debian-mirror-gitlab/spec/controllers/projects/snippets_controller_spec.rb

599 lines
17 KiB
Ruby
Raw Normal View History

2019-07-31 22:56:46 +05:30
# frozen_string_literal: true
2016-06-02 11:05:42 +05:30
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe Projects::SnippetsController do
2020-04-08 14:13:33 +05:30
include Gitlab::Routing
let_it_be(:user) { create(:user) }
let_it_be(:user2) { create(:user) }
2016-09-29 09:46:39 +05:30
let(:project) { create(:project_empty_repo, :public) }
2016-06-02 11:05:42 +05:30
before do
2018-11-18 11:00:15 +05:30
project.add_maintainer(user)
project.add_maintainer(user2)
2016-06-02 11:05:42 +05:30
end
describe 'GET #index' do
2019-12-04 20:38:33 +05:30
it_behaves_like 'paginated collection' do
let(:collection) { project.snippets }
let(:params) do
{
namespace_id: project.namespace,
project_id: project
}
2017-08-17 22:00:37 +05:30
end
2019-12-04 20:38:33 +05:30
before do
create(:project_snippet, :public, project: project, author: user)
2017-08-17 22:00:37 +05:30
end
end
2020-03-13 15:44:24 +05:30
it 'fetches snippet counts via the snippet count service' do
service = double(:count_service, execute: {})
expect(Snippets::CountService)
.to receive(:new).with(nil, project: project)
.and_return(service)
get :index, params: { namespace_id: project.namespace, project_id: project }
end
2016-06-02 11:05:42 +05:30
context 'when the project snippet is private' do
let!(:project_snippet) { create(:project_snippet, :private, project: project, author: user) }
context 'when anonymous' do
it 'does not include the private snippet' do
2019-02-15 15:39:39 +05:30
get :index, params: { namespace_id: project.namespace, project_id: project }
2016-06-02 11:05:42 +05:30
expect(assigns(:snippets)).not_to include(project_snippet)
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2016-06-02 11:05:42 +05:30
end
end
context 'when signed in as the author' do
2017-09-10 17:25:29 +05:30
before do
sign_in(user)
end
2016-06-02 11:05:42 +05:30
it 'renders the snippet' do
2019-02-15 15:39:39 +05:30
get :index, params: { namespace_id: project.namespace, project_id: project }
2016-06-02 11:05:42 +05:30
expect(assigns(:snippets)).to include(project_snippet)
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2016-06-02 11:05:42 +05:30
end
end
context 'when signed in as a project member' do
2017-09-10 17:25:29 +05:30
before do
sign_in(user2)
end
2016-06-02 11:05:42 +05:30
it 'renders the snippet' do
2019-02-15 15:39:39 +05:30
get :index, params: { namespace_id: project.namespace, project_id: project }
2016-06-02 11:05:42 +05:30
expect(assigns(:snippets)).to include(project_snippet)
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2016-06-02 11:05:42 +05:30
end
end
end
end
2017-08-17 22:00:37 +05:30
describe 'POST #create' do
def create_snippet(project, snippet_params = {}, additional_params = {})
sign_in(user)
project.add_developer(user)
2019-02-15 15:39:39 +05:30
post :create, params: {
2017-08-17 22:00:37 +05:30
namespace_id: project.namespace.to_param,
project_id: project,
2017-09-10 17:25:29 +05:30
project_snippet: { title: 'Title', content: 'Content', description: 'Description' }.merge(snippet_params)
2017-08-17 22:00:37 +05:30
}.merge(additional_params)
2017-09-10 17:25:29 +05:30
Snippet.last
end
it 'creates the snippet correctly' do
snippet = create_snippet(project, visibility_level: Snippet::PRIVATE)
expect(snippet.title).to eq('Title')
expect(snippet.content).to eq('Content')
expect(snippet.description).to eq('Description')
2017-08-17 22:00:37 +05:30
end
context 'when the snippet is spam' do
before do
2020-03-13 15:44:24 +05:30
allow_next_instance_of(Spam::AkismetService) do |instance|
