2014-09-02 18:07:02 +05:30
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe API::API, api: true do
|
|
|
|
include ApiHelpers
|
|
|
|
|
2015-09-11 14:41:01 +05:30
|
|
|
let(:user1) { create(:user, can_create_group: false) }
|
2014-09-02 18:07:02 +05:30
|
|
|
let(:user2) { create(:user) }
|
2015-09-11 14:41:01 +05:30
|
|
|
let(:user3) { create(:user) }
|
2014-09-02 18:07:02 +05:30
|
|
|
let(:admin) { create(:admin) }
|
2015-09-11 14:41:01 +05:30
|
|
|
let(:avatar_file_path) { File.join(Rails.root, 'spec', 'fixtures', 'banana_sample.gif') }
|
|
|
|
let!(:group1) { create(:group, avatar: File.open(avatar_file_path)) }
|
2016-06-02 11:05:42 +05:30
|
|
|
let!(:group2) { create(:group, :private) }
|
2015-12-23 02:04:40 +05:30
|
|
|
let!(:project1) { create(:project, namespace: group1) }
|
|
|
|
let!(:project2) { create(:project, namespace: group2) }
|
2016-06-16 23:09:34 +05:30
|
|
|
let!(:project3) { create(:project, namespace: group1, path: 'test', visibility_level: Gitlab::VisibilityLevel::PRIVATE) }
|
2014-09-02 18:07:02 +05:30
|
|
|
|
|
|
|
before do
|
|
|
|
group1.add_owner(user1)
|
|
|
|
group2.add_owner(user2)
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /groups" do
|
|
|
|
context "when unauthenticated" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "returns authentication error" do
|
2014-09-02 18:07:02 +05:30
|
|
|
get api("/groups")
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(401)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when authenticated as user" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "normal user: returns an array of groups of user1" do
|
2014-09-02 18:07:02 +05:30
|
|
|
get api("/groups", user1)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2015-04-26 12:48:37 +05:30
|
|
|
expect(json_response).to be_an Array
|
|
|
|
expect(json_response.length).to eq(1)
|
|
|
|
expect(json_response.first['name']).to eq(group1.name)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when authenticated as admin" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "admin: returns an array of all groups" do
|
2014-09-02 18:07:02 +05:30
|
|
|
get api("/groups", admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2015-04-26 12:48:37 +05:30
|
|
|
expect(json_response).to be_an Array
|
|
|
|
expect(json_response.length).to eq(2)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
2016-11-03 12:29:30 +05:30
|
|
|
|
|
|
|
context "when using skip_groups in request" do
|
|
|
|
it "returns all groups excluding skipped groups" do
|
|
|
|
get api("/groups", admin), skip_groups: [group2.id]
|
|
|
|
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
expect(json_response).to be_an Array
|
|
|
|
expect(json_response.length).to eq(1)
|
|
|
|
end
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /groups/:id" do
|
|
|
|
context "when authenticated as user" do
|
2016-08-24 12:49:21 +05:30
|
|
|
it "returns one of user1's groups" do
|
|
|
|
project = create(:project, namespace: group2, path: 'Foo')
|
|
|
|
create(:project_group_link, project: project, group: group1)
|
|
|
|
|
2014-09-02 18:07:02 +05:30
|
|
|
get api("/groups/#{group1.id}", user1)
|
2016-08-24 12:49:21 +05:30
|
|
|
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
expect(json_response['id']).to eq(group1.id)
|
|
|
|
expect(json_response['name']).to eq(group1.name)
|
|
|
|
expect(json_response['path']).to eq(group1.path)
|
|
|
|
expect(json_response['description']).to eq(group1.description)
|
|
|
|
expect(json_response['visibility_level']).to eq(group1.visibility_level)
|
|
|
|
expect(json_response['avatar_url']).to eq(group1.avatar_url)
|
|
|
|
expect(json_response['web_url']).to eq(group1.web_url)
|
|
|
|
expect(json_response['projects']).to be_an Array
|
|
|
|
expect(json_response['projects'].length).to eq(2)
|
|
|
|
expect(json_response['shared_projects']).to be_an Array
|
|
|
|
expect(json_response['shared_projects'].length).to eq(1)
|
|
|
|
expect(json_response['shared_projects'][0]['id']).to eq(project.id)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not return a non existing group" do
|
2014-09-02 18:07:02 +05:30
|
|
|
get api("/groups/1328", user1)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not return a group not attached to user1" do
|
2014-09-02 18:07:02 +05:30
|
|
|
get api("/groups/#{group2.id}", user1)
|
2016-06-02 11:05:42 +05:30
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when authenticated as admin" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "returns any existing group" do
|
2014-09-02 18:07:02 +05:30
|
|
|
get api("/groups/#{group2.id}", admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2015-12-23 02:04:40 +05:30
|
|
|
expect(json_response['name']).to eq(group2.name)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not return a non existing group" do
|
2014-09-02 18:07:02 +05:30
|
|
|
get api("/groups/1328", admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2015-04-26 12:48:37 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when using group path in URL' do
|
