PageRenderTime 57ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 1ms

/spec/requests/api/notes_spec.rb

https://gitlab.com/mattl/gitlab-ce
Ruby | 406 lines | 306 code | 92 blank | 8 comment | 7 complexity | 77eac8f855f3978559211b64b5537664 MD5 | raw file
  1. require 'spec_helper'
  2. describe API::API, api: true do
  3. include ApiHelpers
  4. let(:user) { create(:user) }
  5. let!(:project) { create(:project, :public, namespace: user.namespace) }
  6. let!(:issue) { create(:issue, project: project, author: user) }
  7. let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) }
  8. let!(:snippet) { create(:project_snippet, project: project, author: user) }
  9. let!(:issue_note) { create(:note, noteable: issue, project: project, author: user) }
  10. let!(:merge_request_note) { create(:note, noteable: merge_request, project: project, author: user) }
  11. let!(:snippet_note) { create(:note, noteable: snippet, project: project, author: user) }
  12. # For testing the cross-reference of a private issue in a public issue
  13. let(:private_user) { create(:user) }
  14. let(:private_project) do
  15. create(:project, namespace: private_user.namespace).
  16. tap { |p| p.team << [private_user, :master] }
  17. end
  18. let(:private_issue) { create(:issue, project: private_project) }
  19. let(:ext_proj) { create(:project, :public) }
  20. let(:ext_issue) { create(:issue, project: ext_proj) }
  21. let!(:cross_reference_note) do
  22. create :note,
  23. noteable: ext_issue, project: ext_proj,
  24. note: "Mentioned in issue #{private_issue.to_reference(ext_proj)}",
  25. system: true
  26. end
  27. before { project.team << [user, :reporter] }
  28. describe "GET /projects/:id/noteable/:noteable_id/notes" do
  29. it_behaves_like 'a paginated resources' do
  30. let(:request) { get api("/projects/#{project.id}/issues/#{issue.id}/notes", user) }
  31. end
  32. context "when noteable is an Issue" do
  33. it "returns an array of issue notes" do
  34. get api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
  35. expect(response).to have_http_status(200)
  36. expect(json_response).to be_an Array
  37. expect(json_response.first['body']).to eq(issue_note.note)
  38. end
  39. it "returns a 404 error when issue id not found" do
  40. get api("/projects/#{project.id}/issues/12345/notes", user)
  41. expect(response).to have_http_status(404)
  42. end
  43. context "and current user cannot view the notes" do
  44. it "returns an empty array" do
  45. get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", user)
  46. expect(response).to have_http_status(200)
  47. expect(json_response).to be_an Array
  48. expect(json_response).to be_empty
  49. end
  50. context "and issue is confidential" do
  51. before { ext_issue.update_attributes(confidential: true) }
  52. it "returns 404" do
  53. get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", user)
  54. expect(response).to have_http_status(404)
  55. end
  56. end
  57. context "and current user can view the note" do
  58. it "returns an empty array" do
  59. get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", private_user)
  60. expect(response).to have_http_status(200)
  61. expect(json_response).to be_an Array
  62. expect(json_response.first['body']).to eq(cross_reference_note.note)
  63. end
  64. end
  65. end
  66. end
  67. context "when noteable is a Snippet" do
  68. it "returns an array of snippet notes" do
  69. get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
  70. expect(response).to have_http_status(200)
  71. expect(json_response).to be_an Array
  72. expect(json_response.first['body']).to eq(snippet_note.note)
  73. end
  74. it "returns a 404 error when snippet id not found" do
  75. get api("/projects/#{project.id}/snippets/42/notes", user)
  76. expect(response).to have_http_status(404)
  77. end
  78. it "returns 404 when not authorized" do
  79. get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", private_user)
  80. expect(response).to have_http_status(404)
  81. end
  82. end
  83. context "when noteable is a Merge Request" do
  84. it "returns an array of merge_requests notes" do
  85. get api("/projects/#{project.id}/merge_requests/#{merge_request.id}/notes", user)
  86. expect(response).to have_http_status(200)
  87. expect(json_response).to be_an Array
  88. expect(json_response.first['body']).to eq(merge_request_note.note)
  89. end
  90. it "returns a 404 error if merge request id not found" do
  91. get api("/projects/#{project.id}/merge_requests/4444/notes", user)
  92. expect(response).to have_http_status(404)
  93. end
  94. it "returns 404 when not authorized" do
  95. get api("/projects/#{project.id}/merge_requests/4444/notes", private_user)
  96. expect(response).to have_http_status(404)
  97. end
  98. end
  99. end
