debian-mirror-gitlab/spec/controllers/autocomplete_controller_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

528 lines
15 KiB
Ruby
Raw Normal View History

2019-07-31 22:56:46 +05:30
# frozen_string_literal: true
2015-04-26 12:48:37 +05:30
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe AutocompleteController do
2018-03-17 18:26:18 +05:30
let(:project) { create(:project) }
2022-04-04 11:22:00 +05:30
let(:user) { project.first_owner }
2015-04-26 12:48:37 +05:30
2017-08-17 22:00:37 +05:30
context 'GET users' do
2016-09-13 17:45:13 +05:30
let!(:user2) { create(:user) }
let!(:non_member) { create(:user) }
2015-04-26 12:48:37 +05:30
2016-09-13 17:45:13 +05:30
context 'project members' do
2015-09-11 14:41:01 +05:30
before do
2016-09-13 17:45:13 +05:30
sign_in(user)
2015-09-11 14:41:01 +05:30
end
2016-09-13 17:45:13 +05:30
describe 'GET #users with project ID' do
before do
2019-02-15 15:39:39 +05:30
get(:users, params: { project_id: project.id })
2016-09-13 17:45:13 +05:30
end
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
it 'returns the project members' do
expect(json_response).to be_kind_of(Array)
expect(json_response.size).to eq(1)
expect(json_response.map { |u| u["username"] }).to include(user.username)
end
2015-09-11 14:41:01 +05:30
end
2016-09-13 17:45:13 +05:30
describe 'GET #users with unknown project' do
before do
2019-02-15 15:39:39 +05:30
get(:users, params: { project_id: 'unknown' })
2016-09-13 17:45:13 +05:30
end
2015-04-26 12:48:37 +05:30
2020-03-13 15:44:24 +05:30
it { expect(response).to have_gitlab_http_status(:not_found) }
2016-09-13 17:45:13 +05:30
end
2015-09-11 14:41:01 +05:30
end
2016-09-13 17:45:13 +05:30
context 'group members' do
let(:group) { create(:group) }
2015-09-11 14:41:01 +05:30
before do
2016-09-13 17:45:13 +05:30
group.add_owner(user)
2018-03-17 18:26:18 +05:30
sign_in(user)
2015-09-11 14:41:01 +05:30
end
2015-04-26 12:48:37 +05:30
2016-09-13 17:45:13 +05:30
describe 'GET #users with group ID' do
before do
2019-02-15 15:39:39 +05:30
get(:users, params: { group_id: group.id })
2016-09-13 17:45:13 +05:30
end
2018-03-17 18:26:18 +05:30
it 'returns the group members' do
expect(json_response).to be_kind_of(Array)
expect(json_response.size).to eq(1)
expect(json_response.first["username"]).to eq user.username
end
2016-09-13 17:45:13 +05:30
end
describe 'GET #users with unknown group ID' do
before do
2019-02-15 15:39:39 +05:30
get(:users, params: { group_id: 'unknown' })
2016-09-13 17:45:13 +05:30
end
2020-03-13 15:44:24 +05:30
it { expect(response).to have_gitlab_http_status(:not_found) }
2016-09-13 17:45:13 +05:30
end
2015-09-11 14:41:01 +05:30
end
2016-09-13 17:45:13 +05:30
context 'non-member login for public project' do
2018-03-17 18:26:18 +05:30
let(:project) { create(:project, :public) }
2016-09-13 17:45:13 +05:30
2015-09-11 14:41:01 +05:30
before do
2016-09-13 17:45:13 +05:30
sign_in(non_member)
2015-09-11 14:41:01 +05:30
end
2016-09-13 17:45:13 +05:30
describe 'GET #users with project ID' do
before do
2019-02-15 15:39:39 +05:30
get(:users, params: { project_id: project.id, current_user: true })
2016-09-13 17:45:13 +05:30
end
2015-09-11 14:41:01 +05:30
2018-03-17 18:26:18 +05:30
it 'returns the project members and non-members' do
expect(json_response).to be_kind_of(Array)
expect(json_response.size).to eq(2)
expect(json_response.map { |u| u['username'] }).to include(user.username, non_member.username)
end
2016-09-13 17:45:13 +05:30
end
2015-04-26 12:48:37 +05:30
end
2016-09-13 17:45:13 +05:30
context 'all users' do
2015-09-11 14:41:01 +05:30
before do
2016-09-13 17:45:13 +05:30
sign_in(user)
get(:users)
2015-09-11 14:41:01 +05:30
end
2018-03-17 18:26:18 +05:30
it { expect(json_response).to be_kind_of(Array) }
it { expect(json_response.size).to eq User.count }
2015-09-11 14:41:01 +05:30
end