2016-09-13 17:45:13 +05:30
|
|
|
it 'returns any existing group' do
|
2015-04-26 12:48:37 +05:30
|
|
|
get api("/groups/#{group1.path}", admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2015-12-23 02:04:40 +05:30
|
|
|
expect(json_response['name']).to eq(group1.name)
|
2015-04-26 12:48:37 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it 'does not return a non existing group' do
|
2015-04-26 12:48:37 +05:30
|
|
|
get api('/groups/unknown', admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2015-04-26 12:48:37 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it 'does not return a group not attached to user1' do
|
2015-04-26 12:48:37 +05:30
|
|
|
get api("/groups/#{group2.path}", user1)
|
2016-06-02 11:05:42 +05:30
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2016-06-02 11:05:42 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'PUT /groups/:id' do
|
|
|
|
let(:new_group_name) { 'New Group'}
|
|
|
|
|
|
|
|
context 'when authenticated as the group owner' do
|
|
|
|
it 'updates the group' do
|
2016-09-29 09:46:39 +05:30
|
|
|
put api("/groups/#{group1.id}", user1), name: new_group_name, request_access_enabled: true
|
2016-06-02 11:05:42 +05:30
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2016-06-02 11:05:42 +05:30
|
|
|
expect(json_response['name']).to eq(new_group_name)
|
2016-09-29 09:46:39 +05:30
|
|
|
expect(json_response['request_access_enabled']).to eq(true)
|
2016-06-02 11:05:42 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 404 for a non existing group' do
|
|
|
|
put api('/groups/1328', user1)
|
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2016-06-02 11:05:42 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when authenticated as the admin' do
|
|
|
|
it 'updates the group' do
|
|
|
|
put api("/groups/#{group1.id}", admin), name: new_group_name
|
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2016-06-02 11:05:42 +05:30
|
|
|
expect(json_response['name']).to eq(new_group_name)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when authenticated as an user that can see the group' do
|
|
|
|
it 'does not updates the group' do
|
|
|
|
put api("/groups/#{group1.id}", user2), name: new_group_name
|
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(403)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
2016-06-02 11:05:42 +05:30
|
|
|
|
|
|
|
context 'when authenticated as an user that cannot see the group' do
|
|
|
|
it 'returns 404 when trying to update the group' do
|
|
|
|
put api("/groups/#{group2.id}", user1), name: new_group_name
|
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2016-06-02 11:05:42 +05:30
|
|
|
end
|
|
|
|
end
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2015-12-23 02:04:40 +05:30
|
|
|
describe "GET /groups/:id/projects" do
|
|
|
|
context "when authenticated as user" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "returns the group's projects" do
|
2015-12-23 02:04:40 +05:30
|
|
|
get api("/groups/#{group1.id}/projects", user1)
|
2016-06-16 23:09:34 +05:30
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2016-06-16 23:09:34 +05:30
|
|
|
expect(json_response.length).to eq(2)
|
|
|
|
project_names = json_response.map { |proj| proj['name' ] }
|
|
|
|
expect(project_names).to match_array([project1.name, project3.name])
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not return a non existing group" do
|
2015-12-23 02:04:40 +05:30
|
|
|
get api("/groups/1328/projects", user1)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not return a group not attached to user1" do
|
2015-12-23 02:04:40 +05:30
|
|
|
get api("/groups/#{group2.id}/projects", user1)
|
2016-06-02 11:05:42 +05:30
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
2016-06-16 23:09:34 +05:30
|
|
|
|
|
|
|
it "should only return projects to which user has access" do
|
|
|
|
project3.team << [user3, :developer]
|
|
|
|
|
|
|
|
get api("/groups/#{group1.id}/projects", user3)
|
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2016-06-16 23:09:34 +05:30
|
|
|
expect(json_response.length).to eq(1)
|
|
|
|
expect(json_response.first['name']).to eq(project3.name)
|
|
|
|
end
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context "when authenticated as admin" do
|
|
|
|
it "should return any existing group" do
|
|
|
|
get api("/groups/#{group2.id}/projects", admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2015-12-23 02:04:40 +05:30
|
|
|
expect(json_response.length).to eq(1)
|
|
|
|
expect(json_response.first['name']).to eq(project2.name)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should not return a non existing group" do
|
|
|
|
get api("/groups/1328/projects", admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when using group path in URL' do
|
|
|
|
it 'should return any existing group' do
|
|
|
|
get api("/groups/#{group1.path}/projects", admin)
|
2016-06-16 23:09:34 +05:30
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2016-06-16 23:09:34 +05:30
|
|
|
project_names = json_response.map { |proj| proj['name' ] }
|
|
|
|