  100. describe "GET /projects/:id/noteable/:noteable_id/notes/:note_id" do
  101. context "when noteable is an Issue" do
  102. it "returns an issue note by id" do
  103. get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", user)
  104. expect(response).to have_http_status(200)
  105. expect(json_response['body']).to eq(issue_note.note)
  106. end
  107. it "returns a 404 error if issue note not found" do
  108. get api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user)
  109. expect(response).to have_http_status(404)
  110. end
  111. context "and current user cannot view the note" do
  112. it "returns a 404 error" do
  113. get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes/#{cross_reference_note.id}", user)
  114. expect(response).to have_http_status(404)
  115. end
  116. context "when issue is confidential" do
  117. before { issue.update_attributes(confidential: true) }
  118. it "returns 404" do
  119. get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", private_user)
  120. expect(response).to have_http_status(404)
  121. end
  122. end
  123. context "and current user can view the note" do
  124. it "returns an issue note by id" do
  125. get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes/#{cross_reference_note.id}", private_user)
  126. expect(response).to have_http_status(200)
  127. expect(json_response['body']).to eq(cross_reference_note.note)
  128. end
  129. end
  130. end
  131. end
  132. context "when noteable is a Snippet" do
  133. it "returns a snippet note by id" do
  134. get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/#{snippet_note.id}", user)
  135. expect(response).to have_http_status(200)
  136. expect(json_response['body']).to eq(snippet_note.note)
  137. end
  138. it "returns a 404 error if snippet note not found" do
  139. get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/12345", user)
  140. expect(response).to have_http_status(404)
  141. end
  142. end
  143. end
  144. describe "POST /projects/:id/noteable/:noteable_id/notes" do
  145. context "when noteable is an Issue" do
  146. it "creates a new issue note" do
  147. post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'
  148. expect(response).to have_http_status(201)
  149. expect(json_response['body']).to eq('hi!')
  150. expect(json_response['author']['username']).to eq(user.username)
  151. end
  152. it "returns a 400 bad request error if body not given" do
  153. post api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
  154. expect(response).to have_http_status(400)
  155. end
  156. it "returns a 401 unauthorized error if user not authenticated" do
  157. post api("/projects/#{project.id}/issues/#{issue.id}/notes"), body: 'hi!'
  158. expect(response).to have_http_status(401)
  159. end
  160. context 'when an admin or owner makes the request' do
  161. it 'accepts the creation date to be set' do
  162. creation_time = 2.weeks.ago
  163. post api("/projects/#{project.id}/issues/#{issue.id}/notes", user),
  164. body: 'hi!', created_at: creation_time
  165. expect(response).to have_http_status(201)
  166. expect(json_response['body']).to eq('hi!')
  167. expect(json_response['author']['username']).to eq(user.username)
  168. expect(Time.parse(json_response['created_at'])).to be_within(1.second).of(creation_time)
  169. end
  170. end
  171. context 'when the user is posting an award emoji' do
  172. it 'returns an award emoji' do
  173. post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: ':+1:'
  174. expect(response).to have_http_status(201)
  175. expect(json_response['awardable_id']).to eq issue.id
  176. end
  177. end
  178. end
  179. context "when noteable is a Snippet" do
  180. it "creates a new snippet note" do
  181. post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user), body: 'hi!'
  182. expect(response).to have_http_status(201)
  183. expect(json_response['body']).to eq('hi!')
  184. expect(json_response['author']['username']).to eq(user.username)
  185. end
  186. it "returns a 400 bad request error if body not given" do
  187. post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
  188. expect(response).to have_http_status(400)
  189. end
  190. it "returns a 401 unauthorized error if user not authenticated" do
  191. post api("/projects/#{project.id}/snippets/#{snippet.id}/notes"), body: 'hi!'
  192. expect(response).to have_http_status(401)
  193. end
  194. end
  195. context 'when user does not have access to create noteable' do
  196. let(:private_issue) { create(:issue, project: create(:project, :private)) }
  197. ##
  198. # We are posting to project user has access to, but we use issue id
  199. # from a different project, see #15577
  200. #
  201. before do
  202. post api("/projects/#{project.id}/issues/#{private_issue.id}/notes", user),
  203. body: 'Hi!'