2019-12-26 22:10:19 +05:30
allow(instance).to receive(:spam?).and_return(true)
end
2017-08-17 22:00:37 +05:30
end
context 'when the snippet is private' do
it 'creates the snippet' do
2017-09-10 17:25:29 +05:30
expect { create_snippet(project, visibility_level: Snippet::PRIVATE) }
.to change { Snippet.count }.by(1)
2017-08-17 22:00:37 +05:30
end
end
context 'when the snippet is public' do
2020-04-22 19:07:51 +05:30
it 'rejects the snippet' do
2017-09-10 17:25:29 +05:30
expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }
.not_to change { Snippet.count }
2017-08-17 22:00:37 +05:30
expect(response).to render_template(:new)
end
it 'creates a spam log' do
2017-09-10 17:25:29 +05:30
expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }
2019-12-21 20:55:43 +05:30
.to log_spam(title: 'Title', user_id: user.id, noteable_type: 'ProjectSnippet')
2017-08-17 22:00:37 +05:30
end
2020-05-24 23:13:21 +05:30
it 'renders :new with reCAPTCHA disabled' do
2017-08-17 22:00:37 +05:30
stub_application_setting(recaptcha_enabled: false)
create_snippet(project, visibility_level: Snippet::PUBLIC)
expect(response).to render_template(:new)
end
2020-05-24 23:13:21 +05:30
context 'reCAPTCHA enabled' do
2017-08-17 22:00:37 +05:30
before do
stub_application_setting(recaptcha_enabled: true)
end
2020-05-24 23:13:21 +05:30
it 'renders :verify with reCAPTCHA enabled' do
2017-08-17 22:00:37 +05:30
create_snippet(project, visibility_level: Snippet::PUBLIC)
expect(response).to render_template(:verify)
end
2020-05-24 23:13:21 +05:30
it 'renders snippet page when reCAPTCHA verified' do
2017-08-17 22:00:37 +05:30
spammy_title = 'Whatever'
spam_logs = create_list(:spam_log, 2, user: user, title: spammy_title)
create_snippet(project,
{ visibility_level: Snippet::PUBLIC },
{ spam_log_id: spam_logs.last.id,
recaptcha_verification: true })
2017-09-10 17:25:29 +05:30
expect(response).to redirect_to(project_snippet_path(project, Snippet.last))
2017-08-17 22:00:37 +05:30
end
end
end
end
end
describe 'PUT #update' do
let(:project) { create :project, :public }
2020-04-22 19:07:51 +05:30
let(:visibility_level) { Snippet::PUBLIC }
2017-08-17 22:00:37 +05:30
let(:snippet) { create :project_snippet, author: user, project: project, visibility_level: visibility_level }
def update_snippet(snippet_params = {}, additional_params = {})
sign_in(user)
project.add_developer(user)
2019-02-15 15:39:39 +05:30
put :update, params: {
2017-08-17 22:00:37 +05:30
namespace_id: project.namespace.to_param,
project_id: project,
2020-04-22 19:07:51 +05:30
id: snippet,
2017-08-17 22:00:37 +05:30
project_snippet: { title: 'Title', content: 'Content' }.merge(snippet_params)
}.merge(additional_params)
snippet.reload
end
2020-04-22 19:07:51 +05:30
it_behaves_like 'updating snippet checks blob is binary' do
let_it_be(:title) { 'Foo' }
let(:params) do
{
namespace_id: project.namespace.to_param,
project_id: project,
id: snippet.id,
project_snippet: { title: title }
}
end
subject { put :update, params: params }
end
2017-08-17 22:00:37 +05:30
context 'when the snippet is spam' do
before do
2020-03-13 15:44:24 +05:30
allow_next_instance_of(Spam::AkismetService) do |instance|
2019-12-26 22:10:19 +05:30
allow(instance).to receive(:spam?).and_return(true)
end
2017-08-17 22:00:37 +05:30
end
context 'when the snippet is private' do
let(:visibility_level) { Snippet::PRIVATE }
it 'updates the snippet' do
2017-09-10 17:25:29 +05:30
expect { update_snippet(title: 'Foo') }
.to change { snippet.reload.title }.to('Foo')
2017-08-17 22:00:37 +05:30
end
end
context 'when the snippet is public' do
2020-04-22 19:07:51 +05:30
it 'rejects the snippet' do
