debian-mirror-gitlab/spec/requests/api/groups_spec.rb

986 lines
34 KiB
Ruby
Raw Normal View History

2014-09-02 18:07:02 +05:30
require 'spec_helper'
2017-08-17 22:00:37 +05:30
describe API::Groups do
include UploadHelpers
2014-09-02 18:07:02 +05:30
2015-09-11 14:41:01 +05:30
let(:user1) { create(:user, can_create_group: false) }
2014-09-02 18:07:02 +05:30
let(:user2) { create(:user) }
2015-09-11 14:41:01 +05:30
let(:user3) { create(:user) }
2014-09-02 18:07:02 +05:30
let(:admin) { create(:admin) }
2017-08-17 22:00:37 +05:30
let!(:group1) { create(:group, avatar: File.open(uploaded_image_temp_path)) }
2016-06-02 11:05:42 +05:30
let!(:group2) { create(:group, :private) }
2017-09-10 17:25:29 +05:30
let!(:project1) { create(:project, namespace: group1) }
let!(:project2) { create(:project, namespace: group2) }
let!(:project3) { create(:project, namespace: group1, path: 'test', visibility_level: Gitlab::VisibilityLevel::PRIVATE) }
2014-09-02 18:07:02 +05:30
before do
group1.add_owner(user1)
group2.add_owner(user2)
end
describe "GET /groups" do
context "when unauthenticated" do
2018-03-17 18:26:18 +05:30
it "returns public groups" do
2014-09-02 18:07:02 +05:30
get api("/groups")
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
expect(json_response)
.to satisfy_one { |group| group['name'] == group1.name }
end
it 'avoids N+1 queries' do
# Establish baseline
get api("/groups", admin)
control = ActiveRecord::QueryRecorder.new do
get api("/groups", admin)
end
create(:group)
expect do
get api("/groups", admin)
end.not_to exceed_query_limit(control)
2014-09-02 18:07:02 +05:30
end
end
context "when authenticated as user" do
2016-09-13 17:45:13 +05:30
it "normal user: returns an array of groups of user1" do
2014-09-02 18:07:02 +05:30
get api("/groups", user1)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
2015-04-26 12:48:37 +05:30
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
2017-08-17 22:00:37 +05:30
expect(json_response)
.to satisfy_one { |group| group['name'] == group1.name }
end
it "does not include statistics" do
2019-02-15 15:39:39 +05:30
get api("/groups", user1), params: { statistics: true }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.first).not_to include 'statistics'
2014-09-02 18:07:02 +05:30
end
end
2017-08-17 22:00:37 +05:30
context "when authenticated as admin" do
2016-09-13 17:45:13 +05:30
it "admin: returns an array of all groups" do
2014-09-02 18:07:02 +05:30
get api("/groups", admin)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
2015-04-26 12:48:37 +05:30
expect(json_response).to be_an Array
expect(json_response.length).to eq(2)
2014-09-02 18:07:02 +05:30
end
2017-08-17 22:00:37 +05:30
it "does not include statistics by default" do
get api("/groups", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.first).not_to include('statistics')
end
it "includes statistics if requested" do
attributes = {
2019-09-04 21:01:54 +05:30
storage_size: 1158,
2017-08-17 22:00:37 +05:30
repository_size: 123,
2019-09-04 21:01:54 +05:30
wiki_size: 456,
2017-08-17 22:00:37 +05:30
lfs_objects_size: 234,
2017-09-10 17:25:29 +05:30
build_artifacts_size: 345
2017-08-17 22:00:37 +05:30
}.stringify_keys
exposed_attributes = attributes.dup
exposed_attributes['job_artifacts_size'] = exposed_attributes.delete('build_artifacts_size')
project1.statistics.update!(attributes)
2019-02-15 15:39:39 +05:30
get api("/groups", admin), params: { statistics: true }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response)
.to satisfy_one { |group| group['statistics'] == exposed_attributes }
end
2014-09-02 18:07:02 +05:30
end
2016-11-03 12:29:30 +05:30
context "when using skip_groups in request" do
it "returns all groups excluding skipped groups" do
2019-02-15 15:39:39 +05:30
get api("/groups", admin), params: { skip_groups: [group2.id] }
2016-11-03 12:29:30 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
2016-11-03 12:29:30 +05:30
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
end
end
2017-08-17 22:00:37 +05:30
context "when using all_available in request" do
let(:response_groups) { json_response.map { |group| group['name'] } }
it "returns all groups you have access to" do
public_group = create :group, :public
