metadata.path).hexdigest } let(:stored_artifacts_file) { job.reload.artifacts_file.file } let(:stored_metadata_file) { job.reload.artifacts_metadata.file } let(:stored_artifacts_size) { job.reload.artifacts_size } let(:stored_artifacts_sha256) { job.reload.job_artifacts_archive.file_sha256 } + let(:stored_metadata_sha256) { job.reload.job_artifacts_metadata.file_sha256 } before do post(api("/jobs/#{job.id}/artifacts"), post_data, headers_with_token) @@ -1118,7 +1391,8 @@ describe API::Runner do 'file.name' => artifacts.original_filename, 'file.sha256' => artifacts_sha256, 'metadata.path' => metadata.path, - 'metadata.name' => metadata.original_filename } + 'metadata.name' => metadata.original_filename, + 'metadata.sha256' => metadata_sha256 } end it 'stores artifacts and artifacts metadata' do @@ -1127,6 +1401,7 @@ describe API::Runner do expect(stored_metadata_file.original_filename).to eq(metadata.original_filename) expect(stored_artifacts_size).to eq(72821) expect(stored_artifacts_sha256).to eq(artifacts_sha256) + expect(stored_metadata_sha256).to eq(metadata_sha256) end end @@ -1147,15 +1422,19 @@ describe API::Runner do end context 'when artifacts are being stored outside of tmp path' do + let(:new_tmpdir) { Dir.mktmpdir } + before do + # init before overwriting tmp dir + file_upload + # by configuring this path we allow to pass file from @tmpdir only # but all temporary files are stored in system tmp directory - @tmpdir = Dir.mktmpdir - allow(JobArtifactUploader).to receive(:workhorse_upload_path).and_return(@tmpdir) + allow(Dir).to receive(:tmpdir).and_return(new_tmpdir) end after do - FileUtils.remove_entry @tmpdir + FileUtils.remove_entry(new_tmpdir) end it' "fails to post artifacts for outside of tmp path"' do @@ -1165,12 +1444,11 @@ describe API::Runner do end end - def upload_artifacts(file, headers = {}, accelerated = true) - params = if accelerated - { 'file.path' => file.path, 'file.name' => file.original_filename } - else - { 'file' => file } - end + def upload_artifacts(file, headers = {}, params = {}) + params = params.merge({ + 'file.path' => file.path, + 'file.name' => file.original_filename + }) post api("/jobs/#{job.id}/artifacts"), params, headers end @@ -1179,27 +1457,67 @@ describe API::Runner do describe 'GET /api/v4/jobs/:id/artifacts' do let(:token) { job.token } - before do - download_artifact - end - context 'when job has artifacts' do - let(:job) { create(:ci_build, :artifacts) } - let(:download_headers) do - { 'Content-Transfer-Encoding' => 'binary', - 'Content-Disposition' => 'attachment; filename=ci_build_artifacts.zip' } + let(:job) { create(:ci_build) } + let(:store) { JobArtifactUploader::Store::LOCAL } + + before do + create(:ci_job_artifact, :archive, file_store: store, job: job) end context 'when using job token' do - it 'download artifacts' do - expect(response).to have_gitlab_http_status(200) - expect(response.headers).to include download_headers + context 'when artifacts are stored locally' do + let(:download_headers) do + { 'Content-Transfer-Encoding' => 'binary', + 'Content-Disposition' => 'attachment; filename=ci_build_artifacts.zip' } + end + + before do + download_artifact + end + + it 'download artifacts' do + expect(response).to have_http_status(200) + expect(response.headers.to_h).to include download_headers + end + end + + context 'when artifacts are stored remotely' do + let(:store) { JobArtifactUploader::Store::REMOTE } + let!(:job) { create(:ci_build) } + + context 'when proxy download is being used' do + before do + download_artifact(direct_download: false) + end + + it 'uses workhorse send-url' do + expect(response).to have_gitlab_http_status(200) + expect(response.headers.to_h).to include( + 'Gitlab-Workhorse-Send-Data' => /send-url:/) + end + end + + context 'when direct download is being used' do + before do + download_artifact(direct_download: true) + end + + it 'receive redirect for downloading artifacts' do + expect(response).to have_gitlab_http_status(302) + expect(response.headers).to include('Location') + end + end end end context 'when using runnners token' do let(:token) { job.project.runners_token } + before do + download_artifact + end + it 'responds with forbidden' do expect(response).to have_gitlab_http_status(403) end @@ -1208,12 +1526,16 @@ describe API::Runner do context 'when job does not has artifacts' do it 'responds with not found' do + download_artifact + expect(response).to have_gitlab_http_status(404) end end def download_artifact(params = {}, request_headers = headers) params = params.merge(token: token) + job.reload + get api("/jobs/#{job.id}/artifacts"), params, request_headers end end diff --git a/spec/requests/api/runners_spec.rb b/spec/requests/api/runners_spec.rb index ec5cad4f4fd..0c7937feed6 100644 --- a/spec/requests/api/runners_spec.rb +++ b/spec/requests/api/runners_spec.rb @@ -8,21 +8,13 @@ describe API::Runners do let(:project) { create(:project, creator_id: user.id) } let(:project2) { create(:project, creator_id: user.id) } - let!(:shared_runner) { create(:ci_runner, :shared) } - let!(:unused_specific_runner) { create(:ci_runner) } + let(:group) { create(:group).tap { |group| group.add_owner(user) } } + let(:group2) { create(:group).tap { |group| group.add_owner(user) } } - let!(:specific_runner) do - create(:ci_runner).tap do |runner| - create(:ci_runner_project, runner: runner, project: project) - end - end - - let!(:two_projects_runner) do - create(:ci_runner).tap do |runner| - create(:ci_runner_project, runner: runner, project: project) - create(:ci_runner_project, runner: runner, project: project2) - end - end + let!(:shared_runner) { create(:ci_runner, :instance, description: 'Shared runner') } + let!(:project_runner) { create(:ci_runner, :project, description: 'Project runner', projects: [project]) } + let!(:two_projects_runner) { create(:ci_runner, :project, description: 'Two projects runner', projects: [project, project2]) } + let!(:group_runner) { create(:ci_runner, :group, description: 'Group runner', groups: [group]) } before do # Set project access for users @@ -37,9 +29,14 @@ describe API::Runners do get api('/runners', user) shared = json_response.any? { |r| r['is_shared'] } + descriptions = json_response.map { |runner| runner['description'] } expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers expect(json_response).to be_an Array + expect(json_response[0]).to have_key('ip_address') + expect(descriptions).to contain_exactly( + 'Project runner', 'Two projects runner', 'Group runner' + ) expect(shared).to be_falsey end @@ -50,6 +47,7 @@ describe API::Runners do expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers expect(json_response).to be_an Array + expect(json_response[0]).to have_key('ip_address') expect(shared).to be_falsey end @@ -78,6 +76,7 @@ describe API::Runners do expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers expect(json_response).to be_an Array + expect(json_response[0]).to have_key('ip_address') expect(shared).to be_truthy end end @@ -97,6 +96,7 @@ describe API::Runners do expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers expect(json_response).to be_an Array + expect(json_response[0]).to have_key('ip_address') expect(shared).to be_falsey end @@ -123,15 +123,34 @@ describe API::Runners do expect(response).to have_gitlab_http_status(200) expect(json_response['description']).to eq(shared_runner.description) + expect(json_response['maximum_timeout']).to be_nil end end context 'when runner is not shared' do + context 'when unused runner is present' do + let!(:unused_project_runner) { create(:ci_runner, :project, :without_projects) } + + it 'deletes unused runner' do + expect do + delete api("/runners/#{unused_project_runner.id}", admin) + + expect(response).to have_gitlab_http_status(204) + end.to change { Ci::Runner.specific.count }.by(-1) + end + end + it "returns runner's details" do - get api("/runners/#{specific_runner.id}", admin) + get api("/runners/#{project_runner.id}", admin) expect(response).to have_gitlab_http_status(200) - expect(json_response['description']).to eq(specific_runner.description) + expect(json_response['description']).to eq(project_runner.description) + end + + it "returns the project's details for a project runner" do + get api("/runners/#{project_runner.id}", admin) + + expect(json_response['projects'].first['id']).to eq(project.id) end end @@ -145,10 +164,10 @@ describe API::Runners do context "runner project's administrative user" do context 'when runner is not shared' do it "returns runner's details" do - get api("/runners/#{specific_runner.id}", user) + get api("/runners/#{project_runner.id}", user) expect(response).to have_gitlab_http_status(200) - expect(json_response['description']).to eq(specific_runner.description) + expect(json_response['description']).to eq(project_runner.description) end end @@ -163,18 +182,18 @@ describe API::Runners do end context 'other authorized user' do - it "does not return runner's details" do - get api("/runners/#{specific_runner.id}", user2) + it "does not return project runner's details" do + get api("/runners/#{project_runner.id}", user2) - expect(response).to have_gitlab_http_status(403) + expect(response).to have_http_status(403) end end context 'unauthorized user' do - it "does not return runner's details" do - get api("/runners/#{specific_runner.id}") + it "does not return project runner's details" do + get api("/runners/#{project_runner.id}") - expect(response).to have_gitlab_http_status(401) + expect(response).to have_http_status(401) end end end @@ -192,7 +211,8 @@ describe API::Runners do tag_list: ['ruby2.1', 'pgsql', 'mysql'], run_untagged: 'false', locked: 'true', - access_level: 'ref_protected') + access_level: 'ref_protected', + maximum_timeout: 1234) shared_runner.reload expect(response).to have_gitlab_http_status(200) @@ -204,21 +224,22 @@ describe API::Runners do expect(shared_runner.ref_protected?).to be_truthy expect(shared_runner.ensure_runner_queue_value) .not_to eq(runner_queue_value) + expect(shared_runner.maximum_timeout).to eq(1234) end end context 'when runner is not shared' do it 'updates runner' do - description = specific_runner.description - runner_queue_value = specific_runner.ensure_runner_queue_value + description = project_runner.description + runner_queue_value = project_runner.ensure_runner_queue_value - update_runner(specific_runner.id, admin, description: 'test') - specific_runner.reload + update_runner(project_runner.id, admin, description: 'test') + project_runner.reload expect(response).to have_gitlab_http_status(200) - expect(specific_runner.description).to eq('test') - expect(specific_runner.description).not_to eq(description) - expect(specific_runner.ensure_runner_queue_value) + expect(project_runner.description).to eq('test') + expect(project_runner.description).not_to eq(description) + expect(project_runner.ensure_runner_queue_value) .not_to eq(runner_queue_value) end end @@ -244,29 +265,29 @@ describe API::Runners do end context 'when runner is not shared' do - it 'does not update runner without access to it' do - put api("/runners/#{specific_runner.id}", user2), description: 'test' + it 'does not update project runner without access to it' do + put api("/runners/#{project_runner.id}", user2), description: 'test' - expect(response).to have_gitlab_http_status(403) + expect(response).to have_http_status(403) end - it 'updates runner with access to it' do - description = specific_runner.description - put api("/runners/#{specific_runner.id}", admin), description: 'test' - specific_runner.reload + it 'updates project runner with access to it' do + description = project_runner.description + put api("/runners/#{project_runner.id}", admin), description: 'test' + project_runner.reload expect(response).to have_gitlab_http_status(200) - expect(specific_runner.description).to eq('test') - expect(specific_runner.description).not_to eq(description) + expect(project_runner.description).to eq('test') + expect(project_runner.description).not_to eq(description) end end end context 'unauthorized user' do - it 'does not delete runner' do - put api("/runners/#{specific_runner.id}") + it 'does not delete project runner' do + put api("/runners/#{project_runner.id}") - expect(response).to have_gitlab_http_status(401) + expect(response).to have_http_status(401) end end end @@ -288,19 +309,11 @@ describe API::Runners do end context 'when runner is not shared' do - it 'deletes unused runner' do + it 'deletes used project runner' do expect do - delete api("/runners/#{unused_specific_runner.id}", admin) + delete api("/runners/#{project_runner.id}", admin) - expect(response).to have_gitlab_http_status(204) - end.to change { Ci::Runner.specific.count }.by(-1) - end - - it 'deletes used runner' do - expect do - delete api("/runners/#{specific_runner.id}", admin) - - expect(response).to have_gitlab_http_status(204) + expect(response).to have_http_status(204) end.to change { Ci::Runner.specific.count }.by(-1) end end @@ -322,34 +335,34 @@ describe API::Runners do context 'when runner is not shared' do it 'does not delete runner without access to it' do - delete api("/runners/#{specific_runner.id}", user2) + delete api("/runners/#{project_runner.id}", user2) expect(response).to have_gitlab_http_status(403) end - it 'does not delete runner with more than one associated project' do + it 'does not delete project runner with more than one associated project' do delete api("/runners/#{two_projects_runner.id}", user) expect(response).to have_gitlab_http_status(403) end - it 'deletes runner for one owned project' do + it 'deletes project runner for one owned project' do expect do - delete api("/runners/#{specific_runner.id}", user) + delete api("/runners/#{project_runner.id}", user) - expect(response).to have_gitlab_http_status(204) + expect(response).to have_http_status(204) end.to change { Ci::Runner.specific.count }.by(-1) end it_behaves_like '412 response' do - let(:request) { api("/runners/#{specific_runner.id}", user) } + let(:request) { api("/runners/#{project_runner.id}", user) } end end end context 'unauthorized user' do - it 'does not delete runner' do - delete api("/runners/#{specific_runner.id}") + it 'does not delete project runner' do + delete api("/runners/#{project_runner.id}") - expect(response).to have_gitlab_http_status(401) + expect(response).to have_http_status(401) end end end @@ -358,8 +371,8 @@ describe API::Runners do set(:job_1) { create(:ci_build) } let!(:job_2) { create(:ci_build, :running, runner: shared_runner, project: project) } let!(:job_3) { create(:ci_build, :failed, runner: shared_runner, project: project) } - let!(:job_4) { create(:ci_build, :running, runner: specific_runner, project: project) } - let!(:job_5) { create(:ci_build, :failed, runner: specific_runner, project: project) } + let!(:job_4) { create(:ci_build, :running, runner: project_runner, project: project) } + let!(:job_5) { create(:ci_build, :failed, runner: project_runner, project: project) } context 'admin user' do context 'when runner exists' do @@ -377,7 +390,7 @@ describe API::Runners do context 'when runner is specific' do it 'return jobs' do - get api("/runners/#{specific_runner.id}/jobs", admin) + get api("/runners/#{project_runner.id}/jobs", admin) expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers @@ -389,7 +402,7 @@ describe API::Runners do context 'when valid status is provided' do it 'return filtered jobs' do - get api("/runners/#{specific_runner.id}/jobs?status=failed", admin) + get api("/runners/#{project_runner.id}/jobs?status=failed", admin) expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers @@ -402,7 +415,7 @@ describe API::Runners do context 'when invalid status is provided' do it 'return 400' do - get api("/runners/#{specific_runner.id}/jobs?status=non-existing", admin) + get api("/runners/#{project_runner.id}/jobs?status=non-existing", admin) expect(response).to have_gitlab_http_status(400) end @@ -430,7 +443,7 @@ describe API::Runners do context 'when runner is specific' do it 'return jobs' do - get api("/runners/#{specific_runner.id}/jobs", user) + get api("/runners/#{project_runner.id}/jobs", user) expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers @@ -442,7 +455,7 @@ describe API::Runners do context 'when valid status is provided' do it 'return filtered jobs' do - get api("/runners/#{specific_runner.id}/jobs?status=failed", user) + get api("/runners/#{project_runner.id}/jobs?status=failed", user) expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers @@ -455,7 +468,7 @@ describe API::Runners do context 'when invalid status is provided' do it 'return 400' do - get api("/runners/#{specific_runner.id}/jobs?status=non-existing", user) + get api("/runners/#{project_runner.id}/jobs?status=non-existing", user) expect(response).to have_gitlab_http_status(400) end @@ -473,7 +486,7 @@ describe API::Runners do context 'other authorized user' do it 'does not return jobs' do - get api("/runners/#{specific_runner.id}/jobs", user2) + get api("/runners/#{project_runner.id}/jobs", user2) expect(response).to have_gitlab_http_status(403) end @@ -481,7 +494,7 @@ describe API::Runners do context 'unauthorized user' do it 'does not return jobs' do - get api("/runners/#{specific_runner.id}/jobs") + get api("/runners/#{project_runner.id}/jobs") expect(response).to have_gitlab_http_status(401) end @@ -497,6 +510,7 @@ describe API::Runners do expect(response).to have_gitlab_http_status(200) expect(response).to include_pagination_headers expect(json_response).to be_an Array + expect(json_response[0]).to have_key('ip_address') expect(shared).to be_truthy end end @@ -520,31 +534,27 @@ describe API::Runners do describe 'POST /projects/:id/runners' do context 'authorized user' do - let(:specific_runner2) do - create(:ci_runner).tap do |runner| - create(:ci_runner_project, runner: runner, project: project2) - end - end + let(:project_runner2) { create(:ci_runner, :project, projects: [project2]) } it 'enables specific runner' do expect do - post api("/projects/#{project.id}/runners", user), runner_id: specific_runner2.id + post api("/projects/#{project.id}/runners", user), runner_id: project_runner2.id end.to change { project.runners.count }.by(+1) expect(response).to have_gitlab_http_status(201) end it 'avoids changes when enabling already enabled runner' do expect do - post api("/projects/#{project.id}/runners", user), runner_id: specific_runner.id + post api("/projects/#{project.id}/runners", user), runner_id: project_runner.id end.to change { project.runners.count }.by(0) - expect(response).to have_gitlab_http_status(409) + expect(response).to have_gitlab_http_status(400) end it 'does not enable locked runner' do - specific_runner2.update(locked: true) + project_runner2.update(locked: true) expect do - post api("/projects/#{project.id}/runners", user), runner_id: specific_runner2.id + post api("/projects/#{project.id}/runners", user), runner_id: project_runner2.id end.to change { project.runners.count }.by(0) expect(response).to have_gitlab_http_status(403) @@ -556,20 +566,31 @@ describe API::Runners do expect(response).to have_gitlab_http_status(403) end + it 'does not enable group runner' do + post api("/projects/#{project.id}/runners", user), runner_id: group_runner.id + + expect(response).to have_http_status(403) + end + context 'user is admin' do - it 'enables any specific runner' do - expect do - post api("/projects/#{project.id}/runners", admin), runner_id: unused_specific_runner.id - end.to change { project.runners.count }.by(+1) - expect(response).to have_gitlab_http_status(201) + context 'when project runner is used' do + let!(:new_project_runner) { create(:ci_runner, :project) } + + it 'enables any specific runner' do + expect do + post api("/projects/#{project.id}/runners", admin), runner_id: new_project_runner.id + end.to change { project.runners.count }.by(+1) + expect(response).to have_gitlab_http_status(201) + end end - end - context 'user is not admin' do - it 'does not enable runner without access to' do - post api("/projects/#{project.id}/runners", user), runner_id: unused_specific_runner.id + it 'enables a shared runner' do + expect do + post api("/projects/#{project.id}/runners", admin), runner_id: shared_runner.id + end.to change { project.runners.count }.by(1) - expect(response).to have_gitlab_http_status(403) + expect(shared_runner.reload).not_to be_shared + expect(response).to have_gitlab_http_status(201) end end @@ -580,6 +601,16 @@ describe API::Runners do end end + context 'user is not admin' do + let!(:new_project_runner) { create(:ci_runner, :project) } + + it 'does not enable runner without access to' do + post api("/projects/#{project.id}/runners", user), runner_id: new_project_runner.id + + expect(response).to have_gitlab_http_status(403) + end + end + context 'authorized user without permissions' do it 'does not enable runner' do post api("/projects/#{project.id}/runners", user2) @@ -616,7 +647,7 @@ describe API::Runners do context 'when runner have one associated projects' do it "does not disable project's runner" do expect do - delete api("/projects/#{project.id}/runners/#{specific_runner.id}", user) + delete api("/projects/#{project.id}/runners/#{project_runner.id}", user) end.to change { project.runners.count }.by(0) expect(response).to have_gitlab_http_status(403) end @@ -631,7 +662,7 @@ describe API::Runners do context 'authorized user without permissions' do it "does not disable project's runner" do - delete api("/projects/#{project.id}/runners/#{specific_runner.id}", user2) + delete api("/projects/#{project.id}/runners/#{project_runner.id}", user2) expect(response).to have_gitlab_http_status(403) end @@ -639,7 +670,7 @@ describe API::Runners do context 'unauthorized user' do it "does not disable project's runner" do - delete api("/projects/#{project.id}/runners/#{specific_runner.id}") + delete api("/projects/#{project.id}/runners/#{project_runner.id}") expect(response).to have_gitlab_http_status(401) end diff --git a/spec/requests/api/search_spec.rb b/spec/requests/api/search_spec.rb index f8d5258a8d9..f8e468be170 100644 --- a/spec/requests/api/search_spec.rb +++ b/spec/requests/api/search_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' describe API::Search do set(:user) { create(:user) } set(:group) { create(:group) } - set(:project) { create(:project, :public, name: 'awesome project', group: group) } + set(:project) { create(:project, :wiki_repo, :public, name: 'awesome project', group: group) } set(:repo_project) { create(:project, :public, :repository, group: group) } shared_examples 'response is correct' do |schema:, size: 1| @@ -312,6 +312,30 @@ describe API::Search do end it_behaves_like 'response is correct', schema: 'public_api/v4/blobs', size: 2 + + context 'filters' do + it 'by filename' do + get api("/projects/#{repo_project.id}/search", user), scope: 'blobs', search: 'mon filename:PROCESS.md' + + expect(response).to have_gitlab_http_status(200) + expect(json_response.size).to eq(2) + expect(json_response.first['filename']).to eq('PROCESS.md') + end + + it 'by path' do + get api("/projects/#{repo_project.id}/search", user), scope: 'blobs', search: 'mon path:markdown' + + expect(response).to have_gitlab_http_status(200) + expect(json_response.size).to eq(8) + end + + it 'by extension' do + get api("/projects/#{repo_project.id}/search", user), scope: 'blobs', search: 'mon extension:md' + + expect(response).to have_gitlab_http_status(200) + expect(json_response.size).to eq(11) + end + end end end end diff --git a/spec/requests/api/settings_spec.rb b/spec/requests/api/settings_spec.rb index 015d4b9a491..57adc3ca7a6 100644 --- a/spec/requests/api/settings_spec.rb +++ b/spec/requests/api/settings_spec.rb @@ -24,13 +24,20 @@ describe API::Settings, 'Settings' do expect(json_response['ecdsa_key_restriction']).to eq(0) expect(json_response['ed25519_key_restriction']).to eq(0) expect(json_response['circuitbreaker_failure_count_threshold']).not_to be_nil + expect(json_response['performance_bar_allowed_group_id']).to be_nil + expect(json_response).not_to have_key('performance_bar_allowed_group_path') + expect(json_response).not_to have_key('performance_bar_enabled') end end describe "PUT /application/settings" do + let(:group) { create(:group) } + context "custom repository storage type set in the config" do before do - storages = { 'custom' => 'tmp/tests/custom_repositories' } + # Add a possible storage to the config + storages = Gitlab.config.repositories.storages + .merge({ 'custom' => 'tmp/tests/custom_repositories' }) allow(Gitlab.config.repositories).to receive(:storages).and_return(storages) end @@ -54,7 +61,10 @@ describe API::Settings, 'Settings' do dsa_key_restriction: 2048, ecdsa_key_restriction: 384, ed25519_key_restriction: 256, - circuitbreaker_check_interval: 2 + circuitbreaker_check_interval: 2, + enforce_terms: true, + terms: 'Hello world!', + performance_bar_allowed_group_path: group.full_path expect(response).to have_gitlab_http_status(200) expect(json_response['default_projects_limit']).to eq(3) @@ -76,9 +86,29 @@ describe API::Settings, 'Settings' do expect(json_response['ecdsa_key_restriction']).to eq(384) expect(json_response['ed25519_key_restriction']).to eq(256) expect(json_response['circuitbreaker_check_interval']).to eq(2) + expect(json_response['enforce_terms']).to be(true) + expect(json_response['terms']).to eq('Hello world!') + expect(json_response['performance_bar_allowed_group_id']).to eq(group.id) end end + it "supports legacy performance_bar_allowed_group_id" do + put api("/application/settings", admin), + performance_bar_allowed_group_id: group.full_path + + expect(response).to have_gitlab_http_status(200) + expect(json_response['performance_bar_allowed_group_id']).to eq(group.id) + end + + it "supports legacy performance_bar_enabled" do + put api("/application/settings", admin), + performance_bar_enabled: false, + performance_bar_allowed_group_id: group.full_path + + expect(response).to have_gitlab_http_status(200) + expect(json_response['performance_bar_allowed_group_id']).to be_nil + end + context "missing koding_url value when koding_enabled is true" do it "returns a blank parameter error message" do put api("/application/settings", admin), koding_enabled: true diff --git a/spec/requests/api/snippets_spec.rb b/spec/requests/api/snippets_spec.rb index b3e253befc6..c5456977b60 100644 --- a/spec/requests/api/snippets_spec.rb +++ b/spec/requests/api/snippets_spec.rb @@ -20,6 +20,7 @@ describe API::Snippets do private_snippet.id) expect(json_response.last).to have_key('web_url') expect(json_response.last).to have_key('raw_url') + expect(json_response.last).to have_key('visibility') end it 'hides private snippets from regular user' do @@ -112,6 +113,7 @@ describe API::Snippets do expect(json_response['title']).to eq(snippet.title) expect(json_response['description']).to eq(snippet.description) expect(json_response['file_name']).to eq(snippet.file_name) + expect(json_response['visibility']).to eq(snippet.visibility) end it 'returns 404 for invalid snippet id' do @@ -142,6 +144,7 @@ describe API::Snippets do expect(json_response['title']).to eq(params[:title]) expect(json_response['description']).to eq(params[:description]) expect(json_response['file_name']).to eq(params[:file_name]) + expect(json_response['visibility']).to eq(params[:visibility]) end it 'returns 400 for missing parameters' do diff --git a/spec/requests/api/tags_spec.rb b/spec/requests/api/tags_spec.rb index e2b19ad59f9..969710d6613 100644 --- a/spec/requests/api/tags_spec.rb +++ b/spec/requests/api/tags_spec.rb @@ -287,7 +287,10 @@ describe API::Tags do context 'annotated tag' do it 'creates a new annotated tag' do # Identity must be set in .gitconfig to create annotated tag. - repo_path = project.repository.path_to_repo + repo_path = Gitlab::GitalyClient::StorageSettings.allow_disk_access do + project.repository.path_to_repo + end + system(*%W(#{Gitlab.config.git.bin_path} --git-dir=#{repo_path} config user.name #{user.name})) system(*%W(#{Gitlab.config.git.bin_path} --git-dir=#{repo_path} config user.email #{user.email})) diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index f406d2ffb22..a97c3f3461a 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -212,6 +212,18 @@ describe API::Users do expect(json_response.last['id']).to eq(user.id) end + it 'returns users with 2fa enabled' do + admin + user + user_with_2fa = create(:user, :two_factor_via_otp) + + get api('/users', admin), { two_factor: 'enabled' } + + expect(response).to match_response_schema('public_api/v4/user/admins') + expect(json_response.size).to eq(1) + expect(json_response.first['id']).to eq(user_with_2fa.id) + end + it 'returns 400 when provided incorrect sort params' do get api('/users', admin), { order_by: 'magic', sort: 'asc' } @@ -476,10 +488,6 @@ describe API::Users do describe "PUT /users/:id" do let!(:admin_user) { create(:admin) } - before do - admin - end - it "updates user with new bio" do put api("/users/#{user.id}", admin), { bio: 'new test bio' } @@ -504,7 +512,7 @@ describe API::Users do end it 'updates user with avatar' do - put api("/users/#{user.id}", admin), { avatar: fixture_file_upload(Rails.root + 'spec/fixtures/banana_sample.gif', 'image/gif') } + put api("/users/#{user.id}", admin), { avatar: fixture_file_upload('spec/fixtures/banana_sample.gif', 'image/gif') } user.reload @@ -513,27 +521,28 @@ describe API::Users do expect(json_response['avatar_url']).to include(user.avatar_path) end - it 'updates user with his own email' do - put api("/users/#{user.id}", admin), email: user.email - - expect(response).to have_gitlab_http_status(200) - expect(json_response['email']).to eq(user.email) - expect(user.reload.email).to eq(user.email) - end - it 'updates user with a new email' do + old_email = user.email + old_notification_email = user.notification_email put api("/users/#{user.id}", admin), email: 'new@email.com' + user.reload + expect(response).to have_gitlab_http_status(200) - expect(user.reload.notification_email).to eq('new@email.com') + expect(user).to be_confirmed + expect(user.email).to eq(old_email) + expect(user.notification_email).to eq(old_notification_email) + expect(user.unconfirmed_email).to eq('new@email.com') end it 'skips reconfirmation when requested' do - put api("/users/#{user.id}", admin), { skip_reconfirmation: true } + put api("/users/#{user.id}", admin), email: 'new@email.com', skip_reconfirmation: true user.reload - expect(user.confirmed_at).to be_present + expect(response).to have_gitlab_http_status(200) + expect(user).to be_confirmed + expect(user.email).to eq('new@email.com') end it 'updates user with his own username' do @@ -1114,58 +1123,63 @@ describe API::Users do describe "GET /user" do let(:personal_access_token) { create(:personal_access_token, user: user).token } - context 'with regular user' do - context 'with personal access token' do - it 'returns 403 without private token when sudo is defined' do - get api("/user?private_token=#{personal_access_token}&sudo=123") + shared_examples 'get user info' do |version| + context 'with regular user' do + context 'with personal access token' do + it 'returns 403 without private token when sudo is defined' do + get api("/user?private_token=#{personal_access_token}&sudo=123", version: version) - expect(response).to have_gitlab_http_status(403) + expect(response).to have_gitlab_http_status(403) + end end - end - it 'returns current user without private token when sudo not defined' do - get api("/user", user) + it 'returns current user without private token when sudo not defined' do + get api("/user", user, version: version) - expect(response).to have_gitlab_http_status(200) - expect(response).to match_response_schema('public_api/v4/user/public') - expect(json_response['id']).to eq(user.id) - end + expect(response).to have_gitlab_http_status(200) + expect(response).to match_response_schema('public_api/v4/user/public') + expect(json_response['id']).to eq(user.id) + end - context "scopes" do - let(:path) { "/user" } - let(:api_call) { method(:api) } + context "scopes" do + let(:path) { "/user" } + let(:api_call) { method(:api) } - include_examples 'allows the "read_user" scope' + include_examples 'allows the "read_user" scope', version + end end - end - context 'with admin' do - let(:admin_personal_access_token) { create(:personal_access_token, user: admin).token } + context 'with admin' do + let(:admin_personal_access_token) { create(:personal_access_token, user: admin).token } - context 'with personal access token' do - it 'returns 403 without private token when sudo defined' do - get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}") + context 'with personal access token' do + it 'returns 403 without private token when sudo defined' do + get api("/user?private_token=#{admin_personal_access_token}&sudo=#{user.id}", version: version) - expect(response).to have_gitlab_http_status(403) - end + expect(response).to have_gitlab_http_status(403) + end - it 'returns initial current user without private token but with is_admin when sudo not defined' do - get api("/user?private_token=#{admin_personal_access_token}") + it 'returns initial current user without private token but with is_admin when sudo not defined' do + get api("/user?private_token=#{admin_personal_access_token}", version: version) - expect(response).to have_gitlab_http_status(200) - expect(response).to match_response_schema('public_api/v4/user/admin') - expect(json_response['id']).to eq(admin.id) + expect(response).to have_gitlab_http_status(200) + expect(response).to match_response_schema('public_api/v4/user/admin') + expect(json_response['id']).to eq(admin.id) + end end end - end - context 'with unauthenticated user' do - it "returns 401 error if user is unauthenticated" do - get api("/user") + context 'with unauthenticated user' do + it "returns 401 error if user is unauthenticated" do + get api("/user", version: version) - expect(response).to have_gitlab_http_status(401) + expect(response).to have_gitlab_http_status(401) + end end end + + it_behaves_like 'get user info', 'v3' + it_behaves_like 'get user info', 'v4' end describe "GET /user/keys" do diff --git a/spec/requests/api/v3/award_emoji_spec.rb b/spec/requests/api/v3/award_emoji_spec.rb deleted file mode 100644 index 6dc430676b0..00000000000 --- a/spec/requests/api/v3/award_emoji_spec.rb +++ /dev/null @@ -1,297 +0,0 @@ -require 'spec_helper' - -describe API::V3::AwardEmoji do - set(:user) { create(:user) } - set(:project) { create(:project) } - set(:issue) { create(:issue, project: project) } - set(:award_emoji) { create(:award_emoji, awardable: issue, user: user) } - let!(:merge_request) { create(:merge_request, source_project: project, target_project: project) } - let!(:downvote) { create(:award_emoji, :downvote, awardable: merge_request, user: user) } - set(:note) { create(:note, project: project, noteable: issue) } - - before { project.add_master(user) } - - describe "GET /projects/:id/awardable/:awardable_id/award_emoji" do - context 'on an issue' do - it "returns an array of award_emoji" do - get v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(award_emoji.name) - end - - it "returns a 404 error when issue id not found" do - get v3_api("/projects/#{project.id}/issues/12345/award_emoji", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'on a merge request' do - it "returns an array of award_emoji" do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/award_emoji", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(downvote.name) - end - end - - context 'on a snippet' do - let(:snippet) { create(:project_snippet, :public, project: project) } - let!(:award) { create(:award_emoji, awardable: snippet) } - - it 'returns the awarded emoji' do - get v3_api("/projects/#{project.id}/snippets/#{snippet.id}/award_emoji", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(award.name) - end - end - - context 'when the user has no access' do - it 'returns a status code 404' do - user1 = create(:user) - - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/award_emoji", user1) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe 'GET /projects/:id/awardable/:awardable_id/notes/:note_id/award_emoji' do - let!(:rocket) { create(:award_emoji, awardable: note, name: 'rocket') } - - it 'returns an array of award emoji' do - get v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/#{note.id}/award_emoji", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(rocket.name) - end - end - - describe "GET /projects/:id/awardable/:awardable_id/award_emoji/:award_id" do - context 'on an issue' do - it "returns the award emoji" do - get v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji/#{award_emoji.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq(award_emoji.name) - expect(json_response['awardable_id']).to eq(issue.id) - expect(json_response['awardable_type']).to eq("Issue") - end - - it "returns a 404 error if the award is not found" do - get v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji/12345", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'on a merge request' do - it 'returns the award emoji' do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/award_emoji/#{downvote.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq(downvote.name) - expect(json_response['awardable_id']).to eq(merge_request.id) - expect(json_response['awardable_type']).to eq("MergeRequest") - end - end - - context 'on a snippet' do - let(:snippet) { create(:project_snippet, :public, project: project) } - let!(:award) { create(:award_emoji, awardable: snippet) } - - it 'returns the awarded emoji' do - get v3_api("/projects/#{project.id}/snippets/#{snippet.id}/award_emoji/#{award.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq(award.name) - expect(json_response['awardable_id']).to eq(snippet.id) - expect(json_response['awardable_type']).to eq("Snippet") - end - end - - context 'when the user has no access' do - it 'returns a status code 404' do - user1 = create(:user) - - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/award_emoji/#{downvote.id}", user1) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe 'GET /projects/:id/awardable/:awardable_id/notes/:note_id/award_emoji/:award_id' do - let!(:rocket) { create(:award_emoji, awardable: note, name: 'rocket') } - - it 'returns an award emoji' do - get v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/#{note.id}/award_emoji/#{rocket.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).not_to be_an Array - expect(json_response['name']).to eq(rocket.name) - end - end - - describe "POST /projects/:id/awardable/:awardable_id/award_emoji" do - let(:issue2) { create(:issue, project: project, author: user) } - - context "on an issue" do - it "creates a new award emoji" do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji", user), name: 'blowfish' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['name']).to eq('blowfish') - expect(json_response['user']['username']).to eq(user.username) - end - - it "returns a 400 bad request error if the name is not given" do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji", user) - - expect(response).to have_gitlab_http_status(400) - end - - it "returns a 401 unauthorized error if the user is not authenticated" do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji"), name: 'thumbsup' - - expect(response).to have_gitlab_http_status(401) - end - - it "returns a 404 error if the user authored issue" do - post v3_api("/projects/#{project.id}/issues/#{issue2.id}/award_emoji", user), name: 'thumbsup' - - expect(response).to have_gitlab_http_status(404) - end - - it "normalizes +1 as thumbsup award" do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji", user), name: '+1' - - expect(issue.award_emoji.last.name).to eq("thumbsup") - end - - context 'when the emoji already has been awarded' do - it 'returns a 404 status code' do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji", user), name: 'thumbsup' - post v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji", user), name: 'thumbsup' - - expect(response).to have_gitlab_http_status(404) - expect(json_response["message"]).to match("has already been taken") - end - end - end - - context 'on a snippet' do - it 'creates a new award emoji' do - snippet = create(:project_snippet, :public, project: project) - - post v3_api("/projects/#{project.id}/snippets/#{snippet.id}/award_emoji", user), name: 'blowfish' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['name']).to eq('blowfish') - expect(json_response['user']['username']).to eq(user.username) - end - end - end - - describe "POST /projects/:id/awardable/:awardable_id/notes/:note_id/award_emoji" do - let(:note2) { create(:note, project: project, noteable: issue, author: user) } - - it 'creates a new award emoji' do - expect do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/#{note.id}/award_emoji", user), name: 'rocket' - end.to change { note.award_emoji.count }.from(0).to(1) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['user']['username']).to eq(user.username) - end - - it "it returns 404 error when user authored note" do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/#{note2.id}/award_emoji", user), name: 'thumbsup' - - expect(response).to have_gitlab_http_status(404) - end - - it "normalizes +1 as thumbsup award" do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/#{note.id}/award_emoji", user), name: '+1' - - expect(note.award_emoji.last.name).to eq("thumbsup") - end - - context 'when the emoji already has been awarded' do - it 'returns a 404 status code' do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/#{note.id}/award_emoji", user), name: 'rocket' - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/#{note.id}/award_emoji", user), name: 'rocket' - - expect(response).to have_gitlab_http_status(404) - expect(json_response["message"]).to match("has already been taken") - end - end - end - - describe 'DELETE /projects/:id/awardable/:awardable_id/award_emoji/:award_id' do - context 'when the awardable is an Issue' do - it 'deletes the award' do - expect do - delete v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji/#{award_emoji.id}", user) - - expect(response).to have_gitlab_http_status(200) - end.to change { issue.award_emoji.count }.from(1).to(0) - end - - it 'returns a 404 error when the award emoji can not be found' do - delete v3_api("/projects/#{project.id}/issues/#{issue.id}/award_emoji/12345", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when the awardable is a Merge Request' do - it 'deletes the award' do - expect do - delete v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/award_emoji/#{downvote.id}", user) - - expect(response).to have_gitlab_http_status(200) - end.to change { merge_request.award_emoji.count }.from(1).to(0) - end - - it 'returns a 404 error when note id not found' do - delete v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/notes/12345", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when the awardable is a Snippet' do - let(:snippet) { create(:project_snippet, :public, project: project) } - let!(:award) { create(:award_emoji, awardable: snippet, user: user) } - - it 'deletes the award' do - expect do - delete v3_api("/projects/#{project.id}/snippets/#{snippet.id}/award_emoji/#{award.id}", user) - - expect(response).to have_gitlab_http_status(200) - end.to change { snippet.award_emoji.count }.from(1).to(0) - end - end - end - - describe 'DELETE /projects/:id/awardable/:awardable_id/award_emoji/:award_emoji_id' do - let!