2017-09-10 17:25:29 +05:30
expect { update_snippet(title: 'Foo') }
.not_to change { snippet.reload.title }
2017-08-17 22:00:37 +05:30
end
it 'creates a spam log' do
2017-09-10 17:25:29 +05:30
expect { update_snippet(title: 'Foo') }
2019-12-21 20:55:43 +05:30
.to log_spam(title: 'Foo', user_id: user.id, noteable_type: 'ProjectSnippet')
2017-08-17 22:00:37 +05:30
end
2020-05-24 23:13:21 +05:30
it 'renders :edit with reCAPTCHA disabled' do
2017-08-17 22:00:37 +05:30
stub_application_setting(recaptcha_enabled: false)
update_snippet(title: 'Foo')
expect(response).to render_template(:edit)
end
2020-05-24 23:13:21 +05:30
context 'reCAPTCHA enabled' do
2017-08-17 22:00:37 +05:30
before do
stub_application_setting(recaptcha_enabled: true)
end
2020-05-24 23:13:21 +05:30
it 'renders :verify with reCAPTCHA enabled' do
2017-08-17 22:00:37 +05:30
update_snippet(title: 'Foo')
expect(response).to render_template(:verify)
end
2020-05-24 23:13:21 +05:30
it 'renders snippet page when reCAPTCHA verified' do
2017-08-17 22:00:37 +05:30
spammy_title = 'Whatever'
spam_logs = create_list(:spam_log, 2, user: user, title: spammy_title)
snippet = update_snippet({ title: spammy_title },
{ spam_log_id: spam_logs.last.id,
recaptcha_verification: true })
2017-09-10 17:25:29 +05:30
expect(response).to redirect_to(project_snippet_path(project, snippet))
2017-08-17 22:00:37 +05:30
end
end
end
context 'when the private snippet is made public' do
let(:visibility_level) { Snippet::PRIVATE }
2020-04-22 19:07:51 +05:30
it 'rejects the snippet' do
2017-09-10 17:25:29 +05:30
expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }
.not_to change { snippet.reload.title }
2017-08-17 22:00:37 +05:30
end
it 'creates a spam log' do
2017-09-10 17:25:29 +05:30
expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }
2019-12-21 20:55:43 +05:30
.to log_spam(title: 'Foo', user_id: user.id, noteable_type: 'ProjectSnippet')
2017-08-17 22:00:37 +05:30
end
2020-05-24 23:13:21 +05:30
it 'renders :edit with reCAPTCHA disabled' do
2017-08-17 22:00:37 +05:30
stub_application_setting(recaptcha_enabled: false)
update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC)
expect(response).to render_template(:edit)
end
2020-05-24 23:13:21 +05:30
context 'reCAPTCHA enabled' do
2017-08-17 22:00:37 +05:30
before do
stub_application_setting(recaptcha_enabled: true)
end
2020-05-24 23:13:21 +05:30
it 'renders :verify' do
2017-08-17 22:00:37 +05:30
update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC)
expect(response).to render_template(:verify)
end
2020-05-24 23:13:21 +05:30
it 'renders snippet page' do
2017-08-17 22:00:37 +05:30
spammy_title = 'Whatever'
spam_logs = create_list(:spam_log, 2, user: user, title: spammy_title)
snippet = update_snippet({ title: spammy_title, visibility_level: Snippet::PUBLIC },
{ spam_log_id: spam_logs.last.id,
recaptcha_verification: true })
2017-09-10 17:25:29 +05:30
expect(response).to redirect_to(project_snippet_path(project, snippet))
2017-08-17 22:00:37 +05:30
end
end
end
end
end
describe 'POST #mark_as_spam' do
let(:snippet) { create(:project_snippet, :private, project: project, author: user) }
before do
2020-03-13 15:44:24 +05:30
allow_next_instance_of(Spam::AkismetService) do |instance|
2019-12-26 22:10:19 +05:30
allow(instance).to receive_messages(submit_spam: true)
end
2017-08-17 22:00:37 +05:30
stub_application_setting(akismet_enabled: true)
end
def mark_as_spam
admin = create(:admin)
create(:user_agent_detail, subject: snippet)
2018-11-18 11:00:15 +05:30
project.add_maintainer(admin)
2017-08-17 22:00:37 +05:30
sign_in(admin)
post :mark_as_spam,
2019-02-15 15:39:39 +05:30
params: {
namespace_id: project.namespace,
