PageRenderTime 42ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/ee/spec/requests/api/merge_request_approval_rules_spec.rb

https://gitlab.com/markglenfletcher/gitlab-ee
Ruby | 370 lines | 291 code | 78 blank | 1 comment | 0 complexity | 17bcbbff65d92e6c4cb1e35e14380bc2 MD5 | raw file
    

  1. # frozen_string_literal: true
    2. 

  2. 

  3. require 'spec_helper'
    4. 

  4. 

  5. describe API::MergeRequestApprovalRules do
    6. 

  6.   set(:user) { create(:user) }
    7. 

  7.   set(:other_user) { create(:user) }
    8. 

  8.   set(:project) { create(:project, :public, :repository, creator: user, namespace: user.namespace) }
    9. 

  9.   let(:merge_request) { create(:merge_request, author: user, source_project: project, target_project: project) }
    10. 

  10. 

  11.   shared_examples_for 'a protected API endpoint for merge request approval rule action' do
    12. 

  12.     context 'disable_overriding_approvers_per_merge_request is set to true' do
    13. 

  13.       before do
    14. 

  14.         project.update!(disable_overriding_approvers_per_merge_request: true)
    15. 

  15. 

  16.         action
    17. 

  17.       end
    18. 

  18. 

  19.       it 'responds with 403' do
    20. 

  20.         expect(response).to have_gitlab_http_status(403)
    21. 

  21.       end
    22. 

  22.     end
    23. 

  23. 

  24.     context 'disable_overriding_approvers_per_merge_request is set to false' do
    25. 

  25.       before do
    26. 

  26.         project.update!(disable_overriding_approvers_per_merge_request: false)
    27. 

  27. 

  28.         action
    29. 

  29.       end
    30. 

  30. 

  31.       context 'user cannot update merge request' do
    32. 

  32.         let(:current_user) { other_user }
    33. 

  33. 

  34.         it 'responds with 403' do
    35. 

  35.           expect(response).to have_gitlab_http_status(403)
    36. 

  36.         end
    37. 

  37.       end
    38. 

  38.     end
    39. 

  39.   end
    40. 

  40. 

  41.   shared_examples_for 'a protected API endpoint that only allows action on regular merge request approval rule' do
    42. 

  42.     context 'approval rule is not a regular type' do
    43. 

  43.       let(:approval_rule) { create(:code_owner_rule, merge_request: merge_request) }
    44. 

  44. 

  45.       it 'responds with 403' do
    46. 

  46.         expect(response).to have_gitlab_http_status(403)
    47. 

  47.       end
    48. 

  48.     end
    49. 

  49.   end
    50. 

  50. 

  51.   describe 'GET /projects/:id/merge_requests/:merge_request_iid/approval_rules' do
    52. 

  52.     let(:current_user) { other_user }
    53. 

  53.     let(:url) { "/projects/#{project.id}/merge_requests/#{merge_request.iid}/approval_rules" }
    54. 

  54. 

  55.     context 'user cannot read merge request' do
    56. 

  56.       before do
    57. 

  57.         project.project_feature.update!(merge_requests_access_level: ProjectFeature::PRIVATE)
    58. 

  58. 

  59.         get api(url, other_user)
    60. 

  60.       end
    61. 

  61. 

  62.       it 'responds with 403' do
    63. 

  63.         expect(response).to have_gitlab_http_status(403)
    64. 

  64.       end
    65. 

  65.     end
    66. 

  66. 

  67.     context 'use can read merge request' do
    68. 

  68.       let(:approver) { create(:user) }
    69. 

  69.       let(:group) { create(:group) }
    70. 

  70.       let(:source_rule) { nil }
    71. 

  71.       let(:users) { [approver] }
    72. 

  72.       let(:groups) { [group] }
    73. 

  73. 

  74.       let!(:mr_approval_rule) do
    75. 

  75.         create(
    76. 

  76.           :approval_merge_request_rule,
    77. 

  77.           merge_request: merge_request,
    78. 

  78.           approval_project_rule: source_rule,
    79. 

  79.           users: users,
    80. 

  80.           groups: groups
    81. 

  81.         )
    82. 

  82.       end
    83. 

  83. 

  84.       before do
    85. 

  85.         group.add_developer(approver)
    86. 

  86.         merge_request.approvals.create(user: approver)
    87. 

  87. 

  88.         get api(url, current_user)
    89. 

  89.       end
    90. 

  90. 

  91.       it 'matches the response schema' do
    92. 

  92.         expect(response).to have_gitlab_http_status(200)
    93. 

  93.         expect(response).to match_response_schema('public_api/v4/merge_request_approval_rules', dir: 'ee')
    94. 