  204. end
  205. it 'responds with resource not found error' do
  206. expect(response.status).to eq 404
  207. end
  208. it 'does not create new note' do
  209. expect(private_issue.notes.reload).to be_empty
  210. end
  211. end
  212. end
  213. describe "POST /projects/:id/noteable/:noteable_id/notes to test observer on create" do
  214. it "creates an activity event when an issue note is created" do
  215. expect(Event).to receive(:create)
  216. post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'
  217. end
  218. end
  219. describe 'PUT /projects/:id/noteable/:noteable_id/notes/:note_id' do
  220. context 'when noteable is an Issue' do
  221. it 'returns modified note' do
  222. put api("/projects/#{project.id}/issues/#{issue.id}/"\
  223. "notes/#{issue_note.id}", user), body: 'Hello!'
  224. expect(response).to have_http_status(200)
  225. expect(json_response['body']).to eq('Hello!')
  226. end
  227. it 'returns a 404 error when note id not found' do
  228. put api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user),
  229. body: 'Hello!'
  230. expect(response).to have_http_status(404)
  231. end
  232. it 'returns a 400 bad request error if body not given' do
  233. put api("/projects/#{project.id}/issues/#{issue.id}/"\
  234. "notes/#{issue_note.id}", user)
  235. expect(response).to have_http_status(400)
  236. end
  237. end
  238. context 'when noteable is a Snippet' do
  239. it 'returns modified note' do
  240. put api("/projects/#{project.id}/snippets/#{snippet.id}/"\
  241. "notes/#{snippet_note.id}", user), body: 'Hello!'
  242. expect(response).to have_http_status(200)
  243. expect(json_response['body']).to eq('Hello!')
  244. end
  245. it 'returns a 404 error when note id not found' do
  246. put api("/projects/#{project.id}/snippets/#{snippet.id}/"\
  247. "notes/12345", user), body: "Hello!"
  248. expect(response).to have_http_status(404)
  249. end
  250. end
  251. context 'when noteable is a Merge Request' do
  252. it 'returns modified note' do
  253. put api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\
  254. "notes/#{merge_request_note.id}", user), body: 'Hello!'
  255. expect(response).to have_http_status(200)
  256. expect(json_response['body']).to eq('Hello!')
  257. end
  258. it 'returns a 404 error when note id not found' do
  259. put api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\
  260. "notes/12345", user), body: "Hello!"
  261. expect(response).to have_http_status(404)
  262. end
  263. end
  264. end
  265. describe 'DELETE /projects/:id/noteable/:noteable_id/notes/:note_id' do
  266. context 'when noteable is an Issue' do
  267. it 'deletes a note' do
  268. delete api("/projects/#{project.id}/issues/#{issue.id}/"\
  269. "notes/#{issue_note.id}", user)
  270. expect(response).to have_http_status(200)
  271. # Check if note is really deleted
  272. delete api("/projects/#{project.id}/issues/#{issue.id}/"\
  273. "notes/#{issue_note.id}", user)
  274. expect(response).to have_http_status(404)
  275. end
  276. it 'returns a 404 error when note id not found' do
  277. delete api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user)
  278. expect(response).to have_http_status(404)
  279. end
  280. end
  281. context 'when noteable is a Snippet' do
  282. it 'deletes a note' do
  283. delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
  284. "notes/#{snippet_note.id}", user)
  285. expect(response).to have_http_status(200)
  286. # Check if note is really deleted
  287. delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
  288. "notes/#{snippet_note.id}", user)
  289. expect(response).to have_http_status(404)
  290. end
  291. it 'returns a 404 error when note id not found' do
  292. delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
  293. "notes/12345", user)
  294. expect(response).to have_http_status(404)
  295. end
  296. end
  297. context 'when noteable is a Merge Request' do
  298. it 'deletes a note' do
  299. delete api("/projects/#{project.id}/merge_requests/"\
  300. "#{merge_request.id}/notes/#{merge_request_note.id}", user)
  301. expect(response).to have_http_status(200)
  302. # Check if note is really deleted
  303. delete api("/projects/#{project.id}/merge_requests/"\
  304. "#{merge_request.id}/notes/#{merge_request_note.id}", user)
  305. expect(response).to have_http_status(404)
  306. end
  307. it 'returns a 404 error when note id not found' do
  308. delete api("/projects/#{project.id}/merge_requests/"\
  309. "#{merge_request.id}/notes/12345", user)
  310. expect(response).to have_http_status(404)
  311. end
  312. end
  313. end
  314. end