2015-04-26 12:48:37 +05:30
2017-09-10 17:25:29 +05:30
context 'user order' do
it 'shows exact matches first' do
reported_user = create(:user, username: 'reported_user', name: 'Doug')
user = create(:user, username: 'user', name: 'User')
user1 = create(:user, username: 'user1', name: 'Ian')
sign_in(user)
2019-02-15 15:39:39 +05:30
get(:users, params: { search: 'user' })
2017-09-10 17:25:29 +05:30
2018-03-17 18:26:18 +05:30
response_usernames = json_response.map { |user| user['username'] }
2017-09-10 17:25:29 +05:30
expect(response_usernames.take(3)).to match_array([user.username, reported_user.username, user1.username])
end
end
2017-08-17 22:00:37 +05:30
context 'limited users per page' do
before do
2020-03-13 15:44:24 +05:30
create_list(:user, 25)
2018-03-17 18:26:18 +05:30
2017-08-17 22:00:37 +05:30
sign_in(user)
2018-03-17 18:26:18 +05:30
get(:users)
2017-08-17 22:00:37 +05:30
end
2018-03-17 18:26:18 +05:30
it { expect(json_response).to be_kind_of(Array) }
it { expect(json_response.size).to eq(20) }
2017-08-17 22:00:37 +05:30
end
2016-09-13 17:45:13 +05:30
context 'unauthenticated user' do
let(:public_project) { create(:project, :public) }
2015-04-26 12:48:37 +05:30
2016-09-13 17:45:13 +05:30
describe 'GET #users with public project' do
before do
2017-08-17 22:00:37 +05:30
public_project.add_guest(user)
2019-02-15 15:39:39 +05:30
get(:users, params: { project_id: public_project.id })
2016-09-13 17:45:13 +05:30
end
2015-04-26 12:48:37 +05:30
2018-03-17 18:26:18 +05:30
it { expect(json_response).to be_kind_of(Array) }
it { expect(json_response.size).to eq 2 }
2016-09-13 17:45:13 +05:30
end
2015-09-11 14:41:01 +05:30
2016-09-13 17:45:13 +05:30
describe 'GET #users with project' do
before do
2019-02-15 15:39:39 +05:30
get(:users, params: { project_id: project.id })
2016-09-13 17:45:13 +05:30
end
2015-09-11 14:41:01 +05:30
2020-03-13 15:44:24 +05:30
it { expect(response).to have_gitlab_http_status(:not_found) }
2015-09-11 14:41:01 +05:30
end
2016-09-13 17:45:13 +05:30
describe 'GET #users with unknown project' do
before do
2019-02-15 15:39:39 +05:30
get(:users, params: { project_id: 'unknown' })
2016-09-13 17:45:13 +05:30
end
2015-09-11 14:41:01 +05:30
2020-03-13 15:44:24 +05:30
it { expect(response).to have_gitlab_http_status(:not_found) }
2015-09-11 14:41:01 +05:30
end
2016-09-13 17:45:13 +05:30
describe 'GET #users with inaccessible group' do
before do
2017-08-17 22:00:37 +05:30
project.add_guest(user)
2019-02-15 15:39:39 +05:30
get(:users, params: { group_id: user.namespace.id })
2016-09-13 17:45:13 +05:30
end
2015-09-11 14:41:01 +05:30
2020-03-13 15:44:24 +05:30
it { expect(response).to have_gitlab_http_status(:not_found) }
2015-09-11 14:41:01 +05:30
end
2016-09-13 17:45:13 +05:30
describe 'GET #users with no project' do
before do
get(:users)
end
2018-03-17 18:26:18 +05:30
it { expect(json_response).to be_kind_of(Array) }
it { expect(json_response).to be_empty }
2016-09-13 17:45:13 +05:30
end
2015-09-11 14:41:01 +05:30
2017-08-17 22:00:37 +05:30
describe 'GET #users with todo filter' do
it 'gives an array of users' do
2019-02-15 15:39:39 +05:30
get :users, params: { todo_filter: true }
2017-08-17 22:00:37 +05:30
2020-04-22 19:07:51 +05:30
expect(response).to have_gitlab_http_status(:ok)
2018-03-17 18:26:18 +05:30
expect(json_response).to be_kind_of(Array)
2017-08-17 22:00:37 +05:30
end
2015-09-11 14:41:01 +05:30
end
2017-08-17 22:00:37 +05:30
end
2015-09-11 14:41:01 +05:30
2017-08-17 22:00:37 +05:30
context 'author of issuable included' do
context 'authenticated' do
before do
sign_in(user)
end
2016-09-13 17:45:13 +05:30
2017-08-17 22:00:37 +05:30
it 'includes the author' do
2019-02-15 15:39:39 +05:30
get(:users, params: { author_id: non_member.id })
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(json_response.first["username"]).to eq non_member.username