(:rocket) { create(:award_emoji, awardable: note, name: 'rocket', user: user) } - - it 'deletes the award' do - expect do - delete v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/#{note.id}/award_emoji/#{rocket.id}", user) - - expect(response).to have_gitlab_http_status(200) - end.to change { note.award_emoji.count }.from(1).to(0) - end - end -end diff --git a/spec/requests/api/v3/boards_spec.rb b/spec/requests/api/v3/boards_spec.rb deleted file mode 100644 index dde4f096193..00000000000 --- a/spec/requests/api/v3/boards_spec.rb +++ /dev/null @@ -1,114 +0,0 @@ -require 'spec_helper' - -describe API::V3::Boards do - set(:user) { create(:user) } - set(:guest) { create(:user) } - set(:non_member) { create(:user) } - set(:project) { create(:project, :public, creator_id: user.id, namespace: user.namespace ) } - - set(:dev_label) do - create(:label, title: 'Development', color: '#FFAABB', project: project) - end - - set(:test_label) do - create(:label, title: 'Testing', color: '#FFAACC', project: project) - end - - set(:dev_list) do - create(:list, label: dev_label, position: 1) - end - - set(:test_list) do - create(:list, label: test_label, position: 2) - end - - set(:board) do - create(:board, project: project, lists: [dev_list, test_list]) - end - - before do - project.add_reporter(user) - project.add_guest(guest) - end - - describe "GET /projects/:id/boards" do - let(:base_url) { "/projects/#{project.id}/boards" } - - context "when unauthenticated" do - it "returns authentication error" do - get v3_api(base_url) - - expect(response).to have_gitlab_http_status(401) - end - end - - context "when authenticated" do - it "returns the project issue board" do - get v3_api(base_url, user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(board.id) - expect(json_response.first['lists']).to be_an Array - expect(json_response.first['lists'].length).to eq(2) - expect(json_response.first['lists'].last).to have_key('position') - end - end - end - - describe "GET /projects/:id/boards/:board_id/lists" do - let(:base_url) { "/projects/#{project.id}/boards/#{board.id}/lists" } - - it 'returns issue board lists' do - get v3_api(base_url, user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['label']['name']).to eq(dev_label.title) - end - - it 'returns 404 if board not found' do - get v3_api("/projects/#{project.id}/boards/22343/lists", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - describe "DELETE /projects/:id/board/lists/:list_id" do - let(:base_url) { "/projects/#{project.id}/boards/#{board.id}/lists" } - - it "rejects a non member from deleting a list" do - delete v3_api("#{base_url}/#{dev_list.id}", non_member) - - expect(response).to have_gitlab_http_status(403) - end - - it "rejects a user with guest role from deleting a list" do - delete v3_api("#{base_url}/#{dev_list.id}", guest) - - expect(response).to have_gitlab_http_status(403) - end - - it "returns 404 error if list id not found" do - delete v3_api("#{base_url}/44444", user) - - expect(response).to have_gitlab_http_status(404) - end - - context "when the user is project owner" do - set(:owner) { create(:user) } - - before do - project.update(namespace: owner.namespace) - end - - it "deletes the list if an admin requests it" do - delete v3_api("#{base_url}/#{dev_list.id}", owner) - - expect(response).to have_gitlab_http_status(200) - end - end - end -end diff --git a/spec/requests/api/v3/branches_spec.rb b/spec/requests/api/v3/branches_spec.rb deleted file mode 100644 index 1e038595a1f..00000000000 --- a/spec/requests/api/v3/branches_spec.rb +++ /dev/null @@ -1,120 +0,0 @@ -require 'spec_helper' -require 'mime/types' - -describe API::V3::Branches do - set(:user) { create(:user) } - set(:user2) { create(:user) } - set(:project) { create(:project, :repository, creator: user) } - set(:master) { create(:project_member, :master, user: user, project: project) } - set(:guest) { create(:project_member, :guest, user: user2, project: project) } - let!(:branch_name) { 'feature' } - let!(:branch_sha) { '0b4bc9a49b562e85de7cc9e834518ea6828729b9' } - let!(:branch_with_dot) { CreateBranchService.new(project, user).execute("with.1.2.3", "master") } - - describe "GET /projects/:id/repository/branches" do - it "returns an array of project branches" do - project.repository.expire_all_method_caches - - get v3_api("/projects/#{project.id}/repository/branches", user), per_page: 100 - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - branch_names = json_response.map { |x| x['name'] } - expect(branch_names).to match_array(project.repository.branch_names) - end - end - - describe "DELETE /projects/:id/repository/branches/:branch" do - before do - allow_any_instance_of(Repository).to receive(:rm_branch).and_return(true) - end - - it "removes branch" do - delete v3_api("/projects/#{project.id}/repository/branches/#{branch_name}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['branch_name']).to eq(branch_name) - end - - it "removes a branch with dots in the branch name" do - delete v3_api("/projects/#{project.id}/repository/branches/with.1.2.3", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['branch_name']).to eq("with.1.2.3") - end - - it 'returns 404 if branch not exists' do - delete v3_api("/projects/#{project.id}/repository/branches/foobar", user) - expect(response).to have_gitlab_http_status(404) - end - end - - describe "DELETE /projects/:id/repository/merged_branches" do - before do - allow_any_instance_of(Repository).to receive(:rm_branch).and_return(true) - end - - it 'returns 200' do - delete v3_api("/projects/#{project.id}/repository/merged_branches", user) - - expect(response).to have_gitlab_http_status(200) - end - - it 'returns a 403 error if guest' do - delete v3_api("/projects/#{project.id}/repository/merged_branches", user2) - - expect(response).to have_gitlab_http_status(403) - end - end - - describe "POST /projects/:id/repository/branches" do - it "creates a new branch" do - post v3_api("/projects/#{project.id}/repository/branches", user), - branch_name: 'feature1', - ref: branch_sha - - expect(response).to have_gitlab_http_status(201) - - expect(json_response['name']).to eq('feature1') - expect(json_response['commit']['id']).to eq(branch_sha) - end - - it "denies for user without push access" do - post v3_api("/projects/#{project.id}/repository/branches", user2), - branch_name: branch_name, - ref: branch_sha - expect(response).to have_gitlab_http_status(403) - end - - it 'returns 400 if branch name is invalid' do - post v3_api("/projects/#{project.id}/repository/branches", user), - branch_name: 'new design', - ref: branch_sha - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq('Branch name is invalid') - end - - it 'returns 400 if branch already exists' do - post v3_api("/projects/#{project.id}/repository/branches", user), - branch_name: 'new_design1', - ref: branch_sha - expect(response).to have_gitlab_http_status(201) - - post v3_api("/projects/#{project.id}/repository/branches", user), - branch_name: 'new_design1', - ref: branch_sha - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq('Branch already exists') - end - - it 'returns 400 if ref name is invalid' do - post v3_api("/projects/#{project.id}/repository/branches", user), - branch_name: 'new_design3', - ref: 'foo' - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq('Invalid reference name') - end - end -end diff --git a/spec/requests/api/v3/broadcast_messages_spec.rb b/spec/requests/api/v3/broadcast_messages_spec.rb deleted file mode 100644 index d9641011491..00000000000 --- a/spec/requests/api/v3/broadcast_messages_spec.rb +++ /dev/null @@ -1,32 +0,0 @@ -require 'spec_helper' - -describe API::V3::BroadcastMessages do - set(:user) { create(:user) } - set(:admin) { create(:admin) } - - describe 'DELETE /broadcast_messages/:id' do - set(:message) { create(:broadcast_message) } - - it 'returns a 401 for anonymous users' do - delete v3_api("/broadcast_messages/#{message.id}"), - attributes_for(:broadcast_message) - - expect(response).to have_gitlab_http_status(401) - end - - it 'returns a 403 for users' do - delete v3_api("/broadcast_messages/#{message.id}", user), - attributes_for(:broadcast_message) - - expect(response).to have_gitlab_http_status(403) - end - - it 'deletes the broadcast message for admins' do - expect do - delete v3_api("/broadcast_messages/#{message.id}", admin) - - expect(response).to have_gitlab_http_status(200) - end.to change { BroadcastMessage.count }.by(-1) - end - end -end diff --git a/spec/requests/api/v3/builds_spec.rb b/spec/requests/api/v3/builds_spec.rb deleted file mode 100644 index 79041c6a792..00000000000 --- a/spec/requests/api/v3/builds_spec.rb +++ /dev/null @@ -1,522 +0,0 @@ -require 'spec_helper' - -describe API::V3::Builds do - set(:user) { create(:user) } - let(:api_user) { user } - set(:project) { create(:project, :repository, creator: user, public_builds: false) } - let!(:developer) { create(:project_member, :developer, user: user, project: project) } - let(:reporter) { create(:project_member, :reporter, project: project) } - let(:guest) { create(:project_member, :guest, project: project) } - let(:pipeline) { create(:ci_empty_pipeline, project: project, sha: project.commit.id, ref: project.default_branch) } - let(:build) { create(:ci_build, pipeline: pipeline) } - - describe 'GET /projects/:id/builds ' do - let(:query) { '' } - - before do |example| - build - - create(:ci_build, :skipped, pipeline: pipeline) - - unless example.metadata[:skip_before_request] - get v3_api("/projects/#{project.id}/builds?#{query}", api_user) - end - end - - context 'authorized user' do - it 'returns project builds' do - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - end - - it 'returns correct values' do - expect(json_response).not_to be_empty - expect(json_response.first['commit']['id']).to eq project.commit.id - end - - it 'returns pipeline data' do - json_build = json_response.first - expect(json_build['pipeline']).not_to be_empty - expect(json_build['pipeline']['id']).to eq build.pipeline.id - expect(json_build['pipeline']['ref']).to eq build.pipeline.ref - expect(json_build['pipeline']['sha']).to eq build.pipeline.sha - expect(json_build['pipeline']['status']).to eq build.pipeline.status - end - - it 'avoids N+1 queries', :skip_before_request do - first_build = create(:ci_build, :artifacts, pipeline: pipeline) - first_build.runner = create(:ci_runner) - first_build.user = create(:user) - first_build.save - - control_count = ActiveRecord::QueryRecorder.new { go }.count - - second_pipeline = create(:ci_empty_pipeline, project: project, sha: project.commit.id, ref: project.default_branch) - second_build = create(:ci_build, :artifacts, pipeline: second_pipeline) - second_build.runner = create(:ci_runner) - second_build.user = create(:user) - second_build.save - - expect { go }.not_to exceed_query_limit(control_count) - end - - context 'filter project with one scope element' do - let(:query) { 'scope=pending' } - - it do - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - end - end - - context 'filter project with scope skipped' do - let(:query) { 'scope=skipped' } - let(:json_build) { json_response.first } - - it 'return builds with status skipped' do - expect(response).to have_gitlab_http_status 200 - expect(json_response).to be_an Array - expect(json_response.length).to eq 1 - expect(json_build['status']).to eq 'skipped' - end - end - - context 'filter project with array of scope elements' do - let(:query) { 'scope[0]=pending&scope[1]=running' } - - it do - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - end - end - - context 'respond 400 when scope contains invalid state' do - let(:query) { 'scope[0]=pending&scope[1]=unknown_status' } - - it { expect(response).to have_gitlab_http_status(400) } - end - end - - context 'unauthorized user' do - let(:api_user) { nil } - - it 'does not return project builds' do - expect(response).to have_gitlab_http_status(401) - end - end - - def go - get v3_api("/projects/#{project.id}/builds?#{query}", api_user) - end - end - - describe 'GET /projects/:id/repository/commits/:sha/builds' do - before do - build - end - - context 'when commit does not exist in repository' do - before do - get v3_api("/projects/#{project.id}/repository/commits/1a271fd1/builds", api_user) - end - - it 'responds with 404' do - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when commit exists in repository' do - context 'when user is authorized' do - context 'when pipeline has jobs' do - before do - create(:ci_pipeline, project: project, sha: project.commit.id) - create(:ci_build, pipeline: pipeline) - create(:ci_build) - - get v3_api("/projects/#{project.id}/repository/commits/#{project.commit.id}/builds", api_user) - end - - it 'returns project jobs for specific commit' do - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.size).to eq 2 - end - - it 'returns pipeline data' do - json_build = json_response.first - expect(json_build['pipeline']).not_to be_empty - expect(json_build['pipeline']['id']).to eq build.pipeline.id - expect(json_build['pipeline']['ref']).to eq build.pipeline.ref - expect(json_build['pipeline']['sha']).to eq build.pipeline.sha - expect(json_build['pipeline']['status']).to eq build.pipeline.status - end - end - - context 'when pipeline has no jobs' do - before do - branch_head = project.commit('feature').id - get v3_api("/projects/#{project.id}/repository/commits/#{branch_head}/builds", api_user) - end - - it 'returns an empty array' do - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response).to be_empty - end - end - end - - context 'when user is not authorized' do - before do - create(:ci_pipeline, project: project, sha: project.commit.id) - create(:ci_build, pipeline: pipeline) - - get v3_api("/projects/#{project.id}/repository/commits/#{project.commit.id}/builds", nil) - end - - it 'does not return project jobs' do - expect(response).to have_gitlab_http_status(401) - expect(json_response.except('message')).to be_empty - end - end - end - end - - describe 'GET /projects/:id/builds/:build_id' do - before do - get v3_api("/projects/#{project.id}/builds/#{build.id}", api_user) - end - - context 'authorized user' do - it 'returns specific job data' do - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq('test') - end - - it 'returns pipeline data' do - json_build = json_response - expect(json_build['pipeline']).not_to be_empty - expect(json_build['pipeline']['id']).to eq build.pipeline.id - expect(json_build['pipeline']['ref']).to eq build.pipeline.ref - expect(json_build['pipeline']['sha']).to eq build.pipeline.sha - expect(json_build['pipeline']['status']).to eq build.pipeline.status - end - end - - context 'unauthorized user' do - let(:api_user) { nil } - - it 'does not return specific job data' do - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'GET /projects/:id/builds/:build_id/artifacts' do - before do - get v3_api("/projects/#{project.id}/builds/#{build.id}/artifacts", api_user) - end - - context 'job with artifacts' do - context 'when artifacts are stored locally' do - let(:build) { create(:ci_build, :artifacts, pipeline: pipeline) } - - context 'authorized user' do - let(:download_headers) do - { 'Content-Transfer-Encoding' => 'binary', - 'Content-Disposition' => 'attachment; filename=ci_build_artifacts.zip' } - end - - it 'returns specific job artifacts' do - expect(response).to have_gitlab_http_status(200) - expect(response.headers).to include(download_headers) - expect(response.body).to match_file(build.artifacts_file.file.file) - end - end - end - - context 'unauthorized user' do - let(:api_user) { nil } - - it 'does not return specific job artifacts' do - expect(response).to have_gitlab_http_status(401) - end - end - end - - it 'does not return job artifacts if not uploaded' do - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'GET /projects/:id/artifacts/:ref_name/download?job=name' do - let(:api_user) { reporter.user } - let(:build) { create(:ci_build, :artifacts, pipeline: pipeline) } - - before do - build.success - end - - def path_for_ref(ref = pipeline.ref, job = build.name) - v3_api("/projects/#{project.id}/builds/artifacts/#{ref}/download?job=#{job}", api_user) - end - - context 'when not logged in' do - let(:api_user) { nil } - - before do - get path_for_ref - end - - it 'gives 401' do - expect(response).to have_gitlab_http_status(401) - end - end - - context 'when logging as guest' do - let(:api_user) { guest.user } - - before do - get path_for_ref - end - - it 'gives 403' do - expect(response).to have_gitlab_http_status(403) - end - end - - context 'non-existing job' do - shared_examples 'not found' do - it { expect(response).to have_gitlab_http_status(:not_found) } - end - - context 'has no such ref' do - before do - get path_for_ref('TAIL', build.name) - end - - it_behaves_like 'not found' - end - - context 'has no such job' do - before do - get path_for_ref(pipeline.ref, 'NOBUILD') - end - - it_behaves_like 'not found' - end - end - - context 'find proper job' do - shared_examples 'a valid file' do - context 'when artifacts are stored locally' do - let(:download_headers) do - { 'Content-Transfer-Encoding' => 'binary', - 'Content-Disposition' => - "attachment; filename=#{build.artifacts_file.filename}" } - end - - it { expect(response).to have_gitlab_http_status(200) } - it { expect(response.headers).to include(download_headers) } - end - end - - context 'with regular branch' do - before do - pipeline.reload - pipeline.update(ref: 'master', - sha: project.commit('master').sha) - - get path_for_ref('master') - end - - it_behaves_like 'a valid file' - end - - context 'with branch name containing slash' do - before do - pipeline.reload - pipeline.update(ref: 'improve/awesome', - sha: project.commit('improve/awesome').sha) - end - - before do - get path_for_ref('improve/awesome') - end - - it_behaves_like 'a valid file' - end - end - end - - describe 'GET /projects/:id/builds/:build_id/trace' do - let(:build) { create(:ci_build, :trace_live, pipeline: pipeline) } - - before do - get v3_api("/projects/#{project.id}/builds/#{build.id}/trace", api_user) - end - - context 'authorized user' do - it 'returns specific job trace' do - expect(response).to have_gitlab_http_status(200) - expect(response.body).to eq(build.trace.raw) - end - end - - context 'unauthorized user' do - let(:api_user) { nil } - - it 'does not return specific job trace' do - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'POST /projects/:id/builds/:build_id/cancel' do - before do - post v3_api("/projects/#{project.id}/builds/#{build.id}/cancel", api_user) - end - - context 'authorized user' do - context 'user with :update_build persmission' do - it 'cancels running or pending job' do - expect(response).to have_gitlab_http_status(201) - expect(project.builds.first.status).to eq('canceled') - end - end - - context 'user without :update_build permission' do - let(:api_user) { reporter.user } - - it 'does not cancel job' do - expect(response).to have_gitlab_http_status(403) - end - end - end - - context 'unauthorized user' do - let(:api_user) { nil } - - it 'does not cancel job' do - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'POST /projects/:id/builds/:build_id/retry' do - let(:build) { create(:ci_build, :canceled, pipeline: pipeline) } - - before do - post v3_api("/projects/#{project.id}/builds/#{build.id}/retry", api_user) - end - - context 'authorized user' do - context 'user with :update_build permission' do - it 'retries non-running job' do - expect(response).to have_gitlab_http_status(201) - expect(project.builds.first.status).to eq('canceled') - expect(json_response['status']).to eq('pending') - end - end - - context 'user without :update_build permission' do - let(:api_user) { reporter.user } - - it 'does not retry job' do - expect(response).to have_gitlab_http_status(403) - end - end - end - - context 'unauthorized user' do - let(:api_user) { nil } - - it 'does not retry job' do - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'POST /projects/:id/builds/:build_id/erase' do - before do - project.add_master(user) - - post v3_api("/projects/#{project.id}/builds/#{build.id}/erase", user) - end - - context 'job is erasable' do - let(:build) { create(:ci_build, :trace_artifact, :artifacts, :success, project: project, pipeline: pipeline) } - - it 'erases job content' do - expect(response.status).to eq 201 - expect(build).not_to have_trace - expect(build.artifacts_file.exists?).to be_falsy - expect(build.artifacts_metadata.exists?).to be_falsy - end - - it 'updates job' do - expect(build.reload.erased_at).to be_truthy - expect(build.reload.erased_by).to eq user - end - end - - context 'job is not erasable' do - let(:build) { create(:ci_build, :trace_live, project: project, pipeline: pipeline) } - - it 'responds with forbidden' do - expect(response.status).to eq 403 - end - end - end - - describe 'POST /projects/:id/builds/:build_id/artifacts/keep' do - before do - post v3_api("/projects/#{project.id}/builds/#{build.id}/artifacts/keep", user) - end - - context 'artifacts did not expire' do - let(:build) do - create(:ci_build, :trace_artifact, :artifacts, :success, - project: project, pipeline: pipeline, artifacts_expire_at: Time.now + 7.days) - end - - it 'keeps artifacts' do - expect(response.status).to eq 200 - expect(build.reload.artifacts_expire_at).to be_nil - end - end - - context 'no artifacts' do - let(:build) { create(:ci_build, project: project, pipeline: pipeline) } - - it 'responds with not found' do - expect(response.status).to eq 404 - end - end - end - - describe 'POST /projects/:id/builds/:build_id/play' do - before do - post v3_api("/projects/#{project.id}/builds/#{build.id}/play", user) - end - - context 'on an playable job' do - let(:build) { create(:ci_build, :manual, project: project, pipeline: pipeline) } - - it 'plays the job' do - expect(response).to have_gitlab_http_status 200 - expect(json_response['user']['id']).to eq(user.id) - expect(json_response['id']).to eq(build.id) - end - end - - context 'on a non-playable job' do - it 'returns a status code 400, Bad Request' do - expect(response).to have_gitlab_http_status 400 - expect(response.body).to match("Unplayable Job") - end - end - end -end diff --git a/spec/requests/api/v3/commits_spec.rb b/spec/requests/api/v3/commits_spec.rb deleted file mode 100644 index 9ef3b859001..00000000000 --- a/spec/requests/api/v3/commits_spec.rb +++ /dev/null @@ -1,603 +0,0 @@ -require 'spec_helper' -require 'mime/types' - -describe API::V3::Commits do - let(:user) { create(:user) } - let(:user2) { create(:user) } - let!(:project) { create(:project, :repository, creator: user, namespace: user.namespace) } - let!(:guest) { create(:project_member, :guest, user: user2, project: project) } - let!(:note) { create(:note_on_commit, author: user, project: project, commit_id: project.repository.commit.id, note: 'a comment on a commit') } - let!(:another_note) { create(:note_on_commit, author: user, project: project, commit_id: project.repository.commit.id, note: 'another comment on a commit') } - - before { project.add_reporter(user) } - - describe "List repository commits" do - context "authorized user" do - before { project.add_reporter(user2) } - - it "returns project commits" do - commit = project.repository.commit - get v3_api("/projects/#{project.id}/repository/commits", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['id']).to eq(commit.id) - expect(json_response.first['committer_name']).to eq(commit.committer_name) - expect(json_response.first['committer_email']).to eq(commit.committer_email) - end - end - - context "unauthorized user" do - it "does not return project commits" do - get v3_api("/projects/#{project.id}/repository/commits") - expect(response).to have_gitlab_http_status(401) - end - end - - context "since optional parameter" do - it "returns project commits since provided parameter" do - commits = project.repository.commits("master", limit: 2) - since = commits.second.created_at - - get v3_api("/projects/#{project.id}/repository/commits?since=#{since.utc.iso8601}", user) - - expect(json_response.size).to eq 2 - expect(json_response.first["id"]).to eq(commits.first.id) - expect(json_response.second["id"]).to eq(commits.second.id) - end - end - - context "until optional parameter" do - it "returns project commits until provided parameter" do - commits = project.repository.commits("master", limit: 20) - before = commits.second.created_at - - get v3_api("/projects/#{project.id}/repository/commits?until=#{before.utc.iso8601}", user) - - if commits.size == 20 - expect(json_response.size).to eq(20) - else - expect(json_response.size).to eq(commits.size - 1) - end - - expect(json_response.first["id"]).to eq(commits.second.id) - expect(json_response.second["id"]).to eq(commits.third.id) - end - end - - context "invalid xmlschema date parameters" do - it "returns an invalid parameter error message" do - get v3_api("/projects/#{project.id}/repository/commits?since=invalid-date", user) - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('since is invalid') - end - end - - context "path optional parameter" do - it "returns project commits matching provided path parameter" do - path = 'files/ruby/popen.rb' - - get v3_api("/projects/#{project.id}/repository/commits?path=#{path}", user) - - expect(json_response.size).to eq(3) - expect(json_response.first["id"]).to eq("570e7b2abdd848b95f2f578043fc23bd6f6fd24d") - end - end - end - - describe "POST /projects/:id/repository/commits" do - let!(:url) { "/projects/#{project.id}/repository/commits" } - - it 'returns a 403 unauthorized for user without permissions' do - post v3_api(url, user2) - - expect(response).to have_gitlab_http_status(403) - end - - it 'returns a 400 bad request if no params are given' do - post v3_api(url, user) - - expect(response).to have_gitlab_http_status(400) - end - - describe 'create' do - let(:message) { 'Created file' } - let!(:invalid_c_params) do - { - branch_name: 'master', - commit_message: message, - actions: [ - { - action: 'create', - file_path: 'files/ruby/popen.rb', - content: 'puts 8' - } - ] - } - end - let!(:valid_c_params) do - { - branch_name: 'master', - commit_message: message, - actions: [ - { - action: 'create', - file_path: 'foo/bar/baz.txt', - content: 'puts 8' - } - ] - } - end - - it 'a new file in project repo' do - post v3_api(url, user), valid_c_params - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq(message) - expect(json_response['committer_name']).to eq(user.name) - expect(json_response['committer_email']).to eq(user.email) - end - - it 'returns a 400 bad request if file exists' do - post v3_api(url, user), invalid_c_params - - expect(response).to have_gitlab_http_status(400) - end - - context 'with project path containing a dot in URL' do - let!(:user) { create(:user, username: 'foo.bar') } - let(:url) { "/projects/#{CGI.escape(project.full_path)}/repository/commits" } - - it 'a new file in project repo' do - post v3_api(url, user), valid_c_params - - expect(response).to have_gitlab_http_status(201) - end - end - end - - describe 'delete' do - let(:message) { 'Deleted file' } - let!(:invalid_d_params) do - { - branch_name: 'markdown', - commit_message: message, - actions: [ - { - action: 'delete', - file_path: 'doc/api/projects.md' - } - ] - } - end - let!(:valid_d_params) do - { - branch_name: 'markdown', - commit_message: message, - actions: [ - { - action: 'delete', - file_path: 'doc/api/users.md' - } - ] - } - end - - it 'an existing file in project repo' do - post v3_api(url, user), valid_d_params - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq(message) - end - - it 'returns a 400 bad request if file does not exist' do - post v3_api(url, user), invalid_d_params - - expect(response).to have_gitlab_http_status(400) - end - end - - describe 'move' do - let(:message) { 'Moved file' } - let!(:invalid_m_params) do - { - branch_name: 'feature', - commit_message: message, - actions: [ - { - action: 'move', - file_path: 'CHANGELOG', - previous_path: 'VERSION', - content: '6.7.0.pre' - } - ] - } - end - let!(:valid_m_params) do - { - branch_name: 'feature', - commit_message: message, - actions: [ - { - action: 'move', - file_path: 'VERSION.txt', - previous_path: 'VERSION', - content: '6.7.0.pre' - } - ] - } - end - - it 'an existing file in project repo' do - post v3_api(url, user), valid_m_params - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq(message) - end - - it 'returns a 400 bad request if file does not exist' do - post v3_api(url, user), invalid_m_params - - expect(response).to have_gitlab_http_status(400) - end - end - - describe 'update' do - let(:message) { 'Updated file' } - let!(:invalid_u_params) do - { - branch_name: 'master', - commit_message: message, - actions: [ - { - action: 'update', - file_path: 'foo/bar.baz', - content: 'puts 8' - } - ] - } - end - let!(:valid_u_params) do - { - branch_name: 'master', - commit_message: message, - actions: [ - { - action: 'update', - file_path: 'files/ruby/popen.rb', - content: 'puts 8' - } - ] - } - end - - it 'an existing file in project repo' do - post v3_api(url, user), valid_u_params - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq(message) - end - - it 'returns a 400 bad request if file does not exist' do - post v3_api(url, user), invalid_u_params - - expect(response).to have_gitlab_http_status(400) - end - end - - context "multiple operations" do - let(:message) { 'Multiple actions' } - let!(:invalid_mo_params) do - { - branch_name: 'master', - commit_message: message, - actions: [ - { - action: 'create', - file_path: 'files/ruby/popen.rb', - content: 'puts 8' - }, - { - action: 'delete', - file_path: 'doc/v3_api/projects.md' - }, - { - action: 'move', - file_path: 'CHANGELOG', - previous_path: 'VERSION', - content: '6.7.0.pre' - }, - { - action: 'update', - file_path: 'foo/bar.baz', - content: 'puts 8' - } - ] - } - end - let!(:valid_mo_params) do - { - branch_name: 'master', - commit_message: message, - actions: [ - { - action: 'create', - file_path: 'foo/bar/baz.txt', - content: 'puts 8' - }, - { - action: 'delete', - file_path: 'Gemfile.zip' - }, - { - action: 'move', - file_path: 'VERSION.txt', - previous_path: 'VERSION', - content: '6.7.0.pre' - }, - { - action: 'update', - file_path: 'files/ruby/popen.rb', - content: 'puts 8' - } - ] - } - end - - it 'are commited as one in project repo' do - post v3_api(url, user), valid_mo_params - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq(message) - end - - it 'return a 400 bad request if there are any issues' do - post v3_api(url, user), invalid_mo_params - - expect(response).to have_gitlab_http_status(400) - end - end - end - - describe "Get a single commit" do - context "authorized user" do - it "returns a commit by sha" do - get v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['id']).to eq(project.repository.commit.id) - expect(json_response['title']).to eq(project.repository.commit.title) - expect(json_response['stats']['additions']).to eq(project.repository.commit.stats.additions) - expect(json_response['stats']['deletions']).to eq(project.repository.commit.stats.deletions) - expect(json_response['stats']['total']).to eq(project.repository.commit.stats.total) - end - - it "returns a 404 error if not found" do - get v3_api("/projects/#{project.id}/repository/commits/invalid_sha", user) - expect(response).to have_gitlab_http_status(404) - end - - it "returns nil for commit without CI" do - get v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['status']).to be_nil - end - - it "returns status for CI" do - pipeline = project.pipelines.create(source: :push, ref: 'master', sha: project.repository.commit.sha, protected: false) - pipeline.update(status: 'success') - - get v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['status']).to eq(pipeline.status) - end - - it "returns status for CI when pipeline is created" do - project.pipelines.create(source: :push, ref: 'master', sha: project.repository.commit.sha, protected: false) - - get v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['status']).to eq("created") - end - - context 'when stat param' do - let(:project_id) { project.id } - let(:commit_id) { project.repository.commit.id } - let(:route) { "/projects/#{project_id}/repository/commits/#{commit_id}" } - - it 'is not present return stats by default' do - get v3_api(route, user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to include 'stats' - end - - it "is false it does not include stats" do - get v3_api(route, user), stats: false - - expect(response).to have_gitlab_http_status(200) - expect(json_response).not_to include 'stats' - end - - it "is true it includes stats" do - get v3_api(route, user), stats: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to include 'stats' - end - end - end - - context "unauthorized user" do - it "does not return the selected commit" do - get v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}") - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe "Get the diff of a commit" do - context "authorized user" do - before { project.add_reporter(user2) } - - it "returns the diff of the selected commit" do - get v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/diff", user) - expect(response).to have_gitlab_http_status(200) - - expect(json_response).to be_an Array - expect(json_response.length).to be >= 1 - expect(json_response.first.keys).to include "diff" - end - - it "returns a 404 error if invalid commit" do - get v3_api("/projects/#{project.id}/repository/commits/invalid_sha/diff", user) - expect(response).to have_gitlab_http_status(404) - end - end - - context "unauthorized user" do - it "does not return the diff of the selected commit" do - get v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/diff") - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'Get the comments of a commit' do - context 'authorized user' do - it 'returns merge_request comments' do - get v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/comments", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['note']).to eq('a comment on a commit') - expect(json_response.first['author']['id']).to eq(user.id) - end - - it 'returns a 404 error if merge_request_id not found' do - get v3_api("/projects/#{project.id}/repository/commits/1234ab/comments", user) - expect(response).to have_gitlab_http_status(404) - end - end - - context 'unauthorized user' do - it 'does not return the diff of the selected commit' do - get v3_api("/projects/#{project.id}/repository/commits/1234ab/comments") - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'POST :id/repository/commits/:sha/cherry_pick' do - let(:master_pickable_commit) { project.commit('7d3b0f7cff5f37573aea97cebfd5692ea1689924') } - - context 'authorized user' do - it 'cherry picks a commit' do - post v3_api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user), branch: 'master' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq(master_pickable_commit.title) - expect(json_response['message']).to eq(master_pickable_commit.cherry_pick_message(user)) - expect(json_response['author_name']).to eq(master_pickable_commit.author_name) - expect(json_response['committer_name']).to eq(user.name) - end - - it 'returns 400 if commit is already included in the target branch' do - post v3_api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user), branch: 'markdown' - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to include('Sorry, we cannot cherry-pick this commit automatically.') - end - - it 'returns 400 if you are not allowed to push to the target branch' do - project.add_developer(user2) - protected_branch = create(:protected_branch, project: project, name: 'feature') - - post v3_api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user2), branch: protected_branch.name - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq('You are not allowed to push into this branch') - end - - it 'returns 400 for missing parameters' do - post v3_api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user) - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('branch is missing') - end - - it 'returns 404 if commit is not found' do - post v3_api("/projects/#{project.id}/repository/commits/abcd0123/cherry_pick", user), branch: 'master' - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Commit Not Found') - end - - it 'returns 404 if branch is not found' do - post v3_api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user), branch: 'foo' - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Branch Not Found') - end - - it 'returns 400 for missing parameters' do - post v3_api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick", user) - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('branch is missing') - end - end - - context 'unauthorized user' do - it 'does not cherry pick the commit' do - post v3_api("/projects/#{project.id}/repository/commits/#{master_pickable_commit.id}/cherry_pick"), branch: 'master' - - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'Post comment to commit' do - context 'authorized user' do - it 'returns comment' do - post v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/comments", user), note: 'My comment' - expect(response).to have_gitlab_http_status(201) - expect(json_response['note']).to eq('My comment') - expect(json_response['path']).to be_nil - expect(json_response['line']).to be_nil - expect(json_response['line_type']).to be_nil - end - - it 'returns the inline comment' do - post v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/comments", user), note: 'My comment', path: project.repository.commit.raw_diffs.first.new_path, line: 1, line_type: 'new' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['note']).to eq('My comment') - expect(json_response['path']).to eq(project.repository.commit.raw_diffs.first.new_path) - expect(json_response['line']).to eq(1) - expect(json_response['line_type']).to eq('new') - end - - it 'returns 400 if note is missing' do - post v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/comments", user) - expect(response).to have_gitlab_http_status(400) - end - - it 'returns 404 if note is attached to non existent commit' do - post v3_api("/projects/#{project.id}/repository/commits/1234ab/comments", user), note: 'My comment' - expect(response).to have_gitlab_http_status(404) - end - end - - context 'unauthorized user' do - it 'does not return the diff of the selected commit' do - post v3_api("/projects/#{project.id}/repository/commits/#{project.repository.commit.id}/comments") - expect(response).to have_gitlab_http_status(401) - end - end - end -end diff --git a/spec/requests/api/v3/deploy_keys_spec.rb b/spec/requests/api/v3/deploy_keys_spec.rb deleted file mode 100644 index 501af587ad4..00000000000 --- a/spec/requests/api/v3/deploy_keys_spec.rb +++ /dev/null @@ -1,179 +0,0 @@ -require 'spec_helper' - -describe API::V3::DeployKeys do - let(:user) { create(:user) } - let(:admin) { create(:admin) } - let(:project) { create(:project, creator_id: user.id) } - let(:project2) { create(:project, creator_id: user.id) } - let(:deploy_key) { create(:deploy_key, public: true) } - - let!(:deploy_keys_project) do - create(:deploy_keys_project, project: project, deploy_key: deploy_key) - end - - describe 'GET /deploy_keys' do - context 'when unauthenticated' do - it 'should return authentication error' do - get v3_api('/deploy_keys') - - expect(response.status).to eq(401) - end - end - - context 'when authenticated as non-admin user' do - it 'should return a 403 error' do - get v3_api('/deploy_keys', user) - - expect(response.status).to eq(403) - end - end - - context 'when authenticated as admin' do - it 'should return all deploy keys' do - get v3_api('/deploy_keys', admin) - - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response.first['id']).to eq(deploy_keys_project.deploy_key.id) - end - end - end - - %w(deploy_keys keys).each do |path| - describe "GET /projects/:id/#{path}" do - before { deploy_key } - - it 'should return array of ssh keys' do - get v3_api("/projects/#{project.id}/#{path}", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(deploy_key.title) - end - end - - describe "GET /projects/:id/#{path}/:key_id" do - it 'should return a single key' do - get v3_api("/projects/#{project.id}/#{path}/#{deploy_key.id}", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq(deploy_key.title) - end - - it 'should return 404 Not Found with invalid ID' do - get v3_api("/projects/#{project.id}/#{path}/404", admin) - - expect(response).to have_gitlab_http_status(404) - end - end - - describe "POST /projects/:id/deploy_keys" do - it 'should not create an invalid ssh key' do - post v3_api("/projects/#{project.id}/#{path}", admin), { title: 'invalid key' } - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('key is missing') - end - - it 'should not create a key without title' do - post v3_api("/projects/#{project.id}/#{path}", admin), key: 'some key' - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('title is missing') - end - - it 'should create new ssh key' do - key_attrs = attributes_for :another_key - - expect do - post v3_api("/projects/#{project.id}/#{path}", admin), key_attrs - end.to change { project.deploy_keys.count }.by(1) - end - - it 'returns an existing ssh key when attempting to add a duplicate' do - expect do - post v3_api("/projects/#{project.id}/#{path}", admin), { key: deploy_key.key, title: deploy_key.title } - end.not_to change { project.deploy_keys.count } - - expect(response).to have_gitlab_http_status(201) - end - - it 'joins an existing ssh key to a new project' do - expect do - post v3_api("/projects/#{project2.id}/#{path}", admin), { key: deploy_key.key, title: deploy_key.title } - end.to change { project2.deploy_keys.count }.by(1) - - expect(response).to have_gitlab_http_status(201) - end - - it 'accepts can_push parameter' do - key_attrs = attributes_for(:another_key).merge(can_push: true) - - post v3_api("/projects/#{project.id}/#{path}", admin), key_attrs - - expect(response).to have_gitlab_http_status(201) - expect(json_response['can_push']).to eq(true) - end - end - - describe "DELETE /projects/:id/#{path}/:key_id" do - before { deploy_key } - - it 'should delete existing key' do - expect do - delete v3_api("/projects/#{project.id}/#{path}/#{deploy_key.id}", admin) - end.to change { project.deploy_keys.count }.by(-1) - end - - it 'should return 404 Not Found with invalid ID' do - delete v3_api("/projects/#{project.id}/#{path}/404", admin) - - expect(response).to have_gitlab_http_status(404) - end - end - - describe "POST /projects/:id/#{path}/:key_id/enable" do - let(:project2) { create(:project) } - - context 'when the user can admin the project' do - it 'enables the key' do - expect do - post v3_api("/projects/#{project2.id}/#{path}/#{deploy_key.id}/enable", admin) - end.to change { project2.deploy_keys.count }.from(0).to(1) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['id']).to eq(deploy_key.id) - end - end - - context 'when authenticated as non-admin user' do - it 'should return a 404 error' do - post v3_api("/projects/#{project2.id}/#{path}/#{deploy_key.id}/enable", user) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe "DELETE /projects/:id/deploy_keys/:key_id/disable" do - context 'when the user can admin the project' do - it 'disables the key' do - expect do - delete v3_api("/projects/#{project.id}/#{path}/#{deploy_key.id}/disable", admin) - end.to change { project.deploy_keys.count }.from(1).to(0) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['id']).to eq(deploy_key.id) - end - end - - context 'when authenticated as non-admin user' do - it 'should return a 404 error' do - delete v3_api("/projects/#{project.id}/#{path}/#{deploy_key.id}/disable", user) - - expect(response).to have_gitlab_http_status(404) - end - end - end - end -end diff --git a/spec/requests/api/v3/deployments_spec.rb b/spec/requests/api/v3/deployments_spec.rb deleted file mode 100644 index ac86fbea498..00000000000 --- a/spec/requests/api/v3/deployments_spec.rb +++ /dev/null @@ -1,69 +0,0 @@ -require 'spec_helper' - -describe API::V3::Deployments do - let(:user) { create(:user) } - let(:non_member) { create(:user) } - let(:project) { deployment.environment.project } - let!