  94. 

  95.         rules = json_response
    96. 

  96. 

  97.         expect(rules.size).to eq(1)
    98. 

  98.         expect(rules.first['name']).to eq(mr_approval_rule.name)
    99. 

  99.         expect(rules.first['approvals_required']).to eq(mr_approval_rule.approvals_required)
    100. 

  100.         expect(rules.first['rule_type']).to eq(mr_approval_rule.rule_type)
    101. 

  101.         expect(rules.first['contains_hidden_groups']).to eq(false)
    102. 

  102.         expect(rules.first['source_rule']).to be_nil
    103. 

  103.         expect(rules.first['eligible_approvers']).to match([hash_including('id' => approver.id)])
    104. 

  104.         expect(rules.first['users']).to match([hash_including('id' => approver.id)])
    105. 

  105.         expect(rules.first['groups']).to match([hash_including('id' => group.id)])
    106. 

  106.       end
    107. 

  107. 

  108.       context 'groups contain private groups' do
    109. 

  109.         let(:group) { create(:group, :private) }
    110. 

  110. 

  111.         context 'current_user cannot see private group' do
    112. 

  112.           it 'hides private group' do
    113. 

  113.             rules = json_response
    114. 

  114. 

  115.             expect(rules.first['contains_hidden_groups']).to eq(true)
    116. 

  116.             expect(rules.first['groups']).to be_empty
    117. 

  117.           end
    118. 

  118.         end
    119. 

  119. 

  120.         context 'current_user can see private group' do
    121. 

  121.           let(:current_user) { approver }
    122. 

  122. 

  123.           it 'shows private group' do
    124. 

  124.             rules = json_response
    125. 

  125. 

  126.             expect(rules.first['contains_hidden_groups']).to eq(false)
    127. 

  127.             expect(rules.first['groups']).to match([hash_including('id' => group.id)])
    128. 

  128.           end
    129. 

  129.         end
    130. 

  130.       end
    131. 

  131. 

  132.       context 'has existing merge request rule that overrides a project-level rule' do
    133. 

  133.         let(:source_rule) { create(:approval_project_rule, project: project) }
    134. 

  134. 

  135.         it 'includes source_rule' do
    136. 

  136.           expect(json_response.first['source_rule']['approvals_required']).to eq(source_rule.approvals_required)
    137. 

  137.         end
    138. 

  138.       end
    139. 

  139.     end
    140. 

  140.   end
    141. 

  141. 

  142.   describe 'POST /projects/:id/merge_requests/:merge_request_iid/approval_rules' do
    143. 

  143.     let(:current_user) { user }
    144. 

  144.     let(:url) { "/projects/#{project.id}/merge_requests/#{merge_request.iid}/approval_rules" }
    145. 

  145.     let(:approver) { create(:user) }
    146. 

  146.     let(:group) { create(:group) }
    147. 

  147.     let(:approval_project_rule_id) { nil }
    148. 

  148.     let(:user_ids) { [] }
    149. 

  149.     let(:group_ids) { [] }
    150. 

  150. 

  151.     let(:params) do
    152. 

  152.       {
    153. 

  153.         name: 'Test',
    154. 

  154.         approvals_required: 1,
    155. 

  155.         approval_project_rule_id: approval_project_rule_id,
    156. 

  156.         user_ids: user_ids,
    157. 

  157.         group_ids: group_ids
    158. 

  158.       }
    159. 

  159.     end
    160. 

  160. 

  161.     let(:action) { post api(url, current_user), params: params }
    162. 

  162. 

  163.     it_behaves_like 'a protected API endpoint for merge request approval rule action'
    164. 

  164. 

  165.     context 'when user can update merge request and approval rules can be overridden' do
    166. 

  166.       before do
    167. 

  167.         project.update!(disable_overriding_approvers_per_merge_request: false)
    168. 

  168.         project.add_developer(approver)
    169. 

  169.         group.add_developer(approver)
    170. 

  170. 

  171.         action
    172. 

  172.       end
    173. 

  173. 

  174.       it 'matches the response schema' do
    175. 

  175.         expect(response).to have_gitlab_http_status(201)
    176. 

  176.         expect(response).to match_response_schema('public_api/v4/merge_request_approval_rule', dir: 'ee')
    177. 

  177. 

  178.         rule = json_response
    179. 

  179. 

  180.         expect(rule['name']).to eq(params[:name])
    181. 

  181.         expect(rule['approvals_required']).to eq(params[:approvals_required])
    182. 

  182.         expect(rule['rule_type']).to eq('regular')
    183. 

  183.         expect(rule['contains_hidden_groups']).to eq(false)
    184. 