2017-08-17 22:00:37 +05:30
end
it 'rejects non existent user ids' do
2020-04-22 19:07:51 +05:30
get(:users, params: { author_id: non_existing_record_id })
2017-08-17 22:00:37 +05:30
2020-04-22 19:07:51 +05:30
expect(json_response.collect { |u| u['id'] }).not_to include(non_existing_record_id)
2017-08-17 22:00:37 +05:30
end
2015-09-11 14:41:01 +05:30
end
2017-08-17 22:00:37 +05:30
context 'without authenticating' do
it 'returns empty result' do
2019-02-15 15:39:39 +05:30
get(:users, params: { author_id: non_member.id })
2016-09-13 17:45:13 +05:30
2018-03-17 18:26:18 +05:30
expect(json_response).to be_empty
2017-08-17 22:00:37 +05:30
end
2016-09-13 17:45:13 +05:30
end
end
context 'skip_users parameter included' do
2017-09-10 17:25:29 +05:30
before do
sign_in(user)
end
2016-09-13 17:45:13 +05:30
it 'skips the user IDs passed' do
2019-02-15 15:39:39 +05:30
get(:users, params: { skip_users: [user, user2].map(&:id) })
2016-09-13 17:45:13 +05:30
2018-03-17 18:26:18 +05:30
response_user_ids = json_response.map { |user| user['id'] }
2016-09-13 17:45:13 +05:30
2018-03-17 18:26:18 +05:30
expect(response_user_ids).to contain_exactly(non_member.id)
2016-09-13 17:45:13 +05:30
end
2015-09-11 14:41:01 +05:30
end
2019-10-12 21:52:04 +05:30
context 'merge_request_iid parameter included' do
before do
sign_in(user)
end
it 'includes can_merge option to users' do
merge_request = create(:merge_request, source_project: project)
get(:users, params: { merge_request_iid: merge_request.iid, project_id: project.id })
expect(json_response.first).to have_key('can_merge')
end
end
2022-03-02 08:16:31 +05:30
2022-05-07 20:08:51 +05:30
it_behaves_like 'rate limited endpoint', rate_limit_key: :search_rate_limit do
2022-03-02 08:16:31 +05:30
let(:current_user) { user }
def request
get(:users, params: { search: 'foo@bar.com' })
end
before do
sign_in(current_user)
end
end
2015-04-26 12:48:37 +05:30
end
2016-06-02 11:05:42 +05:30
2017-08-17 22:00:37 +05:30
context 'GET projects' do
2016-09-13 17:45:13 +05:30
let(:authorized_project) { create(:project) }
let(:authorized_search_project) { create(:project, name: 'rugged') }
2016-06-02 11:05:42 +05:30
before do
sign_in(user)
2018-11-18 11:00:15 +05:30
project.add_maintainer(user)
2016-06-02 11:05:42 +05:30
end
2016-09-13 17:45:13 +05:30
context 'authorized projects' do
before do
2018-11-18 11:00:15 +05:30
authorized_project.add_maintainer(user)
2016-09-13 17:45:13 +05:30
end
describe 'GET #projects with project ID' do
before do
2019-02-15 15:39:39 +05:30
get(:projects, params: { project_id: project.id })
2016-09-13 17:45:13 +05:30
end
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
it 'returns projects' do
expect(json_response).to be_kind_of(Array)
expect(json_response.size).to eq(1)
2016-09-13 17:45:13 +05:30
2018-03-17 18:26:18 +05:30
expect(json_response.first['id']).to eq authorized_project.id
2018-03-27 19:54:05 +05:30
expect(json_response.first['name_with_namespace']).to eq authorized_project.full_name
2016-09-13 17:45:13 +05:30
end
end
2016-06-02 11:05:42 +05:30
end
2016-09-13 17:45:13 +05:30
context 'authorized projects and search' do
before do
2018-11-18 11:00:15 +05:30
authorized_project.add_maintainer(user)
authorized_search_project.add_maintainer(user)
2016-09-13 17:45:13 +05:30
end
describe 'GET #projects with project ID and search' do
before do
2019-02-15 15:39:39 +05:30
get(:projects, params: { project_id: project.id, search: 'rugged' })
2016-09-13 17:45:13 +05:30
end
2018-03-17 18:26:18 +05:30
it 'returns projects' do
expect(json_response).to be_kind_of(Array)
expect(json_response.size).to eq(1)
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(json_response.first['id']).to eq authorized_search_project.id
2018-03-27 19:54:05 +05:30
expect(json_response.first['name_with_namespace']).to eq authorized_search_project.full_name