(:deployment) { create(:deployment) } - - before do - project.add_master(user) - end - - shared_examples 'a paginated resources' do - before do - # Fires the request - request - end - - it 'has pagination headers' do - expect(response).to include_pagination_headers - end - end - - describe 'GET /projects/:id/deployments' do - context 'as member of the project' do - it_behaves_like 'a paginated resources' do - let(:request) { get v3_api("/projects/#{project.id}/deployments", user) } - end - - it 'returns projects deployments' do - get v3_api("/projects/#{project.id}/deployments", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(1) - expect(json_response.first['iid']).to eq(deployment.iid) - expect(json_response.first['sha']).to match /\A\h{40}\z/ - end - end - - context 'as non member' do - it 'returns a 404 status code' do - get v3_api("/projects/#{project.id}/deployments", non_member) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe 'GET /projects/:id/deployments/:deployment_id' do - context 'as a member of the project' do - it 'returns the projects deployment' do - get v3_api("/projects/#{project.id}/deployments/#{deployment.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['sha']).to match /\A\h{40}\z/ - expect(json_response['id']).to eq(deployment.id) - end - end - - context 'as non member' do - it 'returns a 404 status code' do - get v3_api("/projects/#{project.id}/deployments/#{deployment.id}", non_member) - - expect(response).to have_gitlab_http_status(404) - end - end - end -end diff --git a/spec/requests/api/v3/environments_spec.rb b/spec/requests/api/v3/environments_spec.rb deleted file mode 100644 index 68be5256b64..00000000000 --- a/spec/requests/api/v3/environments_spec.rb +++ /dev/null @@ -1,163 +0,0 @@ -require 'spec_helper' - -describe API::V3::Environments do - let(:user) { create(:user) } - let(:non_member) { create(:user) } - let(:project) { create(:project, :private, namespace: user.namespace) } - let!(:environment) { create(:environment, project: project) } - - before do - project.add_master(user) - end - - shared_examples 'a paginated resources' do - before do - # Fires the request - request - end - - it 'has pagination headers' do - expect(response.headers).to include('X-Total') - expect(response.headers).to include('X-Total-Pages') - expect(response.headers).to include('X-Per-Page') - expect(response.headers).to include('X-Page') - expect(response.headers).to include('X-Next-Page') - expect(response.headers).to include('X-Prev-Page') - expect(response.headers).to include('Link') - end - end - - describe 'GET /projects/:id/environments' do - context 'as member of the project' do - it_behaves_like 'a paginated resources' do - let(:request) { get v3_api("/projects/#{project.id}/environments", user) } - end - - it 'returns project environments' do - get v3_api("/projects/#{project.id}/environments", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(1) - expect(json_response.first['name']).to eq(environment.name) - expect(json_response.first['external_url']).to eq(environment.external_url) - expect(json_response.first['project']['id']).to eq(project.id) - expect(json_response.first['project']['visibility_level']).to be_present - end - end - - context 'as non member' do - it 'returns a 404 status code' do - get v3_api("/projects/#{project.id}/environments", non_member) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe 'POST /projects/:id/environments' do - context 'as a member' do - it 'creates a environment with valid params' do - post v3_api("/projects/#{project.id}/environments", user), name: "mepmep" - - expect(response).to have_gitlab_http_status(201) - expect(json_response['name']).to eq('mepmep') - expect(json_response['slug']).to eq('mepmep') - expect(json_response['external']).to be nil - end - - it 'requires name to be passed' do - post v3_api("/projects/#{project.id}/environments", user), external_url: 'test.gitlab.com' - - expect(response).to have_gitlab_http_status(400) - end - - it 'returns a 400 if environment already exists' do - post v3_api("/projects/#{project.id}/environments", user), name: environment.name - - expect(response).to have_gitlab_http_status(400) - end - - it 'returns a 400 if slug is specified' do - post v3_api("/projects/#{project.id}/environments", user), name: "foo", slug: "foo" - - expect(response).to have_gitlab_http_status(400) - expect(json_response["error"]).to eq("slug is automatically generated and cannot be changed") - end - end - - context 'a non member' do - it 'rejects the request' do - post v3_api("/projects/#{project.id}/environments", non_member), name: 'gitlab.com' - - expect(response).to have_gitlab_http_status(404) - end - - it 'returns a 400 when the required params are missing' do - post v3_api("/projects/12345/environments", non_member), external_url: 'http://env.git.com' - end - end - end - - describe 'PUT /projects/:id/environments/:environment_id' do - it 'returns a 200 if name and external_url are changed' do - url = 'https://mepmep.whatever.ninja' - put v3_api("/projects/#{project.id}/environments/#{environment.id}", user), - name: 'Mepmep', external_url: url - - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq('Mepmep') - expect(json_response['external_url']).to eq(url) - end - - it "won't allow slug to be changed" do - slug = environment.slug - api_url = v3_api("/projects/#{project.id}/environments/#{environment.id}", user) - put api_url, slug: slug + "-foo" - - expect(response).to have_gitlab_http_status(400) - expect(json_response["error"]).to eq("slug is automatically generated and cannot be changed") - end - - it "won't update the external_url if only the name is passed" do - url = environment.external_url - put v3_api("/projects/#{project.id}/environments/#{environment.id}", user), - name: 'Mepmep' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq('Mepmep') - expect(json_response['external_url']).to eq(url) - end - - it 'returns a 404 if the environment does not exist' do - put v3_api("/projects/#{project.id}/environments/12345", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'DELETE /projects/:id/environments/:environment_id' do - context 'as a master' do - it 'returns a 200 for an existing environment' do - delete v3_api("/projects/#{project.id}/environments/#{environment.id}", user) - - expect(response).to have_gitlab_http_status(200) - end - - it 'returns a 404 for non existing id' do - delete v3_api("/projects/#{project.id}/environments/12345", user) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Not found') - end - end - - context 'a non member' do - it 'rejects the request' do - delete v3_api("/projects/#{project.id}/environments/#{environment.id}", non_member) - - expect(response).to have_gitlab_http_status(404) - end - end - end -end diff --git a/spec/requests/api/v3/files_spec.rb b/spec/requests/api/v3/files_spec.rb deleted file mode 100644 index 26a3d8870a0..00000000000 --- a/spec/requests/api/v3/files_spec.rb +++ /dev/null @@ -1,283 +0,0 @@ -require 'spec_helper' - -describe API::V3::Files do - # I have to remove periods from the end of the name - # This happened when the user's name had a suffix (i.e. "Sr.") - # This seems to be what git does under the hood. For example, this commit: - # - # $ git commit --author='Foo Sr. <foo@example.com>' -m 'Where's my trailing period?' - # - # results in this: - # - # $ git show --pretty - # ... - # Author: Foo Sr <foo@example.com> - # ... - - let(:user) { create(:user) } - let!(:project) { create(:project, :repository, namespace: user.namespace ) } - let(:guest) { create(:user) { |u| project.add_guest(u) } } - let(:file_path) { 'files/ruby/popen.rb' } - let(:params) do - { - file_path: file_path, - ref: 'master' - } - end - let(:author_email) { 'user@example.org' } - let(:author_name) { 'John Doe' } - - before { project.add_developer(user) } - - describe "GET /projects/:id/repository/files" do - let(:route) { "/projects/#{project.id}/repository/files" } - - shared_examples_for 'repository files' do - it "returns file info" do - get v3_api(route, current_user), params - - expect(response).to have_gitlab_http_status(200) - expect(json_response['file_path']).to eq(file_path) - expect(json_response['file_name']).to eq('popen.rb') - expect(json_response['last_commit_id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d') - expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n") - end - - context 'when no params are given' do - it_behaves_like '400 response' do - let(:request) { get v3_api(route, current_user) } - end - end - - context 'when file_path does not exist' do - let(:params) do - { - file_path: 'app/models/application.rb', - ref: 'master' - } - end - - it_behaves_like '404 response' do - let(:request) { get v3_api(route, current_user), params } - let(:message) { '404 File Not Found' } - end - end - - context 'when repository is disabled' do - include_context 'disabled repository' - - it_behaves_like '403 response' do - let(:request) { get v3_api(route, current_user), params } - end - end - end - - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository files' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } - end - end - - context 'when unauthenticated', 'and project is private' do - it_behaves_like '404 response' do - let(:request) { get v3_api(route), params } - let(:message) { '404 Project Not Found' } - end - end - - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository files' do - let(:current_user) { user } - end - end - - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { get v3_api(route, guest), params } - end - end - end - - describe "POST /projects/:id/repository/files" do - let(:valid_params) do - { - file_path: 'newfile.rb', - branch_name: 'master', - content: 'puts 8', - commit_message: 'Added newfile' - } - end - - it "creates a new file in project repo" do - post v3_api("/projects/#{project.id}/repository/files", user), valid_params - - expect(response).to have_gitlab_http_status(201) - expect(json_response['file_path']).to eq('newfile.rb') - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(user.email) - expect(last_commit.author_name).to eq(user.name) - end - - it "returns a 400 bad request if no params given" do - post v3_api("/projects/#{project.id}/repository/files", user) - - expect(response).to have_gitlab_http_status(400) - end - - it "returns a 400 if editor fails to create file" do - allow_any_instance_of(Repository).to receive(:create_file) - .and_raise(Gitlab::Git::CommitError, 'Cannot create file') - - post v3_api("/projects/#{project.id}/repository/files", user), valid_params - - expect(response).to have_gitlab_http_status(400) - end - - context "when specifying an author" do - it "creates a new file with the specified author" do - valid_params.merge!(author_email: author_email, author_name: author_name) - - post v3_api("/projects/#{project.id}/repository/files", user), valid_params - - expect(response).to have_gitlab_http_status(201) - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(author_email) - expect(last_commit.author_name).to eq(author_name) - end - end - - context 'when the repo is empty' do - let!(:project) { create(:project_empty_repo, namespace: user.namespace ) } - - it "creates a new file in project repo" do - post v3_api("/projects/#{project.id}/repository/files", user), valid_params - - expect(response).to have_gitlab_http_status(201) - expect(json_response['file_path']).to eq('newfile.rb') - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(user.email) - expect(last_commit.author_name).to eq(user.name) - end - end - end - - describe "PUT /projects/:id/repository/files" do - let(:valid_params) do - { - file_path: file_path, - branch_name: 'master', - content: 'puts 8', - commit_message: 'Changed file' - } - end - - it "updates existing file in project repo" do - put v3_api("/projects/#{project.id}/repository/files", user), valid_params - - expect(response).to have_gitlab_http_status(200) - expect(json_response['file_path']).to eq(file_path) - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(user.email) - expect(last_commit.author_name).to eq(user.name) - end - - it "returns a 400 bad request if no params given" do - put v3_api("/projects/#{project.id}/repository/files", user) - - expect(response).to have_gitlab_http_status(400) - end - - context "when specifying an author" do - it "updates a file with the specified author" do - valid_params.merge!(author_email: author_email, author_name: author_name, content: "New content") - - put v3_api("/projects/#{project.id}/repository/files", user), valid_params - - expect(response).to have_gitlab_http_status(200) - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(author_email) - expect(last_commit.author_name).to eq(author_name) - end - end - end - - describe "DELETE /projects/:id/repository/files" do - let(:valid_params) do - { - file_path: file_path, - branch_name: 'master', - commit_message: 'Changed file' - } - end - - it "deletes existing file in project repo" do - delete v3_api("/projects/#{project.id}/repository/files", user), valid_params - - expect(response).to have_gitlab_http_status(200) - expect(json_response['file_path']).to eq(file_path) - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(user.email) - expect(last_commit.author_name).to eq(user.name) - end - - it "returns a 400 bad request if no params given" do - delete v3_api("/projects/#{project.id}/repository/files", user) - - expect(response).to have_gitlab_http_status(400) - end - - it "returns a 400 if fails to delete file" do - allow_any_instance_of(Repository).to receive(:delete_file).and_raise(Gitlab::Git::CommitError, 'Cannot delete file') - - delete v3_api("/projects/#{project.id}/repository/files", user), valid_params - - expect(response).to have_gitlab_http_status(400) - end - - context "when specifying an author" do - it "removes a file with the specified author" do - valid_params.merge!(author_email: author_email, author_name: author_name) - - delete v3_api("/projects/#{project.id}/repository/files", user), valid_params - - expect(response).to have_gitlab_http_status(200) - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(author_email) - expect(last_commit.author_name).to eq(author_name) - end - end - end - - describe "POST /projects/:id/repository/files with binary file" do - let(:file_path) { 'test.bin' } - let(:put_params) do - { - file_path: file_path, - branch_name: 'master', - content: 'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABAQMAAAAl21bKAAAAA1BMVEUAAACnej3aAAAAAXRSTlMAQObYZgAAAApJREFUCNdjYAAAAAIAAeIhvDMAAAAASUVORK5CYII=', - commit_message: 'Binary file with a \n should not be touched', - encoding: 'base64' - } - end - let(:get_params) do - { - file_path: file_path, - ref: 'master' - } - end - - before do - post v3_api("/projects/#{project.id}/repository/files", user), put_params - end - - it "remains unchanged" do - get v3_api("/projects/#{project.id}/repository/files", user), get_params - - expect(response).to have_gitlab_http_status(200) - expect(json_response['file_path']).to eq(file_path) - expect(json_response['file_name']).to eq(file_path) - expect(json_response['content']).to eq(put_params[:content]) - end - end -end diff --git a/spec/requests/api/v3/groups_spec.rb b/spec/requests/api/v3/groups_spec.rb deleted file mode 100644 index a1cdf583de3..00000000000 --- a/spec/requests/api/v3/groups_spec.rb +++ /dev/null @@ -1,564 +0,0 @@ -require 'spec_helper' - -describe API::V3::Groups do - include UploadHelpers - - let(:user1) { create(:user, can_create_group: false) } - let(:user2) { create(:user) } - let(:user3) { create(:user) } - let(:admin) { create(:admin) } - let!(:group1) { create(:group, avatar: File.open(uploaded_image_temp_path)) } - let!(:group2) { create(:group, :private) } - let!(:project1) { create(:project, namespace: group1) } - let!(:project2) { create(:project, namespace: group2) } - let!(:project3) { create(:project, namespace: group1, path: 'test', visibility_level: Gitlab::VisibilityLevel::PRIVATE) } - - before do - group1.add_owner(user1) - group2.add_owner(user2) - end - - describe "GET /groups" do - context "when unauthenticated" do - it "returns authentication error" do - get v3_api("/groups") - - expect(response).to have_gitlab_http_status(401) - end - end - - context "when authenticated as user" do - it "normal user: returns an array of groups of user1" do - get v3_api("/groups", user1) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response) - .to satisfy_one { |group| group['name'] == group1.name } - end - - it "does not include statistics" do - get v3_api("/groups", user1), statistics: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first).not_to include 'statistics' - end - end - - context "when authenticated as admin" do - it "admin: returns an array of all groups" do - get v3_api("/groups", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - end - - it "does not include statistics by default" do - get v3_api("/groups", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first).not_to include('statistics') - end - - it "includes statistics if requested" do - attributes = { - storage_size: 702, - repository_size: 123, - lfs_objects_size: 234, - build_artifacts_size: 345 - }.stringify_keys - - project1.statistics.update!(attributes) - - get v3_api("/groups", admin), statistics: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response) - .to satisfy_one { |group| group['statistics'] == attributes } - end - end - - context "when using skip_groups in request" do - it "returns all groups excluding skipped groups" do - get v3_api("/groups", admin), skip_groups: [group2.id] - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - end - end - - context "when using all_available in request" do - let(:response_groups) { json_response.map { |group| group['name'] } } - - it "returns all groups you have access to" do - public_group = create :group, :public - - get v3_api("/groups", user1), all_available: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_groups).to contain_exactly(public_group.name, group1.name) - end - end - - context "when using sorting" do - let(:group3) { create(:group, name: "a#{group1.name}", path: "z#{group1.path}") } - let(:response_groups) { json_response.map { |group| group['name'] } } - - before do - group3.add_owner(user1) - end - - it "sorts by name ascending by default" do - get v3_api("/groups", user1) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_groups).to eq([group3.name, group1.name]) - end - - it "sorts in descending order when passed" do - get v3_api("/groups", user1), sort: "desc" - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_groups).to eq([group1.name, group3.name]) - end - - it "sorts by the order_by param" do - get v3_api("/groups", user1), order_by: "path" - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_groups).to eq([group1.name, group3.name]) - end - end - end - - describe 'GET /groups/owned' do - context 'when unauthenticated' do - it 'returns authentication error' do - get v3_api('/groups/owned') - - expect(response).to have_gitlab_http_status(401) - end - end - - context 'when authenticated as group owner' do - it 'returns an array of groups the user owns' do - get v3_api('/groups/owned', user2) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(group2.name) - end - end - end - - describe "GET /groups/:id" do - context "when authenticated as user" do - it "returns one of user1's groups" do - project = create(:project, namespace: group2, path: 'Foo') - create(:project_group_link, project: project, group: group1) - - get v3_api("/groups/#{group1.id}", user1) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['id']).to eq(group1.id) - expect(json_response['name']).to eq(group1.name) - expect(json_response['path']).to eq(group1.path) - expect(json_response['description']).to eq(group1.description) - expect(json_response['visibility_level']).to eq(group1.visibility_level) - expect(json_response['avatar_url']).to eq(group1.avatar_url(only_path: false)) - expect(json_response['web_url']).to eq(group1.web_url) - expect(json_response['request_access_enabled']).to eq(group1.request_access_enabled) - expect(json_response['full_name']).to eq(group1.full_name) - expect(json_response['full_path']).to eq(group1.full_path) - expect(json_response['parent_id']).to eq(group1.parent_id) - expect(json_response['projects']).to be_an Array - expect(json_response['projects'].length).to eq(2) - expect(json_response['shared_projects']).to be_an Array - expect(json_response['shared_projects'].length).to eq(1) - expect(json_response['shared_projects'][0]['id']).to eq(project.id) - end - - it "does not return a non existing group" do - get v3_api("/groups/1328", user1) - - expect(response).to have_gitlab_http_status(404) - end - - it "does not return a group not attached to user1" do - get v3_api("/groups/#{group2.id}", user1) - - expect(response).to have_gitlab_http_status(404) - end - end - - context "when authenticated as admin" do - it "returns any existing group" do - get v3_api("/groups/#{group2.id}", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq(group2.name) - end - - it "does not return a non existing group" do - get v3_api("/groups/1328", admin) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when using group path in URL' do - it 'returns any existing group' do - get v3_api("/groups/#{group1.path}", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq(group1.name) - end - - it 'does not return a non existing group' do - get v3_api('/groups/unknown', admin) - - expect(response).to have_gitlab_http_status(404) - end - - it 'does not return a group not attached to user1' do - get v3_api("/groups/#{group2.path}", user1) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe 'PUT /groups/:id' do - let(:new_group_name) { 'New Group'} - - context 'when authenticated as the group owner' do - it 'updates the group' do - put v3_api("/groups/#{group1.id}", user1), name: new_group_name, request_access_enabled: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq(new_group_name) - expect(json_response['request_access_enabled']).to eq(true) - end - - it 'returns 404 for a non existing group' do - put v3_api('/groups/1328', user1), name: new_group_name - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when authenticated as the admin' do - it 'updates the group' do - put v3_api("/groups/#{group1.id}", admin), name: new_group_name - - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq(new_group_name) - end - end - - context 'when authenticated as an user that can see the group' do - it 'does not updates the group' do - put v3_api("/groups/#{group1.id}", user2), name: new_group_name - - expect(response).to have_gitlab_http_status(403) - end - end - - context 'when authenticated as an user that cannot see the group' do - it 'returns 404 when trying to update the group' do - put v3_api("/groups/#{group2.id}", user1), name: new_group_name - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe "GET /groups/:id/projects" do - context "when authenticated as user" do - it "returns the group's projects" do - get v3_api("/groups/#{group1.id}/projects", user1) - - expect(response).to have_gitlab_http_status(200) - expect(json_response.length).to eq(2) - project_names = json_response.map { |proj| proj['name'] } - expect(project_names).to match_array([project1.name, project3.name]) - expect(json_response.first['visibility_level']).to be_present - end - - it "returns the group's projects with simple representation" do - get v3_api("/groups/#{group1.id}/projects", user1), simple: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response.length).to eq(2) - project_names = json_response.map { |proj| proj['name'] } - expect(project_names).to match_array([project1.name, project3.name]) - expect(json_response.first['visibility_level']).not_to be_present - end - - it 'filters the groups projects' do - public_project = create(:project, :public, path: 'test1', group: group1) - - get v3_api("/groups/#{group1.id}/projects", user1), visibility: 'public' - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an(Array) - expect(json_response.length).to eq(1) - expect(json_response.first['name']).to eq(public_project.name) - end - - it "does not return a non existing group" do - get v3_api("/groups/1328/projects", user1) - - expect(response).to have_gitlab_http_status(404) - end - - it "does not return a group not attached to user1" do - get v3_api("/groups/#{group2.id}/projects", user1) - - expect(response).to have_gitlab_http_status(404) - end - - it "only returns projects to which user has access" do - project3.add_developer(user3) - - get v3_api("/groups/#{group1.id}/projects", user3) - - expect(response).to have_gitlab_http_status(200) - expect(json_response.length).to eq(1) - expect(json_response.first['name']).to eq(project3.name) - end - - it 'only returns the projects owned by user' do - project2.group.add_owner(user3) - - get v3_api("/groups/#{project2.group.id}/projects", user3), owned: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response.length).to eq(1) - expect(json_response.first['name']).to eq(project2.name) - end - - it 'only returns the projects starred by user' do - user1.starred_projects = [project1] - - get v3_api("/groups/#{group1.id}/projects", user1), starred: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response.length).to eq(1) - expect(json_response.first['name']).to eq(project1.name) - end - end - - context "when authenticated as admin" do - it "returns any existing group" do - get v3_api("/groups/#{group2.id}/projects", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response.length).to eq(1) - expect(json_response.first['name']).to eq(project2.name) - end - - it "does not return a non existing group" do - get v3_api("/groups/1328/projects", admin) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when using group path in URL' do - it 'returns any existing group' do - get v3_api("/groups/#{group1.path}/projects", admin) - - expect(response).to have_gitlab_http_status(200) - project_names = json_response.map { |proj| proj['name'] } - expect(project_names).to match_array([project1.name, project3.name]) - end - - it 'does not return a non existing group' do - get v3_api('/groups/unknown/projects', admin) - - expect(response).to have_gitlab_http_status(404) - end - - it 'does not return a group not attached to user1' do - get v3_api("/groups/#{group2.path}/projects", user1) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe "POST /groups" do - context "when authenticated as user without group permissions" do - it "does not create group" do - post v3_api("/groups", user1), attributes_for(:group) - - expect(response).to have_gitlab_http_status(403) - end - end - - context "when authenticated as user with group permissions" do - it "creates group" do - group = attributes_for(:group, { request_access_enabled: false }) - - post v3_api("/groups", user3), group - - expect(response).to have_gitlab_http_status(201) - - expect(json_response["name"]).to eq(group[:name]) - expect(json_response["path"]).to eq(group[:path]) - expect(json_response["request_access_enabled"]).to eq(group[:request_access_enabled]) - end - - it "creates a nested group", :nested_groups do - parent = create(:group) - parent.add_owner(user3) - group = attributes_for(:group, { parent_id: parent.id }) - - post v3_api("/groups", user3), group - - expect(response).to have_gitlab_http_status(201) - - expect(json_response["full_path"]).to eq("#{parent.path}/#{group[:path]}") - expect(json_response["parent_id"]).to eq(parent.id) - end - - it "does not create group, duplicate" do - post v3_api("/groups", user3), { name: 'Duplicate Test', path: group2.path } - - expect(response).to have_gitlab_http_status(400) - expect(response.message).to eq("Bad Request") - end - - it "returns 400 bad request error if name not given" do - post v3_api("/groups", user3), { path: group2.path } - - expect(response).to have_gitlab_http_status(400) - end - - it "returns 400 bad request error if path not given" do - post v3_api("/groups", user3), { name: 'test' } - - expect(response).to have_gitlab_http_status(400) - end - end - end - - describe "DELETE /groups/:id" do - context "when authenticated as user" do - it "removes group" do - delete v3_api("/groups/#{group1.id}", user1) - - expect(response).to have_gitlab_http_status(200) - end - - it "does not remove a group if not an owner" do - user4 = create(:user) - group1.add_master(user4) - - delete v3_api("/groups/#{group1.id}", user3) - - expect(response).to have_gitlab_http_status(403) - end - - it "does not remove a non existing group" do - delete v3_api("/groups/1328", user1) - - expect(response).to have_gitlab_http_status(404) - end - - it "does not remove a group not attached to user1" do - delete v3_api("/groups/#{group2.id}", user1) - - expect(response).to have_gitlab_http_status(404) - end - end - - context "when authenticated as admin" do - it "removes any existing group" do - delete v3_api("/groups/#{group2.id}", admin) - - expect(response).to have_gitlab_http_status(200) - end - - it "does not remove a non existing group" do - delete v3_api("/groups/1328", admin) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe "POST /groups/:id/projects/:project_id" do - let(:project) { create(:project) } - let(:project_path) { CGI.escape(project.full_path) } - - before do - allow_any_instance_of(Projects::TransferService) - .to receive(:execute).and_return(true) - end - - context "when authenticated as user" do - it "does not transfer project to group" do - post v3_api("/groups/#{group1.id}/projects/#{project.id}", user2) - - expect(response).to have_gitlab_http_status(403) - end - end - - context "when authenticated as admin" do - it "transfers project to group" do - post v3_api("/groups/#{group1.id}/projects/#{project.id}", admin) - - expect(response).to have_gitlab_http_status(201) - end - - context 'when using project path in URL' do - context 'with a valid project path' do - it "transfers project to group" do - post v3_api("/groups/#{group1.id}/projects/#{project_path}", admin) - - expect(response).to have_gitlab_http_status(201) - end - end - - context 'with a non-existent project path' do - it "does not transfer project to group" do - post v3_api("/groups/#{group1.id}/projects/nogroup%2Fnoproject", admin) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - context 'when using a group path in URL' do - context 'with a valid group path' do - it "transfers project to group" do - post v3_api("/groups/#{group1.path}/projects/#{project_path}", admin) - - expect(response).to have_gitlab_http_status(201) - end - end - - context 'with a non-existent group path' do - it "does not transfer project to group" do - post v3_api("/groups/noexist/projects/#{project_path}", admin) - - expect(response).to have_gitlab_http_status(404) - end - end - end - end - end -end diff --git a/spec/requests/api/v3/issues_spec.rb b/spec/requests/api/v3/issues_spec.rb deleted file mode 100644 index 11b5469be7b..00000000000 --- a/spec/requests/api/v3/issues_spec.rb +++ /dev/null @@ -1,1298 +0,0 @@ -require 'spec_helper' - -describe API::V3::Issues do - set(:user) { create(:user) } - set(:user2) { create(:user) } - set(:non_member) { create(:user) } - set(:guest) { create(:user) } - set(:author) { create(:author) } - set(:assignee) { create(:assignee) } - set(:admin) { create(:user, :admin) } - let!(:project) { create(:project, :public, creator_id: user.id, namespace: user.namespace ) } - let!(:closed_issue) do - create :closed_issue, - author: user, - assignees: [user], - project: project, - state: :closed, - milestone: milestone, - created_at: generate(:past_time), - updated_at: 3.hours.ago - end - let!(:confidential_issue) do - create :issue, - :confidential, - project: project, - author: author, - assignees: [assignee], - created_at: generate(:past_time), - updated_at: 2.hours.ago - end - let!(:issue) do - create :issue, - author: user, - assignees: [user], - project: project, - milestone: milestone, - created_at: generate(:past_time), - updated_at: 1.hour.ago - end - let!(:label) do - create(:label, title: 'label', color: '#FFAABB', project: project) - end - let!(:label_link) { create(:label_link, label: label, target: issue) } - let!(:milestone) { create(:milestone, title: '1.0.0', project: project) } - let!(:empty_milestone) do - create(:milestone, title: '2.0.0', project: project) - end - let!(:note) { create(:note_on_issue, author: user, project: project, noteable: issue) } - - let(:no_milestone_title) { URI.escape(Milestone::None.title) } - - before do - project.add_reporter(user) - project.add_guest(guest) - end - - describe "GET /issues" do - context "when unauthenticated" do - it "returns authentication error" do - get v3_api("/issues") - - expect(response).to have_gitlab_http_status(401) - end - end - - context "when authenticated" do - it "returns an array of issues" do - get v3_api("/issues", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(issue.title) - expect(json_response.last).to have_key('web_url') - end - - it 'returns an array of closed issues' do - get v3_api('/issues?state=closed', user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(closed_issue.id) - end - - it 'returns an array of opened issues' do - get v3_api('/issues?state=opened', user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(issue.id) - end - - it 'returns an array of all issues' do - get v3_api('/issues?state=all', user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['id']).to eq(issue.id) - expect(json_response.second['id']).to eq(closed_issue.id) - end - - it 'returns an array of labeled issues' do - get v3_api("/issues?labels=#{label.title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label.title]) - end - - it 'returns an array of labeled issues when at least one label matches' do - get v3_api("/issues?labels=#{label.title},foo,bar", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label.title]) - end - - it 'returns an empty array if no issue matches labels' do - get v3_api('/issues?labels=foo,bar', user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an array of labeled issues matching given state' do - get v3_api("/issues?labels=#{label.title}&state=opened", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label.title]) - expect(json_response.first['state']).to eq('opened') - end - - it 'returns an empty array if no issue matches labels and state filters' do - get v3_api("/issues?labels=#{label.title}&state=closed", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an empty array if no issue matches milestone' do - get v3_api("/issues?milestone=#{empty_milestone.title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an empty array if milestone does not exist' do - get v3_api("/issues?milestone=foo", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an array of issues in given milestone' do - get v3_api("/issues?milestone=#{milestone.title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['id']).to eq(issue.id) - expect(json_response.second['id']).to eq(closed_issue.id) - end - - it 'returns an array of issues matching state in milestone' do - get v3_api("/issues?milestone=#{milestone.title}", user), - '&state=closed' - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(closed_issue.id) - end - - it 'returns an array of issues with no milestone' do - get v3_api("/issues?milestone=#{no_milestone_title}", author) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(confidential_issue.id) - end - - it 'sorts by created_at descending by default' do - get v3_api('/issues', user) - - response_dates = json_response.map { |issue| issue['created_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort.reverse) - end - - it 'sorts ascending when requested' do - get v3_api('/issues?sort=asc', user) - - response_dates = json_response.map { |issue| issue['created_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort) - end - - it 'sorts by updated_at descending when requested' do - get v3_api('/issues?order_by=updated_at', user) - - response_dates = json_response.map { |issue| issue['updated_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort.reverse) - end - - it 'sorts by updated_at ascending when requested' do - get v3_api('/issues?order_by=updated_at&sort=asc', user) - - response_dates = json_response.map { |issue| issue['updated_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort) - end - - it 'matches V3 response schema' do - get v3_api('/issues', user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to match_response_schema('public_api/v3/issues') - end - end - end - - describe "GET /groups/:id/issues" do - let!(:group) { create(:group) } - let!(:group_project) { create(:project, :public, creator_id: user.id, namespace: group) } - let!(:group_closed_issue) do - create :closed_issue, - author: user, - assignees: [user], - project: group_project, - state: :closed, - milestone: group_milestone, - updated_at: 3.hours.ago - end - let!(:group_confidential_issue) do - create :issue, - :confidential, - project: group_project, - author: author, - assignees: [assignee], - updated_at: 2.hours.ago - end - let!(:group_issue) do - create :issue, - author: user, - assignees: [user], - project: group_project, - milestone: group_milestone, - updated_at: 1.hour.ago - end - let!(:group_label) do - create(:label, title: 'group_lbl', color: '#FFAABB', project: group_project) - end - let!(:group_label_link) { create(:label_link, label: group_label, target: group_issue) } - let!(:group_milestone) { create(:milestone, title: '3.0.0', project: group_project) } - let!(:group_empty_milestone) do - create(:milestone, title: '4.0.0', project: group_project) - end - let!(:group_note) { create(:note_on_issue, author: user, project: group_project, noteable: group_issue) } - - before do - group_project.add_reporter(user) - end - let(:base_url) { "/groups/#{group.id}/issues" } - - it 'returns all group issues (including opened and closed)' do - get v3_api(base_url, admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - end - - it 'returns group issues without confidential issues for non project members' do - get v3_api("#{base_url}?state=opened", non_member) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['title']).to eq(group_issue.title) - end - - it 'returns group confidential issues for author' do - get v3_api("#{base_url}?state=opened", author) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - end - - it 'returns group confidential issues for assignee' do - get v3_api("#{base_url}?state=opened", assignee) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - end - - it 'returns group issues with confidential issues for project members' do - get v3_api("#{base_url}?state=opened", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - end - - it 'returns group confidential issues for admin' do - get v3_api("#{base_url}?state=opened", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - end - - it 'returns an array of labeled group issues' do - get v3_api("#{base_url}?labels=#{group_label.title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([group_label.title]) - end - - it 'returns an array of labeled group issues where all labels match' do - get v3_api("#{base_url}?labels=#{group_label.title},foo,bar", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an empty array if no group issue matches labels' do - get v3_api("#{base_url}?labels=foo,bar", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an empty array if no issue matches milestone' do - get v3_api("#{base_url}?milestone=#{group_empty_milestone.title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an empty array if milestone does not exist' do - get v3_api("#{base_url}?milestone=foo", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an array of issues in given milestone' do - get v3_api("#{base_url}?state=opened&milestone=#{group_milestone.title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(group_issue.id) - end - - it 'returns an array of issues matching state in milestone' do - get v3_api("#{base_url}?milestone=#{group_milestone.title}", user), - '&state=closed' - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(group_closed_issue.id) - end - - it 'returns an array of issues with no milestone' do - get v3_api("#{base_url}?milestone=#{no_milestone_title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(group_confidential_issue.id) - end - - it 'sorts by created_at descending by default' do - get v3_api(base_url, user) - - response_dates = json_response.map { |issue| issue['created_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort.reverse) - end - - it 'sorts ascending when requested' do - get v3_api("#{base_url}?sort=asc", user) - - response_dates = json_response.map { |issue| issue['created_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort) - end - - it 'sorts by updated_at descending when requested' do - get v3_api("#{base_url}?order_by=updated_at", user) - - response_dates = json_response.map { |issue| issue['updated_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort.reverse) - end - - it 'sorts by updated_at ascending when requested' do - get v3_api("#{base_url}?order_by=updated_at&sort=asc", user) - - response_dates = json_response.map { |issue| issue['updated_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort) - end - end - - describe "GET /projects/:id/issues" do - let(:base_url) { "/projects/#{project.id}" } - - it 'returns 404 when project does not exist' do - get v3_api('/projects/1000/issues', non_member) - - expect(response).to have_gitlab_http_status(404) - end - - it "returns 404 on private projects for other users" do - private_project = create(:project, :private) - create(:issue, project: private_project) - - get v3_api("/projects/#{private_project.id}/issues", non_member) - - expect(response).to have_gitlab_http_status(404) - end - - it 'returns no issues when user has access to project but not issues' do - restricted_project = create(:project, :public, issues_access_level: ProjectFeature::PRIVATE) - create(:issue, project: restricted_project) - - get v3_api("/projects/#{restricted_project.id}/issues", non_member) - - expect(json_response).to eq([]) - end - - it 'returns project issues without confidential issues for non project members' do - get v3_api("#{base_url}/issues", non_member) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['title']).to eq(issue.title) - end - - it 'returns project issues without confidential issues for project members with guest role' do - get v3_api("#{base_url}/issues", guest) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['title']).to eq(issue.title) - end - - it 'returns project confidential issues for author' do - get v3_api("#{base_url}/issues", author) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.first['title']).to eq(issue.title) - end - - it 'returns project confidential issues for assignee' do - get v3_api("#{base_url}/issues", assignee) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.first['title']).to eq(issue.title) - end - - it 'returns project issues with confidential issues for project members' do - get v3_api("#{base_url}/issues", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.first['title']).to eq(issue.title) - end - - it 'returns project confidential issues for admin' do - get v3_api("#{base_url}/issues", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.first['title']).to eq(issue.title) - end - - it 'returns an array of labeled project issues' do - get v3_api("#{base_url}/issues?labels=#{label.title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label.title]) - end - - it 'returns an array of labeled project issues where all labels match' do - get v3_api("#{base_url}/issues?labels=#{label.title},foo,bar", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['labels']).to eq([label.title]) - end - - it 'returns an empty array if no project issue matches labels' do - get v3_api("#{base_url}/issues?labels=foo,bar", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an empty array if no issue matches milestone' do - get v3_api("#{base_url}/issues?milestone=#{empty_milestone.title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an empty array if milestone does not exist' do - get v3_api("#{base_url}/issues?milestone=foo", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'returns an array of issues in given milestone' do - get v3_api("#{base_url}/issues?milestone=#{milestone.title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['id']).to eq(issue.id) - expect(json_response.second['id']).to eq(closed_issue.id) - end - - it 'returns an array of issues matching state in milestone' do - get v3_api("#{base_url}/issues?milestone=#{milestone.title}", user), - '&state=closed' - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(closed_issue.id) - end - - it 'returns an array of issues with no milestone' do - get v3_api("#{base_url}/issues?milestone=#{no_milestone_title}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(confidential_issue.id) - end - - it 'sorts by created_at descending by default' do - get v3_api("#{base_url}/issues", user) - - response_dates = json_response.map { |issue| issue['created_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort.reverse) - end - - it 'sorts ascending when requested' do - get v3_api("#{base_url}/issues?sort=asc", user) - - response_dates = json_response.map { |issue| issue['created_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort) - end - - it 'sorts by updated_at descending when requested' do - get v3_api("#{base_url}/issues?order_by=updated_at", user) - - response_dates = json_response.map { |issue| issue['updated_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort.reverse) - end - - it 'sorts by updated_at ascending when requested' do - get v3_api("#{base_url}/issues?order_by=updated_at&sort=asc", user) - - response_dates = json_response.map { |issue| issue['updated_at'] } - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(response_dates).to eq(response_dates.sort) - end - end - - describe "GET /projects/:id/issues/:issue_id" do - it 'exposes known attributes' do - get v3_api("/projects/#{project.id}/issues/#{issue.