debian-mirror-gitlab/spec/requests/api/project_snippets_spec.rb

385 lines
13 KiB
Ruby
Raw Normal View History

2019-12-26 22:10:19 +05:30
# frozen_string_literal: true
2019-12-04 20:38:33 +05:30
require 'spec_helper'
2016-06-02 11:05:42 +05:30
2017-08-17 22:00:37 +05:30
describe API::ProjectSnippets do
2020-03-13 15:44:24 +05:30
let_it_be(:project) { create(:project, :public) }
let_it_be(:user) { create(:user) }
let_it_be(:admin) { create(:admin) }
2016-06-02 11:05:42 +05:30
2017-09-10 17:25:29 +05:30
describe "GET /projects/:project_id/snippets/:id/user_agent_detail" do
let(:snippet) { create(:project_snippet, :public, project: project) }
let!(:user_agent_detail) { create(:user_agent_detail, subject: snippet) }
it 'exposes known attributes' do
get api("/projects/#{project.id}/snippets/#{snippet.id}/user_agent_detail", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-09-10 17:25:29 +05:30
expect(json_response['user_agent']).to eq(user_agent_detail.user_agent)
expect(json_response['ip_address']).to eq(user_agent_detail.ip_address)
expect(json_response['akismet_submitted']).to eq(user_agent_detail.submitted)
end
2018-03-17 18:26:18 +05:30
it 'respects project scoping' do
other_project = create(:project)
get api("/projects/#{other_project.id}/snippets/#{snippet.id}/user_agent_detail", admin)
expect(response).to have_gitlab_http_status(404)
end
2018-11-08 19:23:39 +05:30
it "returns unauthorized for non-admin users" do
2017-09-10 17:25:29 +05:30
get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/user_agent_detail", user)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(403)
2017-09-10 17:25:29 +05:30
end
end
2016-06-02 11:05:42 +05:30
describe 'GET /projects/:project_id/snippets/' do
2017-08-17 22:00:37 +05:30
let(:user) { create(:user) }
2016-09-13 17:45:13 +05:30
it 'returns all snippets available to team member' do
2017-08-17 22:00:37 +05:30
project.add_developer(user)
2016-06-02 11:05:42 +05:30
public_snippet = create(:project_snippet, :public, project: project)
internal_snippet = create(:project_snippet, :internal, project: project)
private_snippet = create(:project_snippet, :private, project: project)
2017-08-17 22:00:37 +05:30
get api("/projects/#{project.id}/snippets", user)
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
2016-06-02 11:05:42 +05:30
expect(json_response.size).to eq(3)
2017-09-10 17:25:29 +05:30
expect(json_response.map { |snippet| snippet['id'] }).to include(public_snippet.id, internal_snippet.id, private_snippet.id)
2016-09-29 09:46:39 +05:30
expect(json_response.last).to have_key('web_url')
2016-06-02 11:05:42 +05:30
end
it 'hides private snippets from regular user' do
create(:project_snippet, :private, project: project)
get api("/projects/#{project.id}/snippets/", user)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-08-17 22:00:37 +05:30
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
2016-06-02 11:05:42 +05:30
expect(json_response.size).to eq(0)
end
end
2017-09-10 17:25:29 +05:30
describe 'GET /projects/:project_id/snippets/:id' do
let(:user) { create(:user) }
let(:snippet) { create(:project_snippet, :public, project: project) }
it 'returns snippet json' do
get api("/projects/#{project.id}/snippets/#{snippet.id}", user)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2017-09-10 17:25:29 +05:30
expect(json_response['title']).to eq(snippet.title)
expect(json_response['description']).to eq(snippet.description)
expect(json_response['file_name']).to eq(snippet.file_name)
end
it 'returns 404 for invalid snippet id' do
get api("/projects/#{project.id}/snippets/1234", user)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2017-09-10 17:25:29 +05:30
