gitlab-org--gitlab-foss/spec/requests/api/notes_spec.rb

require 'spec_helper'

describe API::API do
  include ApiHelpers
  before(:each) { ActiveRecord::Base.observers.enable(:user_observer) }
  after(:each) { ActiveRecord::Base.observers.disable(:user_observer) }

  let(:user) { create(:user) }
  let!(:project) { create(:project, namespace: user.namespace ) }
  let!(:issue) { create(:issue, project: project, author: user) }
  let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) }
  let!(:snippet) { create(:project_snippet, project: project, author: user) }
  let!(:issue_note) { create(:note, noteable: issue, project: project, author: user) }
  let!(:merge_request_note) { create(:note, noteable: merge_request, project: project, author: user) }
  let!(:snippet_note) { create(:note, noteable: snippet, project: project, author: user) }
  let!(:wall_note) { create(:note, project: project, author: user) }
  before { project.team << [user, :reporter] }

  describe "GET /projects/:id/notes" do
    context "when unauthenticated" do
      it "should return authentication error" do
        get api("/projects/#{project.id}/notes")
        response.status.should == 401
      end
    end

    context "when authenticated" do
      it "should return project wall notes" do
        get api("/projects/#{project.id}/notes", user)
        response.status.should == 200
        json_response.should be_an Array
        json_response.first['body'].should == wall_note.note
      end
    end
  end

  describe "GET /projects/:id/notes/:note_id" do
    it "should return a wall note by id" do
      get api("/projects/#{project.id}/notes/#{wall_note.id}", user)
      response.status.should == 200
      json_response['body'].should == wall_note.note
    end

    it "should return a 404 error if note not found" do
      get api("/projects/#{project.id}/notes/123", user)
      response.status.should == 404
    end
  end

  describe "POST /projects/:id/notes" do
    it "should create a new wall note" do
      post api("/projects/#{project.id}/notes", user), body: 'hi!'
      response.status.should == 201
      json_response['body'].should == 'hi!'
    end

    it "should return 401 unauthorized error" do
      post api("/projects/#{project.id}/notes")
      response.status.should == 401
    end

    it "should return a 400 bad request if body is missing" do
      post api("/projects/#{project.id}/notes", user)
      response.status.should == 400
    end
  end

  describe "GET /projects/:id/noteable/:noteable_id/notes" do
    context "when noteable is an Issue" do
      it "should return an array of issue notes" do
        get api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
        response.status.should == 200
        json_response.should be_an Array
        json_response.first['body'].should == issue_note.note
      end

      it "should return a 404 error when issue id not found" do
        get api("/projects/#{project.id}/issues/123/notes", user)
        response.status.should == 404
      end
    end

    context "when noteable is a Snippet" do
      it "should return an array of snippet notes" do
        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
        response.status.should == 200
        json_response.should be_an Array
        json_response.first['body'].should == snippet_note.note
      end

      it "should return a 404 error when snippet id not found" do
        get api("/projects/#{project.id}/snippets/42/notes", user)
        response.status.should == 404
      end
    end

    context "when noteable is a Merge Request" do
      it "should return an array of merge_requests notes" do
        get api("/projects/#{project.id}/merge_requests/#{merge_request.id}/notes", user)
        response.status.should == 200
        json_response.should be_an Array
        json_response.first['body'].should == merge_request_note.note
      end

      it "should return a 404 error if merge request id not found" do
        get api("/projects/#{project.id}/merge_requests/4444/notes", user)
        response.status.should == 404
      end
    end
  end

  describe "GET /projects/:id/noteable/:noteable_id/notes/:note_id" do
    context "when noteable is an Issue" do
      it "should return an issue note by id" do
        get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", user)
        response.status.should == 200
        json_response['body'].should == issue_note.note
      end

      it "should return a 404 error if issue note not found" do
        get api("/projects/#{project.id}/issues/#{issue.id}/notes/123", user)
        response.status.should == 404
      end
    end

    context "when noteable is a Snippet" do
      it "should return a snippet note by id" do
        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/#{snippet_note.id}", user)
        response.status.should == 200
        json_response['body'].should == snippet_note.note
      end

      it "should return a 404 error if snippet note not found" do
        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/123", user)
        response.status.should == 404
      end
    end
  end

  describe "POST /projects/:id/noteable/:noteable_id/notes" do
    context "when noteable is an Issue" do
      it "should create a new issue note" do
        post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'
        response.status.should == 201
        json_response['body'].should == 'hi!'
        json_response['author']['email'].should == user.email
      end

      it "should return a 400 bad request error if body not given" do
        post api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
        response.status.should == 400
      end

      it "should return a 401 unauthorized error if user not authenticated" do
        post api("/projects/#{project.id}/issues/#{issue.id}/notes"), body: 'hi!'
        response.status.should == 401
      end
    end

