gitlabhq/spec/requests/api/projects_spec.rb
Sebastian Ziebell 6df02adc7a API: status code 403 returned if new project would exceed limit
When the project limit is reached the user is not allowed to create new ones.
Instead of error code 404 the status code 403 (Forbidden) is returned with error
message via API.
2013-02-14 15:51:56 +01:00

506 lines
17 KiB
Ruby

require 'spec_helper'
describe Gitlab::API do
include ApiHelpers
let(:user) { create(:user) }
let(:user2) { create(:user) }
let(:user3) { create(:user) }
let!(:project) { create(:project, namespace: user.namespace ) }
let!(:hook) { create(:project_hook, project: project, url: "http://example.com") }
let!(:snippet) { create(:snippet, author: user, project: project, title: 'example') }
let!(:users_project) { create(:users_project, user: user, project: project, project_access: UsersProject::MASTER) }
let!(:users_project2) { create(:users_project, user: user3, project: project, project_access: UsersProject::DEVELOPER) }
before { project.team << [user, :reporter] }
describe "GET /projects" do
context "when unauthenticated" do
it "should return authentication error" do
get api("/projects")
response.status.should == 401
end
end
context "when authenticated" do
it "should return an array of projects" do
get api("/projects", user)
response.status.should == 200
json_response.should be_an Array
json_response.first['name'].should == project.name
json_response.first['owner']['email'].should == user.email
end
end
end
describe "POST /projects" do
it "should create new project without path" do
expect { post api("/projects", user), name: 'foo' }.to change {Project.count}.by(1)
end
it "should not create new project without name" do
expect { post api("/projects", user) }.to_not change {Project.count}
end
it "should return a 400 error if name not given" do
post api("/projects", user)
response.status.should == 400
end
it "should respond with 201 on success" do
post api("/projects", user), name: 'foo'
response.status.should == 201
end
it "should respond with 400 if name is not given" do
post api("/projects", user)
response.status.should == 400
end
it "should return a 403 error if project limit reached" do
(1..user.projects_limit).each do |p|
post api("/projects", user), name: "foo#{p}"
end
post api("/projects", user), name: 'bar'
response.status.should == 403
end
it "should assign attributes to project" do
project = attributes_for(:project, {
description: Faker::Lorem.sentence,
default_branch: 'stable',
issues_enabled: false,
wall_enabled: false,
merge_requests_enabled: false,
wiki_enabled: false
})
post api("/projects", user), project
project.each_pair do |k,v|
next if k == :path
json_response[k.to_s].should == v
end
end
end
describe "GET /projects/:id" do
it "should return a project by id" do
get api("/projects/#{project.id}", user)
response.status.should == 200
json_response['name'].should == project.name
json_response['owner']['email'].should == user.email
end
it "should return a project by path name" do
get api("/projects/#{project.id}", user)
response.status.should == 200
json_response['name'].should == project.name
end
it "should return a 404 error if not found" do
get api("/projects/42", user)
response.status.should == 404
json_response['message'].should == '404 Not Found'
end
it "should return a 404 error if user is not a member" do
other_user = create(:user)
get api("/projects/#{project.id}", other_user)
response.status.should == 404
end
end
describe "GET /projects/:id/repository/branches" do
it "should return an array of project branches" do
get api("/projects/#{project.id}/repository/branches", user)
response.status.should == 200
json_response.should be_an Array
json_response.first['name'].should == project.repo.heads.sort_by(&:name).first.name
end
end
describe "GET /projects/:id/repository/branches/:branch" do
it "should return the branch information for a single branch" do
get api("/projects/#{project.id}/repository/branches/new_design", user)
response.status.should == 200
json_response['name'].should == 'new_design'
json_response['commit']['id'].should == '621491c677087aa243f165eab467bfdfbee00be1'
json_response['protected'].should == false
end
it "should return a 404 error if branch is not available" do
get api("/projects/#{project.id}/repository/branches/unknown", user)
response.status.should == 404
end
end
describe "PUT /projects/:id/repository/branches/:branch/protect" do
it "should protect a single branch" do
put api("/projects/#{project.id}/repository/branches/new_design/protect", user)
response.status.should == 200
json_response['name'].should == 'new_design'
json_response['commit']['id'].should == '621491c677087aa243f165eab467bfdfbee00be1'
json_response['protected'].should == true
end
end
describe "PUT /projects/:id/repository/branches/:branch/unprotect" do
it "should unprotect a single branch" do
put api("/projects/#{project.id}/repository/branches/new_design/unprotect", user)
response.status.should == 200
json_response['name'].should == 'new_design'
json_response['commit']['id'].should == '621491c677087aa243f165eab467bfdfbee00be1'
json_response['protected'].should == false
end
end
describe "GET /projects/:id/members" do