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['id']).to eq(issue.id) - expect(json_response['iid']).to eq(issue.iid) - expect(json_response['project_id']).to eq(issue.project.id) - expect(json_response['title']).to eq(issue.title) - expect(json_response['description']).to eq(issue.description) - expect(json_response['state']).to eq(issue.state) - expect(json_response['created_at']).to be_present - expect(json_response['updated_at']).to be_present - expect(json_response['labels']).to eq(issue.label_names) - expect(json_response['milestone']).to be_a Hash - expect(json_response['assignee']).to be_a Hash - expect(json_response['author']).to be_a Hash - expect(json_response['confidential']).to be_falsy - end - - it "returns a project issue by id" do - get v3_api("/projects/#{project.id}/issues/#{issue.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq(issue.title) - expect(json_response['iid']).to eq(issue.iid) - end - - it 'returns a project issue by iid' do - get v3_api("/projects/#{project.id}/issues?iid=#{issue.iid}", user) - - expect(response.status).to eq 200 - expect(json_response.length).to eq 1 - expect(json_response.first['title']).to eq issue.title - expect(json_response.first['id']).to eq issue.id - expect(json_response.first['iid']).to eq issue.iid - end - - it 'returns an empty array for an unknown project issue iid' do - get v3_api("/projects/#{project.id}/issues?iid=#{issue.iid + 10}", user) - - expect(response.status).to eq 200 - expect(json_response.length).to eq 0 - end - - it "returns 404 if issue id not found" do - get v3_api("/projects/#{project.id}/issues/54321", user) - - expect(response).to have_gitlab_http_status(404) - end - - context 'confidential issues' do - it "returns 404 for non project members" do - get v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", non_member) - - expect(response).to have_gitlab_http_status(404) - end - - it "returns 404 for project members with guest role" do - get v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", guest) - - expect(response).to have_gitlab_http_status(404) - end - - it "returns confidential issue for project members" do - get v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq(confidential_issue.title) - expect(json_response['iid']).to eq(confidential_issue.iid) - end - - it "returns confidential issue for author" do - get v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", author) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq(confidential_issue.title) - expect(json_response['iid']).to eq(confidential_issue.iid) - end - - it "returns confidential issue for assignee" do - get v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", assignee) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq(confidential_issue.title) - expect(json_response['iid']).to eq(confidential_issue.iid) - end - - it "returns confidential issue for admin" do - get v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq(confidential_issue.title) - expect(json_response['iid']).to eq(confidential_issue.iid) - end - end - end - - describe "POST /projects/:id/issues" do - it 'creates a new project issue' do - post v3_api("/projects/#{project.id}/issues", user), - title: 'new issue', labels: 'label, label2', assignee_id: assignee.id - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('new issue') - expect(json_response['description']).to be_nil - expect(json_response['labels']).to eq(%w(label label2)) - expect(json_response['confidential']).to be_falsy - expect(json_response['assignee']['name']).to eq(assignee.name) - end - - it 'creates a new confidential project issue' do - post v3_api("/projects/#{project.id}/issues", user), - title: 'new issue', confidential: true - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('new issue') - expect(json_response['confidential']).to be_truthy - end - - it 'creates a new confidential project issue with a different param' do - post v3_api("/projects/#{project.id}/issues", user), - title: 'new issue', confidential: 'y' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('new issue') - expect(json_response['confidential']).to be_truthy - end - - it 'creates a public issue when confidential param is false' do - post v3_api("/projects/#{project.id}/issues", user), - title: 'new issue', confidential: false - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('new issue') - expect(json_response['confidential']).to be_falsy - end - - it 'creates a public issue when confidential param is invalid' do - post v3_api("/projects/#{project.id}/issues", user), - title: 'new issue', confidential: 'foo' - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('confidential is invalid') - end - - it "returns a 400 bad request if title not given" do - post v3_api("/projects/#{project.id}/issues", user), labels: 'label, label2' - - expect(response).to have_gitlab_http_status(400) - end - - it 'allows special label names' do - post v3_api("/projects/#{project.id}/issues", user), - title: 'new issue', - labels: 'label, label?, label&foo, ?, &' - - expect(response.status).to eq(201) - expect(json_response['labels']).to include 'label' - expect(json_response['labels']).to include 'label?' - expect(json_response['labels']).to include 'label&foo' - expect(json_response['labels']).to include '?' - expect(json_response['labels']).to include '&' - end - - it 'returns 400 if title is too long' do - post v3_api("/projects/#{project.id}/issues", user), - title: 'g' * 256 - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']['title']).to eq([ - 'is too long (maximum is 255 characters)' - ]) - end - - context 'resolving issues in a merge request' do - set(:diff_note_on_merge_request) { create(:diff_note_on_merge_request) } - let(:discussion) { diff_note_on_merge_request.to_discussion } - let(:merge_request) { discussion.noteable } - let(:project) { merge_request.source_project } - before do - project.add_master(user) - post v3_api("/projects/#{project.id}/issues", user), - title: 'New Issue', - merge_request_for_resolving_discussions: merge_request.iid - end - - it 'creates a new project issue' do - expect(response).to have_gitlab_http_status(:created) - end - - it 'resolves the discussions in a merge request' do - discussion.first_note.reload - - expect(discussion.resolved?).to be(true) - end - - it 'assigns a description to the issue mentioning the merge request' do - expect(json_response['description']).to include(merge_request.to_reference) - end - end - - context 'with due date' do - it 'creates a new project issue' do - due_date = 2.weeks.from_now.strftime('%Y-%m-%d') - - post v3_api("/projects/#{project.id}/issues", user), - title: 'new issue', due_date: due_date - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('new issue') - expect(json_response['description']).to be_nil - expect(json_response['due_date']).to eq(due_date) - end - end - - context 'when an admin or owner makes the request' do - it 'accepts the creation date to be set' do - creation_time = 2.weeks.ago - post v3_api("/projects/#{project.id}/issues", user), - title: 'new issue', labels: 'label, label2', created_at: creation_time - - expect(response).to have_gitlab_http_status(201) - expect(Time.parse(json_response['created_at'])).to be_like_time(creation_time) - end - end - - context 'the user can only read the issue' do - it 'cannot create new labels' do - expect do - post v3_api("/projects/#{project.id}/issues", non_member), title: 'new issue', labels: 'label, label2' - end.not_to change { project.labels.count } - end - end - end - - describe 'POST /projects/:id/issues with spam filtering' do - before do - allow_any_instance_of(SpamService).to receive(:check_for_spam?).and_return(true) - allow_any_instance_of(AkismetService).to receive_messages(spam?: true) - end - - let(:params) do - { - title: 'new issue', - description: 'content here', - labels: 'label, label2' - } - end - - it "does not create a new project issue" do - expect { post v3_api("/projects/#{project.id}/issues", user), params }.not_to change(Issue, :count) - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq({ "error" => "Spam detected" }) - - spam_logs = SpamLog.all - - expect(spam_logs.count).to eq(1) - expect(spam_logs[0].title).to eq('new issue') - expect(spam_logs[0].description).to eq('content here') - expect(spam_logs[0].user).to eq(user) - expect(spam_logs[0].noteable_type).to eq('Issue') - end - end - - describe "PUT /projects/:id/issues/:issue_id to update only title" do - it "updates a project issue" do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), - title: 'updated title' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq('updated title') - end - - it "returns 404 error if issue id not found" do - put v3_api("/projects/#{project.id}/issues/44444", user), - title: 'updated title' - - expect(response).to have_gitlab_http_status(404) - end - - it 'allows special label names' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), - title: 'updated title', - labels: 'label, label?, label&foo, ?, &' - - expect(response.status).to eq(200) - expect(json_response['labels']).to include 'label' - expect(json_response['labels']).to include 'label?' - expect(json_response['labels']).to include 'label&foo' - expect(json_response['labels']).to include '?' - expect(json_response['labels']).to include '&' - end - - context 'confidential issues' do - it "returns 403 for non project members" do - put v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", non_member), - title: 'updated title' - - expect(response).to have_gitlab_http_status(403) - end - - it "returns 403 for project members with guest role" do - put v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", guest), - title: 'updated title' - - expect(response).to have_gitlab_http_status(403) - end - - it "updates a confidential issue for project members" do - put v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", user), - title: 'updated title' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq('updated title') - end - - it "updates a confidential issue for author" do - put v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", author), - title: 'updated title' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq('updated title') - end - - it "updates a confidential issue for admin" do - put v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", admin), - title: 'updated title' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq('updated title') - end - - it 'sets an issue to confidential' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), - confidential: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response['confidential']).to be_truthy - end - - it 'makes a confidential issue public' do - put v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", user), - confidential: false - - expect(response).to have_gitlab_http_status(200) - expect(json_response['confidential']).to be_falsy - end - - it 'does not update a confidential issue with wrong confidential flag' do - put v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}", user), - confidential: 'foo' - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('confidential is invalid') - end - end - end - - describe 'PUT /projects/:id/issues/:issue_id with spam filtering' do - let(:params) do - { - title: 'updated title', - description: 'content here', - labels: 'label, label2' - } - end - - it "does not create a new project issue" do - allow_any_instance_of(SpamService).to receive_messages(check_for_spam?: true) - allow_any_instance_of(AkismetService).to receive_messages(spam?: true) - - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), params - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq({ "error" => "Spam detected" }) - - spam_logs = SpamLog.all - expect(spam_logs.count).to eq(1) - expect(spam_logs[0].title).to eq('updated title') - expect(spam_logs[0].description).to eq('content here') - expect(spam_logs[0].user).to eq(user) - expect(spam_logs[0].noteable_type).to eq('Issue') - end - end - - describe 'PUT /projects/:id/issues/:issue_id to update labels' do - let!(:label) { create(:label, title: 'dummy', project: project) } - let!(:label_link) { create(:label_link, label: label, target: issue) } - - it 'does not update labels if not present' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), - title: 'updated title' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['labels']).to eq([label.title]) - end - - it 'removes all labels' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), labels: '' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['labels']).to eq([]) - end - - it 'updates labels' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), - labels: 'foo,bar' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['labels']).to include 'foo' - expect(json_response['labels']).to include 'bar' - end - - it 'allows special label names' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), - labels: 'label:foo, label-bar,label_bar,label/bar,label?bar,label&bar,?,&' - - expect(response.status).to eq(200) - expect(json_response['labels']).to include 'label:foo' - expect(json_response['labels']).to include 'label-bar' - expect(json_response['labels']).to include 'label_bar' - expect(json_response['labels']).to include 'label/bar' - expect(json_response['labels']).to include 'label?bar' - expect(json_response['labels']).to include 'label&bar' - expect(json_response['labels']).to include '?' - expect(json_response['labels']).to include '&' - end - - it 'returns 400 if title is too long' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), - title: 'g' * 256 - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']['title']).to eq([ - 'is too long (maximum is 255 characters)' - ]) - end - end - - describe "PUT /projects/:id/issues/:issue_id to update state and label" do - it "updates a project issue" do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), - labels: 'label2', state_event: "close" - - expect(response).to have_gitlab_http_status(200) - expect(json_response['labels']).to include 'label2' - expect(json_response['state']).to eq "closed" - end - - it 'reopens a project isssue' do - put v3_api("/projects/#{project.id}/issues/#{closed_issue.id}", user), state_event: 'reopen' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['state']).to eq 'opened' - end - - context 'when an admin or owner makes the request' do - it 'accepts the update date to be set' do - update_time = 2.weeks.ago - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), - labels: 'label3', state_event: 'close', updated_at: update_time - - expect(response).to have_gitlab_http_status(200) - expect(json_response['labels']).to include 'label3' - expect(Time.parse(json_response['updated_at'])).to be_like_time(update_time) - end - end - end - - describe 'PUT /projects/:id/issues/:issue_id to update due date' do - it 'creates a new project issue' do - due_date = 2.weeks.from_now.strftime('%Y-%m-%d') - - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), due_date: due_date - - expect(response).to have_gitlab_http_status(200) - expect(json_response['due_date']).to eq(due_date) - end - end - - describe 'PUT /projects/:id/issues/:issue_id to update assignee' do - it 'updates an issue with no assignee' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), assignee_id: 0 - - expect(response).to have_gitlab_http_status(200) - expect(json_response['assignee']).to eq(nil) - end - - it 'updates an issue with assignee' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), assignee_id: user2.id - - expect(response).to have_gitlab_http_status(200) - expect(json_response['assignee']['name']).to eq(user2.name) - end - end - - describe "DELETE /projects/:id/issues/:issue_id" do - it "rejects a non member from deleting an issue" do - delete v3_api("/projects/#{project.id}/issues/#{issue.id}", non_member) - - expect(response).to have_gitlab_http_status(403) - end - - it "rejects a developer from deleting an issue" do - delete v3_api("/projects/#{project.id}/issues/#{issue.id}", author) - - expect(response).to have_gitlab_http_status(403) - end - - context "when the user is project owner" do - set(:owner) { create(:user) } - let(:project) { create(:project, namespace: owner.namespace) } - - it "deletes the issue if an admin requests it" do - delete v3_api("/projects/#{project.id}/issues/#{issue.id}", owner) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['state']).to eq 'opened' - end - end - - context 'when issue does not exist' do - it 'returns 404 when trying to move an issue' do - delete v3_api("/projects/#{project.id}/issues/123", user) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe '/projects/:id/issues/:issue_id/move' do - let!(:target_project) { create(:project, creator_id: user.id, namespace: user.namespace ) } - let!(:target_project2) { create(:project, creator_id: non_member.id, namespace: non_member.namespace ) } - - it 'moves an issue' do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/move", user), - to_project_id: target_project.id - - expect(response).to have_gitlab_http_status(201) - expect(json_response['project_id']).to eq(target_project.id) - end - - context 'when source and target projects are the same' do - it 'returns 400 when trying to move an issue' do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/move", user), - to_project_id: project.id - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq('Cannot move issue to project it originates from!') - end - end - - context 'when the user does not have the permission to move issues' do - it 'returns 400 when trying to move an issue' do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/move", user), - to_project_id: target_project2.id - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq('Cannot move issue due to insufficient permissions!') - end - end - - it 'moves the issue to another namespace if I am admin' do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/move", admin), - to_project_id: target_project2.id - - expect(response).to have_gitlab_http_status(201) - expect(json_response['project_id']).to eq(target_project2.id) - end - - context 'when issue does not exist' do - it 'returns 404 when trying to move an issue' do - post v3_api("/projects/#{project.id}/issues/123/move", user), - to_project_id: target_project.id - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Issue Not Found') - end - end - - context 'when source project does not exist' do - it 'returns 404 when trying to move an issue' do - post v3_api("/projects/0/issues/#{issue.id}/move", user), - to_project_id: target_project.id - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Project Not Found') - end - end - - context 'when target project does not exist' do - it 'returns 404 when trying to move an issue' do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/move", user), - to_project_id: 0 - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe 'POST :id/issues/:issue_id/subscription' do - it 'subscribes to an issue' do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/subscription", user2) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['subscribed']).to eq(true) - end - - it 'returns 304 if already subscribed' do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/subscription", user) - - expect(response).to have_gitlab_http_status(304) - end - - it 'returns 404 if the issue is not found' do - post v3_api("/projects/#{project.id}/issues/123/subscription", user) - - expect(response).to have_gitlab_http_status(404) - end - - it 'returns 404 if the issue is confidential' do - post v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}/subscription", non_member) - - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'DELETE :id/issues/:issue_id/subscription' do - it 'unsubscribes from an issue' do - delete v3_api("/projects/#{project.id}/issues/#{issue.id}/subscription", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['subscribed']).to eq(false) - end - - it 'returns 304 if not subscribed' do - delete v3_api("/projects/#{project.id}/issues/#{issue.id}/subscription", user2) - - expect(response).to have_gitlab_http_status(304) - end - - it 'returns 404 if the issue is not found' do - delete v3_api("/projects/#{project.id}/issues/123/subscription", user) - - expect(response).to have_gitlab_http_status(404) - end - - it 'returns 404 if the issue is confidential' do - delete v3_api("/projects/#{project.id}/issues/#{confidential_issue.id}/subscription", non_member) - - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'time tracking endpoints' do - let(:issuable) { issue } - - include_examples 'V3 time tracking endpoints', 'issue' - end -end diff --git a/spec/requests/api/v3/labels_spec.rb b/spec/requests/api/v3/labels_spec.rb deleted file mode 100644 index cdab4d2bd73..00000000000 --- a/spec/requests/api/v3/labels_spec.rb +++ /dev/null @@ -1,169 +0,0 @@ -require 'spec_helper' - -describe API::V3::Labels do - let(:user) { create(:user) } - let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) } - let!(:label1) { create(:label, title: 'label1', project: project) } - let!(:priority_label) { create(:label, title: 'bug', project: project, priority: 3) } - - before do - project.add_master(user) - end - - describe 'GET /projects/:id/labels' do - it 'returns all available labels to the project' do - group = create(:group) - group_label = create(:group_label, title: 'feature', group: group) - project.update(group: group) - create(:labeled_issue, project: project, labels: [group_label], author: user) - create(:labeled_issue, project: project, labels: [label1], author: user, state: :closed) - create(:labeled_merge_request, labels: [priority_label], author: user, source_project: project ) - - expected_keys = %w( - id name color description - open_issues_count closed_issues_count open_merge_requests_count - subscribed priority - ) - - get v3_api("/projects/#{project.id}/labels", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(3) - expect(json_response.first.keys).to match_array expected_keys - expect(json_response.map { |l| l['name'] }).to match_array([group_label.name, priority_label.name, label1.name]) - - label1_response = json_response.find { |l| l['name'] == label1.title } - group_label_response = json_response.find { |l| l['name'] == group_label.title } - priority_label_response = json_response.find { |l| l['name'] == priority_label.title } - - expect(label1_response['open_issues_count']).to eq(0) - expect(label1_response['closed_issues_count']).to eq(1) - expect(label1_response['open_merge_requests_count']).to eq(0) - expect(label1_response['name']).to eq(label1.name) - expect(label1_response['color']).to be_present - expect(label1_response['description']).to be_nil - expect(label1_response['priority']).to be_nil - expect(label1_response['subscribed']).to be_falsey - - expect(group_label_response['open_issues_count']).to eq(1) - expect(group_label_response['closed_issues_count']).to eq(0) - expect(group_label_response['open_merge_requests_count']).to eq(0) - expect(group_label_response['name']).to eq(group_label.name) - expect(group_label_response['color']).to be_present - expect(group_label_response['description']).to be_nil - expect(group_label_response['priority']).to be_nil - expect(group_label_response['subscribed']).to be_falsey - - expect(priority_label_response['open_issues_count']).to eq(0) - expect(priority_label_response['closed_issues_count']).to eq(0) - expect(priority_label_response['open_merge_requests_count']).to eq(1) - expect(priority_label_response['name']).to eq(priority_label.name) - expect(priority_label_response['color']).to be_present - expect(priority_label_response['description']).to be_nil - expect(priority_label_response['priority']).to eq(3) - expect(priority_label_response['subscribed']).to be_falsey - end - end - - describe "POST /projects/:id/labels/:label_id/subscription" do - context "when label_id is a label title" do - it "subscribes to the label" do - post v3_api("/projects/#{project.id}/labels/#{label1.title}/subscription", user) - - expect(response).to have_gitlab_http_status(201) - expect(json_response["name"]).to eq(label1.title) - expect(json_response["subscribed"]).to be_truthy - end - end - - context "when label_id is a label ID" do - it "subscribes to the label" do - post v3_api("/projects/#{project.id}/labels/#{label1.id}/subscription", user) - - expect(response).to have_gitlab_http_status(201) - expect(json_response["name"]).to eq(label1.title) - expect(json_response["subscribed"]).to be_truthy - end - end - - context "when user is already subscribed to label" do - before { label1.subscribe(user, project) } - - it "returns 304" do - post v3_api("/projects/#{project.id}/labels/#{label1.id}/subscription", user) - - expect(response).to have_gitlab_http_status(304) - end - end - - context "when label ID is not found" do - it "returns 404 error" do - post v3_api("/projects/#{project.id}/labels/1234/subscription", user) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe "DELETE /projects/:id/labels/:label_id/subscription" do - before { label1.subscribe(user, project) } - - context "when label_id is a label title" do - it "unsubscribes from the label" do - delete v3_api("/projects/#{project.id}/labels/#{label1.title}/subscription", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response["name"]).to eq(label1.title) - expect(json_response["subscribed"]).to be_falsey - end - end - - context "when label_id is a label ID" do - it "unsubscribes from the label" do - delete v3_api("/projects/#{project.id}/labels/#{label1.id}/subscription", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response["name"]).to eq(label1.title) - expect(json_response["subscribed"]).to be_falsey - end - end - - context "when user is already unsubscribed from label" do - before { label1.unsubscribe(user, project) } - - it "returns 304" do - delete v3_api("/projects/#{project.id}/labels/#{label1.id}/subscription", user) - - expect(response).to have_gitlab_http_status(304) - end - end - - context "when label ID is not found" do - it "returns 404 error" do - delete v3_api("/projects/#{project.id}/labels/1234/subscription", user) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe 'DELETE /projects/:id/labels' do - it 'returns 200 for existing label' do - delete v3_api("/projects/#{project.id}/labels", user), name: 'label1' - - expect(response).to have_gitlab_http_status(200) - end - - it 'returns 404 for non existing label' do - delete v3_api("/projects/#{project.id}/labels", user), name: 'label2' - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Label Not Found') - end - - it 'returns 400 for wrong parameters' do - delete v3_api("/projects/#{project.id}/labels", user) - expect(response).to have_gitlab_http_status(400) - end - end -end diff --git a/spec/requests/api/v3/members_spec.rb b/spec/requests/api/v3/members_spec.rb deleted file mode 100644 index de4339ecb8b..00000000000 --- a/spec/requests/api/v3/members_spec.rb +++ /dev/null @@ -1,350 +0,0 @@ -require 'spec_helper' - -describe API::V3::Members do - let(:master) { create(:user, username: 'master_user') } - let(:developer) { create(:user) } - let(:access_requester) { create(:user) } - let(:stranger) { create(:user) } - - let(:project) do - create(:project, :public, :access_requestable, creator_id: master.id, namespace: master.namespace) do |project| - project.add_developer(developer) - project.add_master(master) - project.request_access(access_requester) - end - end - - let!(:group) do - create(:group, :public, :access_requestable) do |group| - group.add_developer(developer) - group.add_owner(master) - group.request_access(access_requester) - end - end - - shared_examples 'GET /:sources/:id/members' do |source_type| - context "with :sources == #{source_type.pluralize}" do - it_behaves_like 'a 404 response when source is private' do - let(:route) { get v3_api("/#{source_type.pluralize}/#{source.id}/members", stranger) } - end - - %i[master developer access_requester stranger].each do |type| - context "when authenticated as a #{type}" do - it 'returns 200' do - user = public_send(type) - get v3_api("/#{source_type.pluralize}/#{source.id}/members", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response.size).to eq(2) - expect(json_response.map { |u| u['id'] }).to match_array [master.id, developer.id] - end - end - end - - it 'does not return invitees' do - create(:"#{source_type}_member", invite_token: '123', invite_email: 'test@abc.com', source: source, user: nil) - - get v3_api("/#{source_type.pluralize}/#{source.id}/members", developer) - - expect(response).to have_gitlab_http_status(200) - expect(json_response.size).to eq(2) - expect(json_response.map { |u| u['id'] }).to match_array [master.id, developer.id] - end - - it 'finds members with query string' do - get v3_api("/#{source_type.pluralize}/#{source.id}/members", developer), query: master.username - - expect(response).to have_gitlab_http_status(200) - expect(json_response.count).to eq(1) - expect(json_response.first['username']).to eq(master.username) - end - - it 'finds all members with no query specified' do - get v3_api("/#{source_type.pluralize}/#{source.id}/members", developer), query: '' - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.count).to eq(2) - expect(json_response.map { |u| u['id'] }).to match_array [master.id, developer.id] - end - end - end - - shared_examples 'GET /:sources/:id/members/:user_id' do |source_type| - context "with :sources == #{source_type.pluralize}" do - it_behaves_like 'a 404 response when source is private' do - let(:route) { get v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", stranger) } - end - - context 'when authenticated as a non-member' do - %i[access_requester stranger].each do |type| - context "as a #{type}" do - it 'returns 200' do - user = public_send(type) - get v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", user) - - expect(response).to have_gitlab_http_status(200) - # User attributes - expect(json_response['id']).to eq(developer.id) - expect(json_response['name']).to eq(developer.name) - expect(json_response['username']).to eq(developer.username) - expect(json_response['state']).to eq(developer.state) - expect(json_response['avatar_url']).to eq(developer.avatar_url) - expect(json_response['web_url']).to eq(Gitlab::Routing.url_helpers.user_url(developer)) - - # Member attributes - expect(json_response['access_level']).to eq(Member::DEVELOPER) - end - end - end - end - end - end - - shared_examples 'POST /:sources/:id/members' do |source_type| - context "with :sources == #{source_type.pluralize}" do - it_behaves_like 'a 404 response when source is private' do - let(:route) do - post v3_api("/#{source_type.pluralize}/#{source.id}/members", stranger), - user_id: access_requester.id, access_level: Member::MASTER - end - end - - context 'when authenticated as a non-member or member with insufficient rights' do - %i[access_requester stranger developer].each do |type| - context "as a #{type}" do - it 'returns 403' do - user = public_send(type) - post v3_api("/#{source_type.pluralize}/#{source.id}/members", user), - user_id: access_requester.id, access_level: Member::MASTER - - expect(response).to have_gitlab_http_status(403) - end - end - end - end - - context 'when authenticated as a master/owner' do - context 'and new member is already a requester' do - it 'transforms the requester into a proper member' do - expect do - post v3_api("/#{source_type.pluralize}/#{source.id}/members", master), - user_id: access_requester.id, access_level: Member::MASTER - - expect(response).to have_gitlab_http_status(201) - end.to change { source.members.count }.by(1) - expect(source.requesters.count).to eq(0) - expect(json_response['id']).to eq(access_requester.id) - expect(json_response['access_level']).to eq(Member::MASTER) - end - end - - it 'creates a new member' do - expect do - post v3_api("/#{source_type.pluralize}/#{source.id}/members", master), - user_id: stranger.id, access_level: Member::DEVELOPER, expires_at: '2016-08-05' - - expect(response).to have_gitlab_http_status(201) - end.to change { source.members.count }.by(1) - expect(json_response['id']).to eq(stranger.id) - expect(json_response['access_level']).to eq(Member::DEVELOPER) - expect(json_response['expires_at']).to eq('2016-08-05') - end - end - - it "returns #{source_type == 'project' ? 201 : 409} if member already exists" do - post v3_api("/#{source_type.pluralize}/#{source.id}/members", master), - user_id: master.id, access_level: Member::MASTER - - expect(response).to have_gitlab_http_status(source_type == 'project' ? 201 : 409) - end - - it 'returns 400 when user_id is not given' do - post v3_api("/#{source_type.pluralize}/#{source.id}/members", master), - access_level: Member::MASTER - - expect(response).to have_gitlab_http_status(400) - end - - it 'returns 400 when access_level is not given' do - post v3_api("/#{source_type.pluralize}/#{source.id}/members", master), - user_id: stranger.id - - expect(response).to have_gitlab_http_status(400) - end - - it 'returns 422 when access_level is not valid' do - post v3_api("/#{source_type.pluralize}/#{source.id}/members", master), - user_id: stranger.id, access_level: 1234 - - expect(response).to have_gitlab_http_status(422) - end - end - end - - shared_examples 'PUT /:sources/:id/members/:user_id' do |source_type| - context "with :sources == #{source_type.pluralize}" do - it_behaves_like 'a 404 response when source is private' do - let(:route) do - put v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", stranger), - access_level: Member::MASTER - end - end - - context 'when authenticated as a non-member or member with insufficient rights' do - %i[access_requester stranger developer].each do |type| - context "as a #{type}" do - it 'returns 403' do - user = public_send(type) - put v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", user), - access_level: Member::MASTER - - expect(response).to have_gitlab_http_status(403) - end - end - end - end - - context 'when authenticated as a master/owner' do - it 'updates the member' do - put v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", master), - access_level: Member::MASTER, expires_at: '2016-08-05' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['id']).to eq(developer.id) - expect(json_response['access_level']).to eq(Member::MASTER) - expect(json_response['expires_at']).to eq('2016-08-05') - end - end - - it 'returns 409 if member does not exist' do - put v3_api("/#{source_type.pluralize}/#{source.id}/members/123", master), - access_level: Member::MASTER - - expect(response).to have_gitlab_http_status(404) - end - - it 'returns 400 when access_level is not given' do - put v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", master) - - expect(response).to have_gitlab_http_status(400) - end - - it 'returns 422 when access level is not valid' do - put v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", master), - access_level: 1234 - - expect(response).to have_gitlab_http_status(422) - end - end - end - - shared_examples 'DELETE /:sources/:id/members/:user_id' do |source_type| - context "with :sources == #{source_type.pluralize}" do - it_behaves_like 'a 404 response when source is private' do - let(:route) { delete v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", stranger) } - end - - context 'when authenticated as a non-member or member with insufficient rights' do - %i[access_requester stranger].each do |type| - context "as a #{type}" do - it 'returns 403' do - user = public_send(type) - delete v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", user) - - expect(response).to have_gitlab_http_status(403) - end - end - end - end - - context 'when authenticated as a member and deleting themself' do - it 'deletes the member' do - expect do - delete v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", developer) - - expect(response).to have_gitlab_http_status(200) - end.to change { source.members.count }.by(-1) - end - end - - context 'when authenticated as a master/owner' do - context 'and member is a requester' do - it "returns #{source_type == 'project' ? 200 : 404}" do - expect do - delete v3_api("/#{source_type.pluralize}/#{source.id}/members/#{access_requester.id}", master) - - expect(response).to have_gitlab_http_status(source_type == 'project' ? 200 : 404) - end.not_to change { source.requesters.count } - end - end - - it 'deletes the member' do - expect do - delete v3_api("/#{source_type.pluralize}/#{source.id}/members/#{developer.id}", master) - - expect(response).to have_gitlab_http_status(200) - end.to change { source.members.count }.by(-1) - end - end - - it "returns #{source_type == 'project' ? 200 : 404} if member does not exist" do - delete v3_api("/#{source_type.pluralize}/#{source.id}/members/123", master) - - expect(response).to have_gitlab_http_status(source_type == 'project' ? 200 : 404) - end - end - end - - it_behaves_like 'GET /:sources/:id/members', 'project' do - let(:source) { project } - end - - it_behaves_like 'GET /:sources/:id/members', 'group' do - let(:source) { group } - end - - it_behaves_like 'GET /:sources/:id/members/:user_id', 'project' do - let(:source) { project } - end - - it_behaves_like 'GET /:sources/:id/members/:user_id', 'group' do - let(:source) { group } - end - - it_behaves_like 'POST /:sources/:id/members', 'project' do - let(:source) { project } - end - - it_behaves_like 'POST /:sources/:id/members', 'group' do - let(:source) { group } - end - - it_behaves_like 'PUT /:sources/:id/members/:user_id', 'project' do - let(:source) { project } - end - - it_behaves_like 'PUT /:sources/:id/members/:user_id', 'group' do - let(:source) { group } - end - - it_behaves_like 'DELETE /:sources/:id/members/:user_id', 'project' do - let(:source) { project } - end - - it_behaves_like 'DELETE /:sources/:id/members/:user_id', 'group' do - let(:source) { group } - end - - context 'Adding owner to project' do - it 'returns 403' do - expect do - post v3_api("/projects/#{project.id}/members", master), - user_id: stranger.id, access_level: Member::OWNER - - expect(response).to have_gitlab_http_status(422) - end.to change { project.members.count }.by(0) - end - end -end diff --git a/spec/requests/api/v3/merge_request_diffs_spec.rb b/spec/requests/api/v3/merge_request_diffs_spec.rb deleted file mode 100644 index 547c066fadc..00000000000 --- a/spec/requests/api/v3/merge_request_diffs_spec.rb +++ /dev/null @@ -1,48 +0,0 @@ -require "spec_helper" - -describe API::V3::MergeRequestDiffs, 'MergeRequestDiffs' do - let!(:user) { create(:user) } - let!(:merge_request) { create(:merge_request, importing: true) } - let!(:project) { merge_request.target_project } - - before do - merge_request.merge_request_diffs.create(head_commit_sha: '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9') - merge_request.merge_request_diffs.create(head_commit_sha: '5937ac0a7beb003549fc5fd26fc247adbce4a52e') - project.add_master(user) - end - - describe 'GET /projects/:id/merge_requests/:merge_request_id/versions' do - it 'returns 200 for a valid merge request' do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/versions", user) - merge_request_diff = merge_request.merge_request_diffs.last - - expect(response.status).to eq 200 - expect(json_response.size).to eq(merge_request.merge_request_diffs.size) - expect(json_response.first['id']).to eq(merge_request_diff.id) - expect(json_response.first['head_commit_sha']).to eq(merge_request_diff.head_commit_sha) - end - - it 'returns a 404 when merge_request_id not found' do - get v3_api("/projects/#{project.id}/merge_requests/999/versions", user) - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'GET /projects/:id/merge_requests/:merge_request_id/versions/:version_id' do - it 'returns a 200 for a valid merge request' do - merge_request_diff = merge_request.merge_request_diffs.first - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/versions/#{merge_request_diff.id}", user) - - expect(response.status).to eq 200 - expect(json_response['id']).to eq(merge_request_diff.id) - expect(json_response['head_commit_sha']).to eq(merge_request_diff.head_commit_sha) - expect(json_response['diffs'].size).to eq(merge_request_diff.diffs.size) - end - - it 'returns a 404 when merge_request_id not found' do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/versions/999", user) - - expect(response).to have_gitlab_http_status(404) - end - end -end diff --git a/spec/requests/api/v3/merge_requests_spec.rb b/spec/requests/api/v3/merge_requests_spec.rb deleted file mode 100644 index 6b748369f0d..00000000000 --- a/spec/requests/api/v3/merge_requests_spec.rb +++ /dev/null @@ -1,749 +0,0 @@ -require "spec_helper" - -describe API::MergeRequests do - include ProjectForksHelper - - let(:base_time) { Time.now } - let(:user) { create(:user) } - let(:admin) { create(:user, :admin) } - let(:non_member) { create(:user) } - let!(:project) { create(:project, :public, :repository, creator: user, namespace: user.namespace) } - let!(:merge_request) { create(:merge_request, :simple, author: user, assignee: user, source_project: project, title: "Test", created_at: base_time) } - let!(:merge_request_closed) { create(:merge_request, state: "closed", author: user, assignee: user, source_project: project, title: "Closed test", created_at: base_time + 1.second) } - let!