expect(json_response['message']).to eq('404 Not found')
end
end
2016-06-02 11:05:42 +05:30
describe 'POST /projects/:project_id/snippets/' do
2017-08-17 22:00:37 +05:30
let(:params) do
{
2016-06-02 11:05:42 +05:30
title: 'Test Title',
file_name: 'test.rb',
2017-09-10 17:25:29 +05:30
description: 'test description',
2016-06-02 11:05:42 +05:30
code: 'puts "hello world"',
2017-08-17 22:00:37 +05:30
visibility: 'public'
2016-06-02 11:05:42 +05:30
}
2017-08-17 22:00:37 +05:30
end
2016-06-02 11:05:42 +05:30
2020-03-28 13:19:24 +05:30
context 'with an external user' do
let(:user) { create(:user, :external) }
context 'that belongs to the project' do
before do
project.add_developer(user)
end
it 'creates a new snippet' do
post api("/projects/#{project.id}/snippets/", user), params: params
expect(response).to have_gitlab_http_status(201)
end
end
context 'that does not belong to the project' do
it 'does not create a new snippet' do
post api("/projects/#{project.id}/snippets/", user), params: params
expect(response).to have_gitlab_http_status(403)
end
end
end
2019-10-12 21:52:04 +05:30
context 'with a regular user' do
let(:user) { create(:user) }
before do
project.add_developer(user)
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::PRIVATE])
params['visibility'] = 'internal'
end
it 'creates a new snippet' do
post api("/projects/#{project.id}/snippets/", user), params: params
expect(response).to have_gitlab_http_status(201)
snippet = ProjectSnippet.find(json_response['id'])
expect(snippet.content).to eq(params[:code])
expect(snippet.description).to eq(params[:description])
expect(snippet.title).to eq(params[:title])
expect(snippet.file_name).to eq(params[:file_name])
expect(snippet.visibility_level).to eq(Snippet::INTERNAL)
end
end
2017-08-17 22:00:37 +05:30
it 'creates a new snippet' do
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/snippets/", admin), params: params
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(201)
2016-06-02 11:05:42 +05:30
snippet = ProjectSnippet.find(json_response['id'])
expect(snippet.content).to eq(params[:code])
2017-09-10 17:25:29 +05:30
expect(snippet.description).to eq(params[:description])
2016-06-02 11:05:42 +05:30
expect(snippet.title).to eq(params[:title])
expect(snippet.file_name).to eq(params[:file_name])
2017-08-17 22:00:37 +05:30
expect(snippet.visibility_level).to eq(Snippet::PUBLIC)
end
2019-12-04 20:38:33 +05:30
it 'creates a new snippet with content parameter' do
params[:content] = params.delete(:code)
post api("/projects/#{project.id}/snippets/", admin), params: params
expect(response).to have_gitlab_http_status(201)
snippet = ProjectSnippet.find(json_response['id'])
expect(snippet.content).to eq(params[:content])
expect(snippet.description).to eq(params[:description])
expect(snippet.title).to eq(params[:title])
expect(snippet.file_name).to eq(params[:file_name])
expect(snippet.visibility_level).to eq(Snippet::PUBLIC)
end
it 'returns 400 when both code and content parameters specified' do
params[:content] = params[:code]
post api("/projects/#{project.id}/snippets/", admin), params: params
expect(response).to have_gitlab_http_status(400)
expect(json_response['error']).to eq('code, content are mutually exclusive')
end
2017-08-17 22:00:37 +05:30
it 'returns 400 for missing parameters' do
params.delete(:title)
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/snippets/", admin), params: params
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(400)
2017-08-17 22:00:37 +05:30
end
2018-11-20 20:47:30 +05:30
it 'returns 400 for empty code field' do
params[:code] = ''
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/snippets/", admin), params: params