2019-02-15 15:39:39 +05:30
get api("/groups", user1), params: { all_available: true }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(response_groups).to contain_exactly(public_group.name, group1.name)
end
end
context "when using sorting" do
let(:group3) { create(:group, name: "a#{group1.name}", path: "z#{group1.path}") }
2018-11-08 19:23:39 +05:30
let(:group4) { create(:group, name: "same-name", path: "y#{group1.path}") }
let(:group5) { create(:group, name: "same-name") }
2017-08-17 22:00:37 +05:30
let(:response_groups) { json_response.map { |group| group['name'] } }
2018-11-08 19:23:39 +05:30
let(:response_groups_ids) { json_response.map { |group| group['id'] } }
2017-08-17 22:00:37 +05:30
before do
group3.add_owner(user1)
2018-11-08 19:23:39 +05:30
group4.add_owner(user1)
group5.add_owner(user1)
2017-08-17 22:00:37 +05:30
end
it "sorts by name ascending by default" do
get api("/groups", user1)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
2018-11-08 19:23:39 +05:30
expect(response_groups).to eq(groups_visible_to_user(user1).order(:name).pluck(:name))
2017-08-17 22:00:37 +05:30
end
it "sorts in descending order when passed" do
2019-02-15 15:39:39 +05:30
get api("/groups", user1), params: { sort: "desc" }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
2018-11-08 19:23:39 +05:30
expect(response_groups).to eq(groups_visible_to_user(user1).order(name: :desc).pluck(:name))
2017-08-17 22:00:37 +05:30
end
2018-11-08 19:23:39 +05:30
it "sorts by path in order_by param" do
2019-02-15 15:39:39 +05:30
get api("/groups", user1), params: { order_by: "path" }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
2018-11-08 19:23:39 +05:30
expect(response_groups).to eq(groups_visible_to_user(user1).order(:path).pluck(:name))
end
it "sorts by id in the order_by param" do
2019-02-15 15:39:39 +05:30
get api("/groups", user1), params: { order_by: "id" }
2018-11-08 19:23:39 +05:30
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(response_groups).to eq(groups_visible_to_user(user1).order(:id).pluck(:name))
end
it "sorts also by descending id with pagination fix" do
2019-02-15 15:39:39 +05:30
get api("/groups", user1), params: { order_by: "id", sort: "desc" }
2018-11-08 19:23:39 +05:30
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(response_groups).to eq(groups_visible_to_user(user1).order(id: :desc).pluck(:name))
end
it "sorts identical keys by id for good pagination" do
2019-02-15 15:39:39 +05:30
get api("/groups", user1), params: { search: "same-name", order_by: "name" }
2018-11-08 19:23:39 +05:30
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(response_groups_ids).to eq(Group.select { |group| group['name'] == 'same-name' }.map { |group| group['id'] }.sort)
end
it "sorts descending identical keys by id for good pagination" do
2019-02-15 15:39:39 +05:30
get api("/groups", user1), params: { search: "same-name", order_by: "name", sort: "desc" }
2018-11-08 19:23:39 +05:30
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(response_groups_ids).to eq(Group.select { |group| group['name'] == 'same-name' }.map { |group| group['id'] }.sort)
end
def groups_visible_to_user(user)
Group.where(id: user.authorized_groups.select(:id).reorder(nil))
2017-08-17 22:00:37 +05:30
end
end
context 'when using owned in the request' do
it 'returns an array of groups the user owns' do
2018-11-18 11:00:15 +05:30
group1.add_maintainer(user2)
2018-03-17 18:26:18 +05:30
2019-02-15 15:39:39 +05:30
get api('/groups', user2), params: { owned: true }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
2018-03-17 18:26:18 +05:30
expect(json_response.length).to eq(1)
2017-08-17 22:00:37 +05:30
expect(json_response.first['name']).to eq(group2.name)
end
end
2018-11-18 11:00:15 +05:30
context 'when using min_access_level in the request' do
let!(:group3) { create(:group, :private) }
let(:response_groups) { json_response.map { |group| group['id'] } }
before do
group1.add_developer(user2)
group3.add_master(user2)
end
it 'returns an array of groups the user has at least master access' do
2019-02-15 15:39:39 +05:30
get api('/groups', user2), params: { min_access_level: 40 }
2018-11-18 11:00:15 +05:30