(:merge_request_merged) { create(:merge_request, state: "merged", author: user, assignee: user, source_project: project, title: "Merged test", created_at: base_time + 2.seconds, merge_commit_sha: '9999999999999999999999999999999999999999') } - let(:milestone) { create(:milestone, title: '1.0.0', project: project) } - - before do - project.add_reporter(user) - end - - describe "GET /projects/:id/merge_requests" do - context "when unauthenticated" do - it "returns authentication error" do - get v3_api("/projects/#{project.id}/merge_requests") - expect(response).to have_gitlab_http_status(401) - end - end - - context "when authenticated" do - it "returns an array of all merge_requests" do - get v3_api("/projects/#{project.id}/merge_requests", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.last['title']).to eq(merge_request.title) - expect(json_response.last).to have_key('web_url') - expect(json_response.last['sha']).to eq(merge_request.diff_head_sha) - expect(json_response.last['merge_commit_sha']).to be_nil - expect(json_response.last['merge_commit_sha']).to eq(merge_request.merge_commit_sha) - expect(json_response.first['title']).to eq(merge_request_merged.title) - expect(json_response.first['sha']).to eq(merge_request_merged.diff_head_sha) - expect(json_response.first['merge_commit_sha']).not_to be_nil - expect(json_response.first['merge_commit_sha']).to eq(merge_request_merged.merge_commit_sha) - end - - it "returns an array of all merge_requests" do - get v3_api("/projects/#{project.id}/merge_requests?state", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - expect(json_response.last['title']).to eq(merge_request.title) - end - - it "returns an array of open merge_requests" do - get v3_api("/projects/#{project.id}/merge_requests?state=opened", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.last['title']).to eq(merge_request.title) - end - - it "returns an array of closed merge_requests" do - get v3_api("/projects/#{project.id}/merge_requests?state=closed", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['title']).to eq(merge_request_closed.title) - end - - it "returns an array of merged merge_requests" do - get v3_api("/projects/#{project.id}/merge_requests?state=merged", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['title']).to eq(merge_request_merged.title) - end - - it 'matches V3 response schema' do - get v3_api("/projects/#{project.id}/merge_requests", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to match_response_schema('public_api/v3/merge_requests') - end - - context "with ordering" do - before do - @mr_later = mr_with_later_created_and_updated_at_time - @mr_earlier = mr_with_earlier_created_and_updated_at_time - end - - it "returns an array of merge_requests in ascending order" do - get v3_api("/projects/#{project.id}/merge_requests?sort=asc", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - response_dates = json_response.map { |merge_request| merge_request['created_at'] } - expect(response_dates).to eq(response_dates.sort) - end - - it "returns an array of merge_requests in descending order" do - get v3_api("/projects/#{project.id}/merge_requests?sort=desc", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - response_dates = json_response.map { |merge_request| merge_request['created_at'] } - expect(response_dates).to eq(response_dates.sort.reverse) - end - - it "returns an array of merge_requests ordered by updated_at" do - get v3_api("/projects/#{project.id}/merge_requests?order_by=updated_at", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - response_dates = json_response.map { |merge_request| merge_request['updated_at'] } - expect(response_dates).to eq(response_dates.sort.reverse) - end - - it "returns an array of merge_requests ordered by created_at" do - get v3_api("/projects/#{project.id}/merge_requests?order_by=created_at&sort=asc", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(3) - response_dates = json_response.map { |merge_request| merge_request['created_at'] } - expect(response_dates).to eq(response_dates.sort) - end - end - end - end - - describe "GET /projects/:id/merge_requests/:merge_request_id" do - it 'exposes known attributes' do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['id']).to eq(merge_request.id) - expect(json_response['iid']).to eq(merge_request.iid) - expect(json_response['project_id']).to eq(merge_request.project.id) - expect(json_response['title']).to eq(merge_request.title) - expect(json_response['description']).to eq(merge_request.description) - expect(json_response['state']).to eq(merge_request.state) - expect(json_response['created_at']).to be_present - expect(json_response['updated_at']).to be_present - expect(json_response['labels']).to eq(merge_request.label_names) - expect(json_response['milestone']).to be_nil - expect(json_response['assignee']).to be_a Hash - expect(json_response['author']).to be_a Hash - expect(json_response['target_branch']).to eq(merge_request.target_branch) - expect(json_response['source_branch']).to eq(merge_request.source_branch) - expect(json_response['upvotes']).to eq(0) - expect(json_response['downvotes']).to eq(0) - expect(json_response['source_project_id']).to eq(merge_request.source_project.id) - expect(json_response['target_project_id']).to eq(merge_request.target_project.id) - expect(json_response['work_in_progress']).to be_falsy - expect(json_response['merge_when_build_succeeds']).to be_falsy - expect(json_response['merge_status']).to eq('can_be_merged') - expect(json_response['should_close_merge_request']).to be_falsy - expect(json_response['force_close_merge_request']).to be_falsy - end - - it "returns merge_request" do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq(merge_request.title) - expect(json_response['iid']).to eq(merge_request.iid) - expect(json_response['work_in_progress']).to eq(false) - expect(json_response['merge_status']).to eq('can_be_merged') - expect(json_response['should_close_merge_request']).to be_falsy - expect(json_response['force_close_merge_request']).to be_falsy - end - - it 'returns merge_request by iid' do - url = "/projects/#{project.id}/merge_requests?iid=#{merge_request.iid}" - get v3_api(url, user) - expect(response.status).to eq 200 - expect(json_response.first['title']).to eq merge_request.title - expect(json_response.first['id']).to eq merge_request.id - end - - it 'returns merge_request by iid array' do - get v3_api("/projects/#{project.id}/merge_requests", user), iid: [merge_request.iid, merge_request_closed.iid] - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['title']).to eq merge_request_closed.title - expect(json_response.first['id']).to eq merge_request_closed.id - end - - it "returns a 404 error if merge_request_id not found" do - get v3_api("/projects/#{project.id}/merge_requests/999", user) - expect(response).to have_gitlab_http_status(404) - end - - context 'Work in Progress' do - let!(:merge_request_wip) { create(:merge_request, author: user, assignee: user, source_project: project, target_project: project, title: "WIP: Test", created_at: base_time + 1.second) } - - it "returns merge_request" do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request_wip.id}", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response['work_in_progress']).to eq(true) - end - end - end - - describe 'GET /projects/:id/merge_requests/:merge_request_id/commits' do - it 'returns a 200 when merge request is valid' do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/commits", user) - commit = merge_request.commits.first - - expect(response.status).to eq 200 - expect(json_response.size).to eq(merge_request.commits.size) - expect(json_response.first['id']).to eq(commit.id) - expect(json_response.first['title']).to eq(commit.title) - end - - it 'returns a 404 when merge_request_id not found' do - get v3_api("/projects/#{project.id}/merge_requests/999/commits", user) - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'GET /projects/:id/merge_requests/:merge_request_id/changes' do - it 'returns the change information of the merge_request' do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/changes", user) - expect(response.status).to eq 200 - expect(json_response['changes'].size).to eq(merge_request.diffs.size) - end - - it 'returns a 404 when merge_request_id not found' do - get v3_api("/projects/#{project.id}/merge_requests/999/changes", user) - expect(response).to have_gitlab_http_status(404) - end - end - - describe "POST /projects/:id/merge_requests" do - context 'between branches projects' do - it "returns merge_request" do - post v3_api("/projects/#{project.id}/merge_requests", user), - title: 'Test merge_request', - source_branch: 'feature_conflict', - target_branch: 'master', - author: user, - labels: 'label, label2', - milestone_id: milestone.id, - remove_source_branch: true - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('Test merge_request') - expect(json_response['labels']).to eq(%w(label label2)) - expect(json_response['milestone']['id']).to eq(milestone.id) - expect(json_response['force_remove_source_branch']).to be_truthy - end - - it "returns 422 when source_branch equals target_branch" do - post v3_api("/projects/#{project.id}/merge_requests", user), - title: "Test merge_request", source_branch: "master", target_branch: "master", author: user - expect(response).to have_gitlab_http_status(422) - end - - it "returns 400 when source_branch is missing" do - post v3_api("/projects/#{project.id}/merge_requests", user), - title: "Test merge_request", target_branch: "master", author: user - expect(response).to have_gitlab_http_status(400) - end - - it "returns 400 when target_branch is missing" do - post v3_api("/projects/#{project.id}/merge_requests", user), - title: "Test merge_request", source_branch: "markdown", author: user - expect(response).to have_gitlab_http_status(400) - end - - it "returns 400 when title is missing" do - post v3_api("/projects/#{project.id}/merge_requests", user), - target_branch: 'master', source_branch: 'markdown' - expect(response).to have_gitlab_http_status(400) - end - - it 'allows special label names' do - post v3_api("/projects/#{project.id}/merge_requests", user), - title: 'Test merge_request', - source_branch: 'markdown', - target_branch: 'master', - author: user, - labels: 'label, label?, label&foo, ?, &' - expect(response.status).to eq(201) - expect(json_response['labels']).to include 'label' - expect(json_response['labels']).to include 'label?' - expect(json_response['labels']).to include 'label&foo' - expect(json_response['labels']).to include '?' - expect(json_response['labels']).to include '&' - end - - context 'with existing MR' do - before do - post v3_api("/projects/#{project.id}/merge_requests", user), - title: 'Test merge_request', - source_branch: 'feature_conflict', - target_branch: 'master', - author: user - @mr = MergeRequest.all.last - end - - it 'returns 409 when MR already exists for source/target' do - expect do - post v3_api("/projects/#{project.id}/merge_requests", user), - title: 'New test merge_request', - source_branch: 'feature_conflict', - target_branch: 'master', - author: user - end.to change { MergeRequest.count }.by(0) - expect(response).to have_gitlab_http_status(409) - end - end - end - - context 'forked projects' do - let!(:user2) { create(:user) } - let!(:forked_project) { fork_project(project, user2, repository: true) } - let!(:unrelated_project) { create(:project, namespace: create(:user).namespace, creator_id: user2.id) } - - before do - forked_project.add_reporter(user2) - end - - it "returns merge_request" do - post v3_api("/projects/#{forked_project.id}/merge_requests", user2), - title: 'Test merge_request', source_branch: "feature_conflict", target_branch: "master", - author: user2, target_project_id: project.id, description: 'Test description for Test merge_request' - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('Test merge_request') - expect(json_response['description']).to eq('Test description for Test merge_request') - end - - it "does not return 422 when source_branch equals target_branch" do - expect(project.id).not_to eq(forked_project.id) - expect(forked_project.forked?).to be_truthy - expect(forked_project.forked_from_project).to eq(project) - post v3_api("/projects/#{forked_project.id}/merge_requests", user2), - title: 'Test merge_request', source_branch: "master", target_branch: "master", author: user2, target_project_id: project.id - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('Test merge_request') - end - - it "returns 422 when target project has disabled merge requests" do - project.project_feature.update(merge_requests_access_level: 0) - - post v3_api("/projects/#{forked_project.id}/merge_requests", user2), - title: 'Test', - target_branch: "master", - source_branch: 'markdown', - author: user2, - target_project_id: project.id - - expect(response).to have_gitlab_http_status(422) - end - - it "returns 400 when source_branch is missing" do - post v3_api("/projects/#{forked_project.id}/merge_requests", user2), - title: 'Test merge_request', target_branch: "master", author: user2, target_project_id: project.id - expect(response).to have_gitlab_http_status(400) - end - - it "returns 400 when target_branch is missing" do - post v3_api("/projects/#{forked_project.id}/merge_requests", user2), - title: 'Test merge_request', target_branch: "master", author: user2, target_project_id: project.id - expect(response).to have_gitlab_http_status(400) - end - - it "returns 400 when title is missing" do - post v3_api("/projects/#{forked_project.id}/merge_requests", user2), - target_branch: 'master', source_branch: 'markdown', author: user2, target_project_id: project.id - expect(response).to have_gitlab_http_status(400) - end - - context 'when target_branch and target_project_id is specified' do - let(:params) do - { title: 'Test merge_request', - target_branch: 'master', - source_branch: 'markdown', - author: user2, - target_project_id: unrelated_project.id } - end - - it 'returns 422 if targeting a different fork' do - unrelated_project.add_developer(user2) - - post v3_api("/projects/#{forked_project.id}/merge_requests", user2), params - - expect(response).to have_gitlab_http_status(422) - end - - it 'returns 403 if targeting a different fork which user can not access' do - post v3_api("/projects/#{forked_project.id}/merge_requests", user2), params - - expect(response).to have_gitlab_http_status(403) - end - end - - it "returns 201 when target_branch is specified and for the same project" do - post v3_api("/projects/#{forked_project.id}/merge_requests", user2), - title: 'Test merge_request', target_branch: 'master', source_branch: 'markdown', author: user2, target_project_id: forked_project.id - expect(response).to have_gitlab_http_status(201) - end - end - end - - describe "DELETE /projects/:id/merge_requests/:merge_request_id" do - context "when the user is developer" do - let(:developer) { create(:user) } - - before do - project.add_developer(developer) - end - - it "denies the deletion of the merge request" do - delete v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", developer) - expect(response).to have_gitlab_http_status(403) - end - end - - context "when the user is project owner" do - it "destroys the merge request owners can destroy" do - delete v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user) - - expect(response).to have_gitlab_http_status(200) - end - end - end - - describe "PUT /projects/:id/merge_requests/:merge_request_id/merge" do - let(:pipeline) { create(:ci_pipeline_without_jobs) } - - it "returns merge_request in case of success" do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user) - - expect(response).to have_gitlab_http_status(200) - end - - it "returns 406 if branch can't be merged" do - allow_any_instance_of(MergeRequest) - .to receive(:can_be_merged?).and_return(false) - - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user) - - expect(response).to have_gitlab_http_status(406) - expect(json_response['message']).to eq('Branch cannot be merged') - end - - it "returns 405 if merge_request is not open" do - merge_request.close - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user) - expect(response).to have_gitlab_http_status(405) - expect(json_response['message']).to eq('405 Method Not Allowed') - end - - it "returns 405 if merge_request is a work in progress" do - merge_request.update_attribute(:title, "WIP: #{merge_request.title}") - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user) - expect(response).to have_gitlab_http_status(405) - expect(json_response['message']).to eq('405 Method Not Allowed') - end - - it 'returns 405 if the build failed for a merge request that requires success' do - allow_any_instance_of(MergeRequest).to receive(:mergeable_ci_state?).and_return(false) - - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user) - - expect(response).to have_gitlab_http_status(405) - expect(json_response['message']).to eq('405 Method Not Allowed') - end - - it "returns 401 if user has no permissions to merge" do - user2 = create(:user) - project.add_reporter(user2) - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user2) - expect(response).to have_gitlab_http_status(401) - expect(json_response['message']).to eq('401 Unauthorized') - end - - it "returns 409 if the SHA parameter doesn't match" do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user), sha: merge_request.diff_head_sha.reverse - - expect(response).to have_gitlab_http_status(409) - expect(json_response['message']).to start_with('SHA does not match HEAD of source branch') - end - - it "succeeds if the SHA parameter matches" do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user), sha: merge_request.diff_head_sha - - expect(response).to have_gitlab_http_status(200) - end - - it "enables merge when pipeline succeeds if the pipeline is active" do - allow_any_instance_of(MergeRequest).to receive(:head_pipeline).and_return(pipeline) - allow(pipeline).to receive(:active?).and_return(true) - - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/merge", user), merge_when_build_succeeds: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq('Test') - expect(json_response['merge_when_build_succeeds']).to eq(true) - end - end - - describe "PUT /projects/:id/merge_requests/:merge_request_id" do - context "to close a MR" do - it "returns merge_request" do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), state_event: "close" - - expect(response).to have_gitlab_http_status(200) - expect(json_response['state']).to eq('closed') - end - end - - it "updates title and returns merge_request" do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), title: "New title" - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq('New title') - end - - it "updates description and returns merge_request" do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), description: "New description" - expect(response).to have_gitlab_http_status(200) - expect(json_response['description']).to eq('New description') - end - - it "updates milestone_id and returns merge_request" do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), milestone_id: milestone.id - expect(response).to have_gitlab_http_status(200) - expect(json_response['milestone']['id']).to eq(milestone.id) - end - - it "returns merge_request with renamed target_branch" do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), target_branch: "wiki" - expect(response).to have_gitlab_http_status(200) - expect(json_response['target_branch']).to eq('wiki') - end - - it "returns merge_request that removes the source branch" do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), remove_source_branch: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response['force_remove_source_branch']).to be_truthy - end - - it 'allows special label names' do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), - title: 'new issue', - labels: 'label, label?, label&foo, ?, &' - - expect(response.status).to eq(200) - expect(json_response['labels']).to include 'label' - expect(json_response['labels']).to include 'label?' - expect(json_response['labels']).to include 'label&foo' - expect(json_response['labels']).to include '?' - expect(json_response['labels']).to include '&' - end - - it 'does not update state when title is empty' do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), state_event: 'close', title: nil - - merge_request.reload - expect(response).to have_gitlab_http_status(400) - expect(merge_request.state).to eq('opened') - end - - it 'does not update state when target_branch is empty' do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user), state_event: 'close', target_branch: nil - - merge_request.reload - expect(response).to have_gitlab_http_status(400) - expect(merge_request.state).to eq('opened') - end - end - - describe "POST /projects/:id/merge_requests/:merge_request_id/comments" do - it "returns comment" do - original_count = merge_request.notes.size - - post v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/comments", user), note: "My comment" - - expect(response).to have_gitlab_http_status(201) - expect(json_response['note']).to eq('My comment') - expect(json_response['author']['name']).to eq(user.name) - expect(json_response['author']['username']).to eq(user.username) - expect(merge_request.reload.notes.size).to eq(original_count + 1) - end - - it "returns 400 if note is missing" do - post v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/comments", user) - expect(response).to have_gitlab_http_status(400) - end - - it "returns 404 if note is attached to non existent merge request" do - post v3_api("/projects/#{project.id}/merge_requests/404/comments", user), - note: 'My comment' - expect(response).to have_gitlab_http_status(404) - end - end - - describe "GET :id/merge_requests/:merge_request_id/comments" do - let!(:note) { create(:note_on_merge_request, author: user, project: project, noteable: merge_request, note: "a comment on a MR") } - let!(:note2) { create(:note_on_merge_request, author: user, project: project, noteable: merge_request, note: "another comment on a MR") } - - it "returns merge_request comments ordered by created_at" do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/comments", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - expect(json_response.first['note']).to eq("a comment on a MR") - expect(json_response.first['author']['id']).to eq(user.id) - expect(json_response.last['note']).to eq("another comment on a MR") - end - - it "returns a 404 error if merge_request_id not found" do - get v3_api("/projects/#{project.id}/merge_requests/999/comments", user) - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'GET :id/merge_requests/:merge_request_id/closes_issues' do - it 'returns the issue that will be closed on merge' do - issue = create(:issue, project: project) - mr = merge_request.tap do |mr| - mr.update_attribute(:description, "Closes #{issue.to_reference(mr.project)}") - end - - get v3_api("/projects/#{project.id}/merge_requests/#{mr.id}/closes_issues", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(issue.id) - end - - it 'returns an empty array when there are no issues to be closed' do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/closes_issues", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(0) - end - - it 'handles external issues' do - jira_project = create(:jira_project, :public, :repository, name: 'JIR_EXT1') - issue = ExternalIssue.new("#{jira_project.name}-123", jira_project) - merge_request = create(:merge_request, :simple, author: user, assignee: user, source_project: jira_project) - merge_request.update_attribute(:description, "Closes #{issue.to_reference(jira_project)}") - - get v3_api("/projects/#{jira_project.id}/merge_requests/#{merge_request.id}/closes_issues", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['title']).to eq(issue.title) - expect(json_response.first['id']).to eq(issue.id) - end - - it 'returns 403 if the user has no access to the merge request' do - project = create(:project, :private, :repository) - merge_request = create(:merge_request, :simple, source_project: project) - guest = create(:user) - project.add_guest(guest) - - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/closes_issues", guest) - - expect(response).to have_gitlab_http_status(403) - end - end - - describe 'POST :id/merge_requests/:merge_request_id/subscription' do - it 'subscribes to a merge request' do - post v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/subscription", admin) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['subscribed']).to eq(true) - end - - it 'returns 304 if already subscribed' do - post v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/subscription", user) - - expect(response).to have_gitlab_http_status(304) - end - - it 'returns 404 if the merge request is not found' do - post v3_api("/projects/#{project.id}/merge_requests/123/subscription", user) - - expect(response).to have_gitlab_http_status(404) - end - - it 'returns 403 if user has no access to read code' do - guest = create(:user) - project.add_guest(guest) - - post v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/subscription", guest) - - expect(response).to have_gitlab_http_status(403) - end - end - - describe 'DELETE :id/merge_requests/:merge_request_id/subscription' do - it 'unsubscribes from a merge request' do - delete v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/subscription", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['subscribed']).to eq(false) - end - - it 'returns 304 if not subscribed' do - delete v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/subscription", admin) - - expect(response).to have_gitlab_http_status(304) - end - - it 'returns 404 if the merge request is not found' do - post v3_api("/projects/#{project.id}/merge_requests/123/subscription", user) - - expect(response).to have_gitlab_http_status(404) - end - - it 'returns 403 if user has no access to read code' do - guest = create(:user) - project.add_guest(guest) - - delete v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/subscription", guest) - - expect(response).to have_gitlab_http_status(403) - end - end - - describe 'Time tracking' do - let(:issuable) { merge_request } - - include_examples 'V3 time tracking endpoints', 'merge_request' - end - - def mr_with_later_created_and_updated_at_time - merge_request - merge_request.created_at += 1.hour - merge_request.updated_at += 30.minutes - merge_request.save - merge_request - end - - def mr_with_earlier_created_and_updated_at_time - merge_request_closed - merge_request_closed.created_at -= 1.hour - merge_request_closed.updated_at -= 30.minutes - merge_request_closed.save - merge_request_closed - end -end diff --git a/spec/requests/api/v3/milestones_spec.rb b/spec/requests/api/v3/milestones_spec.rb deleted file mode 100644 index 6021600e09c..00000000000 --- a/spec/requests/api/v3/milestones_spec.rb +++ /dev/null @@ -1,238 +0,0 @@ -require 'spec_helper' - -describe API::V3::Milestones do - let(:user) { create(:user) } - let!(:project) { create(:project, namespace: user.namespace ) } - let!(:closed_milestone) { create(:closed_milestone, project: project) } - let!(:milestone) { create(:milestone, project: project) } - - before { project.add_developer(user) } - - describe 'GET /projects/:id/milestones' do - it 'returns project milestones' do - get v3_api("/projects/#{project.id}/milestones", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(milestone.title) - end - - it 'returns a 401 error if user not authenticated' do - get v3_api("/projects/#{project.id}/milestones") - - expect(response).to have_gitlab_http_status(401) - end - - it 'returns an array of active milestones' do - get v3_api("/projects/#{project.id}/milestones?state=active", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(milestone.id) - end - - it 'returns an array of closed milestones' do - get v3_api("/projects/#{project.id}/milestones?state=closed", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(closed_milestone.id) - end - end - - describe 'GET /projects/:id/milestones/:milestone_id' do - it 'returns a project milestone by id' do - get v3_api("/projects/#{project.id}/milestones/#{milestone.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq(milestone.title) - expect(json_response['iid']).to eq(milestone.iid) - end - - it 'returns a project milestone by iid' do - get v3_api("/projects/#{project.id}/milestones?iid=#{closed_milestone.iid}", user) - - expect(response.status).to eq 200 - expect(json_response.size).to eq(1) - expect(json_response.first['title']).to eq closed_milestone.title - expect(json_response.first['id']).to eq closed_milestone.id - end - - it 'returns a project milestone by iid array' do - get v3_api("/projects/#{project.id}/milestones", user), iid: [milestone.iid, closed_milestone.iid] - - expect(response).to have_gitlab_http_status(200) - expect(json_response.size).to eq(2) - expect(json_response.first['title']).to eq milestone.title - expect(json_response.first['id']).to eq milestone.id - end - - it 'returns 401 error if user not authenticated' do - get v3_api("/projects/#{project.id}/milestones/#{milestone.id}") - - expect(response).to have_gitlab_http_status(401) - end - - it 'returns a 404 error if milestone id not found' do - get v3_api("/projects/#{project.id}/milestones/1234", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'POST /projects/:id/milestones' do - it 'creates a new project milestone' do - post v3_api("/projects/#{project.id}/milestones", user), title: 'new milestone' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('new milestone') - expect(json_response['description']).to be_nil - end - - it 'creates a new project milestone with description and dates' do - post v3_api("/projects/#{project.id}/milestones", user), - title: 'new milestone', description: 'release', due_date: '2013-03-02', start_date: '2013-02-02' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['description']).to eq('release') - expect(json_response['due_date']).to eq('2013-03-02') - expect(json_response['start_date']).to eq('2013-02-02') - end - - it 'returns a 400 error if title is missing' do - post v3_api("/projects/#{project.id}/milestones", user) - - expect(response).to have_gitlab_http_status(400) - end - - it 'returns a 400 error if params are invalid (duplicate title)' do - post v3_api("/projects/#{project.id}/milestones", user), - title: milestone.title, description: 'release', due_date: '2013-03-02' - - expect(response).to have_gitlab_http_status(400) - end - - it 'creates a new project with reserved html characters' do - post v3_api("/projects/#{project.id}/milestones", user), title: 'foo & bar 1.1 -> 2.2' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('foo & bar 1.1 -> 2.2') - expect(json_response['description']).to be_nil - end - end - - describe 'PUT /projects/:id/milestones/:milestone_id' do - it 'updates a project milestone' do - put v3_api("/projects/#{project.id}/milestones/#{milestone.id}", user), - title: 'updated title' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq('updated title') - end - - it 'removes a due date if nil is passed' do - milestone.update!(due_date: "2016-08-05") - - put v3_api("/projects/#{project.id}/milestones/#{milestone.id}", user), due_date: nil - - expect(response).to have_gitlab_http_status(200) - expect(json_response['due_date']).to be_nil - end - - it 'returns a 404 error if milestone id not found' do - put v3_api("/projects/#{project.id}/milestones/1234", user), - title: 'updated title' - - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'PUT /projects/:id/milestones/:milestone_id to close milestone' do - it 'updates a project milestone' do - put v3_api("/projects/#{project.id}/milestones/#{milestone.id}", user), - state_event: 'close' - expect(response).to have_gitlab_http_status(200) - - expect(json_response['state']).to eq('closed') - end - end - - describe 'PUT /projects/:id/milestones/:milestone_id to test observer on close' do - it 'creates an activity event when an milestone is closed' do - expect(Event).to receive(:create!) - - put v3_api("/projects/#{project.id}/milestones/#{milestone.id}", user), - state_event: 'close' - end - end - - describe 'GET /projects/:id/milestones/:milestone_id/issues' do - before do - milestone.issues << create(:issue, project: project) - end - it 'returns project issues for a particular milestone' do - get v3_api("/projects/#{project.id}/milestones/#{milestone.id}/issues", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['milestone']['title']).to eq(milestone.title) - end - - it 'matches V3 response schema for a list of issues' do - get v3_api("/projects/#{project.id}/milestones/#{milestone.id}/issues", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to match_response_schema('public_api/v3/issues') - end - - it 'returns a 401 error if user not authenticated' do - get v3_api("/projects/#{project.id}/milestones/#{milestone.id}/issues") - - expect(response).to have_gitlab_http_status(401) - end - - describe 'confidential issues' do - let(:public_project) { create(:project, :public) } - let(:milestone) { create(:milestone, project: public_project) } - let(:issue) { create(:issue, project: public_project) } - let(:confidential_issue) { create(:issue, confidential: true, project: public_project) } - - before do - public_project.add_developer(user) - milestone.issues << issue << confidential_issue - end - - it 'returns confidential issues to team members' do - get v3_api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(2) - expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id) - end - - it 'does not return confidential issues to team members with guest role' do - member = create(:user) - project.add_guest(member) - - get v3_api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", member) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(1) - expect(json_response.map { |issue| issue['id'] }).to include(issue.id) - end - - it 'does not return confidential issues to regular users' do - get v3_api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", create(:user)) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(1) - expect(json_response.map { |issue| issue['id'] }).to include(issue.id) - end - end - end -end diff --git a/spec/requests/api/v3/notes_spec.rb b/spec/requests/api/v3/notes_spec.rb deleted file mode 100644 index 5532795ab02..00000000000 --- a/spec/requests/api/v3/notes_spec.rb +++ /dev/null @@ -1,431 +0,0 @@ -require 'spec_helper' - -describe API::V3::Notes do - let(:user) { create(:user) } - let!(:project) { create(:project, :public, namespace: user.namespace) } - let!(:issue) { create(:issue, project: project, author: user) } - let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) } - let!(:snippet) { create(:project_snippet, project: project, author: user) } - let!(:issue_note) { create(:note, noteable: issue, project: project, author: user) } - let!(:merge_request_note) { create(:note, noteable: merge_request, project: project, author: user) } - let!(:snippet_note) { create(:note, noteable: snippet, project: project, author: user) } - - # For testing the cross-reference of a private issue in a public issue - let(:private_user) { create(:user) } - let(:private_project) do - create(:project, namespace: private_user.namespace) - .tap { |p| p.add_master(private_user) } - end - let(:private_issue) { create(:issue, project: private_project) } - - let(:ext_proj) { create(:project, :public) } - let(:ext_issue) { create(:issue, project: ext_proj) } - - let!(:cross_reference_note) do - create :note, - noteable: ext_issue, project: ext_proj, - note: "mentioned in issue #{private_issue.to_reference(ext_proj)}", - system: true - end - - before { project.add_reporter(user) } - - describe "GET /projects/:id/noteable/:noteable_id/notes" do - context "when noteable is an Issue" do - it "returns an array of issue notes" do - get v3_api("/projects/#{project.id}/issues/#{issue.id}/notes", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.first['body']).to eq(issue_note.note) - expect(json_response.first['upvote']).to be_falsey - expect(json_response.first['downvote']).to be_falsey - end - - it "returns a 404 error when issue id not found" do - get v3_api("/projects/#{project.id}/issues/12345/notes", user) - - expect(response).to have_gitlab_http_status(404) - end - - context "and current user cannot view the notes" do - it "returns an empty array" do - get v3_api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response).to be_empty - end - - context "and issue is confidential" do - before { ext_issue.update_attributes(confidential: true) } - - it "returns 404" do - get v3_api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context "and current user can view the note" do - it "returns an empty array" do - get v3_api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", private_user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.first['body']).to eq(cross_reference_note.note) - end - end - end - end - - context "when noteable is a Snippet" do - it "returns an array of snippet notes" do - get v3_api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.first['body']).to eq(snippet_note.note) - end - - it "returns a 404 error when snippet id not found" do - get v3_api("/projects/#{project.id}/snippets/42/notes", user) - - expect(response).to have_gitlab_http_status(404) - end - - it "returns 404 when not authorized" do - get v3_api("/projects/#{project.id}/snippets/#{snippet.id}/notes", private_user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context "when noteable is a Merge Request" do - it "returns an array of merge_requests notes" do - get v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/notes", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - expect(json_response.first['body']).to eq(merge_request_note.note) - end - - it "returns a 404 error if merge request id not found" do - get v3_api("/projects/#{project.id}/merge_requests/4444/notes", user) - - expect(response).to have_gitlab_http_status(404) - end - - it "returns 404 when not authorized" do - get v3_api("/projects/#{project.id}/merge_requests/4444/notes", private_user) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe "GET /projects/:id/noteable/:noteable_id/notes/:note_id" do - context "when noteable is an Issue" do - it "returns an issue note by id" do - get v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['body']).to eq(issue_note.note) - end - - it "returns a 404 error if issue note not found" do - get v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user) - - expect(response).to have_gitlab_http_status(404) - end - - context "and current user cannot view the note" do - it "returns a 404 error" do - get v3_api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes/#{cross_reference_note.id}", user) - - expect(response).to have_gitlab_http_status(404) - end - - context "when issue is confidential" do - before { issue.update_attributes(confidential: true) } - - it "returns 404" do - get v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", private_user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context "and current user can view the note" do - it "returns an issue note by id" do - get v3_api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes/#{cross_reference_note.id}", private_user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['body']).to eq(cross_reference_note.note) - end - end - end - end - - context "when noteable is a Snippet" do - it "returns a snippet note by id" do - get v3_api("/projects/#{project.id}/snippets/#{snippet.id}/notes/#{snippet_note.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['body']).to eq(snippet_note.note) - end - - it "returns a 404 error if snippet note not found" do - get v3_api("/projects/#{project.id}/snippets/#{snippet.id}/notes/12345", user) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe "POST /projects/:id/noteable/:noteable_id/notes" do - context "when noteable is an Issue" do - it "creates a new issue note" do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['body']).to eq('hi!') - expect(json_response['author']['username']).to eq(user.username) - end - - it "returns a 400 bad request error if body not given" do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes", user) - - expect(response).to have_gitlab_http_status(400) - end - - it "returns a 401 unauthorized error if user not authenticated" do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes"), body: 'hi!' - - expect(response).to have_gitlab_http_status(401) - end - - context 'when an admin or owner makes the request' do - it 'accepts the creation date to be set' do - creation_time = 2.weeks.ago - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes", user), - body: 'hi!', created_at: creation_time - - expect(response).to have_gitlab_http_status(201) - expect(json_response['body']).to eq('hi!') - expect(json_response['author']['username']).to eq(user.username) - expect(Time.parse(json_response['created_at'])).to be_like_time(creation_time) - end - end - - context 'when the user is posting an award emoji on an issue created by someone else' do - let(:issue2) { create(:issue, project: project) } - - it 'creates a new issue note' do - post v3_api("/projects/#{project.id}/issues/#{issue2.id}/notes", user), body: ':+1:' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['body']).to eq(':+1:') - end - end - - context 'when the user is posting an award emoji on his/her own issue' do - it 'creates a new issue note' do - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: ':+1:' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['body']).to eq(':+1:') - end - end - end - - context "when noteable is a Snippet" do - it "creates a new snippet note" do - post v3_api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user), body: 'hi!' - - expect(response).to have_gitlab_http_status(201) - expect(json_response['body']).to eq('hi!') - expect(json_response['author']['username']).to eq(user.username) - end - - it "returns a 400 bad request error if body not given" do - post v3_api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user) - - expect(response).to have_gitlab_http_status(400) - end - - it "returns a 401 unauthorized error if user not authenticated" do - post v3_api("/projects/#{project.id}/snippets/#{snippet.id}/notes"), body: 'hi!' - - expect(response).to have_gitlab_http_status(401) - end - end - - context 'when user does not have access to read the noteable' do - it 'responds with 404' do - project = create(:project, :private) { |p| p.add_guest(user) } - issue = create(:issue, :confidential, project: project) - - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes", user), - body: 'Foo' - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when user does not have access to create noteable' do - let(:private_issue) { create(:issue, project: create(:project, :private)) } - - ## - # We are posting to project user has access to, but we use issue id - # from a different project, see #15577 - # - before do - post v3_api("/projects/#{project.id}/issues/#{private_issue.id}/notes", user), - body: 'Hi!' - end - - it 'responds with resource not found error' do - expect(response.status).to eq 404 - end - - it 'does not create new note' do - expect(private_issue.notes.reload).to be_empty - end - end - end - - describe "POST /projects/:id/noteable/:noteable_id/notes to test observer on create" do - it "creates an activity event when an issue note is created" do - expect(Event).to receive(:create!) - - post v3_api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!' - end - end - - describe 'PUT /projects/:id/noteable/:noteable_id/notes/:note_id' do - context 'when noteable is an Issue' do - it 'returns modified note' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}/"\ - "notes/#{issue_note.id}", user), body: 'Hello!' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['body']).to eq('Hello!') - end - - it 'returns a 404 error when note id not found' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user), - body: 'Hello!' - - expect(response).to have_gitlab_http_status(404) - end - - it 'returns a 400 bad request error if body not given' do - put v3_api("/projects/#{project.id}/issues/#{issue.id}/"\ - "notes/#{issue_note.id}", user) - - expect(response).to have_gitlab_http_status(400) - end - end - - context 'when noteable is a Snippet' do - it 'returns modified note' do - put v3_api("/projects/#{project.id}/snippets/#{snippet.id}/"\ - "notes/#{snippet_note.id}", user), body: 'Hello!' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['body']).to eq('Hello!') - end - - it 'returns a 404 error when note id not found' do - put v3_api("/projects/#{project.id}/snippets/#{snippet.id}/"\ - "notes/12345", user), body: "Hello!" - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when noteable is a Merge Request' do - it 'returns modified note' do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\ - "notes/#{merge_request_note.id}", user), body: 'Hello!' - - expect(response).to have_gitlab_http_status(200) - expect(json_response['body']).to eq('Hello!') - end - - it 'returns a 404 error when note id not found' do - put v3_api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\ - "notes/12345", user), body: "Hello!" - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe 'DELETE /projects/:id/noteable/:noteable_id/notes/:note_id' do - context 'when noteable is an Issue' do - it 'deletes a note' do - delete v3_api("/projects/#{project.id}/issues/#{issue.id}/"\ - "notes/#{issue_note.id}", user) - - expect(response).to have_gitlab_http_status(200) - # Check if note is really deleted - delete v3_api("/projects/#{project.id}/issues/#{issue.id}/"\ - "notes/#{issue_note.id}", user) - expect(response).to have_gitlab_http_status(404) - end - - it 'returns a 404 error when note id not found' do - delete v3_api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when noteable is a Snippet' do - it 'deletes a note' do - delete v3_api("/projects/#{project.id}/snippets/#{snippet.id}/"\ - "notes/#{snippet_note.id}", user) - - expect(response).to have_gitlab_http_status(200) - # Check if note is really deleted - delete v3_api("/projects/#{project.id}/snippets/#{snippet.id}/"\ - "notes/#{snippet_note.id}", user) - expect(response).to have_gitlab_http_status(404) - end - - it 'returns a 404 error when note id not found' do - delete v3_api("/projects/#{project.id}/snippets/#{snippet.id}/"\ - "notes/12345", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when noteable is a Merge Request' do - it 'deletes a note' do - delete v3_api("/projects/#{project.id}/merge_requests/"\ - "#{merge_request.id}/notes/#{merge_request_note.id}", user) - - expect(response).to have_gitlab_http_status(200) - # Check if note is really deleted - delete v3_api("/projects/#{project.id}/merge_requests/"\ - "#{merge_request.id}/notes/#{merge_request_note.id}", user) - expect(response).to have_gitlab_http_status(404) - end - - it 'returns a 404 error when note id not found' do - delete v3_api("/projects/#{project.id}/merge_requests/"\ - "#{merge_request.id}/notes/12345", user) - - expect(response).to have_gitlab_http_status(404) - end - end - end -end diff --git a/spec/requests/api/v3/pipelines_spec.rb b/spec/requests/api/v3/pipelines_spec.rb deleted file mode 100644 index ea943f22c41..00000000000 --- a/spec/requests/api/v3/pipelines_spec.rb +++ /dev/null @@ -1,201 +0,0 @@ -require 'spec_helper' - -describe API::V3::Pipelines do - let(:user) { create(:user) } - let(:non_member) { create(:user) } - let(:project) { create(:project, :repository, creator: user) } - - let!(:pipeline) do - create(:ci_empty_pipeline, project: project, sha: project.commit.id, - ref: project.default_branch) - end - - before { project.add_master(user) } - - shared_examples 'a paginated resources' do - before do - # Fires the request - request - end - - it 'has pagination headers' do - expect(response).to include_pagination_headers - end - end - - describe 'GET /projects/:id/pipelines ' do - it_behaves_like 'a paginated resources' do - let(:request) { get v3_api("/projects/#{project.id}/pipelines", user) } - end - - context 'authorized user' do - it 'returns project pipelines' do - get v3_api("/projects/#{project.id}/pipelines", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['sha']).to match(/\A\h{40}\z/) - expect(json_response.first['id']).to eq pipeline.id - expect(json_response.first.keys).to contain_exactly(*%w[id sha ref status before_sha tag yaml_errors user created_at updated_at started_at finished_at committed_at duration coverage]) - end - end - - context 'unauthorized user' do - it 'does not return project pipelines' do - get v3_api("/projects/#{project.id}/pipelines", non_member) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq '404 Project Not Found' - expect(json_response).not_to be_an Array - end - end - end - - describe 'POST /projects/:id/pipeline ' do - context 'authorized user' do - context 'with gitlab-ci.yml' do - before { stub_ci_pipeline_to_return_yaml_file } - - it 'creates and returns a new pipeline' do - expect do - post v3_api("/projects/#{project.id}/pipeline", user), ref: project.default_branch - end.to change { Ci::Pipeline.count }.by(1) - - expect(response).to have_gitlab_http_status(201) - expect(json_response).to be_a Hash - expect(json_response['sha']).to eq project.commit.id - end - - it 'fails when using an invalid ref' do - post v3_api("/projects/#{project.id}/pipeline", user), ref: 'invalid_ref' - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']['base'].first).to eq 'Reference not found' - expect(json_response).not_to be_an Array - end - end - - context 'without gitlab-ci.yml' do - it 'fails to create pipeline' do - post v3_api("/projects/#{project.id}/pipeline", user), ref: project.default_branch - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']['base'].first).to eq 'Missing .gitlab-ci.yml file' - expect(json_response).not_to be_an Array - end - end - end - - context 'unauthorized user' do - it 'does not create pipeline' do - post v3_api("/projects/#{project.id}/pipeline", non_member), ref: project.default_branch - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq '404 Project Not Found' - expect(json_response).not_to be_an Array - end - end - end - - describe 'GET /projects/:id/pipelines/:pipeline_id' do - context 'authorized user' do - it 'returns project pipelines' do - get v3_api("/projects/#{project.id}/pipelines/#{pipeline.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['sha']).to match /\A\h{40}\z/ - end - - it 'returns 404 when it does not exist' do - get v3_api("/projects/#{project.id}/pipelines/123456", user) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq '404 Not found' - expect(json_response['id']).to be nil - end - - context 'with coverage' do - before do - create(:ci_build, coverage: 30, pipeline: pipeline) - end - - it 'exposes the coverage' do - get v3_api("/projects/#{project.id}/pipelines/#{pipeline.id}", user) - - expect(json_response["coverage"].to_i).to eq(30) - end - end - end - - context 'unauthorized user' do - it 'should not return a project pipeline' do - get v3_api("/projects/#{project.id}/pipelines/#{pipeline.id}", non_member) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq '404 Project Not Found' - expect(json_response['id']).to be nil - end - end - end - - describe 'POST /projects/:id/pipelines/:pipeline_id/retry' do - context 'authorized user' do - let!(:pipeline) do - create(:ci_pipeline, project: project, sha: project.commit.id, - ref: project.default_branch) - end - - let!(:build) { create(:ci_build, :failed, pipeline: pipeline) } - - it 'retries failed builds' do - expect do - post v3_api("/projects/#{project.id}/pipelines/#{pipeline.id}/retry", user) - end.to change { pipeline.builds.count }.from(1).to(2) - - expect(response).to have_gitlab_http_status(201) - expect(build.reload.retried?).to be true - end - end - - context 'unauthorized user' do - it 'should not return a project pipeline' do - post v3_api("/projects/#{project.id}/pipelines/#{pipeline.id}/retry", non_member) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq '404 Project Not Found' - expect(json_response['id']).to be nil - end - end - end - - describe 'POST /projects/:id/pipelines/:pipeline_id/cancel' do - let!(:pipeline) do - create(:ci_empty_pipeline, project: project, sha: project.commit.id, - ref: project.default_branch) - end - - let!(:build) { create(:ci_build, :running, pipeline: pipeline) } - - context 'authorized user' do - it 'retries failed builds' do - post v3_api("/projects/#{project.id}/pipelines/#{pipeline.id}/cancel", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['status']).to eq('canceled') - end - end - - context 'user without proper access rights' do - let!(:reporter) { create(:user) } - - before { project.add_reporter(reporter) } - - it 'rejects the action' do - post v3_api("/projects/#{project.id}/pipelines/#{pipeline.id}/cancel", reporter) - - expect(response).to have_gitlab_http_status(403) - expect(pipeline.reload.status).to eq('pending') - end - end - end -end diff --git a/spec/requests/api/v3/project_hooks_spec.rb b/spec/requests/api/v3/project_hooks_spec.rb deleted file mode 100644 index 8f6a2330d25..00000000000 --- a/spec/requests/api/v3/project_hooks_spec.rb +++ /dev/null @@ -1,219 +0,0 @@ -require 'spec_helper' - -describe API::ProjectHooks, 'ProjectHooks' do - let(:user) { create(:user) } - let(:user3) { create(:user) } - let!(:project) { create(:project, creator_id: user.id, namespace: user.namespace) } - let!(:hook) do - create(:project_hook, - :all_events_enabled, - project: project, - url: 'http://example.com', - enable_ssl_verification: true) - end - - before do - project.add_master(user) - project.add_developer(user3) - end - - describe "GET /projects/:id/hooks" do - context "authorized user" do - it "returns project hooks" do - get v3_api("/projects/#{project.id}/hooks", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.count).to eq(1) - expect(json_response.first['url']).to eq("http://example.com") - expect(json_response.first['issues_events']).to eq(true) - expect(json_response.first['confidential_issues_events']).to eq(true) - expect(json_response.first['push_events']).to eq(true) - expect(json_response.first['merge_requests_events']).to eq(true) - expect(json_response.first['tag_push_events']).to eq(true) - expect(json_response.first['note_events']).to eq(true) - expect(json_response.first['build_events']).to eq(true) - expect(json_response.first['pipeline_events']).to eq(true) - expect(json_response.first['wiki_page_events']).to eq(true) - expect(json_response.first['enable_ssl_verification']).to eq(true) - end - end - - context "unauthorized user" do - it "does not access project hooks" do - get v3_api("/projects/#{project.id}/hooks", user3) - - expect(response).to have_gitlab_http_status(403) - end - end - end - - describe "GET /projects/:id/hooks/:hook_id" do - context "authorized user" do - it "returns a project hook" do - get v3_api("/projects/#{project.id}/hooks/#{hook.id}", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response['url']).to eq(hook.url) - expect(json_response['issues_events']).to eq(hook.issues_events) - expect(json_response['confidential_issues_events']).to eq(hook.confidential_issues_events) - expect(json_response['push_events']).to eq(hook.push_events) - expect(json_response['merge_requests_events']).to eq(hook.merge_requests_events) - expect(json_response['tag_push_events']).to eq(hook.tag_push_events) - expect(json_response['note_events']).to eq(hook.note_events) - expect(json_response['build_events']).to eq(hook.job_events) - expect(json_response['pipeline_events']).to eq(hook.pipeline_events) - expect(json_response['wiki_page_events']).to eq(hook.wiki_page_events) - expect(json_response['enable_ssl_verification']).to eq(hook.enable_ssl_verification) - end - - it "returns a 404 error if hook id is not available" do - get v3_api("/projects/#{project.id}/hooks/1234", user) - expect(response).to have_gitlab_http_status(404) - end - end - - context "unauthorized user" do - it "does not access an existing hook" do - get v3_api("/projects/#{project.id}/hooks/#{hook.id}", user3) - expect(response).to have_gitlab_http_status(403) - end - end - - it "returns a 404 error if hook id is not available" do - get v3_api("/projects/#{project.id}/hooks/1234", user) - expect(response).to have_gitlab_http_status(404) - end - end - - describe "POST /projects/:id/hooks" do - it "adds hook to project" do - expect do - post v3_api("/projects/#{project.id}/hooks", user), - url: "http://example.com", issues_events: true, confidential_issues_events: true, wiki_page_events: true, build_events: true - end.to change {project.hooks.count}.by(1) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['url']).to eq('http://example.com') - expect(json_response['issues_events']).to eq(true) - expect(json_response['confidential_issues_events']).to eq(true) - expect(json_response['push_events']).to eq(true) - expect(json_response['merge_requests_events']).to eq(false) - expect(json_response['tag_push_events']).to eq(false) - expect(json_response['note_events']).to eq(false) - expect(json_response['build_events']).to eq(true) - expect(json_response['pipeline_events']).to eq(false) - expect(json_response['wiki_page_events']).to eq(true) - expect(json_response['enable_ssl_verification']).to eq(true) - expect(json_response).not_to include('token') - end - - it "adds the token without including it in the response" do - token = "secret token" - - expect do - post v3_api("/projects/#{project.id}/hooks", user), url: "http://example.com", token: token - end.to change {project.hooks.count}.by(1) - - expect(response).to have_gitlab_http_status(201) - expect(json_response["url"]).to eq("http://example.com") - expect(json_response).not_to include("token") - - hook = project.hooks.find(json_response["id"]) - - expect(hook.url).to eq("http://example.com") - expect(hook.token).to eq(token) - end - - it "returns a 400 error if url not given" do - post v3_api("/projects/#{project.id}/hooks", user) - expect(response).to have_gitlab_http_status(400) - end - - it "returns a 422 error if url not valid" do - post v3_api("/projects/#{project.id}/hooks", user), "url" => "ftp://example.com" - expect(response).to have_gitlab_http_status(422) - end - end - - describe "PUT /projects/:id/hooks/:hook_id" do - it "updates an existing project hook" do - put v3_api("/projects/#{project.id}/hooks/#{hook.id}", user), - url: 'http://example.org', push_events: false, build_events: true - expect(response).to have_gitlab_http_status(200) - expect(json_response['url']).to eq('http://example.org') - expect(json_response['issues_events']).to eq(hook.issues_events) - expect(json_response['confidential_issues_events']).to eq(hook.confidential_issues_events) - expect(json_response['push_events']).to eq(false) - expect(json_response['merge_requests_events']).to eq(hook.merge_requests_events) - expect(json_response['tag_push_events']).to eq(hook.tag_push_events) - expect(json_response['note_events']).to eq(hook.note_events) - expect(json_response['build_events']).to eq(hook.job_events) - expect(json_response['pipeline_events']).to eq(hook.pipeline_events) - expect(json_response['wiki_page_events']).to eq(hook.wiki_page_events) - expect(json_response['enable_ssl_verification']).to eq(hook.enable_ssl_verification) - end - - it "adds the token without including it in the response" do - token = "secret token" - - put v3_api("/projects/#{project.id}/hooks/#{hook.id}", user), url: "http://example.org", token: token - - expect(response).to have_gitlab_http_status(200) - expect(json_response["url"]).to eq("http://example.org") - expect(json_response).not_to include("token") - - expect(hook.reload.url).to eq("http://example.org") - expect(hook.reload.token).to eq(token) - end - - it "returns 404 error if hook id not found" do - put v3_api("/projects/#{project.id}/hooks/1234", user), url: 'http://example.org' - expect(response).to have_gitlab_http_status(404) - end - - it "returns 400 error if url is not given" do - put v3_api("/projects/#{project.id}/hooks/#{hook.id}", user) - expect(response).to have_gitlab_http_status(400) - end - - it "returns a 422 error if url is not valid" do - put v3_api("/projects/#{project.id}/hooks/#{hook.id}", user), url: 'ftp://example.com' - expect(response).to have_gitlab_http_status(422) - end - end - - describe "DELETE /projects/:id/hooks/:hook_id" do - it "deletes hook from project" do - expect do - delete v3_api("/projects/#{project.id}/hooks/#{hook.id}", user) - end.to change {project.hooks.count}.by(-1) - expect(response).to have_gitlab_http_status(200) - end - - it "returns success when deleting hook" do - delete v3_api("/projects/#{project.id}/hooks/#{hook.id}", user) - expect(response).to have_gitlab_http_status(200) - end - - it "returns a 404 error when deleting non existent hook" do - delete v3_api("/projects/#{project.id}/hooks/42", user) - expect(response).to have_gitlab_http_status(404) - end - - it "returns a 404 error if hook id not given" do - delete v3_api("/projects/#{project.id}/hooks", user) - - expect(response).to have_gitlab_http_status(404) - end - - it "returns a 404 if a user attempts to delete project hooks he/she does not own" do - test_user = create(:user) - other_project = create(:project) - other_project.add_master(test_user) - - delete v3_api("/projects/#{other_project.id}/hooks/#{hook.id}", test_user) - expect(response).to have_gitlab_http_status(404) - expect(WebHook.exists?(hook.id)).to be_truthy - end - end -end diff --git a/spec/requests/api/v3/project_snippets_spec.rb b/spec/requests/api/v3/project_snippets_spec.rb deleted file mode 100644 index 2ed31b99516..00000000000 --- a/spec/requests/api/v3/project_snippets_spec.rb +++ /dev/null @@ -1,226 +0,0 @@ -require 'rails_helper' - -describe API::ProjectSnippets do - let(:project) { create(:project, :public) } - let(:user) { create(:user) } - let(:admin) { create(:admin) } - - describe 'GET /projects/:project_id/snippets/:id' do - # TODO (rspeicher): Deprecated; remove in 9.0 - it 'always exposes expires_at as nil' do - snippet = create(:project_snippet, author: admin) - - get v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin) - - expect(json_response).to have_key('expires_at') - expect(json_response['expires_at']).to be_nil - end - end - - describe 'GET /projects/:project_id/snippets/' do - let(:user) { create(:user) } - - it 'returns all snippets available to team member' do - project.add_developer(user) - public_snippet = create(:project_snippet, :public, project: project) - internal_snippet = create(:project_snippet, :internal, project: project) - private_snippet = create(:project_snippet, :private, project: project) - - get v3_api("/projects/#{project.id}/snippets/", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response.size).to eq(3) - expect(json_response.map { |snippet| snippet['id']} ).to include(public_snippet.id, internal_snippet.id, private_snippet.id) - expect(json_response.last).to have_key('web_url') - end - - it 'hides private snippets from regular user' do - create(:project_snippet, :private, project: project) - - get v3_api("/projects/#{project.id}/snippets/", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response.size).to eq(0) - end - end - - describe 'POST /projects/:project_id/snippets/' do - let(:params) do - { - title: 'Test Title', - file_name: 'test.rb', - code: 'puts "hello world"', - visibility_level: Snippet::PUBLIC - } - end - - it 'creates a new snippet' do - post v3_api("/projects/#{project.id}/snippets/", admin), params - - expect(response).to have_gitlab_http_status(201) - snippet = ProjectSnippet.find(json_response['id']) - expect(snippet.content).to eq(params[:code]) - expect(snippet.title).to eq(params[:title]) - expect(snippet.file_name).to eq(params[:file_name]) - expect(snippet.visibility_level).to eq(params[:visibility_level]) - end - - it 'returns 400 for missing parameters' do - params.delete(:title) - - post v3_api("/projects/#{project.id}/snippets/", admin), params - - expect(response).to have_gitlab_http_status(400) - end - - context 'when the snippet is spam' do - def create_snippet(project, snippet_params = {}) - project.add_developer(user) - - post v3_api("/projects/#{project.id}/snippets", user), params.merge(snippet_params) - end - - before do - allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true) - end - - context 'when the snippet is private' do - it 'creates the snippet' do - expect { create_snippet(project, visibility_level: Snippet::PRIVATE) } - .to change { Snippet.count }.by(1) - end - end - - context 'when the snippet is public' do - it 'rejects the shippet' do - expect { create_snippet(project, visibility_level: Snippet::PUBLIC) } - .not_to change { Snippet.count } - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq({ "error" => "Spam detected" }) - end - - it 'creates a spam log' do - expect { create_snippet(project, visibility_level: Snippet::PUBLIC) } - .to change { SpamLog.count }.by(1) - end - end - end - end - - describe 'PUT /projects/:project_id/snippets/:id/' do - let(:visibility_level) { Snippet::PUBLIC } - let(:snippet) { create(:project_snippet, author: admin, visibility_level: visibility_level) } - - it 'updates snippet' do - new_content = 'New content' - - put v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), code: new_content - - expect(response).to have_gitlab_http_status(200) - snippet.reload - expect(snippet.content).to eq(new_content) - end - - it 'returns 404 for invalid snippet id' do - put v3_api("/projects/#{snippet.project.id}/snippets/1234", admin), title: 'foo' - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Snippet Not Found') - end - - it 'returns 400 for missing parameters' do - put v3_api("/projects/#{project.id}/snippets/1234", admin) - - expect(response).to have_gitlab_http_status(400) - end - - context 'when the snippet is spam' do - def update_snippet(snippet_params = {}) - put v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin), snippet_params - end - - before do - allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true) - end - - context 'when the snippet is private' do - let(:visibility_level) { Snippet::PRIVATE } - - it 'creates the snippet' do - expect { update_snippet(title: 'Foo') } - .to change { snippet.reload.title }.to('Foo') - end - end - - context 'when the snippet is public' do - let(:visibility_level) { Snippet::PUBLIC } - - it 'rejects the snippet' do - expect { update_snippet(title: 'Foo') } - .not_to change { snippet.reload.title } - end - - it 'creates a spam log' do - expect { update_snippet(title: 'Foo') } - .to change { SpamLog.count }.by(1) - end - end - - context 'when the private snippet is made public' do - let(:visibility_level) { Snippet::PRIVATE } - - it 'rejects the snippet' do - expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) } - .not_to change { snippet.reload.title } - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq({ "error" => "Spam detected" }) - end - - it 'creates a spam log' do - expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) } - .to change { SpamLog.count }.by(1) - end - end - end - end - - describe 'DELETE /projects/:project_id/snippets/:id/' do - let(:snippet) { create(:project_snippet, author: admin) } - - it 'deletes snippet' do - admin = create(:admin) - snippet = create(:project_snippet, author: admin) - - delete v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin) - - expect(response).to have_gitlab_http_status(200) - end - - it 'returns 404 for invalid snippet id' do - delete v3_api("/projects/#{snippet.project.id}/snippets/1234", admin) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Snippet Not Found') - end - end - - describe 'GET /projects/:project_id/snippets/:id/raw' do - let(:snippet) { create(:project_snippet, author: admin) } - - it 'returns raw text' do - get v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/raw", admin) - - expect(response).to have_gitlab_http_status(200) - expect(response.content_type).to eq 'text/plain' - expect(response.body).to eq(snippet.content) - end - - it 'returns 404 for invalid snippet id' do - delete v3_api("/projects/#{snippet.project.id}/snippets/1234", admin) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Snippet Not Found') - end - end -end diff --git a/spec/requests/api/v3/projects_spec.rb b/spec/requests/api/v3/projects_spec.rb deleted file mode 100644 index 4c25bd935c6..00000000000 --- a/spec/requests/api/v3/projects_spec.rb +++ /dev/null @@ -1,1495 +0,0 @@ -require 'spec_helper' - -describe API::V3::Projects do - let(:user) { create(:user) } - let(:user2) { create(:user) } - let(:user3) { create(:user) } - let(:admin) { create(:admin) } - let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) } - let(:project2) { create(:project, creator_id: user.id, namespace: user.namespace) } - let(:snippet) { create(:project_snippet, :public, author: user, project: project, title: 'example') } - let(:project_member) { create(:project_member, :developer, user: user3, project: project) } - let(:user4) { create(:user) } - let(:project3) do - create(:project, - :private, - :repository, - name: 'second_project', - path: 'second_project', - creator_id: user.id, - namespace: user.namespace, - merge_requests_enabled: false, - issues_enabled: false, wiki_enabled: false, - snippets_enabled: false) - end - let(:project_member2) do - create(:project_member, - user: user4, - project: project3, - access_level: ProjectMember::MASTER) - end - let(:project4) do - create(:project, - name: 'third_project', - path: 'third_project', - creator_id: user4.id, - namespace: user4.namespace) - end - - describe 'GET /projects' do - before { project } - - context 'when unauthenticated' do - it 'returns authentication error' do - get v3_api('/projects') - expect(response).to have_gitlab_http_status(401) - end - end - - context 'when authenticated as regular user' do - it 'returns an array of projects' do - get v3_api('/projects', user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(project.name) - expect(json_response.first['owner']['username']).to eq(user.username) - end - - it 'includes the project labels as the tag_list' do - get v3_api('/projects', user) - expect(response.status).to eq 200 - expect(json_response).to be_an Array - expect(json_response.first.keys).to include('tag_list') - end - - it 'includes open_issues_count' do - get v3_api('/projects', user) - expect(response.status).to eq 200 - expect(json_response).to be_an Array - expect(json_response.first.keys).to include('open_issues_count') - end - - it 'does not include open_issues_count' do - project.project_feature.update_attribute(:issues_access_level, ProjectFeature::DISABLED) - - get v3_api('/projects', user) - expect(response.status).to eq 200 - expect(json_response).to be_an Array - expect(json_response.first.keys).not_to include('open_issues_count') - end - - context 'GET /projects?simple=true' do - it 'returns a simplified version of all the projects' do - expected_keys = %w( - id description default_branch tag_list - ssh_url_to_repo http_url_to_repo web_url - name name_with_namespace - path path_with_namespace - star_count forks_count - created_at last_activity_at - avatar_url - ) - - get v3_api('/projects?simple=true', user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first.keys).to match_array expected_keys - end - end - - context 'and using search' do - it 'returns searched project' do - get v3_api('/projects', user), { search: project.name } - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - end - end - - context 'and using the visibility filter' do - it 'filters based on private visibility param' do - get v3_api('/projects', user), { visibility: 'private' } - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(user.namespace.projects.where(visibility_level: Gitlab::VisibilityLevel::PRIVATE).count) - end - - it 'filters based on internal visibility param' do - get v3_api('/projects', user), { visibility: 'internal' } - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(user.namespace.projects.where(visibility_level: Gitlab::VisibilityLevel::INTERNAL).count) - end - - it 'filters based on public visibility param' do - get v3_api('/projects', user), { visibility: 'public' } - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(user.namespace.projects.where(visibility_level: Gitlab::VisibilityLevel::PUBLIC).count) - end - end - - context 'and using archived' do - let!(:archived_project) { create(:project, creator_id: user.id, namespace: user.namespace, archived: true) } - - it 'returns archived project' do - get v3_api('/projects?archived=true', user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(archived_project.id) - end - - it 'returns non-archived project' do - get v3_api('/projects?archived=false', user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(1) - expect(json_response.first['id']).to eq(project.id) - end - - it 'returns all project' do - get v3_api('/projects', user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.length).to eq(2) - end - end - - context 'and using sorting' do - before do - project2 - project3 - end - - it 'returns the correct order when sorted by id' do - get v3_api('/projects', user), { order_by: 'id', sort: 'desc' } - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['id']).to eq(project3.id) - end - end - end - end - - describe 'GET /projects/all' do - before { project } - - context 'when unauthenticated' do - it 'returns authentication error' do - get v3_api('/projects/all') - expect(response).to have_gitlab_http_status(401) - end - end - - context 'when authenticated as regular user' do - it 'returns authentication error' do - get v3_api('/projects/all', user) - expect(response).to have_gitlab_http_status(403) - end - end - - context 'when authenticated as admin' do - it 'returns an array of all projects' do - get v3_api('/projects/all', admin) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - - expect(json_response).to satisfy do |response| - response.one? do |entry| - entry.key?('permissions') && - entry['name'] == project.name && - entry['owner']['username'] == user.username - end - end - end - - it "does not include statistics by default" do - get v3_api('/projects/all', admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first).not_to include('statistics') - end - - it "includes statistics if requested" do - get v3_api('/projects/all', admin), statistics: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first).to include 'statistics' - end - end - end - - describe 'GET /projects/owned' do - before do - project3 - project4 - end - - context 'when unauthenticated' do - it 'returns authentication error' do - get v3_api('/projects/owned') - expect(response).to have_gitlab_http_status(401) - end - end - - context 'when authenticated as project owner' do - it 'returns an array of projects the user owns' do - get v3_api('/projects/owned', user4) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(project4.name) - expect(json_response.first['owner']['username']).to eq(user4.username) - end - - it "does not include statistics by default" do - get v3_api('/projects/owned', user4) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first).not_to include('statistics') - end - - it "includes statistics if requested" do - attributes = { - commit_count: 23, - storage_size: 702, - repository_size: 123, - lfs_objects_size: 234, - build_artifacts_size: 345 - } - - project4.statistics.update!(attributes) - - get v3_api('/projects/owned', user4), statistics: true - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['statistics']).to eq attributes.stringify_keys - end - end - end - - describe 'GET /projects/visible' do - shared_examples_for 'visible projects response' do - it 'returns the visible projects' do - get v3_api('/projects/visible', current_user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.map { |p| p['id'] }).to contain_exactly(*projects.map(&:id)) - end - end - - let!(:public_project) { create(:project, :public) } - before do - project - project2 - project3 - project4 - end - - context 'when unauthenticated' do - it_behaves_like 'visible projects response' do - let(:current_user) { nil } - let(:projects) { [public_project] } - end - end - - context 'when authenticated' do - it_behaves_like 'visible projects response' do - let(:current_user) { user } - let(:projects) { [public_project, project, project2, project3] } - end - end - - context 'when authenticated as a different user' do - it_behaves_like 'visible projects response' do - let(:current_user) { user2 } - let(:projects) { [public_project] } - end - end - end - - describe 'GET /projects/starred' do - let(:public_project) { create(:project, :public) } - - before do - project_member - user3.update_attributes(starred_projects: [project, project2, project3, public_project]) - end - - it 'returns the starred projects viewable by the user' do - get v3_api('/projects/starred', user3) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.map { |project| project['id'] }).to contain_exactly(project.id, public_project.id) - end - end - - describe 'POST /projects' do - context 'maximum number of projects reached' do - it 'does not create new project and respond with 403' do - allow_any_instance_of(User).to receive(:projects_limit_left).and_return(0) - expect { post v3_api('/projects', user2), name: 'foo' } - .to change {Project.count}.by(0) - expect(response).to have_gitlab_http_status(403) - end - end - - it 'creates new project without path but with name and returns 201' do - expect { post v3_api('/projects', user), name: 'Foo Project' } - .to change { Project.count }.by(1) - expect(response).to have_gitlab_http_status(201) - - project = Project.first - - expect(project.name).to eq('Foo Project') - expect(project.path).to eq('foo-project') - end - - it 'creates new project without name but with path and returns 201' do - expect { post v3_api('/projects', user), path: 'foo_project' } - .to change { Project.count }.by(1) - expect(response).to have_gitlab_http_status(201) - - project = Project.first - - expect(project.name).to eq('foo_project') - expect(project.path).to eq('foo_project') - end - - it 'creates new project name and path and returns 201' do - expect { post v3_api('/projects', user), path: 'foo-Project', name: 'Foo Project' } - .to change { Project.count }.by(1) - expect(response).to have_gitlab_http_status(201) - - project = Project.first - - expect(project.name).to eq('Foo Project') - expect(project.path).to eq('foo-Project') - end - - it 'creates last project before reaching project limit' do - allow_any_instance_of(User).to receive(:projects_limit_left).and_return(1) - post v3_api('/projects', user2), name: 'foo' - expect(response).to have_gitlab_http_status(201) - end - - it 'does not create new project without name or path and return 400' do - expect { post v3_api('/projects', user) }.not_to change { Project.count } - expect(response).to have_gitlab_http_status(400) - end - - it "assigns attributes to project" do - project = attributes_for(:project, { - path: 'camelCasePath', - issues_enabled: false, - merge_requests_enabled: false, - wiki_enabled: false, - only_allow_merge_if_build_succeeds: false, - request_access_enabled: true, - only_allow_merge_if_all_discussions_are_resolved: false - }) - - post v3_api('/projects', user), project - - project.each_pair do |k, v| - next if %i[storage_version has_external_issue_tracker issues_enabled merge_requests_enabled wiki_enabled].include?(k) - - expect(json_response[k.to_s]).to eq(v) - end - - # Check feature permissions attributes - project = Project.find_by_path(project[:path]) - expect(project.project_feature.issues_access_level).to eq(ProjectFeature::DISABLED) - expect(project.project_feature.merge_requests_access_level).to eq(ProjectFeature::DISABLED) - expect(project.project_feature.wiki_access_level).to eq(ProjectFeature::DISABLED) - end - - it 'sets a project as public' do - project = attributes_for(:project, :public) - post v3_api('/projects', user), project - expect(json_response['public']).to be_truthy - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PUBLIC) - end - - it 'sets a project as public using :public' do - project = attributes_for(:project, { public: true }) - post v3_api('/projects', user), project - expect(json_response['public']).to be_truthy - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PUBLIC) - end - - it 'sets a project as internal' do - project = attributes_for(:project, :internal) - post v3_api('/projects', user), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::INTERNAL) - end - - it 'sets a project as internal overriding :public' do - project = attributes_for(:project, :internal, { public: true }) - post v3_api('/projects', user), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::INTERNAL) - end - - it 'sets a project as private' do - project = attributes_for(:project, :private) - post v3_api('/projects', user), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE) - end - - it 'sets a project as private using :public' do - project = attributes_for(:project, { public: false }) - post v3_api('/projects', user), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE) - end - - it 'sets a project as allowing merge even if build fails' do - project = attributes_for(:project, { only_allow_merge_if_build_succeeds: false }) - post v3_api('/projects', user), project - expect(json_response['only_allow_merge_if_build_succeeds']).to be_falsey - end - - it 'sets a project as allowing merge only if merge_when_pipeline_succeeds' do - project = attributes_for(:project, { only_allow_merge_if_build_succeeds: true }) - post v3_api('/projects', user), project - expect(json_response['only_allow_merge_if_build_succeeds']).to be_truthy - end - - it 'sets a project as allowing merge even if discussions are unresolved' do - project = attributes_for(:project, { only_allow_merge_if_all_discussions_are_resolved: false }) - - post v3_api('/projects', user), project - - expect(json_response['only_allow_merge_if_all_discussions_are_resolved']).to be_falsey - end - - it 'sets a project as allowing merge if only_allow_merge_if_all_discussions_are_resolved is nil' do - project = attributes_for(:project, only_allow_merge_if_all_discussions_are_resolved: nil) - - post v3_api('/projects', user), project - - expect(json_response['only_allow_merge_if_all_discussions_are_resolved']).to be_falsey - end - - it 'sets a project as allowing merge only if all discussions are resolved' do - project = attributes_for(:project, { only_allow_merge_if_all_discussions_are_resolved: true }) - - post v3_api('/projects', user), project - - expect(json_response['only_allow_merge_if_all_discussions_are_resolved']).to be_truthy - end - - context 'when a visibility level is restricted' do - before do - @project = attributes_for(:project, { public: true }) - stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC]) - end - - it 'does not allow a non-admin to use a restricted visibility level' do - post v3_api('/projects', user), @project - - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']['visibility_level'].first).to( - match('restricted by your GitLab administrator') - ) - end - - it 'allows an admin to override restricted visibility settings' do - post v3_api('/projects', admin), @project - expect(json_response['public']).to be_truthy - expect(json_response['visibility_level']).to( - eq(Gitlab::VisibilityLevel::PUBLIC) - ) - end - end - end - - describe 'POST /projects/user/:id' do - before { project } - before { admin } - - it 'should create new project without path and return 201' do - expect { post v3_api("/projects/user/#{user.id}", admin), name: 'foo' }.to change {Project.count}.by(1) - expect(response).to have_gitlab_http_status(201) - end - - it 'responds with 400 on failure and not project' do - expect { post v3_api("/projects/user/#{user.id}", admin) } - .not_to change { Project.count } - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('name is missing') - end - - it 'assigns attributes to project' do - project = attributes_for(:project, { - issues_enabled: false, - merge_requests_enabled: false, - wiki_enabled: false, - request_access_enabled: true - }) - - post v3_api("/projects/user/#{user.id}", admin), project - - expect(response).to have_gitlab_http_status(201) - project.each_pair do |k, v| - next if %i[storage_version has_external_issue_tracker path].include?(k) - - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'sets a project as public' do - project = attributes_for(:project, :public) - post v3_api("/projects/user/#{user.id}", admin), project - - expect(response).to have_gitlab_http_status(201) - expect(json_response['public']).to be_truthy - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PUBLIC) - end - - it 'sets a project as public using :public' do - project = attributes_for(:project, { public: true }) - post v3_api("/projects/user/#{user.id}", admin), project - - expect(response).to have_gitlab_http_status(201) - expect(json_response['public']).to be_truthy - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PUBLIC) - end - - it 'sets a project as internal' do - project = attributes_for(:project, :internal) - post v3_api("/projects/user/#{user.id}", admin), project - - expect(response).to have_gitlab_http_status(201) - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::INTERNAL) - end - - it 'sets a project as internal overriding :public' do - project = attributes_for(:project, :internal, { public: true }) - post v3_api("/projects/user/#{user.id}", admin), project - expect(response).to have_gitlab_http_status(201) - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::INTERNAL) - end - - it 'sets a project as private' do - project = attributes_for(:project, :private) - post v3_api("/projects/user/#{user.id}", admin), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE) - end - - it 'sets a project as private using :public' do - project = attributes_for(:project, { public: false }) - post v3_api("/projects/user/#{user.id}", admin), project - expect(json_response['public']).to be_falsey - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE) - end - - it 'sets a project as allowing merge even if build fails' do - project = attributes_for(:project, { only_allow_merge_if_build_succeeds: false }) - post v3_api("/projects/user/#{user.id}", admin), project - expect(json_response['only_allow_merge_if_build_succeeds']).to be_falsey - end - - it 'sets a project as allowing merge only if merge_when_pipeline_succeeds' do - project = attributes_for(:project, { only_allow_merge_if_build_succeeds: true }) - post v3_api("/projects/user/#{user.id}", admin), project - expect(json_response['only_allow_merge_if_build_succeeds']).to be_truthy - end - - it 'sets a project as allowing merge even if discussions are unresolved' do - project = attributes_for(:project, { only_allow_merge_if_all_discussions_are_resolved: false }) - - post v3_api("/projects/user/#{user.id}", admin), project - - expect(json_response['only_allow_merge_if_all_discussions_are_resolved']).to be_falsey - end - - it 'sets a project as allowing merge only if all discussions are resolved' do - project = attributes_for(:project, { only_allow_merge_if_all_discussions_are_resolved: true }) - - post v3_api("/projects/user/#{user.id}", admin), project - - expect(json_response['only_allow_merge_if_all_discussions_are_resolved']).to be_truthy - end - end - - describe "POST /projects/:id/uploads" do - before { project } - - it "uploads the file and returns its info" do - post v3_api("/projects/#{project.id}/uploads", user), file: fixture_file_upload(Rails.root + "spec/fixtures/dk.png", "image/png") - - expect(response).to have_gitlab_http_status(201) - expect(json_response['alt']).to eq("dk") - expect(json_response['url']).to start_with("/uploads/") - expect(json_response['url']).to end_with("/dk.png") - end - end - - describe 'GET /projects/:id' do - context 'when unauthenticated' do - it 'returns the public projects' do - public_project = create(:project, :public) - - get v3_api("/projects/#{public_project.id}") - - expect(response).to have_gitlab_http_status(200) - expect(json_response['id']).to eq(public_project.id) - expect(json_response['description']).to eq(public_project.description) - expect(json_response['default_branch']).to eq(public_project.default_branch) - expect(json_response.keys).not_to include('permissions') - end - end - - context 'when authenticated' do - before do - project - end - - it 'returns a project by id' do - group = create(:group) - link = create(:project_group_link, project: project, group: group) - - get v3_api("/projects/#{project.