project_id: project,
id: snippet.id
}
2017-08-17 22:00:37 +05:30
end
it 'updates the snippet' do
mark_as_spam
expect(snippet.reload).not_to be_submittable_as_spam
end
end
2020-04-08 14:13:33 +05:30
shared_examples 'successful response' do
it 'renders the snippet' do
subject
expect(assigns(:snippet)).to eq(project_snippet)
expect(response).to have_gitlab_http_status(:ok)
end
it 'renders the blob from the repository' do
subject
expect(assigns(:blob)).to eq(project_snippet.blobs.first)
end
end
2016-06-02 11:05:42 +05:30
%w[show raw].each do |action|
describe "GET ##{action}" do
context 'when the project snippet is private' do
2020-04-08 14:13:33 +05:30
let(:project_snippet) { create(:project_snippet, :private, :repository, project: project, author: user) }
subject { get action, params: { namespace_id: project.namespace, project_id: project, id: project_snippet.to_param } }
2016-06-02 11:05:42 +05:30
context 'when anonymous' do
it 'responds with status 404' do
2020-04-08 14:13:33 +05:30
subject
2016-06-02 11:05:42 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2016-06-02 11:05:42 +05:30
end
end
context 'when signed in as the author' do
2017-09-10 17:25:29 +05:30
before do
sign_in(user)
end
2016-06-02 11:05:42 +05:30
2020-04-08 14:13:33 +05:30
it_behaves_like 'successful response'
2016-06-02 11:05:42 +05:30
end
context 'when signed in as a project member' do
2017-09-10 17:25:29 +05:30
before do
sign_in(user2)
end
2016-06-02 11:05:42 +05:30
2020-04-08 14:13:33 +05:30
it_behaves_like 'successful response'
2016-06-02 11:05:42 +05:30
end
end
context 'when the project snippet does not exist' do
2020-04-08 14:13:33 +05:30
subject { get action, params: { namespace_id: project.namespace, project_id: project, id: 42 } }
2016-06-02 11:05:42 +05:30
context 'when anonymous' do
it 'responds with status 404' do
2020-04-08 14:13:33 +05:30
subject
2016-06-02 11:05:42 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2016-06-02 11:05:42 +05:30
end
end
context 'when signed in' do
2017-09-10 17:25:29 +05:30
before do
sign_in(user)
end
2016-06-02 11:05:42 +05:30
it 'responds with status 404' do
2020-04-08 14:13:33 +05:30
subject
2016-06-02 11:05:42 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2016-06-02 11:05:42 +05:30
end
end
end
end
end
2017-08-17 22:00:37 +05:30
2019-01-03 12:48:30 +05:30
describe "GET #show for embeddable content" do
2020-04-08 14:13:33 +05:30
let(:project_snippet) { create(:project_snippet, :repository, snippet_permission, project: project, author: user) }
2019-01-03 12:48:30 +05:30
before do
sign_in(user)
end
2020-04-08 14:13:33 +05:30
subject { get :show, params: { namespace_id: project.namespace, project_id: project, id: project_snippet.to_param }, format: :js }
2019-01-03 12:48:30 +05:30
context 'when snippet is private' do
let(:snippet_permission) { :private }
it 'responds with status 404' do
2020-04-08 14:13:33 +05:30
subject
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2019-01-03 12:48:30 +05:30
end
end
context 'when snippet is public' do
let(:snippet_permission) { :public }
2020-04-08 14:13:33 +05:30
it_behaves_like 'successful response'
2019-01-03 12:48:30 +05:30
end
context 'when the project is private' do
let(:project) { create(:project_empty_repo, :private) }
context 'when snippet is public' do
let(:project_snippet) { create(:project_snippet, :public, project: project, author: user) }
it 'responds with status 404' do
2020-04-08 14:13:33 +05:30
subject
2019-01-03 12:48:30 +05:30
expect(assigns(:snippet)).to eq(project_snippet)
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2019-01-03 12:48:30 +05:30
end
end
end
end