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(response_groups).to eq([group2.id, group3.id])
end
end
2014-09-02 18:07:02 +05:30
end
describe "GET /groups/:id" do
2018-03-17 18:26:18 +05:30
# Given a group, create one project for each visibility level
#
# group - Group to add projects to
# share_with - If provided, each project will be shared with this Group
#
# Returns a Hash of visibility_level => Project pairs
def add_projects_to_group(group, share_with: nil)
projects = {
public: create(:project, :public, namespace: group),
internal: create(:project, :internal, namespace: group),
private: create(:project, :private, namespace: group)
}
if share_with
create(:project_group_link, project: projects[:public], group: share_with)
create(:project_group_link, project: projects[:internal], group: share_with)
create(:project_group_link, project: projects[:private], group: share_with)
end
projects
end
2018-11-18 11:00:15 +05:30
def response_project_ids(json_response, key)
json_response[key].map do |project|
project['id'].to_i
end
end
2018-03-17 18:26:18 +05:30
context 'when unauthenticated' do
it 'returns 404 for a private group' do
get api("/groups/#{group2.id}")
2018-11-18 11:00:15 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
end
it 'returns 200 for a public group' do
get api("/groups/#{group1.id}")
2018-11-18 11:00:15 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
end
it 'returns only public projects in the group' do
public_group = create(:group, :public)
projects = add_projects_to_group(public_group)
get api("/groups/#{public_group.id}")
2018-11-18 11:00:15 +05:30
expect(response_project_ids(json_response, 'projects'))
2018-03-17 18:26:18 +05:30
.to contain_exactly(projects[:public].id)
end
it 'returns only public projects shared with the group' do
public_group = create(:group, :public)
projects = add_projects_to_group(public_group, share_with: group1)
get api("/groups/#{group1.id}")
2018-11-18 11:00:15 +05:30
expect(response_project_ids(json_response, 'shared_projects'))
2018-03-17 18:26:18 +05:30
.to contain_exactly(projects[:public].id)
end
end
2014-09-02 18:07:02 +05:30
context "when authenticated as user" do
2016-08-24 12:49:21 +05:30
it "returns one of user1's groups" do
2017-09-10 17:25:29 +05:30
project = create(:project, namespace: group2, path: 'Foo')
2016-08-24 12:49:21 +05:30
create(:project_group_link, project: project, group: group1)
2014-09-02 18:07:02 +05:30
get api("/groups/#{group1.id}", user1)
2016-08-24 12:49:21 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2016-08-24 12:49:21 +05:30
expect(json_response['id']).to eq(group1.id)
expect(json_response['name']).to eq(group1.name)
expect(json_response['path']).to eq(group1.path)
expect(json_response['description']).to eq(group1.description)
2017-08-17 22:00:37 +05:30
expect(json_response['visibility']).to eq(Gitlab::VisibilityLevel.string_level(group1.visibility_level))
2017-09-10 17:25:29 +05:30
expect(json_response['avatar_url']).to eq(group1.avatar_url(only_path: false))
2016-08-24 12:49:21 +05:30
expect(json_response['web_url']).to eq(group1.web_url)
2017-08-17 22:00:37 +05:30
expect(json_response['request_access_enabled']).to eq(group1.request_access_enabled)
expect(json_response['full_name']).to eq(group1.full_name)
expect(json_response['full_path']).to eq(group1.full_path)
expect(json_response['parent_id']).to eq(group1.parent_id)
2016-08-24 12:49:21 +05:30
expect(json_response['projects']).to be_an Array
expect(json_response['projects'].length).to eq(2)
expect(json_response['shared_projects']).to be_an Array
expect(json_response['shared_projects'].length).to eq(1)
expect(json_response['shared_projects'][0]['id']).to eq(project.id)
2014-09-02 18:07:02 +05:30
end
2018-11-18 11:00:15 +05:30
it "returns one of user1's groups without projects when with_projects option is set to false" do
project = create(:project, namespace: group2, path: 'Foo')
create(:project_group_link, project: project, group: group1)
2019-02-15 15:39:39 +05:30
get api("/groups/#{group1.id}", user1), params: { with_projects: false }
2018-11-18 11:00:15 +05:30
expect(response).to have_gitlab_http_status(200)
expect(json_response['projects']).to be_nil