2016-09-13 17:45:13 +05:30
end
end
end
2016-09-29 09:46:39 +05:30
context 'authorized projects apply limit' do
before do
2018-11-20 20:47:30 +05:30
allow(Kaminari.config).to receive(:default_per_page).and_return(2)
2016-09-29 09:46:39 +05:30
2018-11-20 20:47:30 +05:30
create_list(:project, 2) do |project|
project.add_maintainer(user)
end
2016-09-29 09:46:39 +05:30
end
describe 'GET #projects with project ID' do
before do
2019-02-15 15:39:39 +05:30
get(:projects, params: { project_id: project.id })
2016-09-29 09:46:39 +05:30
end
2018-03-17 18:26:18 +05:30
it 'returns projects' do
expect(json_response).to be_kind_of(Array)
2018-11-20 20:47:30 +05:30
expect(json_response.size).to eq(Kaminari.config.default_per_page)
2016-09-29 09:46:39 +05:30
end
end
end
2016-09-13 17:45:13 +05:30
context 'authorized projects without admin_issue ability' do
2018-03-17 18:26:18 +05:30
before do
2017-08-17 22:00:37 +05:30
authorized_project.add_guest(user)
2016-09-13 17:45:13 +05:30
expect(user.can?(:admin_issue, authorized_project)).to eq(false)
end
describe 'GET #projects with project ID' do
before do
2019-02-15 15:39:39 +05:30
get(:projects, params: { project_id: project.id })
2016-09-13 17:45:13 +05:30
end
2018-03-17 18:26:18 +05:30
it 'returns no projects' do
expect(json_response).to be_kind_of(Array)
expect(json_response.size).to eq(0)
end
end
end
end
2016-09-13 17:45:13 +05:30
2018-03-17 18:26:18 +05:30
context 'GET award_emojis' do
let(:user2) { create(:user) }
let!(:award_emoji1) { create_list(:award_emoji, 2, user: user, name: 'thumbsup') }
let!(:award_emoji2) { create_list(:award_emoji, 1, user: user, name: 'thumbsdown') }
let!(:award_emoji3) { create_list(:award_emoji, 3, user: user, name: 'star') }
let!(:award_emoji4) { create_list(:award_emoji, 1, user: user, name: 'tea') }
2016-09-13 17:45:13 +05:30
2018-03-17 18:26:18 +05:30
context 'unauthorized user' do
it 'returns empty json' do
get :award_emojis
expect(json_response).to be_empty
end
end
context 'sign in as user without award emoji' do
it 'returns empty json' do
sign_in(user2)
get :award_emojis
expect(json_response).to be_empty
end
end
context 'sign in as user with award emoji' do
it 'returns json sorted by name count' do
sign_in(user)
get :award_emojis
expect(json_response.count).to eq 4
expect(json_response[0]).to match('name' => 'star')
expect(json_response[1]).to match('name' => 'thumbsup')
expect(json_response[2]).to match('name' => 'tea')
expect(json_response[3]).to match('name' => 'thumbsdown')
2016-09-13 17:45:13 +05:30
end
2016-06-02 11:05:42 +05:30
end
2020-01-01 13:55:28 +05:30
end
2019-07-07 11:18:12 +05:30
2020-07-28 23:09:34 +05:30
context 'GET deploy_keys_with_owners' do
2022-07-29 17:44:30 +05:30
let_it_be(:public_project) { create(:project, :public) }
let_it_be(:user) { create(:user) }
let_it_be(:deploy_key) { create(:deploy_key, user: user) }
let_it_be(:deploy_keys_project) do
create(:deploy_keys_project, :write_access, project: public_project, deploy_key: deploy_key)
end
2020-07-28 23:09:34 +05:30
context 'unauthorized user' do
it 'returns a not found response' do
2022-07-29 17:44:30 +05:30
get(:deploy_keys_with_owners, params: { project_id: public_project.id })
2020-07-28 23:09:34 +05:30
expect(response).to have_gitlab_http_status(:redirect)
end
end
2022-07-29 17:44:30 +05:30
context 'when the user is logged in' do
2020-07-28 23:09:34 +05:30
before do
sign_in(user)
end
2022-07-29 17:44:30 +05:30
context 'with a non-existing project' do
2020-07-28 23:09:34 +05:30
it 'returns a not found response' do
get(:deploy_keys_with_owners, params: { project_id: 9999 })
expect(response).to have_gitlab_http_status(:not_found)
end
end
2022-07-29 17:44:30 +05:30
context 'with an existing project' do
context 'when user cannot admin project' do
it 'returns a forbidden response' do