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['id']).to eq(project.id) - expect(json_response['description']).to eq(project.description) - expect(json_response['default_branch']).to eq(project.default_branch) - expect(json_response['tag_list']).to be_an Array - expect(json_response['public']).to be_falsey - expect(json_response['archived']).to be_falsey - expect(json_response['visibility_level']).to be_present - expect(json_response['ssh_url_to_repo']).to be_present - expect(json_response['http_url_to_repo']).to be_present - expect(json_response['web_url']).to be_present - expect(json_response['owner']).to be_a Hash - expect(json_response['owner']).to be_a Hash - expect(json_response['name']).to eq(project.name) - expect(json_response['path']).to be_present - expect(json_response['issues_enabled']).to be_present - expect(json_response['merge_requests_enabled']).to be_present - expect(json_response['wiki_enabled']).to be_present - expect(json_response['builds_enabled']).to be_present - expect(json_response['snippets_enabled']).to be_present - expect(json_response['resolve_outdated_diff_discussions']).to eq(project.resolve_outdated_diff_discussions) - expect(json_response['container_registry_enabled']).to be_present - expect(json_response['created_at']).to be_present - expect(json_response['last_activity_at']).to be_present - expect(json_response['shared_runners_enabled']).to be_present - expect(json_response['creator_id']).to be_present - expect(json_response['namespace']).to be_present - expect(json_response['avatar_url']).to be_nil - expect(json_response['star_count']).to be_present - expect(json_response['forks_count']).to be_present - expect(json_response['public_builds']).to be_present - expect(json_response['shared_with_groups']).to be_an Array - expect(json_response['shared_with_groups'].length).to eq(1) - expect(json_response['shared_with_groups'][0]['group_id']).to eq(group.id) - expect(json_response['shared_with_groups'][0]['group_name']).to eq(group.name) - expect(json_response['shared_with_groups'][0]['group_access_level']).to eq(link.group_access) - expect(json_response['only_allow_merge_if_build_succeeds']).to eq(project.only_allow_merge_if_pipeline_succeeds) - expect(json_response['only_allow_merge_if_all_discussions_are_resolved']).to eq(project.only_allow_merge_if_all_discussions_are_resolved) - end - - it 'returns a project by path name' do - get v3_api("/projects/#{project.id}", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq(project.name) - end - - it 'returns a 404 error if not found' do - get v3_api('/projects/42', user) - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Project Not Found') - end - - it 'returns a 404 error if user is not a member' do - other_user = create(:user) - get v3_api("/projects/#{project.id}", other_user) - expect(response).to have_gitlab_http_status(404) - end - - it 'handles users with dots' do - dot_user = create(:user, username: 'dot.user') - project = create(:project, creator_id: dot_user.id, namespace: dot_user.namespace) - - get v3_api("/projects/#{CGI.escape(project.full_path)}", dot_user) - expect(response).to have_gitlab_http_status(200) - expect(json_response['name']).to eq(project.name) - end - - it 'exposes namespace fields' do - get v3_api("/projects/#{project.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['namespace']).to eq({ - 'id' => user.namespace.id, - 'name' => user.namespace.name, - 'path' => user.namespace.path, - 'kind' => user.namespace.kind, - 'full_path' => user.namespace.full_path, - 'parent_id' => nil - }) - end - - describe 'permissions' do - context 'all projects' do - before { project.add_master(user) } - - it 'contains permission information' do - get v3_api("/projects", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response.first['permissions']['project_access']['access_level']) - .to eq(Gitlab::Access::MASTER) - expect(json_response.first['permissions']['group_access']).to be_nil - end - end - - context 'personal project' do - it 'sets project access and returns 200' do - project.add_master(user) - get v3_api("/projects/#{project.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['permissions']['project_access']['access_level']) - .to eq(Gitlab::Access::MASTER) - expect(json_response['permissions']['group_access']).to be_nil - end - end - - context 'group project' do - let(:project2) { create(:project, group: create(:group)) } - - before { project2.group.add_owner(user) } - - it 'sets the owner and return 200' do - get v3_api("/projects/#{project2.id}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['permissions']['project_access']).to be_nil - expect(json_response['permissions']['group_access']['access_level']) - .to eq(Gitlab::Access::OWNER) - end - end - end - end - end - - describe 'GET /projects/:id/events' do - shared_examples_for 'project events response' do - it 'returns the project events' do - member = create(:user) - create(:project_member, :developer, user: member, project: project) - note = create(:note_on_issue, note: 'What an awesome day!', project: project) - EventCreateService.new.leave_note(note, note.author) - - get v3_api("/projects/#{project.id}/events", current_user) - - expect(response).to have_gitlab_http_status(200) - - first_event = json_response.first - - expect(first_event['action_name']).to eq('commented on') - expect(first_event['note']['body']).to eq('What an awesome day!') - - last_event = json_response.last - - expect(last_event['action_name']).to eq('joined') - expect(last_event['project_id'].to_i).to eq(project.id) - expect(last_event['author_username']).to eq(member.username) - expect(last_event['author']['name']).to eq(member.name) - end - end - - context 'when unauthenticated' do - it_behaves_like 'project events response' do - let(:project) { create(:project, :public) } - let(:current_user) { nil } - end - end - - context 'when authenticated' do - context 'valid request' do - it_behaves_like 'project events response' do - let(:current_user) { user } - end - end - - it 'returns a 404 error if not found' do - get v3_api('/projects/42/events', user) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Project Not Found') - end - - it 'returns a 404 error if user is not a member' do - other_user = create(:user) - - get v3_api("/projects/#{project.id}/events", other_user) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe 'GET /projects/:id/users' do - shared_examples_for 'project users response' do - it 'returns the project users' do - member = project.owner - - get v3_api("/projects/#{project.id}/users", current_user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(1) - - first_user = json_response.first - - expect(first_user['username']).to eq(member.username) - expect(first_user['name']).to eq(member.name) - expect(first_user.keys).to contain_exactly(*%w[name username id state avatar_url web_url]) - end - end - - context 'when unauthenticated' do - it_behaves_like 'project users response' do - let(:project) { create(:project, :public) } - let(:current_user) { nil } - end - end - - context 'when authenticated' do - context 'valid request' do - it_behaves_like 'project users response' do - let(:current_user) { user } - end - end - - it 'returns a 404 error if not found' do - get v3_api('/projects/42/users', user) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Project Not Found') - end - - it 'returns a 404 error if user is not a member' do - other_user = create(:user) - - get v3_api("/projects/#{project.id}/users", other_user) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe 'GET /projects/:id/snippets' do - before { snippet } - - it 'returns an array of project snippets' do - get v3_api("/projects/#{project.id}/snippets", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(snippet.title) - end - end - - describe 'GET /projects/:id/snippets/:snippet_id' do - it 'returns a project snippet' do - get v3_api("/projects/#{project.id}/snippets/#{snippet.id}", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq(snippet.title) - end - - it 'returns a 404 error if snippet id not found' do - get v3_api("/projects/#{project.id}/snippets/1234", user) - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'POST /projects/:id/snippets' do - it 'creates a new project snippet' do - post v3_api("/projects/#{project.id}/snippets", user), - title: 'v3_api test', file_name: 'sample.rb', code: 'test', - visibility_level: '0' - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq('v3_api test') - end - - it 'returns a 400 error if invalid snippet is given' do - post v3_api("/projects/#{project.id}/snippets", user) - expect(status).to eq(400) - end - end - - describe 'PUT /projects/:id/snippets/:snippet_id' do - it 'updates an existing project snippet' do - put v3_api("/projects/#{project.id}/snippets/#{snippet.id}", user), - code: 'updated code' - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq('example') - expect(snippet.reload.content).to eq('updated code') - end - - it 'updates an existing project snippet with new title' do - put v3_api("/projects/#{project.id}/snippets/#{snippet.id}", user), - title: 'other v3_api test' - expect(response).to have_gitlab_http_status(200) - expect(json_response['title']).to eq('other v3_api test') - end - end - - describe 'DELETE /projects/:id/snippets/:snippet_id' do - before { snippet } - - it 'deletes existing project snippet' do - expect do - delete v3_api("/projects/#{project.id}/snippets/#{snippet.id}", user) - end.to change { Snippet.count }.by(-1) - expect(response).to have_gitlab_http_status(200) - end - - it 'returns 404 when deleting unknown snippet id' do - delete v3_api("/projects/#{project.id}/snippets/1234", user) - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'GET /projects/:id/snippets/:snippet_id/raw' do - it 'gets a raw project snippet' do - get v3_api("/projects/#{project.id}/snippets/#{snippet.id}/raw", user) - expect(response).to have_gitlab_http_status(200) - end - - it 'returns a 404 error if raw project snippet not found' do - get v3_api("/projects/#{project.id}/snippets/5555/raw", user) - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'fork management' do - let(:project_fork_target) { create(:project) } - let(:project_fork_source) { create(:project, :public) } - - describe 'POST /projects/:id/fork/:forked_from_id' do - let(:new_project_fork_source) { create(:project, :public) } - - it "is not available for non admin users" do - post v3_api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", user) - expect(response).to have_gitlab_http_status(403) - end - - it 'allows project to be forked from an existing project' do - expect(project_fork_target.forked?).not_to be_truthy - post v3_api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) - expect(response).to have_gitlab_http_status(201) - project_fork_target.reload - expect(project_fork_target.forked_from_project.id).to eq(project_fork_source.id) - expect(project_fork_target.forked_project_link).not_to be_nil - expect(project_fork_target.forked?).to be_truthy - end - - it 'refreshes the forks count cachce' do - expect(project_fork_source.forks_count).to be_zero - - post v3_api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) - - expect(project_fork_source.forks_count).to eq(1) - end - - it 'fails if forked_from project which does not exist' do - post v3_api("/projects/#{project_fork_target.id}/fork/9999", admin) - expect(response).to have_gitlab_http_status(404) - end - - it 'fails with 409 if already forked' do - post v3_api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) - project_fork_target.reload - expect(project_fork_target.forked_from_project.id).to eq(project_fork_source.id) - post v3_api("/projects/#{project_fork_target.id}/fork/#{new_project_fork_source.id}", admin) - expect(response).to have_gitlab_http_status(409) - project_fork_target.reload - expect(project_fork_target.forked_from_project.id).to eq(project_fork_source.id) - expect(project_fork_target.forked?).to be_truthy - end - end - - describe 'DELETE /projects/:id/fork' do - it "is not visible to users outside group" do - delete v3_api("/projects/#{project_fork_target.id}/fork", user) - expect(response).to have_gitlab_http_status(404) - end - - context 'when users belong to project group' do - let(:project_fork_target) { create(:project, group: create(:group)) } - - before do - project_fork_target.group.add_owner user - project_fork_target.group.add_developer user2 - end - - it 'is forbidden to non-owner users' do - delete v3_api("/projects/#{project_fork_target.id}/fork", user2) - expect(response).to have_gitlab_http_status(403) - end - - it 'makes forked project unforked' do - post v3_api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin) - project_fork_target.reload - expect(project_fork_target.forked_from_project).not_to be_nil - expect(project_fork_target.forked?).to be_truthy - delete v3_api("/projects/#{project_fork_target.id}/fork", admin) - expect(response).to have_gitlab_http_status(200) - project_fork_target.reload - expect(project_fork_target.forked_from_project).to be_nil - expect(project_fork_target.forked?).not_to be_truthy - end - - it 'is idempotent if not forked' do - expect(project_fork_target.forked_from_project).to be_nil - delete v3_api("/projects/#{project_fork_target.id}/fork", admin) - expect(response).to have_gitlab_http_status(304) - expect(project_fork_target.reload.forked_from_project).to be_nil - end - end - end - end - - describe "POST /projects/:id/share" do - let(:group) { create(:group) } - - it "shares project with group" do - expires_at = 10.days.from_now.to_date - - expect do - post v3_api("/projects/#{project.id}/share", user), group_id: group.id, group_access: Gitlab::Access::DEVELOPER, expires_at: expires_at - end.to change { ProjectGroupLink.count }.by(1) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['group_id']).to eq(group.id) - expect(json_response['group_access']).to eq(Gitlab::Access::DEVELOPER) - expect(json_response['expires_at']).to eq(expires_at.to_s) - end - - it "returns a 400 error when group id is not given" do - post v3_api("/projects/#{project.id}/share", user), group_access: Gitlab::Access::DEVELOPER - expect(response).to have_gitlab_http_status(400) - end - - it "returns a 400 error when access level is not given" do - post v3_api("/projects/#{project.id}/share", user), group_id: group.id - expect(response).to have_gitlab_http_status(400) - end - - it "returns a 400 error when sharing is disabled" do - project.namespace.update(share_with_group_lock: true) - post v3_api("/projects/#{project.id}/share", user), group_id: group.id, group_access: Gitlab::Access::DEVELOPER - expect(response).to have_gitlab_http_status(400) - end - - it 'returns a 404 error when user cannot read group' do - private_group = create(:group, :private) - - post v3_api("/projects/#{project.id}/share", user), group_id: private_group.id, group_access: Gitlab::Access::DEVELOPER - - expect(response).to have_gitlab_http_status(404) - end - - it 'returns a 404 error when group does not exist' do - post v3_api("/projects/#{project.id}/share", user), group_id: 1234, group_access: Gitlab::Access::DEVELOPER - - expect(response).to have_gitlab_http_status(404) - end - - it "returns a 400 error when wrong params passed" do - post v3_api("/projects/#{project.id}/share", user), group_id: group.id, group_access: 1234 - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq 'group_access does not have a valid value' - end - end - - describe 'DELETE /projects/:id/share/:group_id' do - it 'returns 204 when deleting a group share' do - group = create(:group, :public) - create(:project_group_link, group: group, project: project) - - delete v3_api("/projects/#{project.id}/share/#{group.id}", user) - - expect(response).to have_gitlab_http_status(204) - expect(project.project_group_links).to be_empty - end - - it 'returns a 400 when group id is not an integer' do - delete v3_api("/projects/#{project.id}/share/foo", user) - - expect(response).to have_gitlab_http_status(400) - end - - it 'returns a 404 error when group link does not exist' do - delete v3_api("/projects/#{project.id}/share/1234", user) - - expect(response).to have_gitlab_http_status(404) - end - - it 'returns a 404 error when project does not exist' do - delete v3_api("/projects/123/share/1234", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'GET /projects/search/:query' do - let!(:query) { 'query'} - let!(:search) { create(:project, name: query, creator_id: user.id, namespace: user.namespace) } - let!(:pre) { create(:project, name: "pre_#{query}", creator_id: user.id, namespace: user.namespace) } - let!(:post) { create(:project, name: "#{query}_post", creator_id: user.id, namespace: user.namespace) } - let!(:pre_post) { create(:project, name: "pre_#{query}_post", creator_id: user.id, namespace: user.namespace) } - let!(:unfound) { create(:project, name: 'unfound', creator_id: user.id, namespace: user.namespace) } - let!(:internal) { create(:project, :internal, name: "internal #{query}") } - let!(:unfound_internal) { create(:project, :internal, name: 'unfound internal') } - let!(:public) { create(:project, :public, name: "public #{query}") } - let!(:unfound_public) { create(:project, :public, name: 'unfound public') } - let!(:one_dot_two) { create(:project, :public, name: "one.dot.two") } - - shared_examples_for 'project search response' do |args = {}| - it 'returns project search responses' do - get v3_api("/projects/search/#{args[:query]}", current_user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(args[:results]) - json_response.each { |project| expect(project['name']).to match(args[:match_regex] || /.*#{args[:query]}.*/) } - end - end - - context 'when unauthenticated' do - it_behaves_like 'project search response', query: 'query', results: 1 do - let(:current_user) { nil } - end - end - - context 'when authenticated' do - it_behaves_like 'project search response', query: 'query', results: 6 do - let(:current_user) { user } - end - it_behaves_like 'project search response', query: 'one.dot.two', results: 1 do - let(:current_user) { user } - end - end - - context 'when authenticated as a different user' do - it_behaves_like 'project search response', query: 'query', results: 2, match_regex: /(internal|public) query/ do - let(:current_user) { user2 } - end - end - end - - describe 'PUT /projects/:id' do - before { project } - before { user } - before { user3 } - before { user4 } - before { project3 } - before { project4 } - before { project_member2 } - before { project_member } - - context 'when unauthenticated' do - it 'returns authentication error' do - project_param = { name: 'bar' } - put v3_api("/projects/#{project.id}"), project_param - expect(response).to have_gitlab_http_status(401) - end - end - - context 'when authenticated as project owner' do - it 'updates name' do - project_param = { name: 'bar' } - put v3_api("/projects/#{project.id}", user), project_param - expect(response).to have_gitlab_http_status(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'updates visibility_level' do - project_param = { visibility_level: 20 } - put v3_api("/projects/#{project3.id}", user), project_param - expect(response).to have_gitlab_http_status(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'updates visibility_level from public to private' do - project3.update_attributes({ visibility_level: Gitlab::VisibilityLevel::PUBLIC }) - project_param = { public: false } - put v3_api("/projects/#{project3.id}", user), project_param - expect(response).to have_gitlab_http_status(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - expect(json_response['visibility_level']).to eq(Gitlab::VisibilityLevel::PRIVATE) - end - - it 'does not update name to existing name' do - project_param = { name: project3.name } - put v3_api("/projects/#{project.id}", user), project_param - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']['name']).to eq(['has already been taken']) - end - - it 'updates request_access_enabled' do - project_param = { request_access_enabled: false } - - put v3_api("/projects/#{project.id}", user), project_param - - expect(response).to have_gitlab_http_status(200) - expect(json_response['request_access_enabled']).to eq(false) - end - - it 'updates path & name to existing path & name in different namespace' do - project_param = { path: project4.path, name: project4.name } - put v3_api("/projects/#{project3.id}", user), project_param - expect(response).to have_gitlab_http_status(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - end - end - - context 'when authenticated as project master' do - it 'updates path' do - project_param = { path: 'bar' } - put v3_api("/projects/#{project3.id}", user4), project_param - expect(response).to have_gitlab_http_status(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'updates other attributes' do - project_param = { issues_enabled: true, - wiki_enabled: true, - snippets_enabled: true, - merge_requests_enabled: true, - description: 'new description' } - - put v3_api("/projects/#{project3.id}", user4), project_param - expect(response).to have_gitlab_http_status(200) - project_param.each_pair do |k, v| - expect(json_response[k.to_s]).to eq(v) - end - end - - it 'does not update path to existing path' do - project_param = { path: project.path } - put v3_api("/projects/#{project3.id}", user4), project_param - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']['path']).to eq(['has already been taken']) - end - - it 'does not update name' do - project_param = { name: 'bar' } - put v3_api("/projects/#{project3.id}", user4), project_param - expect(response).to have_gitlab_http_status(403) - end - - it 'does not update visibility_level' do - project_param = { visibility_level: 20 } - put v3_api("/projects/#{project3.id}", user4), project_param - expect(response).to have_gitlab_http_status(403) - end - end - - context 'when authenticated as project developer' do - it 'does not update other attributes' do - project_param = { path: 'bar', - issues_enabled: true, - wiki_enabled: true, - snippets_enabled: true, - merge_requests_enabled: true, - description: 'new description', - request_access_enabled: true } - put v3_api("/projects/#{project.id}", user3), project_param - expect(response).to have_gitlab_http_status(403) - end - end - end - - describe 'POST /projects/:id/archive' do - context 'on an unarchived project' do - it 'archives the project' do - post v3_api("/projects/#{project.id}/archive", user) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['archived']).to be_truthy - end - end - - context 'on an archived project' do - before do - project.archive! - end - - it 'remains archived' do - post v3_api("/projects/#{project.id}/archive", user) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['archived']).to be_truthy - end - end - - context 'user without archiving rights to the project' do - before do - project.add_developer(user3) - end - - it 'rejects the action' do - post v3_api("/projects/#{project.id}/archive", user3) - - expect(response).to have_gitlab_http_status(403) - end - end - end - - describe 'POST /projects/:id/unarchive' do - context 'on an unarchived project' do - it 'remains unarchived' do - post v3_api("/projects/#{project.id}/unarchive", user) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['archived']).to be_falsey - end - end - - context 'on an archived project' do - before do - project.archive! - end - - it 'unarchives the project' do - post v3_api("/projects/#{project.id}/unarchive", user) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['archived']).to be_falsey - end - end - - context 'user without archiving rights to the project' do - before do - project.add_developer(user3) - end - - it 'rejects the action' do - post v3_api("/projects/#{project.id}/unarchive", user3) - - expect(response).to have_gitlab_http_status(403) - end - end - end - - describe 'POST /projects/:id/star' do - context 'on an unstarred project' do - it 'stars the project' do - expect { post v3_api("/projects/#{project.id}/star", user) }.to change { project.reload.star_count }.by(1) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['star_count']).to eq(1) - end - end - - context 'on a starred project' do - before do - user.toggle_star(project) - project.reload - end - - it 'does not modify the star count' do - expect { post v3_api("/projects/#{project.id}/star", user) }.not_to change { project.reload.star_count } - - expect(response).to have_gitlab_http_status(304) - end - end - end - - describe 'DELETE /projects/:id/star' do - context 'on a starred project' do - before do - user.toggle_star(project) - project.reload - end - - it 'unstars the project' do - expect { delete v3_api("/projects/#{project.id}/star", user) }.to change { project.reload.star_count }.by(-1) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['star_count']).to eq(0) - end - end - - context 'on an unstarred project' do - it 'does not modify the star count' do - expect { delete v3_api("/projects/#{project.id}/star", user) }.not_to change { project.reload.star_count } - - expect(response).to have_gitlab_http_status(304) - end - end - end - - describe 'DELETE /projects/:id' do - context 'when authenticated as user' do - it 'removes project' do - delete v3_api("/projects/#{project.id}", user) - expect(response).to have_gitlab_http_status(200) - end - - it 'does not remove a project if not an owner' do - user3 = create(:user) - project.add_developer(user3) - delete v3_api("/projects/#{project.id}", user3) - expect(response).to have_gitlab_http_status(403) - end - - it 'does not remove a non existing project' do - delete v3_api('/projects/1328', user) - expect(response).to have_gitlab_http_status(404) - end - - it 'does not remove a project not attached to user' do - delete v3_api("/projects/#{project.id}", user2) - expect(response).to have_gitlab_http_status(404) - end - end - - context 'when authenticated as admin' do - it 'removes any existing project' do - delete v3_api("/projects/#{project.id}", admin) - expect(response).to have_gitlab_http_status(200) - end - - it 'does not remove a non existing project' do - delete v3_api('/projects/1328', admin) - expect(response).to have_gitlab_http_status(404) - end - end - end -end diff --git a/spec/requests/api/v3/repositories_spec.rb b/spec/requests/api/v3/repositories_spec.rb deleted file mode 100644 index 0167eb2c4f6..00000000000 --- a/spec/requests/api/v3/repositories_spec.rb +++ /dev/null @@ -1,366 +0,0 @@ -require 'spec_helper' -require 'mime/types' - -describe API::V3::Repositories do - include RepoHelpers - include WorkhorseHelpers - - let(:user) { create(:user) } - let(:guest) { create(:user).tap { |u| create(:project_member, :guest, user: u, project: project) } } - let!(:project) { create(:project, :repository, creator: user) } - let!(:master) { create(:project_member, :master, user: user, project: project) } - - describe "GET /projects/:id/repository/tree" do - let(:route) { "/projects/#{project.id}/repository/tree" } - - shared_examples_for 'repository tree' do - it 'returns the repository tree' do - get v3_api(route, current_user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - - first_commit = json_response.first - expect(first_commit['name']).to eq('bar') - expect(first_commit['type']).to eq('tree') - expect(first_commit['mode']).to eq('040000') - end - - context 'when ref does not exist' do - it_behaves_like '404 response' do - let(:request) { get v3_api("#{route}?ref_name=foo", current_user) } - let(:message) { '404 Tree Not Found' } - end - end - - context 'when repository is disabled' do - include_context 'disabled repository' - - it_behaves_like '403 response' do - let(:request) { get v3_api(route, current_user) } - end - end - - context 'with recursive=1' do - it 'returns recursive project paths tree' do - get v3_api("#{route}?recursive=1", current_user) - - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(json_response[4]['name']).to eq('html') - expect(json_response[4]['path']).to eq('files/html') - expect(json_response[4]['type']).to eq('tree') - expect(json_response[4]['mode']).to eq('040000') - end - - context 'when repository is disabled' do - include_context 'disabled repository' - - it_behaves_like '403 response' do - let(:request) { get v3_api(route, current_user) } - end - end - - context 'when ref does not exist' do - it_behaves_like '404 response' do - let(:request) { get v3_api("#{route}?recursive=1&ref_name=foo", current_user) } - let(:message) { '404 Tree Not Found' } - end - end - end - end - - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository tree' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } - end - end - - context 'when unauthenticated', 'and project is private' do - it_behaves_like '404 response' do - let(:request) { get v3_api(route) } - let(:message) { '404 Project Not Found' } - end - end - - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository tree' do - let(:current_user) { user } - end - end - - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { get v3_api(route, guest) } - end - end - end - - [ - ['blobs/:sha', 'blobs/master'], - ['blobs/:sha', 'blobs/v1.1.0'], - ['commits/:sha/blob', 'commits/master/blob'] - ].each do |desc_path, example_path| - describe "GET /projects/:id/repository/#{desc_path}" do - let(:route) { "/projects/#{project.id}/repository/#{example_path}?filepath=README.md" } - shared_examples_for 'repository blob' do - it 'returns the repository blob' do - get v3_api(route, current_user) - expect(response).to have_gitlab_http_status(200) - end - context 'when sha does not exist' do - it_behaves_like '404 response' do - let(:request) { get v3_api("/projects/#{project.id}/repository/#{desc_path.sub(':sha', 'invalid_branch_name')}?filepath=README.md", current_user) } - let(:message) { '404 Commit Not Found' } - end - end - context 'when filepath does not exist' do - it_behaves_like '404 response' do - let(:request) { get v3_api(route.sub('README.md', 'README.invalid'), current_user) } - let(:message) { '404 File Not Found' } - end - end - context 'when no filepath is given' do - it_behaves_like '400 response' do - let(:request) { get v3_api(route.sub('?filepath=README.md', ''), current_user) } - end - end - context 'when repository is disabled' do - include_context 'disabled repository' - it_behaves_like '403 response' do - let(:request) { get v3_api(route, current_user) } - end - end - end - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository blob' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } - end - end - context 'when unauthenticated', 'and project is private' do - it_behaves_like '404 response' do - let(:request) { get v3_api(route) } - let(:message) { '404 Project Not Found' } - end - end - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository blob' do - let(:current_user) { user } - end - end - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { get v3_api(route, guest) } - end - end - end - end - describe "GET /projects/:id/repository/raw_blobs/:sha" do - let(:route) { "/projects/#{project.id}/repository/raw_blobs/#{sample_blob.oid}" } - shared_examples_for 'repository raw blob' do - it 'returns the repository raw blob' do - get v3_api(route, current_user) - expect(response).to have_gitlab_http_status(200) - end - context 'when sha does not exist' do - it_behaves_like '404 response' do - let(:request) { get v3_api(route.sub(sample_blob.oid, '123456'), current_user) } - let(:message) { '404 Blob Not Found' } - end - end - context 'when repository is disabled' do - include_context 'disabled repository' - it_behaves_like '403 response' do - let(:request) { get v3_api(route, current_user) } - end - end - end - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository raw blob' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } - end - end - context 'when unauthenticated', 'and project is private' do - it_behaves_like '404 response' do - let(:request) { get v3_api(route) } - let(:message) { '404 Project Not Found' } - end - end - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository raw blob' do - let(:current_user) { user } - end - end - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { get v3_api(route, guest) } - end - end - end - describe "GET /projects/:id/repository/archive(.:format)?:sha" do - let(:route) { "/projects/#{project.id}/repository/archive" } - shared_examples_for 'repository archive' do - it 'returns the repository archive' do - get v3_api(route, current_user) - expect(response).to have_gitlab_http_status(200) - repo_name = project.repository.name.gsub("\.git", "") - type, params = workhorse_send_data - expect(type).to eq('git-archive') - expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.tar.gz/) - end - it 'returns the repository archive archive.zip' do - get v3_api("/projects/#{project.id}/repository/archive.zip", user) - expect(response).to have_gitlab_http_status(200) - repo_name = project.repository.name.gsub("\.git", "") - type, params = workhorse_send_data - expect(type).to eq('git-archive') - expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.zip/) - end - it 'returns the repository archive archive.tar.bz2' do - get v3_api("/projects/#{project.id}/repository/archive.tar.bz2", user) - expect(response).to have_gitlab_http_status(200) - repo_name = project.repository.name.gsub("\.git", "") - type, params = workhorse_send_data - expect(type).to eq('git-archive') - expect(params['ArchivePath']).to match(/#{repo_name}\-[^\.]+\.tar.bz2/) - end - context 'when sha does not exist' do - it_behaves_like '404 response' do - let(:request) { get v3_api("#{route}?sha=xxx", current_user) } - let(:message) { '404 File Not Found' } - end - end - end - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository archive' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } - end - end - context 'when unauthenticated', 'and project is private' do - it_behaves_like '404 response' do - let(:request) { get v3_api(route) } - let(:message) { '404 Project Not Found' } - end - end - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository archive' do - let(:current_user) { user } - end - end - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { get v3_api(route, guest) } - end - end - end - - describe 'GET /projects/:id/repository/compare' do - let(:route) { "/projects/#{project.id}/repository/compare" } - shared_examples_for 'repository compare' do - it "compares branches" do - get v3_api(route, current_user), from: 'master', to: 'feature' - expect(response).to have_gitlab_http_status(200) - expect(json_response['commits']).to be_present - expect(json_response['diffs']).to be_present - end - it "compares tags" do - get v3_api(route, current_user), from: 'v1.0.0', to: 'v1.1.0' - expect(response).to have_gitlab_http_status(200) - expect(json_response['commits']).to be_present - expect(json_response['diffs']).to be_present - end - it "compares commits" do - get v3_api(route, current_user), from: sample_commit.id, to: sample_commit.parent_id - expect(response).to have_gitlab_http_status(200) - expect(json_response['commits']).to be_empty - expect(json_response['diffs']).to be_empty - expect(json_response['compare_same_ref']).to be_falsey - end - it "compares commits in reverse order" do - get v3_api(route, current_user), from: sample_commit.parent_id, to: sample_commit.id - expect(response).to have_gitlab_http_status(200) - expect(json_response['commits']).to be_present - expect(json_response['diffs']).to be_present - end - it "compares same refs" do - get v3_api(route, current_user), from: 'master', to: 'master' - expect(response).to have_gitlab_http_status(200) - expect(json_response['commits']).to be_empty - expect(json_response['diffs']).to be_empty - expect(json_response['compare_same_ref']).to be_truthy - end - end - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository compare' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } - end - end - context 'when unauthenticated', 'and project is private' do - it_behaves_like '404 response' do - let(:request) { get v3_api(route) } - let(:message) { '404 Project Not Found' } - end - end - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository compare' do - let(:current_user) { user } - end - end - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { get v3_api(route, guest) } - end - end - end - - describe 'GET /projects/:id/repository/contributors' do - let(:route) { "/projects/#{project.id}/repository/contributors" } - - shared_examples_for 'repository contributors' do - it 'returns valid data' do - get v3_api(route, current_user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - - first_contributor = json_response.first - expect(first_contributor['email']).to eq('tiagonbotelho@hotmail.com') - expect(first_contributor['name']).to eq('tiagonbotelho') - expect(first_contributor['commits']).to eq(1) - expect(first_contributor['additions']).to eq(0) - expect(first_contributor['deletions']).to eq(0) - end - end - - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository contributors' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } - end - end - - context 'when unauthenticated', 'and project is private' do - it_behaves_like '404 response' do - let(:request) { get v3_api(route) } - let(:message) { '404 Project Not Found' } - end - end - - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository contributors' do - let(:current_user) { user } - end - end - - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { get v3_api(route, guest) } - end - end - end -end diff --git a/spec/requests/api/v3/runners_spec.rb b/spec/requests/api/v3/runners_spec.rb deleted file mode 100644 index c91b097a3c7..00000000000 --- a/spec/requests/api/v3/runners_spec.rb +++ /dev/null @@ -1,152 +0,0 @@ -require 'spec_helper' - -describe API::V3::Runners do - let(:admin) { create(:user, :admin) } - let(:user) { create(:user) } - let(:user2) { create(:user) } - - let(:project) { create(:project, creator_id: user.id) } - let(:project2) { create(:project, creator_id: user.id) } - - let!(:shared_runner) { create(:ci_runner, :shared) } - let!(:unused_specific_runner) { create(:ci_runner) } - - let!(:specific_runner) do - create(:ci_runner).tap do |runner| - create(:ci_runner_project, runner: runner, project: project) - end - end - - let!(:two_projects_runner) do - create(:ci_runner).tap do |runner| - create(:ci_runner_project, runner: runner, project: project) - create(:ci_runner_project, runner: runner, project: project2) - end - end - - before do - # Set project access for users - create(:project_member, :master, user: user, project: project) - create(:project_member, :reporter, user: user2, project: project) - end - - describe 'DELETE /runners/:id' do - context 'admin user' do - context 'when runner is shared' do - it 'deletes runner' do - expect do - delete v3_api("/runners/#{shared_runner.id}", admin) - - expect(response).to have_gitlab_http_status(200) - end.to change { Ci::Runner.shared.count }.by(-1) - end - end - - context 'when runner is not shared' do - it 'deletes unused runner' do - expect do - delete v3_api("/runners/#{unused_specific_runner.id}", admin) - - expect(response).to have_gitlab_http_status(200) - end.to change { Ci::Runner.specific.count }.by(-1) - end - - it 'deletes used runner' do - expect do - delete v3_api("/runners/#{specific_runner.id}", admin) - - expect(response).to have_gitlab_http_status(200) - end.to change { Ci::Runner.specific.count }.by(-1) - end - end - - it 'returns 404 if runner does not exists' do - delete v3_api('/runners/9999', admin) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'authorized user' do - context 'when runner is shared' do - it 'does not delete runner' do - delete v3_api("/runners/#{shared_runner.id}", user) - expect(response).to have_gitlab_http_status(403) - end - end - - context 'when runner is not shared' do - it 'does not delete runner without access to it' do - delete v3_api("/runners/#{specific_runner.id}", user2) - expect(response).to have_gitlab_http_status(403) - end - - it 'does not delete runner with more than one associated project' do - delete v3_api("/runners/#{two_projects_runner.id}", user) - expect(response).to have_gitlab_http_status(403) - end - - it 'deletes runner for one owned project' do - expect do - delete v3_api("/runners/#{specific_runner.id}", user) - - expect(response).to have_gitlab_http_status(200) - end.to change { Ci::Runner.specific.count }.by(-1) - end - end - end - - context 'unauthorized user' do - it 'does not delete runner' do - delete v3_api("/runners/#{specific_runner.id}") - - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'DELETE /projects/:id/runners/:runner_id' do - context 'authorized user' do - context 'when runner have more than one associated projects' do - it "disables project's runner" do - expect do - delete v3_api("/projects/#{project.id}/runners/#{two_projects_runner.id}", user) - - expect(response).to have_gitlab_http_status(200) - end.to change { project.runners.count }.by(-1) - end - end - - context 'when runner have one associated projects' do - it "does not disable project's runner" do - expect do - delete v3_api("/projects/#{project.id}/runners/#{specific_runner.id}", user) - end.to change { project.runners.count }.by(0) - expect(response).to have_gitlab_http_status(403) - end - end - - it 'returns 404 is runner is not found' do - delete v3_api("/projects/#{project.id}/runners/9999", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'authorized user without permissions' do - it "does not disable project's runner" do - delete v3_api("/projects/#{project.id}/runners/#{specific_runner.id}", user2) - - expect(response).to have_gitlab_http_status(403) - end - end - - context 'unauthorized user' do - it "does not disable project's runner" do - delete v3_api("/projects/#{project.id}/runners/#{specific_runner.id}") - - expect(response).to have_gitlab_http_status(401) - end - end - end -end diff --git a/spec/requests/api/v3/services_spec.rb b/spec/requests/api/v3/services_spec.rb deleted file mode 100644 index c69a7d58ca6..00000000000 --- a/spec/requests/api/v3/services_spec.rb +++ /dev/null @@ -1,26 +0,0 @@ -require "spec_helper" - -describe API::V3::Services do - let(:user) { create(:user) } - let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) } - - available_services = Service.available_services_names - available_services.delete('prometheus') - available_services.each do |service| - describe "DELETE /projects/:id/services/#{service.dasherize}" do - include_context service - - before do - initialize_service(service) - end - - it "deletes #{service}" do - delete v3_api("/projects/#{project.id}/services/#{dashed_service}", user) - - expect(response).to have_gitlab_http_status(200) - project.send(service_method).reload - expect(project.send(service_method).activated?).to be_falsey - end - end - end -end diff --git a/spec/requests/api/v3/settings_spec.rb b/spec/requests/api/v3/settings_spec.rb deleted file mode 100644 index 985bfbfa09c..00000000000 --- a/spec/requests/api/v3/settings_spec.rb +++ /dev/null @@ -1,63 +0,0 @@ -require 'spec_helper' - -describe API::V3::Settings, 'Settings' do - let(:user) { create(:user) } - let(:admin) { create(:admin) } - - describe "GET /application/settings" do - it "returns application settings" do - get v3_api("/application/settings", admin) - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Hash - expect(json_response['default_projects_limit']).to eq(42) - expect(json_response['password_authentication_enabled']).to be_truthy - expect(json_response['repository_storage']).to eq('default') - expect(json_response['koding_enabled']).to be_falsey - expect(json_response['koding_url']).to be_nil - expect(json_response['plantuml_enabled']).to be_falsey - expect(json_response['plantuml_url']).to be_nil - end - end - - describe "PUT /application/settings" do - context "custom repository storage type set in the config" do - before do - storages = { 'custom' => 'tmp/tests/custom_repositories' } - allow(Gitlab.config.repositories).to receive(:storages).and_return(storages) - end - - it "updates application settings" do - put v3_api("/application/settings", admin), - default_projects_limit: 3, password_authentication_enabled_for_web: false, repository_storage: 'custom', koding_enabled: true, koding_url: 'http://koding.example.com', - plantuml_enabled: true, plantuml_url: 'http://plantuml.example.com' - expect(response).to have_gitlab_http_status(200) - expect(json_response['default_projects_limit']).to eq(3) - expect(json_response['password_authentication_enabled_for_web']).to be_falsey - expect(json_response['repository_storage']).to eq('custom') - expect(json_response['repository_storages']).to eq(['custom']) - expect(json_response['koding_enabled']).to be_truthy - expect(json_response['koding_url']).to eq('http://koding.example.com') - expect(json_response['plantuml_enabled']).to be_truthy - expect(json_response['plantuml_url']).to eq('http://plantuml.example.com') - end - end - - context "missing koding_url value when koding_enabled is true" do - it "returns a blank parameter error message" do - put v3_api("/application/settings", admin), koding_enabled: true - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('koding_url is missing') - end - end - - context "missing plantuml_url value when plantuml_enabled is true" do - it "returns a blank parameter error message" do - put v3_api("/application/settings", admin), plantuml_enabled: true - - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('plantuml_url is missing') - end - end - end -end diff --git a/spec/requests/api/v3/snippets_spec.rb b/spec/requests/api/v3/snippets_spec.rb deleted file mode 100644 index e8913039194..00000000000 --- a/spec/requests/api/v3/snippets_spec.rb +++ /dev/null @@ -1,186 +0,0 @@ -require 'rails_helper' - -describe API::V3::Snippets do - let!