expect(json_response['shared_projects']).to be_nil
end
2016-09-13 17:45:13 +05:30
it "does not return a non existing group" do
2014-09-02 18:07:02 +05:30
get api("/groups/1328", user1)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2014-09-02 18:07:02 +05:30
end
2016-09-13 17:45:13 +05:30
it "does not return a group not attached to user1" do
2014-09-02 18:07:02 +05:30
get api("/groups/#{group2.id}", user1)
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
end
it 'returns only public and internal projects in the group' do
public_group = create(:group, :public)
projects = add_projects_to_group(public_group)
get api("/groups/#{public_group.id}", user2)
2018-11-18 11:00:15 +05:30
expect(response_project_ids(json_response, 'projects'))
2018-03-17 18:26:18 +05:30
.to contain_exactly(projects[:public].id, projects[:internal].id)
end
it 'returns only public and internal projects shared with the group' do
public_group = create(:group, :public)
projects = add_projects_to_group(public_group, share_with: group1)
get api("/groups/#{group1.id}", user2)
2018-11-18 11:00:15 +05:30
expect(response_project_ids(json_response, 'shared_projects'))
2018-03-17 18:26:18 +05:30
.to contain_exactly(projects[:public].id, projects[:internal].id)
2014-09-02 18:07:02 +05:30
end
2019-03-02 22:35:43 +05:30
it 'avoids N+1 queries' do
get api("/groups/#{group1.id}", admin)
control_count = ActiveRecord::QueryRecorder.new do
get api("/groups/#{group1.id}", admin)
end.count
create(:project, namespace: group1)
expect do
get api("/groups/#{group1.id}", admin)
end.not_to exceed_query_limit(control_count)
end
2014-09-02 18:07:02 +05:30
end
context "when authenticated as admin" do
2016-09-13 17:45:13 +05:30
it "returns any existing group" do
2014-09-02 18:07:02 +05:30
get api("/groups/#{group2.id}", admin)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2015-12-23 02:04:40 +05:30
expect(json_response['name']).to eq(group2.name)
2014-09-02 18:07:02 +05:30
end
2016-09-13 17:45:13 +05:30
it "does not return a non existing group" do
2014-09-02 18:07:02 +05:30
get api("/groups/1328", admin)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2015-04-26 12:48:37 +05:30
end
end
context 'when using group path in URL' do
2016-09-13 17:45:13 +05:30
it 'returns any existing group' do
2015-04-26 12:48:37 +05:30
get api("/groups/#{group1.path}", admin)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2015-12-23 02:04:40 +05:30
expect(json_response['name']).to eq(group1.name)
2015-04-26 12:48:37 +05:30
end
2016-09-13 17:45:13 +05:30
it 'does not return a non existing group' do
2015-04-26 12:48:37 +05:30
get api('/groups/unknown', admin)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2015-04-26 12:48:37 +05:30
end
2016-09-13 17:45:13 +05:30
it 'does not return a group not attached to user1' do
2015-04-26 12:48:37 +05:30
get api("/groups/#{group2.path}", user1)
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2016-06-02 11:05:42 +05:30
end
end
end
describe 'PUT /groups/:id' do
let(:new_group_name) { 'New Group'}
context 'when authenticated as the group owner' do
it 'updates the group' do
2019-02-15 15:39:39 +05:30
put api("/groups/#{group1.id}", user1), params: { name: new_group_name, request_access_enabled: true }
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2016-06-02 11:05:42 +05:30
expect(json_response['name']).to eq(new_group_name)
2016-09-29 09:46:39 +05:30
expect(json_response['request_access_enabled']).to eq(true)
2016-06-02 11:05:42 +05:30
end
it 'returns 404 for a non existing group' do
2019-02-15 15:39:39 +05:30
put api('/groups/1328', user1), params: { name: new_group_name }
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2016-06-02 11:05:42 +05:30
end
end
context 'when authenticated as the admin' do
it 'updates the group' do
2019-02-15 15:39:39 +05:30
put api("/groups/#{group1.id}", admin), params: { name: new_group_name }
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2016-06-02 11:05:42 +05:30
expect(json_response['name']).to eq(new_group_name)
end
end
context 'when authenticated as an user that can see the group' do
it 'does not updates the group' do
2019-02-15 15:39:39 +05:30