2017-08-17 22:00:37 +05:30
describe 'GET #raw' do
2020-04-22 19:07:51 +05:30
let(:inline) { nil }
let(:line_ending) { nil }
let(:params) do
{
namespace_id: project.namespace,
project_id: project,
id: project_snippet.to_param,
inline: inline,
line_ending: line_ending
}
2017-08-17 22:00:37 +05:30
end
2020-04-22 19:07:51 +05:30
subject { get :raw, params: params }
context 'when repository is empty' do
let(:content) { "first line\r\nsecond line\r\nthird line" }
let(:formatted_content) { content.gsub(/\r\n/, "\n") }
let(:project_snippet) do
create(
:project_snippet, :public, :empty_repo,
project: project,
author: user,
content: content
)
2017-08-17 22:00:37 +05:30
end
2020-04-22 19:07:51 +05:30
context 'CRLF line ending' do
before do
allow_next_instance_of(Blob) do |instance|
allow(instance).to receive(:data).and_return(content)
end
2020-04-08 14:13:33 +05:30
end
2020-04-22 19:07:51 +05:30
it 'returns LF line endings by default' do
subject
2017-08-17 22:00:37 +05:30
2020-04-22 19:07:51 +05:30
expect(response.body).to eq(formatted_content)
end
context 'when line_ending parameter present' do
let(:line_ending) { :raw }
it 'does not convert line endings' do
subject
expect(response.body).to eq(content)
end
end
2017-08-17 22:00:37 +05:30
end
2020-04-22 19:07:51 +05:30
end
2017-08-17 22:00:37 +05:30
2020-04-22 19:07:51 +05:30
context 'when repository is not empty' do
let(:project_snippet) do
create(
:project_snippet, :public, :repository,
project: project,
author: user
)
end
it 'sends the blob' do
subject
2017-08-17 22:00:37 +05:30
2020-04-22 19:07:51 +05:30
expect(response).to have_gitlab_http_status(:ok)
expect(response.header[Gitlab::Workhorse::SEND_DATA_HEADER]).to start_with('git-blob:')
expect(response.header[Gitlab::Workhorse::DETECT_HEADER]).to eq 'true'
2017-08-17 22:00:37 +05:30
end
2020-04-22 19:07:51 +05:30
it_behaves_like 'project cache control headers'
it_behaves_like 'content disposition headers'
2017-08-17 22:00:37 +05:30
end
end
2020-03-13 15:44:24 +05:30
describe 'DELETE #destroy' do
let!(:snippet) { create(:project_snippet, :private, project: project, author: user) }
let(:params) do
{
namespace_id: project.namespace.to_param,
project_id: project,
id: snippet.to_param
}
end
context 'when current user has ability to destroy the snippet' do
before do
sign_in(user)
end
it 'removes the snippet' do
delete :destroy, params: params
expect { snippet.reload }.to raise_error(ActiveRecord::RecordNotFound)
end
context 'when snippet is succesfuly destroyed' do
it 'redirects to the project snippets page' do
delete :destroy, params: params
expect(response).to redirect_to(project_snippets_path(project))
end
end
context 'when snippet is not destroyed' do
before do
allow(snippet).to receive(:destroy).and_return(false)
controller.instance_variable_set(:@snippet, snippet)
end
it 'renders the snippet page with errors' do
delete :destroy, params: params
expect(flash[:alert]).to eq('Failed to remove snippet.')
expect(response).to redirect_to(project_snippet_path(project, snippet))
end
end
end
context 'when current_user does not have ability to destroy the snippet' do
let(:another_user) { create(:user) }
before do
sign_in(another_user)
end
it 'responds with status 404' do
delete :destroy, params: params
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
2020-04-22 19:07:51 +05:30
describe 'GET #edit' do
it_behaves_like 'editing snippet checks blob is binary' do
let(:snippet) { create(:project_snippet, :private, project: project, author: user) }
let(:params) do
{
namespace_id: project.namespace,
project_id: project,
id: snippet
}
end
subject { get :edit, params: params }
end
end
2016-06-02 11:05:42 +05:30
end