get(:deploy_keys_with_owners, params: { project_id: public_project.id })
2020-07-28 23:09:34 +05:30
2022-07-29 17:44:30 +05:30
expect(response).to have_gitlab_http_status(:forbidden)
end
end
2020-07-28 23:09:34 +05:30
2022-07-29 17:44:30 +05:30
context 'when user can admin project' do
before do
public_project.add_maintainer(user)
end
context 'and user can read owner of key' do
it 'renders the deploy keys in a json payload, with owner' do
get(:deploy_keys_with_owners, params: { project_id: public_project.id })
expect(json_response.count).to eq(1)
expect(json_response.first['title']).to eq(deploy_key.title)
expect(json_response.first['owner']['id']).to eq(deploy_key.user.id)
expect(json_response.first['deploy_keys_projects']).to be_nil
end
end
context 'and user cannot read owner of key' do
before do
allow(Ability).to receive(:allowed?).and_call_original
allow(Ability).to receive(:allowed?).with(user, :read_user, deploy_key.user).and_return(false)
end
it 'returns a payload without owner' do
get(:deploy_keys_with_owners, params: { project_id: public_project.id })
expect(json_response.count).to eq(1)
expect(json_response.first['title']).to eq(deploy_key.title)
expect(json_response.first['owner']).to be_nil
expect(json_response.first['deploy_keys_projects']).to be_nil
end
end
2020-07-28 23:09:34 +05:30
end
end
end
end
2020-01-01 13:55:28 +05:30
context 'Get merge_request_target_branches' do
let!(:merge_request) { create(:merge_request, source_project: project, target_branch: 'feature') }
2019-07-07 11:18:12 +05:30
2020-01-01 13:55:28 +05:30
context 'anonymous user' do
it 'returns empty json' do
get :merge_request_target_branches, params: { project_id: project.id }
2019-07-07 11:18:12 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2020-01-01 13:55:28 +05:30
expect(json_response).to be_empty
2019-07-07 11:18:12 +05:30
end
2020-01-01 13:55:28 +05:30
end
2019-07-07 11:18:12 +05:30
2020-01-01 13:55:28 +05:30
context 'user without any accessible merge requests' do
it 'returns empty json' do
sign_in(create(:user))
2019-07-07 11:18:12 +05:30
2020-01-01 13:55:28 +05:30
get :merge_request_target_branches, params: { project_id: project.id }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2020-01-01 13:55:28 +05:30
expect(json_response).to be_empty
2019-07-07 11:18:12 +05:30
end
2020-01-01 13:55:28 +05:30
end
2019-07-07 11:18:12 +05:30
2020-01-01 13:55:28 +05:30
context 'user with an accessible merge request but no scope' do
where(
params: [
{},
{ group_id: ' ' },
{ project_id: ' ' },
{ group_id: ' ', project_id: ' ' }
]
)
with_them do
it 'returns an error' do
2019-07-07 11:18:12 +05:30
sign_in(user)
2020-01-01 13:55:28 +05:30
get :merge_request_target_branches, params: params
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:bad_request)
2020-01-01 13:55:28 +05:30
expect(json_response).to eq({ 'error' => 'At least one of group_id or project_id must be specified' })
2019-07-07 11:18:12 +05:30
end
end
end
2020-01-01 13:55:28 +05:30
context 'user with an accessible merge request by project' do
it 'returns json' do
sign_in(user)
get :merge_request_target_branches, params: { project_id: project.id }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2020-01-01 13:55:28 +05:30
expect(json_response).to contain_exactly({ 'title' => 'feature' })
end
end
context 'user with an accessible merge request by group' do
let(:group) { create(:group) }
let(:project) { create(:project, namespace: group) }
let(:user) { create(:user) }
it 'returns json' do
group.add_owner(user)
sign_in(user)
get :merge_request_target_branches, params: { group_id: group.id }
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:ok)
2020-01-01 13:55:28 +05:30
expect(json_response).to contain_exactly({ 'title' => 'feature' })
end
end
2016-06-02 11:05:42 +05:30
end
2015-04-26 12:48:37 +05:30
end