put api("/groups/#{group1.id}", user2), params: { name: new_group_name }
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(403)
2014-09-02 18:07:02 +05:30
end
end
2016-06-02 11:05:42 +05:30
context 'when authenticated as an user that cannot see the group' do
it 'returns 404 when trying to update the group' do
2019-02-15 15:39:39 +05:30
put api("/groups/#{group2.id}", user1), params: { name: new_group_name }
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2016-06-02 11:05:42 +05:30
end
end
2014-09-02 18:07:02 +05:30
end
2015-12-23 02:04:40 +05:30
describe "GET /groups/:id/projects" do
context "when authenticated as user" do
2016-09-13 17:45:13 +05:30
it "returns the group's projects" do
2015-12-23 02:04:40 +05:30
get api("/groups/#{group1.id}/projects", user1)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response.length).to eq(2)
project_names = json_response.map { |proj| proj['name'] }
expect(project_names).to match_array([project1.name, project3.name])
expect(json_response.first['visibility']).to be_present
end
it "returns the group's projects with simple representation" do
2019-02-15 15:39:39 +05:30
get api("/groups/#{group1.id}/projects", user1), params: { simple: true }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response.length).to eq(2)
2017-08-17 22:00:37 +05:30
project_names = json_response.map { |proj| proj['name'] }
expect(project_names).to match_array([project1.name, project3.name])
2017-08-17 22:00:37 +05:30
expect(json_response.first['visibility']).not_to be_present
end
2019-02-15 15:39:39 +05:30
it "filters the groups projects" do
2017-09-10 17:25:29 +05:30
public_project = create(:project, :public, path: 'test1', group: group1)
2017-08-17 22:00:37 +05:30
2019-02-15 15:39:39 +05:30
get api("/groups/#{group1.id}/projects", user1), params: { visibility: 'public' }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an(Array)
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(public_project.name)
2015-12-23 02:04:40 +05:30
end
2019-02-15 15:39:39 +05:30
it "returns projects excluding shared" do
create(:project_group_link, project: create(:project), group: group1)
create(:project_group_link, project: create(:project), group: group1)
create(:project_group_link, project: create(:project), group: group1)
get api("/groups/#{group1.id}/projects", user1), params: { with_shared: false }
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an(Array)
expect(json_response.length).to eq(2)
end
it "returns projects including those in subgroups", :nested_groups do
subgroup = create(:group, parent: group1)
create(:project, group: subgroup)
create(:project, group: subgroup)
get api("/groups/#{group1.id}/projects", user1), params: { include_subgroups: true }
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an(Array)
expect(json_response.length).to eq(4)
end
2016-09-13 17:45:13 +05:30
it "does not return a non existing group" do
2015-12-23 02:04:40 +05:30
get api("/groups/1328/projects", user1)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2015-12-23 02:04:40 +05:30
end
2016-09-13 17:45:13 +05:30
it "does not return a group not attached to user1" do
2015-12-23 02:04:40 +05:30
get api("/groups/#{group2.id}/projects", user1)
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2015-12-23 02:04:40 +05:30
end
2017-08-17 22:00:37 +05:30
it "only returns projects to which user has access" do
2018-03-17 18:26:18 +05:30
project3.add_developer(user3)
get api("/groups/#{group1.id}/projects", user3)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(project3.name)
end
2017-08-17 22:00:37 +05:30
it 'only returns the projects owned by user' do
project2.group.add_owner(user3)
2019-02-15 15:39:39 +05:30
get api("/groups/#{project2.group.id}/projects", user3), params: { owned: true }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(project2.name)
end
it 'only returns the projects starred by user' do
user1.starred_projects = [project1]
2019-02-15 15:39:39 +05:30
get api("/groups/#{group1.id}/projects", user1), params: { starred: true }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(project1.name)
end
2015-12-23 02:04:40 +05:30
end
context "when authenticated as admin" do
2017-08-17 22:00:37 +05:30
it "returns any existing group" do