  184.         expect(rule['source_rule']).to be_nil
    185. 

  185.         expect(rule['eligible_approvers']).to be_empty
    186. 

  186.         expect(rule['users']).to be_empty
    187. 

  187.         expect(rule['groups']).to be_empty
    188. 

  188.       end
    189. 

  189. 

  190.       context 'users are passed' do
    191. 

  191.         let(:user_ids) { [approver.id] }
    192. 

  192. 

  193.         it 'includes users' do
    194. 

  194.           rule = json_response
    195. 

  195. 

  196.           expect(rule['eligible_approvers']).to match([hash_including('id' => approver.id)])
    197. 

  197.           expect(rule['users']).to match([hash_including('id' => approver.id)])
    198. 

  198.         end
    199. 

  199.       end
    200. 

  200. 

  201.       context 'groups are passed' do
    202. 

  202.         let(:group_ids) { [group.id] }
    203. 

  203. 

  204.         it 'includes groups' do
    205. 

  205.           rule = json_response
    206. 

  206. 

  207.           expect(rule['eligible_approvers']).to match([hash_including('id' => approver.id)])
    208. 

  208.           expect(rule['groups']).to match([hash_including('id' => group.id)])
    209. 

  209.         end
    210. 

  210.       end
    211. 

  211. 

  212.       context 'approval_project_rule_id is passed' do
    213. 

  213.         let(:approval_project_rule) do
    214. 

  214.           create(
    215. 

  215.             :approval_project_rule,
    216. 

  216.             project: project,
    217. 

  217.             users: [approver],
    218. 

  218.             groups: [group]
    219. 

  219.           )
    220. 

  220.         end
    221. 

  221. 

  222.         let(:approval_project_rule_id) { approval_project_rule.id }
    223. 

  223. 

  224.         it 'copies the attributes from the project rule execpt approvals_required' do
    225. 

  225.           rule = json_response
    226. 

  226. 

  227.           expect(rule['name']).to eq(approval_project_rule.name)
    228. 

  228.           expect(rule['approvals_required']).to eq(params[:approvals_required])
    229. 

  229.           expect(rule['source_rule']['approvals_required']).to eq(approval_project_rule.approvals_required)
    230. 

  230.           expect(rule['eligible_approvers']).to match([hash_including('id' => approver.id)])
    231. 

  231.           expect(rule['users']).to match([hash_including('id' => approver.id)])
    232. 

  232.           expect(rule['groups']).to match([hash_including('id' => group.id)])
    233. 

  233.         end
    234. 

  234.       end
    235. 

  235.     end
    236. 

  236.   end
    237. 

  237. 

  238.   describe 'PUT /projects/:id/merge_requests/:merge_request_iid/approval_rules/:approval_rule_id' do
    239. 

  239.     let(:current_user) { user }
    240. 

  240.     let(:existing_approver) { create(:user) }
    241. 

  241.     let(:existing_group) { create(:group) }
    242. 

  242. 

  243.     let(:approval_rule) do
    244. 

  244.       create(
    245. 

  245.         :approval_merge_request_rule,
    246. 

  246.         merge_request: merge_request,
    247. 

  247.         name: 'Old Name',
    248. 

  248.         approvals_required: 2,
    249. 

  249.         users: [existing_approver],
    250. 

  250.         groups: [existing_group]
    251. 

  251.       )
    252. 

  252.     end
    253. 

  253. 

  254.     let(:url) { "/projects/#{project.id}/merge_requests/#{merge_request.iid}/approval_rules/#{approval_rule.id}" }
    255. 

  255.     let(:new_approver) { create(:user) }
    256. 

  256.     let(:new_group) { create(:group) }
    257. 

  257.     let(:user_ids) { [] }
    258. 

  258.     let(:group_ids) { [] }
    259. 

  259.     let(:remove_hidden_groups) { nil }
    260. 

  260. 

  261.     let(:params) do
    262. 

  262.       {
    263. 

  263.         name: 'Test',
    264. 

  264.         approvals_required: 1,
    265. 

  265.         user_ids: user_ids,
    266. 

  266.         group_ids: group_ids,
    267. 

  267.         remove_hidden_groups: remove_hidden_groups
    268. 

  268.       }
    269. 

  269.     end
    270. 

  270. 

  271.     let(:action) { put api(url, current_user), params: params }
    272. 

  272. 

  273.     it_behaves_like 'a protected API endpoint for merge request approval rule action'
    274. 

  274. 

  275.     context 'when user can update merge request and approval rules can be overridden' do
    276. 

  276.       before do
    277. 

  277.         project.update!(disable_overriding_approvers_per_merge_request: false)
    278. 