it "should return project team members" do
get api("/projects/#{project.id}/members", user)
response.status.should == 200
json_response.should be_an Array
json_response.count.should == 2
json_response.first['email'].should == user.email
end
it "finds team members with query string" do
get api("/projects/#{project.id}/members", user), query: user.username
response.status.should == 200
json_response.should be_an Array
json_response.count.should == 1
json_response.first['email'].should == user.email
end
end
describe "GET /projects/:id/members/:user_id" do
it "should return project team member" do
get api("/projects/#{project.id}/members/#{user.id}", user)
response.status.should == 200
json_response['email'].should == user.email
json_response['access_level'].should == UsersProject::MASTER
end
end
describe "POST /projects/:id/members" do
it "should add user to project team" do
expect {
post api("/projects/#{project.id}/members", user), user_id: user2.id,
access_level: UsersProject::DEVELOPER
}.to change { UsersProject.count }.by(1)
response.status.should == 201
json_response['email'].should == user2.email
json_response['access_level'].should == UsersProject::DEVELOPER
end
it "should return a 201 status if user is already project member" do
post api("/projects/#{project.id}/members", user), user_id: user2.id,
access_level: UsersProject::DEVELOPER
expect {
post api("/projects/#{project.id}/members", user), user_id: user2.id,
access_level: UsersProject::DEVELOPER
}.not_to change { UsersProject.count }.by(1)
response.status.should == 201
json_response['email'].should == user2.email
json_response['access_level'].should == UsersProject::DEVELOPER
end
it "should return a 400 error when user id is not given" do
post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
response.status.should == 400
end
it "should return a 400 error when access level is not given" do
post api("/projects/#{project.id}/members", user), user_id: user2.id
response.status.should == 400
end
it "should return a 422 error when access level is not known" do
post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
response.status.should == 422
end
end
describe "PUT /projects/:id/members/:user_id" do
it "should update project team member" do
put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
response.status.should == 200
json_response['email'].should == user3.email
json_response['access_level'].should == UsersProject::MASTER
end
it "should return a 404 error if user_id is not found" do
put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
response.status.should == 404
end
it "should return a 400 error when access level is not given" do
put api("/projects/#{project.id}/members/#{user3.id}", user)
response.status.should == 400
end
it "should return a 422 error when access level is not known" do
put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
response.status.should == 422
end
end
describe "DELETE /projects/:id/members/:user_id" do
it "should remove user from project team" do
expect {
delete api("/projects/#{project.id}/members/#{user3.id}", user)
}.to change { UsersProject.count }.by(-1)
end
it "should return 200 if team member is not part of a project" do
delete api("/projects/#{project.id}/members/#{user3.id}", user)
expect {
delete api("/projects/#{project.id}/members/#{user3.id}", user)
}.to_not change { UsersProject.count }.by(1)
end
end
describe "DELETE /projects/:id/members/:user_id" do
it "should return 200 OK when the user was not member" do
expect {
delete api("/projects/#{project.id}/members/1000000", user)
}.to change { UsersProject.count }.by(0)
response.status.should == 200
json_response['message'].should == "Access revoked"
json_response['id'].should == 1000000
end
end
describe "GET /projects/:id/hooks" do
it "should return project hooks" do
get api("/projects/#{project.id}/hooks", user)
response.status.should == 200
json_response.should be_an Array
json_response.count.should == 1
json_response.first['url'].should == "http://example.com"
end
end
describe "GET /projects/:id/hooks/:hook_id" do
it "should return a project hook" do
get api("/projects/#{project.id}/hooks/#{hook.id}", user)
response.status.should == 200
json_response['url'].should == hook.url
end
it "should return a 404 error if hook id is not available" do
get api("/projects/#{project.id}/hooks/1234", user)
response.status.should == 404
end
end
describe "POST /projects/:id/hooks" do
it "should add hook to project" do
expect {
post api("/projects/#{project.id}/hooks", user),
"url" => "http://example.com"
}.to change {project.hooks.count}.by(1)
response.status.should == 201
end
it "should return a 400 error if url not given" do
post api("/projects/#{project.id}/hooks", user)
response.status.should == 400
end
end
describe "PUT /projects/:id/hooks/:hook_id" do
it "should update an existing project hook" do
put api("/projects/#{project.id}/hooks/#{hook.id}", user),
url: 'http://example.org'
response.status.should == 200
json_response['url'].should == 'http://example.org'
end
it "should return 404 error if hook id not found" do
put api("/projects/#{project.id}/hooks/1234", user), url: 'http://example.org'
response.status.should == 404
end
it "should return 400 error if url is not given" do
