6df02adc7a
When the project limit is reached the user is not allowed to create new ones. Instead of error code 404 the status code 403 (Forbidden) is returned with error message via API.
506 lines
17 KiB
Ruby
506 lines
17 KiB
Ruby
require 'spec_helper'
|
|
|
|
describe Gitlab::API do
|
|
include ApiHelpers
|
|
|
|
let(:user) { create(:user) }
|
|
let(:user2) { create(:user) }
|
|
let(:user3) { create(:user) }
|
|
let!(:project) { create(:project, namespace: user.namespace ) }
|
|
let!(:hook) { create(:project_hook, project: project, url: "http://example.com") }
|
|
let!(:snippet) { create(:snippet, author: user, project: project, title: 'example') }
|
|
let!(:users_project) { create(:users_project, user: user, project: project, project_access: UsersProject::MASTER) }
|
|
let!(:users_project2) { create(:users_project, user: user3, project: project, project_access: UsersProject::DEVELOPER) }
|
|
before { project.team << [user, :reporter] }
|
|
|
|
describe "GET /projects" do
|
|
context "when unauthenticated" do
|
|
it "should return authentication error" do
|
|
get api("/projects")
|
|
response.status.should == 401
|
|
end
|
|
end
|
|
|
|
context "when authenticated" do
|
|
it "should return an array of projects" do
|
|
get api("/projects", user)
|
|
response.status.should == 200
|
|
json_response.should be_an Array
|
|
json_response.first['name'].should == project.name
|
|
json_response.first['owner']['email'].should == user.email
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "POST /projects" do
|
|
it "should create new project without path" do
|
|
expect { post api("/projects", user), name: 'foo' }.to change {Project.count}.by(1)
|
|
end
|
|
|
|
it "should not create new project without name" do
|
|
expect { post api("/projects", user) }.to_not change {Project.count}
|
|
end
|
|
|
|
it "should return a 400 error if name not given" do
|
|
post api("/projects", user)
|
|
response.status.should == 400
|
|
end
|
|
|
|
it "should respond with 201 on success" do
|
|
post api("/projects", user), name: 'foo'
|
|
response.status.should == 201
|
|
end
|
|
|
|
it "should respond with 400 if name is not given" do
|
|
post api("/projects", user)
|
|
response.status.should == 400
|
|
end
|
|
|
|
it "should return a 403 error if project limit reached" do
|
|
(1..user.projects_limit).each do |p|
|
|
post api("/projects", user), name: "foo#{p}"
|
|
end
|
|
post api("/projects", user), name: 'bar'
|
|
response.status.should == 403
|
|
end
|
|
|
|
it "should assign attributes to project" do
|
|
project = attributes_for(:project, {
|
|
description: Faker::Lorem.sentence,
|
|
default_branch: 'stable',
|
|
issues_enabled: false,
|
|
wall_enabled: false,
|
|
merge_requests_enabled: false,
|
|
wiki_enabled: false
|
|
})
|
|
|
|
post api("/projects", user), project
|
|
|
|
project.each_pair do |k,v|
|
|
next if k == :path
|
|
json_response[k.to_s].should == v
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id" do
|
|
it "should return a project by id" do
|
|
get api("/projects/#{project.id}", user)
|
|
response.status.should == 200
|
|
json_response['name'].should == project.name
|
|
json_response['owner']['email'].should == user.email
|
|
end
|
|
|
|
it "should return a project by path name" do
|
|
get api("/projects/#{project.id}", user)
|
|
response.status.should == 200
|
|
json_response['name'].should == project.name
|
|
end
|
|
|
|
it "should return a 404 error if not found" do
|
|
get api("/projects/42", user)
|
|
response.status.should == 404
|
|
json_response['message'].should == '404 Not Found'
|
|
end
|
|
|
|
it "should return a 404 error if user is not a member" do
|
|
other_user = create(:user)
|
|
get api("/projects/#{project.id}", other_user)
|
|
response.status.should == 404
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/repository/branches" do
|
|
it "should return an array of project branches" do
|
|
get api("/projects/#{project.id}/repository/branches", user)
|
|
response.status.should == 200
|
|
json_response.should be_an Array
|
|
json_response.first['name'].should == project.repo.heads.sort_by(&:name).first.name
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/repository/branches/:branch" do
|
|
it "should return the branch information for a single branch" do
|
|
get api("/projects/#{project.id}/repository/branches/new_design", user)
|
|
response.status.should == 200
|