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(400)
end
2017-08-17 22:00:37 +05:30
context 'when the snippet is spam' do
def create_snippet(project, snippet_params = {})
project.add_developer(user)
2019-02-15 15:39:39 +05:30
post api("/projects/#{project.id}/snippets", user), params: params.merge(snippet_params)
2017-08-17 22:00:37 +05:30
end
before do
2020-03-13 15:44:24 +05:30
allow_next_instance_of(Spam::AkismetService) do |instance|
2020-01-01 13:55:28 +05:30
allow(instance).to receive(:spam?).and_return(true)
end
2017-08-17 22:00:37 +05:30
end
context 'when the snippet is private' do
it 'creates the snippet' do
2017-09-10 17:25:29 +05:30
expect { create_snippet(project, visibility: 'private') }
.to change { Snippet.count }.by(1)
2017-08-17 22:00:37 +05:30
end
end
context 'when the snippet is public' do
it 'rejects the snippet' do
2017-09-10 17:25:29 +05:30
expect { create_snippet(project, visibility: 'public') }
.not_to change { Snippet.count }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(400)
2017-08-17 22:00:37 +05:30
expect(json_response['message']).to eq({ "error" => "Spam detected" })
end
it 'creates a spam log' do
2017-09-10 17:25:29 +05:30
expect { create_snippet(project, visibility: 'public') }
2019-12-21 20:55:43 +05:30
.to log_spam(title: 'Test Title', user_id: user.id, noteable_type: 'ProjectSnippet')
2017-08-17 22:00:37 +05:30
end
end
2016-06-02 11:05:42 +05:30
end
end
describe 'PUT /projects/:project_id/snippets/:id/' do
2017-08-17 22:00:37 +05:30
let(:visibility_level) { Snippet::PUBLIC }
let(:snippet) { create(:project_snippet, author: admin, visibility_level: visibility_level) }
2016-06-02 11:05:42 +05:30
it 'updates snippet' do
new_content = 'New content'
2017-09-10 17:25:29 +05:30
new_description = 'New description'
2016-06-02 11:05:42 +05:30
2019-10-12 21:52:04 +05:30
put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), params: { code: new_content, description: new_description, visibility: 'private' }
2016-06-02 11:05:42 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2016-06-02 11:05:42 +05:30
snippet.reload
expect(snippet.content).to eq(new_content)
2017-09-10 17:25:29 +05:30
expect(snippet.description).to eq(new_description)
2019-10-12 21:52:04 +05:30
expect(snippet.visibility).to eq('private')
2016-06-02 11:05:42 +05:30
end
2017-08-17 22:00:37 +05:30
2019-12-04 20:38:33 +05:30
it 'updates snippet with content parameter' do
new_content = 'New content'
new_description = 'New description'
put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), params: { content: new_content, description: new_description }
expect(response).to have_gitlab_http_status(200)
snippet.reload
expect(snippet.content).to eq(new_content)
expect(snippet.description).to eq(new_description)
end
it 'returns 400 when both code and content parameters specified' do
put api("/projects/#{snippet.project.id}/snippets/1234", admin), params: { code: 'some content', content: 'other content' }
expect(response).to have_gitlab_http_status(400)
expect(json_response['error']).to eq('code, content are mutually exclusive')
end
2017-08-17 22:00:37 +05:30
it 'returns 404 for invalid snippet id' do
2019-02-15 15:39:39 +05:30
put api("/projects/#{snippet.project.id}/snippets/1234", admin), params: { title: 'foo' }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2017-08-17 22:00:37 +05:30
expect(json_response['message']).to eq('404 Snippet Not Found')
end
it 'returns 400 for missing parameters' do
put api("/projects/#{project.id}/snippets/1234", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(400)
2017-08-17 22:00:37 +05:30
end
2018-11-20 20:47:30 +05:30
it 'returns 400 for empty code field' do
new_content = ''