  278.         project.add_developer(existing_approver)
    279. 

  279.         project.add_developer(new_approver)
    280. 

  280.         existing_group.add_developer(existing_approver)
    281. 

  281.         new_group.add_developer(new_approver)
    282. 

  282. 

  283.         action
    284. 

  284.       end
    285. 

  285. 

  286.       it_behaves_like 'a protected API endpoint that only allows action on regular merge request approval rule'
    287. 

  287. 

  288.       it 'matches the response schema' do
    289. 

  289.         expect(response).to have_gitlab_http_status(200)
    290. 

  290.         expect(response).to match_response_schema('public_api/v4/merge_request_approval_rule', dir: 'ee')
    291. 

  291. 

  292.         rule = json_response
    293. 

  293. 

  294.         expect(rule['name']).to eq(params[:name])
    295. 

  295.         expect(rule['approvals_required']).to eq(params[:approvals_required])
    296. 

  296.         expect(rule['rule_type']).to eq(approval_rule.rule_type)
    297. 

  297.         expect(rule['contains_hidden_groups']).to eq(false)
    298. 

  298.         expect(rule['source_rule']).to be_nil
    299. 

  299.         expect(rule['eligible_approvers']).to be_empty
    300. 

  300.         expect(rule['users']).to be_empty
    301. 

  301.         expect(rule['groups']).to be_empty
    302. 

  302.       end
    303. 

  303. 

  304.       context 'users are passed' do
    305. 

  305.         let(:user_ids) { [new_approver.id] }
    306. 

  306. 

  307.         it 'changes users' do
    308. 

  308.           rule = json_response
    309. 

  309. 

  310.           expect(rule['eligible_approvers']).to match([hash_including('id' => new_approver.id)])
    311. 

  311.           expect(rule['users']).to match([hash_including('id' => new_approver.id)])
    312. 

  312.         end
    313. 

  313.       end
    314. 

  314. 

  315.       context 'groups are passed' do
    316. 

  316.         let(:group_ids) { [new_group.id] }
    317. 

  317. 

  318.         it 'changes groups' do
    319. 

  319.           rule = json_response
    320. 

  320. 

  321.           expect(rule['eligible_approvers']).to match([hash_including('id' => new_approver.id)])
    322. 

  322.           expect(rule['groups']).to match([hash_including('id' => new_group.id)])
    323. 

  323.         end
    324. 

  324.       end
    325. 

  325. 

  326.       context 'remove_hidden_groups is passed' do
    327. 

  327.         let(:existing_group) { create(:group, :private) }
    328. 

  328. 

  329.         context 'when set to true' do
    330. 

  330.           let(:remove_hidden_groups) { true }
    331. 

  331. 

  332.           it 'removes the existing private group' do
    333. 

  333.             expect(approval_rule.reload.groups).not_to include(existing_group)
    334. 

  334.           end
    335. 

  335.         end
    336. 

  336. 

  337.         context 'when set to false' do
    338. 

  338.           let(:remove_hidden_groups) { false }
    339. 

  339. 

  340.           it 'does not remove the existing private group' do
    341. 

  341.             expect(approval_rule.reload.groups).to include(existing_group)
    342. 

  342.           end
    343. 

  343.         end
    344. 

  344.       end
    345. 

  345.     end
    346. 

  346.   end
    347. 

  347. 

  348.   describe 'DELETE /projects/:id/merge_requests/:merge_request_iid/approval_rules/:approval_rule_id' do
    349. 

  349.     let(:current_user) { user }
    350. 

  350.     let(:approval_rule) { create(:approval_merge_request_rule, merge_request: merge_request) }
    351. 

  351.     let(:url) { "/projects/#{project.id}/merge_requests/#{merge_request.iid}/approval_rules/#{approval_rule.id}" }
    352. 

  352.     let(:action) { delete api(url, current_user) }
    353. 

  353. 

  354.     it_behaves_like 'a protected API endpoint for merge request approval rule action'
    355. 

  355. 

  356.     context 'when user can update merge request and approval rules can be overridden' do
    357. 

  357.       before do
    358. 

  358.         project.update!(disable_overriding_approvers_per_merge_request: false)
    359. 

  359. 

  360.         action
    361. 

  361.       end
    362. 

  362. 

  363.       it_behaves_like 'a protected API endpoint that only allows action on regular merge request approval rule'
    364. 

  364. 

  365.       it 'responds with 204' do
    366. 

  366.         expect(response).to have_gitlab_http_status(204)
    367. 

  367.       end
    368. 

  368.     end
    369. 

  369.   end
    370. 

  370. end
    371. 

  371.