|
|
|
json_response['name'].should == 'new_design'
|
|
json_response['commit']['id'].should == '621491c677087aa243f165eab467bfdfbee00be1'
|
|
json_response['protected'].should == false
|
|
end
|
|
|
|
it "should return a 404 error if branch is not available" do
|
|
get api("/projects/#{project.id}/repository/branches/unknown", user)
|
|
response.status.should == 404
|
|
end
|
|
end
|
|
|
|
describe "PUT /projects/:id/repository/branches/:branch/protect" do
|
|
it "should protect a single branch" do
|
|
put api("/projects/#{project.id}/repository/branches/new_design/protect", user)
|
|
response.status.should == 200
|
|
|
|
json_response['name'].should == 'new_design'
|
|
json_response['commit']['id'].should == '621491c677087aa243f165eab467bfdfbee00be1'
|
|
json_response['protected'].should == true
|
|
end
|
|
end
|
|
|
|
describe "PUT /projects/:id/repository/branches/:branch/unprotect" do
|
|
it "should unprotect a single branch" do
|
|
put api("/projects/#{project.id}/repository/branches/new_design/unprotect", user)
|
|
response.status.should == 200
|
|
|
|
json_response['name'].should == 'new_design'
|
|
json_response['commit']['id'].should == '621491c677087aa243f165eab467bfdfbee00be1'
|
|
json_response['protected'].should == false
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/members" do
|
|
it "should return project team members" do
|
|
get api("/projects/#{project.id}/members", user)
|
|
response.status.should == 200
|
|
json_response.should be_an Array
|
|
json_response.count.should == 2
|
|
json_response.first['email'].should == user.email
|
|
end
|
|
|
|
it "finds team members with query string" do
|
|
get api("/projects/#{project.id}/members", user), query: user.username
|
|
response.status.should == 200
|
|
json_response.should be_an Array
|
|
json_response.count.should == 1
|
|
json_response.first['email'].should == user.email
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/members/:user_id" do
|
|
it "should return project team member" do
|
|
get api("/projects/#{project.id}/members/#{user.id}", user)
|
|
response.status.should == 200
|
|
json_response['email'].should == user.email
|
|
json_response['access_level'].should == UsersProject::MASTER
|
|
end
|
|
end
|
|
|
|
describe "POST /projects/:id/members" do
|
|
it "should add user to project team" do
|
|
expect {
|
|
post api("/projects/#{project.id}/members", user), user_id: user2.id,
|
|
access_level: UsersProject::DEVELOPER
|
|
}.to change { UsersProject.count }.by(1)
|
|
|
|
response.status.should == 201
|
|
json_response['email'].should == user2.email
|
|
json_response['access_level'].should == UsersProject::DEVELOPER
|
|
end
|
|
|
|
it "should return a 201 status if user is already project member" do
|
|
post api("/projects/#{project.id}/members", user), user_id: user2.id,
|
|
access_level: UsersProject::DEVELOPER
|
|
expect {
|
|
post api("/projects/#{project.id}/members", user), user_id: user2.id,
|
|
access_level: UsersProject::DEVELOPER
|
|
}.not_to change { UsersProject.count }.by(1)
|
|
|
|
response.status.should == 201
|
|
json_response['email'].should == user2.email
|
|
json_response['access_level'].should == UsersProject::DEVELOPER
|
|
end
|
|
|
|
it "should return a 400 error when user id is not given" do
|
|
post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
|
|
response.status.should == 400
|
|
end
|
|
|
|
it "should return a 400 error when access level is not given" do
|
|
post api("/projects/#{project.id}/members", user), user_id: user2.id
|
|
response.status.should == 400
|
|
end
|
|
|
|
it "should return a 422 error when access level is not known" do
|
|
post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
|
|
response.status.should == 422
|
|
end
|
|
end
|
|
|
|
describe "PUT /projects/:id/members/:user_id" do
|
|
it "should update project team member" do
|
|
put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
|
|
response.status.should == 200
|
|
json_response['email'].should == user3.email
|
|
json_response['access_level'].should == UsersProject::MASTER
|
|
end
|
|
|
|
it "should return a 404 error if user_id is not found" do
|
|
put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
|
|
response.status.should == 404
|
|
end
|
|
|
|
it "should return a 400 error when access level is not given" do
|
|
put api("/projects/#{project.id}/members/#{user3.id}", user)
|
|