2015-12-23 02:04:40 +05:30
get api("/groups/#{group2.id}/projects", admin)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
2015-12-23 02:04:40 +05:30
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(project2.name)
end
2017-08-17 22:00:37 +05:30
it "does not return a non existing group" do
2015-12-23 02:04:40 +05:30
get api("/groups/1328/projects", admin)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
end
it 'avoids N+1 queries' do
get api("/groups/#{group1.id}/projects", admin)
control_count = ActiveRecord::QueryRecorder.new do
get api("/groups/#{group1.id}/projects", admin)
end.count
create(:project, namespace: group1)
expect do
get api("/groups/#{group1.id}/projects", admin)
end.not_to exceed_query_limit(control_count)
2015-12-23 02:04:40 +05:30
end
end
context 'when using group path in URL' do
2017-08-17 22:00:37 +05:30
it 'returns any existing group' do
2015-12-23 02:04:40 +05:30
get api("/groups/#{group1.path}/projects", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
project_names = json_response.map { |proj| proj['name'] }
expect(project_names).to match_array([project1.name, project3.name])
2015-12-23 02:04:40 +05:30
end
2016-09-13 17:45:13 +05:30
it 'does not return a non existing group' do
2015-12-23 02:04:40 +05:30
get api('/groups/unknown/projects', admin)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2015-12-23 02:04:40 +05:30
end
2016-09-13 17:45:13 +05:30
it 'does not return a group not attached to user1' do
2015-12-23 02:04:40 +05:30
get api("/groups/#{group2.path}/projects", user1)
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
end
end
end
describe 'GET /groups/:id/subgroups', :nested_groups do
let!(:subgroup1) { create(:group, parent: group1) }
let!(:subgroup2) { create(:group, :private, parent: group1) }
let!(:subgroup3) { create(:group, :private, parent: group2) }
context 'when unauthenticated' do
it 'returns only public subgroups' do
get api("/groups/#{group1.id}/subgroups")
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
expect(json_response.first['id']).to eq(subgroup1.id)
expect(json_response.first['parent_id']).to eq(group1.id)
end
it 'returns 404 for a private group' do
get api("/groups/#{group2.id}/subgroups")
expect(response).to have_gitlab_http_status(404)
end
end
context 'when authenticated as user' do
context 'when user is not member of a public group' do
it 'returns no subgroups for the public group' do
get api("/groups/#{group1.id}/subgroups", user2)
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an Array
expect(json_response.length).to eq(0)
end
context 'when using all_available in request' do
it 'returns public subgroups' do
2019-02-15 15:39:39 +05:30
get api("/groups/#{group1.id}/subgroups", user2), params: { all_available: true }
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
expect(json_response[0]['id']).to eq(subgroup1.id)
expect(json_response[0]['parent_id']).to eq(group1.id)
end
end
end
context 'when user is not member of a private group' do
it 'returns 404 for the private group' do
get api("/groups/#{group2.id}/subgroups", user1)
expect(response).to have_gitlab_http_status(404)
end
end
context 'when user is member of public group' do
before do
group1.add_guest(user2)
end
it 'returns private subgroups' do
get api("/groups/#{group1.id}/subgroups", user2)
expect(response).to have_gitlab_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.length).to eq(2)
private_subgroups = json_response.select { |group| group['visibility'] == 'private' }
expect(private_subgroups.length).to eq(1)
expect(private_subgroups.first['id']).to eq(subgroup2.id)
expect(private_subgroups.first['parent_id']).to eq(group1.id)
end
context 'when using statistics in request' do
it 'does not include statistics' do
2019-02-15 15:39:39 +05:30
get api("/groups/#{group1.id}/subgroups", user2), params: { statistics: true }
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first).not_to include 'statistics'
end
end
end
context 'when user is member of private group' do
before do
group2.add_guest(user1)
end
it 'returns subgroups' do
get api("/groups/#{group2.id}/subgroups", user1)
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