2019-02-15 15:39:39 +05:30
put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), params: { code: new_content }
2018-11-20 20:47:30 +05:30
expect(response).to have_gitlab_http_status(400)
end
2017-08-17 22:00:37 +05:30
context 'when the snippet is spam' do
def update_snippet(snippet_params = {})
2019-02-15 15:39:39 +05:30
put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin), params: snippet_params
2017-08-17 22:00:37 +05:30
end
before do
2020-03-13 15:44:24 +05:30
allow_next_instance_of(Spam::AkismetService) do |instance|
2020-01-01 13:55:28 +05:30
allow(instance).to receive(:spam?).and_return(true)
end
2017-08-17 22:00:37 +05:30
end
context 'when the snippet is private' do
let(:visibility_level) { Snippet::PRIVATE }
it 'creates the snippet' do
2017-09-10 17:25:29 +05:30
expect { update_snippet(title: 'Foo') }
.to change { snippet.reload.title }.to('Foo')
2017-08-17 22:00:37 +05:30
end
end
context 'when the snippet is public' do
let(:visibility_level) { Snippet::PUBLIC }
it 'rejects the snippet' do
2017-09-10 17:25:29 +05:30
expect { update_snippet(title: 'Foo') }
.not_to change { snippet.reload.title }
2017-08-17 22:00:37 +05:30
end
it 'creates a spam log' do
2017-09-10 17:25:29 +05:30
expect { update_snippet(title: 'Foo') }
2019-12-21 20:55:43 +05:30
.to log_spam(title: 'Foo', user_id: admin.id, noteable_type: 'ProjectSnippet')
2017-08-17 22:00:37 +05:30
end
end
context 'when the private snippet is made public' do
let(:visibility_level) { Snippet::PRIVATE }
it 'rejects the snippet' do
2017-09-10 17:25:29 +05:30
expect { update_snippet(title: 'Foo', visibility: 'public') }
.not_to change { snippet.reload.title }
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(400)
2017-08-17 22:00:37 +05:30
expect(json_response['message']).to eq({ "error" => "Spam detected" })
end
it 'creates a spam log' do
2017-09-10 17:25:29 +05:30
expect { update_snippet(title: 'Foo', visibility: 'public') }
2019-12-21 20:55:43 +05:30
.to log_spam(title: 'Foo', user_id: admin.id, noteable_type: 'ProjectSnippet')
2017-08-17 22:00:37 +05:30
end
end
end
2016-06-02 11:05:42 +05:30
end
describe 'DELETE /projects/:project_id/snippets/:id/' do
2017-08-17 22:00:37 +05:30
let(:snippet) { create(:project_snippet, author: admin) }
2016-06-02 11:05:42 +05:30
it 'deletes snippet' do
delete api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(204)
2017-08-17 22:00:37 +05:30
end
it 'returns 404 for invalid snippet id' do
delete api("/projects/#{snippet.project.id}/snippets/1234", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2017-08-17 22:00:37 +05:30
expect(json_response['message']).to eq('404 Snippet Not Found')
2016-06-02 11:05:42 +05:30
end
2018-03-17 18:26:18 +05:30
it_behaves_like '412 response' do
let(:request) { api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin) }
end
2016-06-02 11:05:42 +05:30
end
describe 'GET /projects/:project_id/snippets/:id/raw' do
2017-08-17 22:00:37 +05:30
let(:snippet) { create(:project_snippet, author: admin) }
2016-06-02 11:05:42 +05:30
2017-08-17 22:00:37 +05:30
it 'returns raw text' do
2016-06-02 11:05:42 +05:30
get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/raw", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(200)
2016-06-02 11:05:42 +05:30
expect(response.content_type).to eq 'text/plain'
expect(response.body).to eq(snippet.content)
end
2017-08-17 22:00:37 +05:30
it 'returns 404 for invalid snippet id' do
get api("/projects/#{snippet.project.id}/snippets/1234/raw", admin)
2018-03-17 18:26:18 +05:30
expect(response).to have_gitlab_http_status(404)
2017-08-17 22:00:37 +05:30
expect(json_response['message']).to eq('404 Snippet Not Found')
end
2016-06-02 11:05:42 +05:30
end
end