response.status.should == 400
|
|
end
|
|
|
|
it "should return a 422 error when access level is not known" do
|
|
put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
|
|
response.status.should == 422
|
|
end
|
|
end
|
|
|
|
describe "DELETE /projects/:id/members/:user_id" do
|
|
it "should remove user from project team" do
|
|
expect {
|
|
delete api("/projects/#{project.id}/members/#{user3.id}", user)
|
|
}.to change { UsersProject.count }.by(-1)
|
|
end
|
|
|
|
it "should return 200 if team member is not part of a project" do
|
|
delete api("/projects/#{project.id}/members/#{user3.id}", user)
|
|
expect {
|
|
delete api("/projects/#{project.id}/members/#{user3.id}", user)
|
|
}.to_not change { UsersProject.count }.by(1)
|
|
end
|
|
end
|
|
|
|
describe "DELETE /projects/:id/members/:user_id" do
|
|
it "should return 200 OK when the user was not member" do
|
|
expect {
|
|
delete api("/projects/#{project.id}/members/1000000", user)
|
|
}.to change { UsersProject.count }.by(0)
|
|
response.status.should == 200
|
|
json_response['message'].should == "Access revoked"
|
|
json_response['id'].should == 1000000
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/hooks" do
|
|
it "should return project hooks" do
|
|
get api("/projects/#{project.id}/hooks", user)
|
|
|
|
response.status.should == 200
|
|
|
|
json_response.should be_an Array
|
|
json_response.count.should == 1
|
|
json_response.first['url'].should == "http://example.com"
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/hooks/:hook_id" do
|
|
it "should return a project hook" do
|
|
get api("/projects/#{project.id}/hooks/#{hook.id}", user)
|
|
response.status.should == 200
|
|
json_response['url'].should == hook.url
|
|
end
|
|
|
|
it "should return a 404 error if hook id is not available" do
|
|
get api("/projects/#{project.id}/hooks/1234", user)
|
|
response.status.should == 404
|
|
end
|
|
end
|
|
|
|
describe "POST /projects/:id/hooks" do
|
|
it "should add hook to project" do
|
|
expect {
|
|
post api("/projects/#{project.id}/hooks", user),
|
|
"url" => "http://example.com"
|
|
}.to change {project.hooks.count}.by(1)
|
|
response.status.should == 201
|
|
end
|
|
|
|
it "should return a 400 error if url not given" do
|
|
post api("/projects/#{project.id}/hooks", user)
|
|
response.status.should == 400
|
|
end
|
|
end
|
|
|
|
describe "PUT /projects/:id/hooks/:hook_id" do
|
|
it "should update an existing project hook" do
|
|
put api("/projects/#{project.id}/hooks/#{hook.id}", user),
|
|
url: 'http://example.org'
|
|
response.status.should == 200
|
|
json_response['url'].should == 'http://example.org'
|
|
end
|
|
|
|
it "should return 404 error if hook id not found" do
|
|
put api("/projects/#{project.id}/hooks/1234", user), url: 'http://example.org'
|
|
response.status.should == 404
|
|
end
|
|
|
|
it "should return 400 error if url is not given" do
|
|
put api("/projects/#{project.id}/hooks/#{hook.id}", user)
|
|
response.status.should == 400
|
|
end
|
|
end
|
|
|
|
describe "DELETE /projects/:id/hooks" do
|
|
it "should delete hook from project" do
|
|
expect {
|
|
delete api("/projects/#{project.id}/hooks", user),
|
|
hook_id: hook.id
|
|
}.to change {project.hooks.count}.by(-1)
|
|
response.status.should == 200
|
|
end
|
|
|
|
it "should return success when deleting hook" do
|
|
delete api("/projects/#{project.id}/hooks", user), hook_id: hook.id
|
|
response.status.should == 200
|
|
end
|
|
|
|
it "should return success when deleting non existent hook" do
|
|
delete api("/projects/#{project.id}/hooks", user), hook_id: 42
|
|
response.status.should == 200
|
|
end
|
|
|
|
it "should return a 400 error if hook id not given" do
|
|
delete api("/projects/#{project.id}/hooks", user)
|
|
response.status.should == 400
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/repository/tags" do
|
|
it "should return an array of project tags" do
|
|
get api("/projects/#{project.id}/repository/tags", user)
|
|
response.status.should == 200
|
|
json_response.should be_an Array
|
|
json_response.first['name'].should == project.repo.tags.sort_by(&:name).reverse.first.name
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/repository/commits" do
|
|
context "authorized user" do
|
|
before { project.team << [user2, :reporter] }
|
|
|
|
it "should return project commits" do
|
|
get api("/projects/#{project.id}/repository/commits", user)