expect(json_response.first['id']).to eq(subgroup3.id)
expect(json_response.first['parent_id']).to eq(group2.id)
end
end
end
context 'when authenticated as admin' do
it 'returns private subgroups of a public group' do
get api("/groups/#{group1.id}/subgroups", admin)
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an Array
expect(json_response.length).to eq(2)
end
it 'returns subgroups of a private group' do
get api("/groups/#{group2.id}/subgroups", admin)
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
end
it 'does not include statistics by default' do
get api("/groups/#{group1.id}/subgroups", admin)
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first).not_to include('statistics')
end
it 'includes statistics if requested' do
2019-02-15 15:39:39 +05:30
get api("/groups/#{group1.id}/subgroups", admin), params: { statistics: true }
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first).to include('statistics')
2015-12-23 02:04:40 +05:30
end
end
end
2014-09-02 18:07:02 +05:30
describe "POST /groups" do
2015-09-11 14:41:01 +05:30
context "when authenticated as user without group permissions" do
2016-09-13 17:45:13 +05:30
it "does not create group" do
2019-02-15 15:39:39 +05:30
post api("/groups", user1), params: attributes_for(:group)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(403)
end
context 'as owner', :nested_groups do
before do
group2.add_owner(user1)
end
it 'can create subgroups' do
2019-02-15 15:39:39 +05:30
post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' }
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(201)
end
end
2018-11-18 11:00:15 +05:30
context 'as maintainer', :nested_groups do
2018-03-17 18:26:18 +05:30
before do
2018-11-18 11:00:15 +05:30
group2.add_maintainer(user1)
2018-03-17 18:26:18 +05:30
end
it 'cannot create subgroups' do
2019-02-15 15:39:39 +05:30
post api("/groups", user1), params: { parent_id: group2.id, name: 'foo', path: 'foo' }
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(403)
end
2014-09-02 18:07:02 +05:30
end
end
2015-09-11 14:41:01 +05:30
context "when authenticated as user with group permissions" do
2016-09-13 17:45:13 +05:30
it "creates group" do
2016-09-29 09:46:39 +05:30
group = attributes_for(:group, { request_access_enabled: false })
2019-02-15 15:39:39 +05:30
post api("/groups", user3), params: group
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(201)
2016-09-29 09:46:39 +05:30
expect(json_response["name"]).to eq(group[:name])
expect(json_response["path"]).to eq(group[:path])
expect(json_response["request_access_enabled"]).to eq(group[:request_access_enabled])
2018-03-17 18:26:18 +05:30
expect(json_response["visibility"]).to eq(Gitlab::VisibilityLevel.string_level(Gitlab::CurrentSettings.current_application_settings.default_group_visibility))
2014-09-02 18:07:02 +05:30
end
2017-09-10 17:25:29 +05:30
it "creates a nested group", :nested_groups do
2017-08-17 22:00:37 +05:30
parent = create(:group)
parent.add_owner(user3)
group = attributes_for(:group, { parent_id: parent.id })
2019-02-15 15:39:39 +05:30
post api("/groups", user3), params: group
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(201)
2017-08-17 22:00:37 +05:30
expect(json_response["full_path"]).to eq("#{parent.path}/#{group[:path]}")
expect(json_response["parent_id"]).to eq(parent.id)
end
2016-09-13 17:45:13 +05:30
it "does not create group, duplicate" do
2019-02-15 15:39:39 +05:30
post api("/groups", user3), params: { name: 'Duplicate Test', path: group2.path }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(400)
2015-04-26 12:48:37 +05:30
expect(response.message).to eq("Bad Request")
2014-09-02 18:07:02 +05:30
end
2016-09-13 17:45:13 +05:30
it "returns 400 bad request error if name not given" do
2019-02-15 15:39:39 +05:30
post api("/groups", user3), params: { path: group2.path }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(400)
2014-09-02 18:07:02 +05:30
end
2016-09-13 17:45:13 +05:30
it "returns 400 bad request error if path not given" do
2019-02-15 15:39:39 +05:30
post api("/groups", user3), params: { name: 'test' }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(400)
2014-09-02 18:07:02 +05:30
end
end
end
describe "DELETE /groups/:id" do