    context "when noteable is a Snippet" do
      it "should create a new snippet note" do
        post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user), body: 'hi!'
        response.status.should == 201
        json_response['body'].should == 'hi!'
        json_response['author']['email'].should == user.email
      end

      it "should return a 400 bad request error if body not given" do
        post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
        response.status.should == 400
      end

      it "should return a 401 unauthorized error if user not authenticated" do
        post api("/projects/#{project.id}/snippets/#{snippet.id}/notes"), body: 'hi!'
        response.status.should == 401
      end
    end
  end

  describe "POST /projects/:id/noteable/:noteable_id/notes to test observer on create" do
    before { enable_observers }
    after { disable_observers }

    it "should create an activity event when an issue note is created" do
      Event.should_receive(:create)

      post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'
    end
  end

end
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`require 'spec_helper'`

Refactor API classes. So api classes like Gitlab::Issues become API::Issues 2013-05-14 08:33:31 -04:00			`describe API::API do`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`include ApiHelpers`
Drop support of root namespace in model 2013-09-17 09:12:10 -04:00			`before(:each) { ActiveRecord::Base.observers.enable(:user_observer) }`
			`after(:each) { ActiveRecord::Base.observers.disable(:user_observer) }`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00
			`let(:user) { create(:user) }`
Fix few bugs and tests after refactoring ownership logic 2013-01-02 12:32:34 -05:00			`let!(:project) { create(:project, namespace: user.namespace ) }`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`let!(:issue) { create(:issue, project: project, author: user) }`
Merge Request on forked projects The good: - You can do a merge request for a forked commit and it will merge properly (i.e. it does work). - Push events take into account merge requests on forked projects - Tests around merge_actions now present, spinach, and other rspec tests - Satellites now clean themselves up rather then recreate The questionable: - Events only know about target projects - Project's merge requests only hold on to MR's where they are the target - All operations performed in the satellite The bad: - Duplication between project's repositories and satellites (e.g. commits_between) (for reference: http://feedback.gitlab.com/forums/176466-general/suggestions/3456722-merge-requests-between-projects-repos) Fixes: Make test repos/satellites only create when needed -Spinach/Rspec now only initialize test directory, and setup stubs (things that are relatively cheap) -project_with_code, source_project_with_code, and target_project_with_code now create/destroy their repos individually -fixed remote removal -How to merge renders properly -Update emails to show project/branches -Edit MR doesn't set target branch -Fix some failures on editing/creating merge requests, added a test -Added back a test around merge request observer -Clean up project_transfer_spec, Remove duplicate enable/disable observers -Ensure satellite lock files are cleaned up, Attempted to add some testing around these as well -Signifant speed ups for tests -Update formatting ordering in notes_on_merge_requests -Remove wiki schema update Fixes for search/search results -Search results was using by_project for a list of projects, updated this to use in_projects -updated search results to reference the correct (target) project -udpated search results to print both sides of the merge request Change-Id: I19407990a0950945cc95d62089cbcc6262dab1a8 2013-04-25 10:15:33 -04:00			`let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) }`
Tests fixed 2013-03-25 03:20:14 -04:00			`let!(:snippet) { create(:project_snippet, project: project, author: user) }`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`let!(:issue_note) { create(:note, noteable: issue, project: project, author: user) }`
add specs for api -> merge request notes 2013-01-31 01:42:11 -05:00			`let!(:merge_request_note) { create(:note, noteable: merge_request, project: project, author: user) }`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`let!(:snippet_note) { create(:note, noteable: snippet, project: project, author: user) }`
			`let!(:wall_note) { create(:note, project: project, author: user) }`
Rspec fixes 2013-01-04 11:50:31 -05:00			`before { project.team << [user, :reporter] }`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00
			`describe "GET /projects/:id/notes" do`
			`context "when unauthenticated" do`
			`it "should return authentication error" do`
			`get api("/projects/#{project.id}/notes")`
			`response.status.should == 401`
			`end`
			`end`

			`context "when authenticated" do`
			`it "should return project wall notes" do`
			`get api("/projects/#{project.id}/notes", user)`
			`response.status.should == 200`
			`json_response.should be_an Array`
			`json_response.first['body'].should == wall_note.note`
			`end`
			`end`
			`end`

API: get a single wall note 2012-12-01 05:20:45 -05:00			`describe "GET /projects/:id/notes/:note_id" do`
			`it "should return a wall note by id" do`
			`get api("/projects/#{project.id}/notes/#{wall_note.id}", user)`
			`response.status.should == 200`
			`json_response['body'].should == wall_note.note`
			`end`
Status code 400 is returned if body is missing on note creation. If a note is created with a POST request via API (`/projects/:id/notes`) status code 400 is returned instead of 404. The resource itself exists but the request is incomplete. Specs added to check different status codes when accessing, creating and updating notes. 2013-02-06 10:34:06 -05:00
			`it "should return a 404 error if note not found" do`
			`get api("/projects/#{project.id}/notes/123", user)`
			`response.status.should == 404`
			`end`
API: get a single wall note 2012-12-01 05:20:45 -05:00			`end`