|
|
response.status.should == 200
|
|
|
|
json_response.should be_an Array
|
|
json_response.first['id'].should == project.repository.commit.id
|
|
end
|
|
end
|
|
|
|
context "unauthorized user" do
|
|
it "should not return project commits" do
|
|
get api("/projects/#{project.id}/repository/commits")
|
|
response.status.should == 401
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/snippets" do
|
|
it "should return an array of project snippets" do
|
|
get api("/projects/#{project.id}/snippets", user)
|
|
response.status.should == 200
|
|
json_response.should be_an Array
|
|
json_response.first['title'].should == snippet.title
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/snippets/:snippet_id" do
|
|
it "should return a project snippet" do
|
|
get api("/projects/#{project.id}/snippets/#{snippet.id}", user)
|
|
response.status.should == 200
|
|
json_response['title'].should == snippet.title
|
|
end
|
|
|
|
it "should return a 404 error if snippet id not found" do
|
|
get api("/projects/#{project.id}/snippets/1234", user)
|
|
response.status.should == 404
|
|
end
|
|
end
|
|
|
|
describe "POST /projects/:id/snippets" do
|
|
it "should create a new project snippet" do
|
|
post api("/projects/#{project.id}/snippets", user),
|
|
title: 'api test', file_name: 'sample.rb', code: 'test'
|
|
response.status.should == 201
|
|
json_response['title'].should == 'api test'
|
|
end
|
|
|
|
it "should return a 400 error if title is not given" do
|
|
post api("/projects/#{project.id}/snippets", user),
|
|
file_name: 'sample.rb', code: 'test'
|
|
response.status.should == 400
|
|
end
|
|
|
|
it "should return a 400 error if file_name not given" do
|
|
post api("/projects/#{project.id}/snippets", user),
|
|
title: 'api test', code: 'test'
|
|
response.status.should == 400
|
|
end
|
|
|
|
it "should return a 400 error if code not given" do
|
|
post api("/projects/#{project.id}/snippets", user),
|
|
title: 'api test', file_name: 'sample.rb'
|
|
response.status.should == 400
|
|
end
|
|
end
|
|
|
|
describe "PUT /projects/:id/snippets/:shippet_id" do
|
|
it "should update an existing project snippet" do
|
|
put api("/projects/#{project.id}/snippets/#{snippet.id}", user),
|
|
code: 'updated code'
|
|
response.status.should == 200
|
|
json_response['title'].should == 'example'
|
|
snippet.reload.content.should == 'updated code'
|
|
end
|
|
|
|
it "should update an existing project snippet with new title" do
|
|
put api("/projects/#{project.id}/snippets/#{snippet.id}", user),
|
|
title: 'other api test'
|
|
response.status.should == 200
|
|
json_response['title'].should == 'other api test'
|
|
end
|
|
end
|
|
|
|
describe "DELETE /projects/:id/snippets/:snippet_id" do
|
|
it "should delete existing project snippet" do
|
|
expect {
|
|
delete api("/projects/#{project.id}/snippets/#{snippet.id}", user)
|
|
}.to change { Snippet.count }.by(-1)
|
|
response.status.should == 200
|
|
end
|
|
|
|
it "should return success when deleting unknown snippet id" do
|
|
delete api("/projects/#{project.id}/snippets/1234", user)
|
|
response.status.should == 200
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/snippets/:snippet_id/raw" do
|
|
it "should get a raw project snippet" do
|
|
get api("/projects/#{project.id}/snippets/#{snippet.id}/raw", user)
|
|
response.status.should == 200
|
|
end
|
|
|
|
it "should return a 404 error if raw project snippet not found" do
|
|
get api("/projects/#{project.id}/snippets/5555/raw", user)
|
|
response.status.should == 404
|
|
end
|
|
end
|
|
|
|
describe "GET /projects/:id/repository/commits/:sha/blob" do
|
|
it "should get the raw file contents" do
|
|
get api("/projects/#{project.id}/repository/commits/master/blob?filepath=README.md", user)
|
|
response.status.should == 200
|
|
end
|
|
|
|
it "should return 404 for invalid branch_name" do
|
|
get api("/projects/#{project.id}/repository/commits/invalid_branch_name/blob?filepath=README.md", user)
|
|
response.status.should == 404
|
|
end
|
|
|
|
it "should return 404 for invalid file" do
|
|
get api("/projects/#{project.id}/repository/commits/master/blob?filepath=README.invalid", user)
|
|
response.status.should == 404
|
|
end
|
|
|
|
it "should return a 400 error if filepath is missing" do
|
|
get api("/projects/#{project.id}/repository/commits/master/blob", user)
|
|
response.status.should == 400
|
|
end
|
|
end
|
|
end
|