expect(project_names).to match_array([project1.name, project3.name])
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it 'does not return a non existing group' do
|
2015-12-23 02:04:40 +05:30
|
|
|
get api('/groups/unknown/projects', admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it 'does not return a group not attached to user1' do
|
2015-12-23 02:04:40 +05:30
|
|
|
get api("/groups/#{group2.path}/projects", user1)
|
2016-06-02 11:05:42 +05:30
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2015-12-23 02:04:40 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-09-02 18:07:02 +05:30
|
|
|
describe "POST /groups" do
|
2015-09-11 14:41:01 +05:30
|
|
|
context "when authenticated as user without group permissions" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not create group" do
|
2014-09-02 18:07:02 +05:30
|
|
|
post api("/groups", user1), attributes_for(:group)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(403)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2015-09-11 14:41:01 +05:30
|
|
|
context "when authenticated as user with group permissions" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "creates group" do
|
2016-09-29 09:46:39 +05:30
|
|
|
group = attributes_for(:group, { request_access_enabled: false })
|
|
|
|
|
|
|
|
post api("/groups", user3), group
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(201)
|
2016-09-29 09:46:39 +05:30
|
|
|
|
|
|
|
expect(json_response["name"]).to eq(group[:name])
|
|
|
|
expect(json_response["path"]).to eq(group[:path])
|
|
|
|
expect(json_response["request_access_enabled"]).to eq(group[:request_access_enabled])
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not create group, duplicate" do
|
2015-09-11 14:41:01 +05:30
|
|
|
post api("/groups", user3), { name: 'Duplicate Test', path: group2.path }
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(400)
|
2015-04-26 12:48:37 +05:30
|
|
|
expect(response.message).to eq("Bad Request")
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "returns 400 bad request error if name not given" do
|
2015-09-11 14:41:01 +05:30
|
|
|
post api("/groups", user3), { path: group2.path }
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(400)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "returns 400 bad request error if path not given" do
|
2015-09-11 14:41:01 +05:30
|
|
|
post api("/groups", user3), { name: 'test' }
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(400)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "DELETE /groups/:id" do
|
|
|
|
context "when authenticated as user" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "removes group" do
|
2014-09-02 18:07:02 +05:30
|
|
|
delete api("/groups/#{group1.id}", user1)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not remove a group if not an owner" do
|
2015-09-11 14:41:01 +05:30
|
|
|
user4 = create(:user)
|
|
|
|
group1.add_master(user4)
|
2014-09-02 18:07:02 +05:30
|
|
|
delete api("/groups/#{group1.id}", user3)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(403)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not remove a non existing group" do
|
2014-09-02 18:07:02 +05:30
|
|
|
delete api("/groups/1328", user1)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not remove a group not attached to user1" do
|
2014-09-02 18:07:02 +05:30
|
|
|
delete api("/groups/#{group2.id}", user1)
|
2016-06-02 11:05:42 +05:30
|
|
|
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when authenticated as admin" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "removes any existing group" do
|
2014-09-02 18:07:02 +05:30
|
|
|
delete api("/groups/#{group2.id}", admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(200)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not remove a non existing group" do
|
2014-09-02 18:07:02 +05:30
|
|
|
delete api("/groups/1328", admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(404)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "POST /groups/:id/projects/:project_id" do
|
|
|
|
let(:project) { create(:project) }
|
|
|
|
before(:each) do
|
2015-09-11 14:41:01 +05:30
|
|
|
allow_any_instance_of(Projects::TransferService).
|
|
|
|
to receive(:execute).and_return(true)
|
2015-04-26 12:48:37 +05:30
|
|
|
allow(Project).to receive(:find).and_return(project)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context "when authenticated as user" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "does not transfer project to group" do
|
2014-09-02 18:07:02 +05:30
|
|
|
post api("/groups/#{group1.id}/projects/#{project.id}", user2)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(403)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "when authenticated as admin" do
|
2016-09-13 17:45:13 +05:30
|
|
|
it "transfers project to group" do
|
2014-09-02 18:07:02 +05:30
|
|
|
post api("/groups/#{group1.id}/projects/#{project.id}", admin)
|
2016-08-24 12:49:21 +05:30
|
|
|
expect(response).to have_http_status(201)
|
2014-09-02 18:07:02 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|