The users API updated with return codes, e.g. if required parameters are missing
a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions,
e.g. deletion of a ssh key is an idempotent function now.
The API documentation is updated to reflect the current status of the API. Descriptions
are more detailed and complete, infos to return values are added to all functions.
When a user is not authorized to see the list of hooks for a project, he is
still able to access the hooks separately. For example if access to
`GET /projects/:id/hooks` fails and returns a `403 Unauthorized` error it is
still possible to access a hook directly via `GET /projects/:id/hooks/:hook_id`.
Fixes access, also added tests to check access and status codes of hooks.
When the project limit is reached the user is not allowed to create new ones.
Instead of error code 404 the status code 403 (Forbidden) is returned with error
message via API.
When reaching the project limit the API returns an error code 404 on the last possible
project. The project itself is created and is available in the database (seems valid).
A similar behavior can be observed when reaching the project limit via web client, but
in this case the user is notified that the maximum number of projects is reached. The project
itself is still created and can be accessed.
Tests are added to check the behavior when reaching the project limit or one tries
to exceed it via the API.
Extracted a method for 400 error (Bad request) and adjusted code accordingly. The name of
the missing attribute is used to show which one was missing from the request. It is used to
give an appropriate message in the json response.
When using project snippets via API the functions now provide status codes for
different situations other then only returning 404 error. If required parameters are missing,
e.g. `title` when creating a project snippet a 400 (Bad request) error is returned. The snippet
delete function now is idempotent and returns a 200 (Ok) regardless if the snippet with the
given id is available or not. Changing return codes of these functions has the advantage that
the 404 error is used only for resources, which are not available.
Tests added to check these status codes when handling project snippets.
Different status codes in the API lib are returned on hook creation, update or deletion.
If a required parameter is not given (e.g. `url` in `/projects/:id/hooks/:hook_id`) status
code 400 (Bad request) is returned. On hook deletion a 200 status code is returned, regardless if
the hook is present or not. This makes the DELETE function an idempotent operation. Appropriate tests
are added to check these status codes.
When adding a project hook a url must be specified or a 400 error code is returned
* Specs added to check status code on handling project hooks
* refactored code, extracted a method
When a user is added to a project that is already a member of, a status code 201 is now returned to
signal an idempotent operation. If something fails then instead of returning error code 404 different
more specific error codes are returned. Status code 400 (Bad request) is returned when a required
attribute, e.g. `access_level` is not given or 422 if there is a semantic error, e.g. should
the `access_level` have an unsupported value.
Specs are added to check these status codes.
If a note is created with a POST request via API (`/projects/:id/notes`) status
code 400 is returned instead of 404. The resource itself exists but the request
is incomplete. Specs added to check different status codes when accessing, creating
and updating notes.
Creating a comment to an existing merge request via API without providing a note
returns a status code 400 now, suggesting a bad request. The reason for this
is the resource itself (MR) exists but the required property is not set.
Using the API library to create or update a merge request at the moment a 404 error is returned.
This is fine when the merge request in question does not exist, but does not provide good
information that for example a required attribute is missing.
A status code of 400 (Bad request) is returned when creating or updating a merge request
when either `source_branch` or `target_branch` is missing. A status code of 409 is returned
when `source_branch` and `target_branch` are the same. Tests are added for these cases.
The attempt to revoke project access for a user that was not member of the
project results in a 500 Internal Server error where it actually should
result in a 200 OK since after the operation, the user is not member of
the project. This turns the operation into an idempotent call that can
be repeated with no ill effects.
Updated the spec and changed the code accordingly. However, the result differs
slightly, as we can't return the users project access level if the user was not
member. I'm not aware if anybody relies on the result of this call.
Fixes#2832
