When a user is not authorized to see the list of hooks for a project, he is
still able to access the hooks separately. For example if access to
`GET /projects/:id/hooks` fails and returns a `403 Unauthorized` error it is
still possible to access a hook directly via `GET /projects/:id/hooks/:hook_id`.
Fixes access, also added tests to check access and status codes of hooks.
Documentation is updated with information how to handle snippets or how to access tags
and commits. Nearly all project specific functions are now described in the documentation.
A few previous entries have been updated with status codes, e.g. `401 Unauthorized`.
The API documentation for projects now is structured into major sections that describe
the different aspects when dealing with projects, e.g. hooks, branches, team members etc.
All described methods now contain a list of possible status codes the method can return. A few
methods have extra sample JSON responses and a description if a method is idempotent.
Idempotent methods can be called multiple times while returning the same status code.
This option allows to disable users from changing their username.
This is very usefull in environments using strong internal authentication methods like ldap, pam or shibboleth.
You can allow users to change theyr username in these environments, but then new users (users loging in first time) is blocked from gitlab is her username exists.
When the project limit is reached the user is not allowed to create new ones.
Instead of error code 404 the status code 403 (Forbidden) is returned with error
message via API.
The previous call `saved?` is restored in the `POST /projects` method in the API.
It is refactored to check if the record is persisted. This is useful to not validate
the record again after saving. This fixes the returned status code in the web client
too. If the last project is created via web client instead of error notification
the project page is shown.
When creating the last project via API when reaching the project limit a status code
of 404 (Not found) is returned instead of 201 (Created). The fix checks now correctly if
the project could be saved.
When reaching the project limit the API returns an error code 404 on the last possible
project. The project itself is created and is available in the database (seems valid).
A similar behavior can be observed when reaching the project limit via web client, but
in this case the user is notified that the maximum number of projects is reached. The project
itself is still created and can be accessed.
Tests are added to check the behavior when reaching the project limit or one tries
to exceed it via the API.
Extracted a method for 400 error (Bad request) and adjusted code accordingly. The name of
the missing attribute is used to show which one was missing from the request. It is used to
give an appropriate message in the json response.