(:user) { create(:user) } - - describe 'GET /snippets/' do - it 'returns snippets available' do - public_snippet = create(:personal_snippet, :public, author: user) - private_snippet = create(:personal_snippet, :private, author: user) - internal_snippet = create(:personal_snippet, :internal, author: user) - - get v3_api("/snippets/", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response.map { |snippet| snippet['id']} ).to contain_exactly( - public_snippet.id, - internal_snippet.id, - private_snippet.id) - expect(json_response.last).to have_key('web_url') - expect(json_response.last).to have_key('raw_url') - end - - it 'hides private snippets from regular user' do - create(:personal_snippet, :private) - - get v3_api("/snippets/", user) - expect(response).to have_gitlab_http_status(200) - expect(json_response.size).to eq(0) - end - end - - describe 'GET /snippets/public' do - let!(:other_user) { create(:user) } - let!(:public_snippet) { create(:personal_snippet, :public, author: user) } - let!(:private_snippet) { create(:personal_snippet, :private, author: user) } - let!(:internal_snippet) { create(:personal_snippet, :internal, author: user) } - let!(:public_snippet_other) { create(:personal_snippet, :public, author: other_user) } - let!(:private_snippet_other) { create(:personal_snippet, :private, author: other_user) } - let!(:internal_snippet_other) { create(:personal_snippet, :internal, author: other_user) } - - it 'returns all snippets with public visibility from all users' do - get v3_api("/snippets/public", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response.map { |snippet| snippet['id']} ).to contain_exactly( - public_snippet.id, - public_snippet_other.id) - expect(json_response.map { |snippet| snippet['web_url']} ).to include( - "http://localhost/snippets/#{public_snippet.id}", - "http://localhost/snippets/#{public_snippet_other.id}") - expect(json_response.map { |snippet| snippet['raw_url']} ).to include( - "http://localhost/snippets/#{public_snippet.id}/raw", - "http://localhost/snippets/#{public_snippet_other.id}/raw") - end - end - - describe 'GET /snippets/:id/raw' do - let(:snippet) { create(:personal_snippet, author: user) } - - it 'returns raw text' do - get v3_api("/snippets/#{snippet.id}/raw", user) - - expect(response).to have_gitlab_http_status(200) - expect(response.content_type).to eq 'text/plain' - expect(response.body).to eq(snippet.content) - end - - it 'returns 404 for invalid snippet id' do - delete v3_api("/snippets/1234", user) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Snippet Not Found') - end - end - - describe 'POST /snippets/' do - let(:params) do - { - title: 'Test Title', - file_name: 'test.rb', - content: 'puts "hello world"', - visibility_level: Snippet::PUBLIC - } - end - - it 'creates a new snippet' do - expect do - post v3_api("/snippets/", user), params - end.to change { PersonalSnippet.count }.by(1) - - expect(response).to have_gitlab_http_status(201) - expect(json_response['title']).to eq(params[:title]) - expect(json_response['file_name']).to eq(params[:file_name]) - end - - it 'returns 400 for missing parameters' do - params.delete(:title) - - post v3_api("/snippets/", user), params - - expect(response).to have_gitlab_http_status(400) - end - - context 'when the snippet is spam' do - def create_snippet(snippet_params = {}) - post v3_api('/snippets', user), params.merge(snippet_params) - end - - before do - allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true) - end - - context 'when the snippet is private' do - it 'creates the snippet' do - expect { create_snippet(visibility_level: Snippet::PRIVATE) } - .to change { Snippet.count }.by(1) - end - end - - context 'when the snippet is public' do - it 'rejects the shippet' do - expect { create_snippet(visibility_level: Snippet::PUBLIC) } - .not_to change { Snippet.count } - expect(response).to have_gitlab_http_status(400) - end - - it 'creates a spam log' do - expect { create_snippet(visibility_level: Snippet::PUBLIC) } - .to change { SpamLog.count }.by(1) - end - end - end - end - - describe 'PUT /snippets/:id' do - let(:other_user) { create(:user) } - let(:public_snippet) { create(:personal_snippet, :public, author: user) } - it 'updates snippet' do - new_content = 'New content' - - put v3_api("/snippets/#{public_snippet.id}", user), content: new_content - - expect(response).to have_gitlab_http_status(200) - public_snippet.reload - expect(public_snippet.content).to eq(new_content) - end - - it 'returns 404 for invalid snippet id' do - put v3_api("/snippets/1234", user), title: 'foo' - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Snippet Not Found') - end - - it "returns 404 for another user's snippet" do - put v3_api("/snippets/#{public_snippet.id}", other_user), title: 'fubar' - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Snippet Not Found') - end - - it 'returns 400 for missing parameters' do - put v3_api("/snippets/1234", user) - - expect(response).to have_gitlab_http_status(400) - end - end - - describe 'DELETE /snippets/:id' do - let!(:public_snippet) { create(:personal_snippet, :public, author: user) } - it 'deletes snippet' do - expect do - delete v3_api("/snippets/#{public_snippet.id}", user) - - expect(response).to have_gitlab_http_status(204) - end.to change { PersonalSnippet.count }.by(-1) - end - - it 'returns 404 for invalid snippet id' do - delete v3_api("/snippets/1234", user) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 Snippet Not Found') - end - end -end diff --git a/spec/requests/api/v3/system_hooks_spec.rb b/spec/requests/api/v3/system_hooks_spec.rb deleted file mode 100644 index 30711c60faa..00000000000 --- a/spec/requests/api/v3/system_hooks_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -require 'spec_helper' - -describe API::V3::SystemHooks do - let(:user) { create(:user) } - let(:admin) { create(:admin) } - let!(:hook) { create(:system_hook, url: "http://example.com") } - - before { stub_request(:post, hook.url) } - - describe "GET /hooks" do - context "when no user" do - it "returns authentication error" do - get v3_api("/hooks") - - expect(response).to have_gitlab_http_status(401) - end - end - - context "when not an admin" do - it "returns forbidden error" do - get v3_api("/hooks", user) - - expect(response).to have_gitlab_http_status(403) - end - end - - context "when authenticated as admin" do - it "returns an array of hooks" do - get v3_api("/hooks", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['url']).to eq(hook.url) - expect(json_response.first['push_events']).to be false - expect(json_response.first['tag_push_events']).to be false - expect(json_response.first['repository_update_events']).to be true - end - end - end - - describe "DELETE /hooks/:id" do - it "deletes a hook" do - expect do - delete v3_api("/hooks/#{hook.id}", admin) - - expect(response).to have_gitlab_http_status(200) - end.to change { SystemHook.count }.by(-1) - end - - it 'returns 404 if the system hook does not exist' do - delete v3_api('/hooks/12345', admin) - - expect(response).to have_gitlab_http_status(404) - end - end -end diff --git a/spec/requests/api/v3/tags_spec.rb b/spec/requests/api/v3/tags_spec.rb deleted file mode 100644 index e6ad005fa87..00000000000 --- a/spec/requests/api/v3/tags_spec.rb +++ /dev/null @@ -1,88 +0,0 @@ -require 'spec_helper' -require 'mime/types' - -describe API::V3::Tags do - include RepoHelpers - - let(:user) { create(:user) } - let(:user2) { create(:user) } - let!(:project) { create(:project, :repository, creator: user) } - let!(:master) { create(:project_member, :master, user: user, project: project) } - - describe "GET /projects/:id/repository/tags" do - let(:tag_name) { project.repository.tag_names.sort.reverse.first } - let(:description) { 'Awesome release!' } - - shared_examples_for 'repository tags' do - it 'returns the repository tags' do - get v3_api("/projects/#{project.id}/repository/tags", current_user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(tag_name) - end - end - - context 'when unauthenticated' do - it_behaves_like 'repository tags' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } - end - end - - context 'when authenticated' do - it_behaves_like 'repository tags' do - let(:current_user) { user } - end - end - - context 'without releases' do - it "returns an array of project tags" do - get v3_api("/projects/#{project.id}/repository/tags", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(tag_name) - end - end - - context 'with releases' do - before do - release = project.releases.find_or_initialize_by(tag: tag_name) - release.update_attributes(description: description) - end - - it "returns an array of project tags with release info" do - get v3_api("/projects/#{project.id}/repository/tags", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).to eq(tag_name) - expect(json_response.first['message']).to eq('Version 1.1.0') - expect(json_response.first['release']['description']).to eq(description) - end - end - end - - describe 'DELETE /projects/:id/repository/tags/:tag_name' do - let(:tag_name) { project.repository.tag_names.sort.reverse.first } - - before do - allow_any_instance_of(Repository).to receive(:rm_tag).and_return(true) - end - - context 'delete tag' do - it 'deletes an existing tag' do - delete v3_api("/projects/#{project.id}/repository/tags/#{tag_name}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['tag_name']).to eq(tag_name) - end - - it 'raises 404 if the tag does not exist' do - delete v3_api("/projects/#{project.id}/repository/tags/foobar", user) - expect(response).to have_gitlab_http_status(404) - end - end - end -end diff --git a/spec/requests/api/v3/templates_spec.rb b/spec/requests/api/v3/templates_spec.rb deleted file mode 100644 index 1a637f3cf96..00000000000 --- a/spec/requests/api/v3/templates_spec.rb +++ /dev/null @@ -1,201 +0,0 @@ -require 'spec_helper' - -describe API::V3::Templates do - shared_examples_for 'the Template Entity' do |path| - before { get v3_api(path) } - - it { expect(json_response['name']).to eq('Ruby') } - it { expect(json_response['content']).to include('*.gem') } - end - - shared_examples_for 'the TemplateList Entity' do |path| - before { get v3_api(path) } - - it { expect(json_response.first['name']).not_to be_nil } - it { expect(json_response.first['content']).to be_nil } - end - - shared_examples_for 'requesting gitignores' do |path| - it 'returns a list of available gitignore templates' do - get v3_api(path) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to be > 15 - end - end - - shared_examples_for 'requesting gitlab-ci-ymls' do |path| - it 'returns a list of available gitlab_ci_ymls' do - get v3_api(path) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['name']).not_to be_nil - end - end - - shared_examples_for 'requesting gitlab-ci-yml for Ruby' do |path| - it 'adds a disclaimer on the top' do - get v3_api(path) - - expect(response).to have_gitlab_http_status(200) - expect(json_response['content']).to start_with("# This file is a template,") - end - end - - shared_examples_for 'the License Template Entity' do |path| - before { get v3_api(path) } - - it 'returns a license template' do - expect(json_response['key']).to eq('mit') - expect(json_response['name']).to eq('MIT License') - expect(json_response['nickname']).to be_nil - expect(json_response['popular']).to be true - expect(json_response['html_url']).to eq('http://choosealicense.com/licenses/mit/') - expect(json_response['source_url']).to eq('https://opensource.org/licenses/MIT') - expect(json_response['description']).to include('A short and simple permissive license with conditions') - expect(json_response['conditions']).to eq(%w[include-copyright]) - expect(json_response['permissions']).to eq(%w[commercial-use modifications distribution private-use]) - expect(json_response['limitations']).to eq(%w[liability warranty]) - expect(json_response['content']).to include('MIT License') - end - end - - shared_examples_for 'GET licenses' do |path| - it 'returns a list of available license templates' do - get v3_api(path) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(12) - expect(json_response.map { |l| l['key'] }).to include('agpl-3.0') - end - - describe 'the popular parameter' do - context 'with popular=1' do - it 'returns a list of available popular license templates' do - get v3_api("#{path}?popular=1") - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.size).to eq(3) - expect(json_response.map { |l| l['key'] }).to include('apache-2.0') - end - end - end - end - - shared_examples_for 'GET licenses/:name' do |path| - context 'with :project and :fullname given' do - before do - get v3_api("#{path}/#{license_type}?project=My+Awesome+Project&fullname=Anton+#{license_type.upcase}") - end - - context 'for the mit license' do - let(:license_type) { 'mit' } - - it 'returns the license text' do - expect(json_response['content']).to include('MIT License') - end - - it 'replaces placeholder values' do - expect(json_response['content']).to include("Copyright (c) #{Time.now.year} Anton") - end - end - - context 'for the agpl-3.0 license' do - let(:license_type) { 'agpl-3.0' } - - it 'returns the license text' do - expect(json_response['content']).to include('GNU AFFERO GENERAL PUBLIC LICENSE') - end - - it 'replaces placeholder values' do - expect(json_response['content']).to include('My Awesome Project') - expect(json_response['content']).to include("Copyright (C) #{Time.now.year} Anton") - end - end - - context 'for the gpl-3.0 license' do - let(:license_type) { 'gpl-3.0' } - - it 'returns the license text' do - expect(json_response['content']).to include('GNU GENERAL PUBLIC LICENSE') - end - - it 'replaces placeholder values' do - expect(json_response['content']).to include('My Awesome Project') - expect(json_response['content']).to include("Copyright (C) #{Time.now.year} Anton") - end - end - - context 'for the gpl-2.0 license' do - let(:license_type) { 'gpl-2.0' } - - it 'returns the license text' do - expect(json_response['content']).to include('GNU GENERAL PUBLIC LICENSE') - end - - it 'replaces placeholder values' do - expect(json_response['content']).to include('My Awesome Project') - expect(json_response['content']).to include("Copyright (C) #{Time.now.year} Anton") - end - end - - context 'for the apache-2.0 license' do - let(:license_type) { 'apache-2.0' } - - it 'returns the license text' do - expect(json_response['content']).to include('Apache License') - end - - it 'replaces placeholder values' do - expect(json_response['content']).to include("Copyright #{Time.now.year} Anton") - end - end - - context 'for an uknown license' do - let(:license_type) { 'muth-over9000' } - - it 'returns a 404' do - expect(response).to have_gitlab_http_status(404) - end - end - end - - context 'with no :fullname given' do - context 'with an authenticated user' do - let(:user) { create(:user) } - - it 'replaces the copyright owner placeholder with the name of the current user' do - get v3_api('/templates/licenses/mit', user) - - expect(json_response['content']).to include("Copyright (c) #{Time.now.year} #{user.name}") - end - end - end - end - - describe 'with /templates namespace' do - it_behaves_like 'the Template Entity', '/templates/gitignores/Ruby' - it_behaves_like 'the TemplateList Entity', '/templates/gitignores' - it_behaves_like 'requesting gitignores', '/templates/gitignores' - it_behaves_like 'requesting gitlab-ci-ymls', '/templates/gitlab_ci_ymls' - it_behaves_like 'requesting gitlab-ci-yml for Ruby', '/templates/gitlab_ci_ymls/Ruby' - it_behaves_like 'the License Template Entity', '/templates/licenses/mit' - it_behaves_like 'GET licenses', '/templates/licenses' - it_behaves_like 'GET licenses/:name', '/templates/licenses' - end - - describe 'without /templates namespace' do - it_behaves_like 'the Template Entity', '/gitignores/Ruby' - it_behaves_like 'the TemplateList Entity', '/gitignores' - it_behaves_like 'requesting gitignores', '/gitignores' - it_behaves_like 'requesting gitlab-ci-ymls', '/gitlab_ci_ymls' - it_behaves_like 'requesting gitlab-ci-yml for Ruby', '/gitlab_ci_ymls/Ruby' - it_behaves_like 'the License Template Entity', '/licenses/mit' - it_behaves_like 'GET licenses', '/licenses' - it_behaves_like 'GET licenses/:name', '/licenses' - end -end diff --git a/spec/requests/api/v3/todos_spec.rb b/spec/requests/api/v3/todos_spec.rb deleted file mode 100644 index ea648e3917f..00000000000 --- a/spec/requests/api/v3/todos_spec.rb +++ /dev/null @@ -1,77 +0,0 @@ -require 'spec_helper' - -describe API::V3::Todos do - let(:project_1) { create(:project) } - let(:project_2) { create(:project) } - let(:author_1) { create(:user) } - let(:author_2) { create(:user) } - let(:john_doe) { create(:user, username: 'john_doe') } - let!(:pending_1) { create(:todo, :mentioned, project: project_1, author: author_1, user: john_doe) } - let!(:pending_2) { create(:todo, project: project_2, author: author_2, user: john_doe) } - let!(:pending_3) { create(:todo, project: project_1, author: author_2, user: john_doe) } - let!(:done) { create(:todo, :done, project: project_1, author: author_1, user: john_doe) } - - before do - project_1.add_developer(john_doe) - project_2.add_developer(john_doe) - end - - describe 'DELETE /todos/:id' do - context 'when unauthenticated' do - it 'returns authentication error' do - delete v3_api("/todos/#{pending_1.id}") - - expect(response.status).to eq(401) - end - end - - context 'when authenticated' do - it 'marks a todo as done' do - delete v3_api("/todos/#{pending_1.id}", john_doe) - - expect(response.status).to eq(200) - expect(pending_1.reload).to be_done - end - - it 'updates todos cache' do - expect_any_instance_of(User).to receive(:update_todos_count_cache).and_call_original - - delete v3_api("/todos/#{pending_1.id}", john_doe) - end - - it 'returns 404 if the todo does not belong to the current user' do - delete v3_api("/todos/#{pending_1.id}", author_1) - - expect(response.status).to eq(404) - end - end - end - - describe 'DELETE /todos' do - context 'when unauthenticated' do - it 'returns authentication error' do - delete v3_api('/todos') - - expect(response.status).to eq(401) - end - end - - context 'when authenticated' do - it 'marks all todos as done' do - delete v3_api('/todos', john_doe) - - expect(response.status).to eq(200) - expect(response.body).to eq('3') - expect(pending_1.reload).to be_done - expect(pending_2.reload).to be_done - expect(pending_3.reload).to be_done - end - - it 'updates todos cache' do - expect_any_instance_of(User).to receive(:update_todos_count_cache).and_call_original - - delete v3_api("/todos", john_doe) - end - end - end -end diff --git a/spec/requests/api/v3/triggers_spec.rb b/spec/requests/api/v3/triggers_spec.rb deleted file mode 100644 index e8e2f49d7a0..00000000000 --- a/spec/requests/api/v3/triggers_spec.rb +++ /dev/null @@ -1,235 +0,0 @@ -require 'spec_helper' - -describe API::V3::Triggers do - let(:user) { create(:user) } - let(:user2) { create(:user) } - let!(:trigger_token) { 'secure_token' } - let!(:project) { create(:project, :repository, creator: user) } - let!(:master) { create(:project_member, :master, user: user, project: project) } - let!(:developer) { create(:project_member, :developer, user: user2, project: project) } - - let!(:trigger) do - create(:ci_trigger, project: project, token: trigger_token, owner: user) - end - - describe 'POST /projects/:project_id/trigger' do - let!(:project2) { create(:project) } - let(:options) do - { - token: trigger_token - } - end - - before do - stub_ci_pipeline_to_return_yaml_file - end - - context 'Handles errors' do - it 'returns bad request if token is missing' do - post v3_api("/projects/#{project.id}/trigger/builds"), ref: 'master' - expect(response).to have_gitlab_http_status(400) - end - - it 'returns not found if project is not found' do - post v3_api('/projects/0/trigger/builds'), options.merge(ref: 'master') - expect(response).to have_gitlab_http_status(404) - end - - it 'returns unauthorized if token is for different project' do - post v3_api("/projects/#{project2.id}/trigger/builds"), options.merge(ref: 'master') - expect(response).to have_gitlab_http_status(404) - end - end - - context 'Have a commit' do - let(:pipeline) { project.pipelines.last } - - it 'creates builds' do - post v3_api("/projects/#{project.id}/trigger/builds"), options.merge(ref: 'master') - expect(response).to have_gitlab_http_status(201) - pipeline.builds.reload - expect(pipeline.builds.pending.size).to eq(2) - expect(pipeline.builds.size).to eq(5) - end - - it 'returns bad request with no builds created if there\'s no commit for that ref' do - post v3_api("/projects/#{project.id}/trigger/builds"), options.merge(ref: 'other-branch') - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']['base']) - .to contain_exactly('Reference not found') - end - - context 'Validates variables' do - let(:variables) do - { 'TRIGGER_KEY' => 'TRIGGER_VALUE' } - end - - it 'validates variables to be a hash' do - post v3_api("/projects/#{project.id}/trigger/builds"), options.merge(variables: 'value', ref: 'master') - expect(response).to have_gitlab_http_status(400) - expect(json_response['error']).to eq('variables is invalid') - end - - it 'validates variables needs to be a map of key-valued strings' do - post v3_api("/projects/#{project.id}/trigger/builds"), options.merge(variables: { key: %w(1 2) }, ref: 'master') - expect(response).to have_gitlab_http_status(400) - expect(json_response['message']).to eq('variables needs to be a map of key-valued strings') - end - - it 'creates trigger request with variables' do - post v3_api("/projects/#{project.id}/trigger/builds"), options.merge(variables: variables, ref: 'master') - expect(response).to have_gitlab_http_status(201) - pipeline.builds.reload - expect(pipeline.variables.map { |v| { v.key => v.value } }.first).to eq(variables) - expect(json_response['variables']).to eq(variables) - end - end - end - - context 'when triggering a pipeline from a trigger token' do - it 'creates builds from the ref given in the URL, not in the body' do - expect do - post v3_api("/projects/#{project.id}/ref/master/trigger/builds?token=#{trigger_token}"), { ref: 'refs/heads/other-branch' } - end.to change(project.builds, :count).by(5) - expect(response).to have_gitlab_http_status(201) - end - - context 'when ref contains a dot' do - it 'creates builds from the ref given in the URL, not in the body' do - project.repository.create_file(user, '.gitlab/gitlabhq/new_feature.md', 'something valid', message: 'new_feature', branch_name: 'v.1-branch') - - expect do - post v3_api("/projects/#{project.id}/ref/v.1-branch/trigger/builds?token=#{trigger_token}"), { ref: 'refs/heads/other-branch' } - end.to change(project.builds, :count).by(4) - - expect(response).to have_gitlab_http_status(201) - end - end - end - end - - describe 'GET /projects/:id/triggers' do - context 'authenticated user with valid permissions' do - it 'returns list of triggers' do - get v3_api("/projects/#{project.id}/triggers", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_a(Array) - expect(json_response[0]).to have_key('token') - end - end - - context 'authenticated user with invalid permissions' do - it 'does not return triggers list' do - get v3_api("/projects/#{project.id}/triggers", user2) - - expect(response).to have_gitlab_http_status(403) - end - end - - context 'unauthenticated user' do - it 'does not return triggers list' do - get v3_api("/projects/#{project.id}/triggers") - - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'GET /projects/:id/triggers/:token' do - context 'authenticated user with valid permissions' do - it 'returns trigger details' do - get v3_api("/projects/#{project.id}/triggers/#{trigger.token}", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_a(Hash) - end - - it 'responds with 404 Not Found if requesting non-existing trigger' do - get v3_api("/projects/#{project.id}/triggers/abcdef012345", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'authenticated user with invalid permissions' do - it 'does not return triggers list' do - get v3_api("/projects/#{project.id}/triggers/#{trigger.token}", user2) - - expect(response).to have_gitlab_http_status(403) - end - end - - context 'unauthenticated user' do - it 'does not return triggers list' do - get v3_api("/projects/#{project.id}/triggers/#{trigger.token}") - - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'POST /projects/:id/triggers' do - context 'authenticated user with valid permissions' do - it 'creates trigger' do - expect do - post v3_api("/projects/#{project.id}/triggers", user) - end.to change {project.triggers.count}.by(1) - - expect(response).to have_gitlab_http_status(201) - expect(json_response).to be_a(Hash) - end - end - - context 'authenticated user with invalid permissions' do - it 'does not create trigger' do - post v3_api("/projects/#{project.id}/triggers", user2) - - expect(response).to have_gitlab_http_status(403) - end - end - - context 'unauthenticated user' do - it 'does not create trigger' do - post v3_api("/projects/#{project.id}/triggers") - - expect(response).to have_gitlab_http_status(401) - end - end - end - - describe 'DELETE /projects/:id/triggers/:token' do - context 'authenticated user with valid permissions' do - it 'deletes trigger' do - expect do - delete v3_api("/projects/#{project.id}/triggers/#{trigger.token}", user) - - expect(response).to have_gitlab_http_status(200) - end.to change {project.triggers.count}.by(-1) - end - - it 'responds with 404 Not Found if requesting non-existing trigger' do - delete v3_api("/projects/#{project.id}/triggers/abcdef012345", user) - - expect(response).to have_gitlab_http_status(404) - end - end - - context 'authenticated user with invalid permissions' do - it 'does not delete trigger' do - delete v3_api("/projects/#{project.id}/triggers/#{trigger.token}", user2) - - expect(response).to have_gitlab_http_status(403) - end - end - - context 'unauthenticated user' do - it 'does not delete trigger' do - delete v3_api("/projects/#{project.id}/triggers/#{trigger.token}") - - expect(response).to have_gitlab_http_status(401) - end - end - end -end diff --git a/spec/requests/api/v3/users_spec.rb b/spec/requests/api/v3/users_spec.rb deleted file mode 100644 index bbd05f240d2..00000000000 --- a/spec/requests/api/v3/users_spec.rb +++ /dev/null @@ -1,362 +0,0 @@ -require 'spec_helper' - -describe API::V3::Users do - let(:user) { create(:user) } - let(:admin) { create(:admin) } - let(:key) { create(:key, user: user) } - let(:email) { create(:email, user: user) } - let(:ldap_blocked_user) { create(:omniauth_user, provider: 'ldapmain', state: 'ldap_blocked') } - - describe 'GET /users' do - context 'when authenticated' do - it 'returns an array of users' do - get v3_api('/users', user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - username = user.username - expect(json_response.detect do |user| - user['username'] == username - end['username']).to eq(username) - end - end - - context 'when authenticated as user' do - it 'does not reveal the `is_admin` flag of the user' do - get v3_api('/users', user) - - expect(json_response.first.keys).not_to include 'is_admin' - end - end - - context 'when authenticated as admin' do - it 'reveals the `is_admin` flag of the user' do - get v3_api('/users', admin) - - expect(json_response.first.keys).to include 'is_admin' - end - end - end - - describe 'GET /user/:id/keys' do - before { admin } - - context 'when unauthenticated' do - it 'returns authentication error' do - get v3_api("/users/#{user.id}/keys") - expect(response).to have_gitlab_http_status(401) - end - end - - context 'when authenticated' do - it 'returns 404 for non-existing user' do - get v3_api('/users/999999/keys', admin) - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 User Not Found') - end - - it 'returns array of ssh keys' do - user.keys << key - user.save - - get v3_api("/users/#{user.id}/keys", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['title']).to eq(key.title) - end - end - - context "scopes" do - let(:user) { admin } - let(:path) { "/users/#{user.id}/keys" } - let(:api_call) { method(:v3_api) } - - before do - user.keys << key - user.save - end - - include_examples 'allows the "read_user" scope' - end - end - - describe 'GET /user/:id/emails' do - before { admin } - - context 'when unauthenticated' do - it 'returns authentication error' do - get v3_api("/users/#{user.id}/emails") - expect(response).to have_gitlab_http_status(401) - end - end - - context 'when authenticated' do - it 'returns 404 for non-existing user' do - get v3_api('/users/999999/emails', admin) - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 User Not Found') - end - - it 'returns array of emails' do - user.emails << email - user.save - - get v3_api("/users/#{user.id}/emails", admin) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first['email']).to eq(email.email) - end - - it "returns a 404 for invalid ID" do - put v3_api("/users/ASDF/emails", admin) - - expect(response).to have_gitlab_http_status(404) - end - end - end - - describe "GET /user/keys" do - context "when unauthenticated" do - it "returns authentication error" do - get v3_api("/user/keys") - expect(response).to have_gitlab_http_status(401) - end - end - - context "when authenticated" do - it "returns array of ssh keys" do - user.keys << key - user.save - - get v3_api("/user/keys", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first["title"]).to eq(key.title) - end - end - end - - describe "GET /user/emails" do - context "when unauthenticated" do - it "returns authentication error" do - get v3_api("/user/emails") - expect(response).to have_gitlab_http_status(401) - end - end - - context "when authenticated" do - it "returns array of emails" do - user.emails << email - user.save - - get v3_api("/user/emails", user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_an Array - expect(json_response.first["email"]).to eq(email.email) - end - end - end - - describe 'PUT /users/:id/block' do - before { admin } - it 'blocks existing user' do - put v3_api("/users/#{user.id}/block", admin) - expect(response).to have_gitlab_http_status(200) - expect(user.reload.state).to eq('blocked') - end - - it 'does not re-block ldap blocked users' do - put v3_api("/users/#{ldap_blocked_user.id}/block", admin) - expect(response).to have_gitlab_http_status(403) - expect(ldap_blocked_user.reload.state).to eq('ldap_blocked') - end - - it 'does not be available for non admin users' do - put v3_api("/users/#{user.id}/block", user) - expect(response).to have_gitlab_http_status(403) - expect(user.reload.state).to eq('active') - end - - it 'returns a 404 error if user id not found' do - put v3_api('/users/9999/block', admin) - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 User Not Found') - end - end - - describe 'PUT /users/:id/unblock' do - let(:blocked_user) { create(:user, state: 'blocked') } - before { admin } - - it 'unblocks existing user' do - put v3_api("/users/#{user.id}/unblock", admin) - expect(response).to have_gitlab_http_status(200) - expect(user.reload.state).to eq('active') - end - - it 'unblocks a blocked user' do - put v3_api("/users/#{blocked_user.id}/unblock", admin) - expect(response).to have_gitlab_http_status(200) - expect(blocked_user.reload.state).to eq('active') - end - - it 'does not unblock ldap blocked users' do - put v3_api("/users/#{ldap_blocked_user.id}/unblock", admin) - expect(response).to have_gitlab_http_status(403) - expect(ldap_blocked_user.reload.state).to eq('ldap_blocked') - end - - it 'does not be available for non admin users' do - put v3_api("/users/#{user.id}/unblock", user) - expect(response).to have_gitlab_http_status(403) - expect(user.reload.state).to eq('active') - end - - it 'returns a 404 error if user id not found' do - put v3_api('/users/9999/block', admin) - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 User Not Found') - end - - it "returns a 404 for invalid ID" do - put v3_api("/users/ASDF/block", admin) - - expect(response).to have_gitlab_http_status(404) - end - end - - describe 'GET /users/:id/events' do - let(:user) { create(:user) } - let(:project) { create(:project) } - let(:note) { create(:note_on_issue, note: 'What an awesome day!', project: project) } - - before do - project.add_user(user, :developer) - EventCreateService.new.leave_note(note, user) - end - - context "as a user than cannot see the event's project" do - it 'returns no events' do - other_user = create(:user) - - get api("/users/#{user.id}/events", other_user) - - expect(response).to have_gitlab_http_status(200) - expect(json_response).to be_empty - end - end - - context "as a user than can see the event's project" do - context 'when the list of events includes push events' do - let(:event) { create(:push_event, author: user, project: project) } - let!(:payload) { create(:push_event_payload, event: event) } - let(:payload_hash) { json_response[0]['push_data'] } - - before do - get api("/users/#{user.id}/events?action=pushed", user) - end - - it 'responds with HTTP 200 OK' do - expect(response).to have_gitlab_http_status(200) - end - - it 'includes the push payload as a Hash' do - expect(payload_hash).to be_an_instance_of(Hash) - end - - it 'includes the push payload details' do - expect(payload_hash['commit_count']).to eq(payload.commit_count) - expect(payload_hash['action']).to eq(payload.action) - expect(payload_hash['ref_type']).to eq(payload.ref_type) - expect(payload_hash['commit_to']).to eq(payload.commit_to) - end - end - - context 'joined event' do - it 'returns the "joined" event' do - get v3_api("/users/#{user.id}/events", user) - - expect(response).to have_gitlab_http_status(200) - expect(response).to include_pagination_headers - expect(json_response).to be_an Array - - comment_event = json_response.find { |e| e['action_name'] == 'commented on' } - - expect(comment_event['project_id'].to_i).to eq(project.id) - expect(comment_event['author_username']).to eq(user.username) - expect(comment_event['note']['id']).to eq(note.id) - expect(comment_event['note']['body']).to eq('What an awesome day!') - - joined_event = json_response.find { |e| e['action_name'] == 'joined' } - - expect(joined_event['project_id'].to_i).to eq(project.id) - expect(joined_event['author_username']).to eq(user.username) - expect(joined_event['author']['name']).to eq(user.name) - end - end - - context 'when there are multiple events from different projects' do - let(:second_note) { create(:note_on_issue, project: create(:project)) } - let(:third_note) { create(:note_on_issue, project: project) } - - before do - second_note.project.add_user(user, :developer) - - [second_note, third_note].each do |note| - EventCreateService.new.leave_note(note, user) - end - end - - it 'returns events in the correct order (from newest to oldest)' do - get v3_api("/users/#{user.id}/events", user) - - comment_events = json_response.select { |e| e['action_name'] == 'commented on' } - - expect(comment_events[0]['target_id']).to eq(third_note.id) - expect(comment_events[1]['target_id']).to eq(second_note.id) - expect(comment_events[2]['target_id']).to eq(note.id) - end - end - end - - it 'returns a 404 error if not found' do - get v3_api('/users/420/events', user) - - expect(response).to have_gitlab_http_status(404) - expect(json_response['message']).to eq('404 User Not Found') - end - end - - describe 'POST /users' do - it 'creates confirmed user when confirm parameter is false' do - optional_attributes = { confirm: false } - attributes = attributes_for(:user).merge(optional_attributes) - - post v3_api('/users', admin), attributes - - user_id = json_response['id'] - new_user = User.find(user_id) - - expect(new_user).to be_confirmed - end - - it 'does not reveal the `is_admin` flag of the user' do - post v3_api('/users', admin), attributes_for(:user) - - expect(json_response['is_admin']).to be_nil - end - - context "scopes" do - let(:user) { admin } - let(:path) { '/users' } - let(:api_call) { method(:v3_api) } - - include_examples 'does not allow the "read_user" scope' - end - end -end diff --git a/spec/requests/api/version_spec.rb b/spec/requests/api/version_spec.rb index 7bbf34422b8..38b618191fb 100644 --- a/spec/requests/api/version_spec.rb +++ b/spec/requests/api/version_spec.rb @@ -18,7 +18,7 @@ describe API::Version do expect(response).to have_gitlab_http_status(200) expect(json_response['version']).to eq(Gitlab::VERSION) - expect(json_response['revision']).to eq(Gitlab::REVISION) + expect(json_response['revision']).to eq(Gitlab.revision) end end end diff --git a/spec/requests/api/wikis_spec.rb b/spec/requests/api/wikis_spec.rb index fb0806ff9f1..850ba696098 100644 --- a/spec/requests/api/wikis_spec.rb +++ b/spec/requests/api/wikis_spec.rb @@ -143,7 +143,7 @@ describe API::Wikis do let(:url) { "/projects/#{project.id}/wikis" } context 'when wiki is disabled' do - let(:project) { create(:project, :wiki_disabled) } + let(:project) { create(:project, :wiki_repo, :wiki_disabled) } context 'when user is guest' do before do @@ -175,7 +175,7 @@ describe API::Wikis do end context 'when wiki is available only for team members' do - let(:project) { create(:project, :wiki_private) } + let(:project) { create(:project, :wiki_repo, :wiki_private) } context 'when user is guest' do before do @@ -203,7 +203,7 @@ describe API::Wikis do end context 'when wiki is available for everyone with access' do - let(:project) { create(:project) } + let(:project) { create(:project, :wiki_repo) } context 'when user is guest' do before do @@ -236,7 +236,7 @@ describe API::Wikis do let(:url) { "/projects/#{project.id}/wikis/#{page.slug}" } context 'when wiki is disabled' do - let(:project) { create(:project, :wiki_disabled) } + let(:project) { create(:project, :wiki_repo, :wiki_disabled) } context 'when user is guest' do before do @@ -268,7 +268,7 @@ describe API::Wikis do end context 'when wiki is available only for team members' do - let(:project) { create(:project, :wiki_private) } + let(:project) { create(:project, :wiki_repo, :wiki_private) } context 'when user is guest' do before do @@ -311,7 +311,7 @@ describe API::Wikis do end context 'when wiki is available for everyone with access' do - let(:project) { create(:project) } + let(:project) { create(:project, :wiki_repo) } context 'when user is guest' do before do @@ -360,7 +360,7 @@ describe API::Wikis do let(:url) { "/projects/#{project.id}/wikis" } context 'when wiki is disabled' do - let(:project) { create(:project, :wiki_disabled) } + let(:project) { create(:project, :wiki_disabled, :wiki_repo) } context 'when user is guest' do before do @@ -390,7 +390,7 @@ describe API::Wikis do end context 'when wiki is available only for team members' do - let(:project) { create(:project, :wiki_private) } + let(:project) { create(:project, :wiki_private, :wiki_repo) } context 'when user is guest' do before do @@ -418,7 +418,7 @@ describe API::Wikis do end context 'when wiki is available for everyone with access' do - let(:project) { create(:project) } + let(:project) { create(:project, :wiki_repo) } context 'when user is guest' do before do @@ -452,7 +452,7 @@ describe API::Wikis do let(:url) { "/projects/#{project.id}/wikis/#{page.slug}" } context 'when wiki is disabled' do - let(:project) { create(:project, :wiki_disabled) } + let(:project) { create(:project, :wiki_disabled, :wiki_repo) } context 'when user is guest' do before do @@ -484,7 +484,7 @@ describe API::Wikis do end context 'when wiki is available only for team members' do - let(:project) { create(:project, :wiki_private) } + let(:project) { create(:project, :wiki_private, :wiki_repo) } context 'when user is guest' do before do @@ -528,7 +528,7 @@ describe API::Wikis do end context 'when wiki is available for everyone with access' do - let(:project) { create(:project) } + let(:project) { create(:project, :wiki_repo) } context 'when user is guest' do before do @@ -572,7 +572,7 @@ describe API::Wikis do end context 'when wiki belongs to a group project' do - let(:project) { create(:project, namespace: group) } + let(:project) { create(:project, :wiki_repo, namespace: group) } before do put(api(url, user), payload) @@ -587,7 +587,7 @@ describe API::Wikis do let(:url) { "/projects/#{project.id}/wikis/#{page.slug}" } context 'when wiki is disabled' do - let(:project) { create(:project, :wiki_disabled) } + let(:project) { create(:project, :wiki_disabled, :wiki_repo) } context 'when user is guest' do before do @@ -619,7 +619,7 @@ describe API::Wikis do end context 'when wiki is available only for team members' do - let(:project) { create(:project, :wiki_private) } + let(:project) { create(:project, :wiki_private, :wiki_repo) } context 'when user is guest' do before do @@ -651,7 +651,7 @@ describe API::Wikis do end context 'when wiki is available for everyone with access' do - let(:project) { create(:project) } + let(:project) { create(:project, :wiki_repo) } context 'when user is guest' do before do @@ -689,7 +689,7 @@ describe API::Wikis do end context 'when wiki belongs to a group project' do - let(:project) { create(:project, namespace: group) } + let(:project) { create(:project, :wiki_repo, namespace: group) } before do delete(api(url, user)) |