context "when authenticated as user" do
2016-09-13 17:45:13 +05:30
it "removes group" do
2018-11-08 19:23:39 +05:30
Sidekiq::Testing.fake! do
expect { delete api("/groups/#{group1.id}", user1) }.to change(GroupDestroyWorker.jobs, :size).by(1)
end
2017-08-17 22:00:37 +05:30
2018-11-08 19:23:39 +05:30
expect(response).to have_gitlab_http_status(202)
2018-03-17 18:26:18 +05:30
end
it_behaves_like '412 response' do
let(:request) { api("/groups/#{group1.id}", user1) }
2018-11-08 19:23:39 +05:30
let(:success_status) { 202 }
2014-09-02 18:07:02 +05:30
end
2016-09-13 17:45:13 +05:30
it "does not remove a group if not an owner" do
2015-09-11 14:41:01 +05:30
user4 = create(:user)
2018-11-18 11:00:15 +05:30
group1.add_maintainer(user4)
2017-08-17 22:00:37 +05:30
2014-09-02 18:07:02 +05:30
delete api("/groups/#{group1.id}", user3)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(403)
2014-09-02 18:07:02 +05:30
end
2016-09-13 17:45:13 +05:30
it "does not remove a non existing group" do
2014-09-02 18:07:02 +05:30
delete api("/groups/1328", user1)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2014-09-02 18:07:02 +05:30
end
2016-09-13 17:45:13 +05:30
it "does not remove a group not attached to user1" do
2014-09-02 18:07:02 +05:30
delete api("/groups/#{group2.id}", user1)
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2014-09-02 18:07:02 +05:30
end
end
context "when authenticated as admin" do
2016-09-13 17:45:13 +05:30
it "removes any existing group" do
2014-09-02 18:07:02 +05:30
delete api("/groups/#{group2.id}", admin)
2017-08-17 22:00:37 +05:30
2018-11-08 19:23:39 +05:30
expect(response).to have_gitlab_http_status(202)
2014-09-02 18:07:02 +05:30
end
2016-09-13 17:45:13 +05:30
it "does not remove a non existing group" do
2014-09-02 18:07:02 +05:30
delete api("/groups/1328", admin)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2014-09-02 18:07:02 +05:30
end
end
end
describe "POST /groups/:id/projects/:project_id" do
2017-09-10 17:25:29 +05:30
let(:project) { create(:project) }
let(:project_path) { CGI.escape(project.full_path) }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
before do
2017-09-10 17:25:29 +05:30
allow_any_instance_of(Projects::TransferService)
.to receive(:execute).and_return(true)
2014-09-02 18:07:02 +05:30
end
context "when authenticated as user" do
2016-09-13 17:45:13 +05:30
it "does not transfer project to group" do
2014-09-02 18:07:02 +05:30
post api("/groups/#{group1.id}/projects/#{project.id}", user2)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(403)
2014-09-02 18:07:02 +05:30
end
end
context "when authenticated as admin" do
2016-09-13 17:45:13 +05:30
it "transfers project to group" do
2014-09-02 18:07:02 +05:30
post api("/groups/#{group1.id}/projects/#{project.id}", admin)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(201)
2014-09-02 18:07:02 +05:30
end
2017-08-17 22:00:37 +05:30
context 'when using project path in URL' do
context 'with a valid project path' do
it "transfers project to group" do
post api("/groups/#{group1.id}/projects/#{project_path}", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(201)
2017-08-17 22:00:37 +05:30
end
end
context 'with a non-existent project path' do
it "does not transfer project to group" do
post api("/groups/#{group1.id}/projects/nogroup%2Fnoproject", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2017-08-17 22:00:37 +05:30
end
end
end
context 'when using a group path in URL' do
context 'with a valid group path' do
it "transfers project to group" do
post api("/groups/#{group1.path}/projects/#{project_path}", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(201)
2017-08-17 22:00:37 +05:30
end
end
context 'with a non-existent group path' do
it "does not transfer project to group" do
post api("/groups/noexist/projects/#{project_path}", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2017-08-17 22:00:37 +05:30
end
end
end
2014-09-02 18:07:02 +05:30
end
end
2018-03-17 18:26:18 +05:30
it_behaves_like 'custom attributes endpoints', 'groups' do
let(:attributable) { group1 }
let(:other_attributable) { group2 }
let(:user) { user1 }
before do
group2.add_owner(user1)
end
end
2014-09-02 18:07:02 +05:30
end