put api("/projects/#{project.id}/hooks/#{hook.id}", user)
response.status.should == 400
end
end
describe "DELETE /projects/:id/hooks" do
it "should delete hook from project" do
expect {
delete api("/projects/#{project.id}/hooks", user),
hook_id: hook.id
}.to change {project.hooks.count}.by(-1)
response.status.should == 200
end
it "should return success when deleting hook" do
delete api("/projects/#{project.id}/hooks", user), hook_id: hook.id
response.status.should == 200
end
it "should return success when deleting non existent hook" do
delete api("/projects/#{project.id}/hooks", user), hook_id: 42
response.status.should == 200
end
it "should return a 400 error if hook id not given" do
delete api("/projects/#{project.id}/hooks", user)
response.status.should == 400
end
end
describe "GET /projects/:id/repository/tags" do
it "should return an array of project tags" do
get api("/projects/#{project.id}/repository/tags", user)
response.status.should == 200
json_response.should be_an Array
json_response.first['name'].should == project.repo.tags.sort_by(&:name).reverse.first.name
end
end
describe "GET /projects/:id/repository/commits" do
context "authorized user" do
before { project.team << [user2, :reporter] }
it "should return project commits" do
get api("/projects/#{project.id}/repository/commits", user)
response.status.should == 200
json_response.should be_an Array
json_response.first['id'].should == project.repository.commit.id
end
end
context "unauthorized user" do
it "should not return project commits" do
get api("/projects/#{project.id}/repository/commits")
response.status.should == 401
end
end
end
describe "GET /projects/:id/snippets" do
it "should return an array of project snippets" do
get api("/projects/#{project.id}/snippets", user)
response.status.should == 200
json_response.should be_an Array
json_response.first['title'].should == snippet.title
end
end
describe "GET /projects/:id/snippets/:snippet_id" do
it "should return a project snippet" do
get api("/projects/#{project.id}/snippets/#{snippet.id}", user)
response.status.should == 200
json_response['title'].should == snippet.title
end
it "should return a 404 error if snippet id not found" do
get api("/projects/#{project.id}/snippets/1234", user)
response.status.should == 404
end
end
describe "POST /projects/:id/snippets" do
it "should create a new project snippet" do
post api("/projects/#{project.id}/snippets", user),
title: 'api test', file_name: 'sample.rb', code: 'test'
response.status.should == 201
json_response['title'].should == 'api test'
end
it "should return a 400 error if title is not given" do
post api("/projects/#{project.id}/snippets", user),
file_name: 'sample.rb', code: 'test'
response.status.should == 400
end
it "should return a 400 error if file_name not given" do
post api("/projects/#{project.id}/snippets", user),
title: 'api test', code: 'test'
response.status.should == 400
end
it "should return a 400 error if code not given" do
post api("/projects/#{project.id}/snippets", user),
title: 'api test', file_name: 'sample.rb'
response.status.should == 400
end
end
describe "PUT /projects/:id/snippets/:shippet_id" do
it "should update an existing project snippet" do
put api("/projects/#{project.id}/snippets/#{snippet.id}", user),
code: 'updated code'
response.status.should == 200
json_response['title'].should == 'example'
snippet.reload.content.should == 'updated code'
end
it "should update an existing project snippet with new title" do
put api("/projects/#{project.id}/snippets/#{snippet.id}", user),
title: 'other api test'
response.status.should == 200
json_response['title'].should == 'other api test'
end
end
describe "DELETE /projects/:id/snippets/:snippet_id" do
it "should delete existing project snippet" do
expect {
delete api("/projects/#{project.id}/snippets/#{snippet.id}", user)
}.to change { Snippet.count }.by(-1)
response.status.should == 200
end
it "should return success when deleting unknown snippet id" do
delete api("/projects/#{project.id}/snippets/1234", user)
response.status.should == 200
end
end
describe "GET /projects/:id/snippets/:snippet_id/raw" do
it "should get a raw project snippet" do
get api("/projects/#{project.id}/snippets/#{snippet.id}/raw", user)
response.status.should == 200
end
it "should return a 404 error if raw project snippet not found" do
get api("/projects/#{project.id}/snippets/5555/raw", user)
response.status.should == 404
end
end
describe "GET /projects/:id/repository/commits/:sha/blob" do
it "should get the raw file contents" do
get api("/projects/#{project.id}/repository/commits/master/blob?filepath=README.md", user)
response.status.should == 200
end
it "should return 404 for invalid branch_name" do
get api("/projects/#{project.id}/repository/commits/invalid_branch_name/blob?filepath=README.md", user)
response.status.should == 404
end
it "should return 404 for invalid file" do
get api("/projects/#{project.id}/repository/commits/master/blob?filepath=README.invalid", user)
response.status.should == 404
end
it "should return a 400 error if filepath is missing" do
get api("/projects/#{project.id}/repository/commits/master/blob", user)
response.status.should == 400
end
end
end