API: ability to create a wall note 2012-11-29 18:52:56 -05:00			`describe "POST /projects/:id/notes" do`
			`it "should create a new wall note" do`
			`post api("/projects/#{project.id}/notes", user), body: 'hi!'`
			`response.status.should == 201`
			`json_response['body'].should == 'hi!'`
			`end`
Status code 400 is returned if body is missing on note creation. If a note is created with a POST request via API (`/projects/:id/notes`) status code 400 is returned instead of 404. The resource itself exists but the request is incomplete. Specs added to check different status codes when accessing, creating and updating notes. 2013-02-06 10:34:06 -05:00
API: fixes return codes for notes, documentation updated The notes API documentation updated with return codes. API now returns `400 Bad Request` if required attributes are not present. Return codes are documented now, also tested in added tests. The documentation now reflects the current state of the API. 2013-02-20 16:17:05 -05:00			`it "should return 401 unauthorized error" do`
			`post api("/projects/#{project.id}/notes")`
			`response.status.should == 401`
			`end`

			`it "should return a 400 bad request if body is missing" do`
Status code 400 is returned if body is missing on note creation. If a note is created with a POST request via API (`/projects/:id/notes`) status code 400 is returned instead of 404. The resource itself exists but the request is incomplete. Specs added to check different status codes when accessing, creating and updating notes. 2013-02-06 10:34:06 -05:00			`post api("/projects/#{project.id}/notes", user)`
			`response.status.should == 400`
			`end`
API: ability to create a wall note 2012-11-29 18:52:56 -05:00			`end`

API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`describe "GET /projects/:id/noteable/:noteable_id/notes" do`
			`context "when noteable is an Issue" do`
API: get a single note 2012-11-29 14:33:41 -05:00			`it "should return an array of issue notes" do`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`get api("/projects/#{project.id}/issues/#{issue.id}/notes", user)`
			`response.status.should == 200`
			`json_response.should be_an Array`
			`json_response.first['body'].should == issue_note.note`
			`end`
Status code 400 is returned if body is missing on note creation. If a note is created with a POST request via API (`/projects/:id/notes`) status code 400 is returned instead of 404. The resource itself exists but the request is incomplete. Specs added to check different status codes when accessing, creating and updating notes. 2013-02-06 10:34:06 -05:00
			`it "should return a 404 error when issue id not found" do`
			`get api("/projects/#{project.id}/issues/123/notes", user)`
			`response.status.should == 404`
			`end`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`end`

			`context "when noteable is a Snippet" do`
API: get a single note 2012-11-29 14:33:41 -05:00			`it "should return an array of snippet notes" do`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)`
			`response.status.should == 200`
			`json_response.should be_an Array`
			`json_response.first['body'].should == snippet_note.note`
			`end`
Status code 400 is returned if body is missing on note creation. If a note is created with a POST request via API (`/projects/:id/notes`) status code 400 is returned instead of 404. The resource itself exists but the request is incomplete. Specs added to check different status codes when accessing, creating and updating notes. 2013-02-06 10:34:06 -05:00
			`it "should return a 404 error when snippet id not found" do`
			`get api("/projects/#{project.id}/snippets/42/notes", user)`
			`response.status.should == 404`
			`end`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`end`
add specs for api -> merge request notes 2013-01-31 01:42:11 -05:00
			`context "when noteable is a Merge Request" do`
			`it "should return an array of merge_requests notes" do`
			`get api("/projects/#{project.id}/merge_requests/#{merge_request.id}/notes", user)`
			`response.status.should == 200`
			`json_response.should be_an Array`
			`json_response.first['body'].should == merge_request_note.note`
			`end`
API: fixes return codes for notes, documentation updated The notes API documentation updated with return codes. API now returns `400 Bad Request` if required attributes are not present. Return codes are documented now, also tested in added tests. The documentation now reflects the current state of the API. 2013-02-20 16:17:05 -05:00
			`it "should return a 404 error if merge request id not found" do`
			`get api("/projects/#{project.id}/merge_requests/4444/notes", user)`
			`response.status.should == 404`
			`end`
			`end`
API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`end`
API: get a single note 2012-11-29 14:33:41 -05:00
			`describe "GET /projects/:id/noteable/:noteable_id/notes/:note_id" do`
			`context "when noteable is an Issue" do`
			`it "should return an issue note by id" do`
			`get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", user)`
			`response.status.should == 200`
			`json_response['body'].should == issue_note.note`
			`end`
Status code 400 is returned if body is missing on note creation. If a note is created with a POST request via API (`/projects/:id/notes`) status code 400 is returned instead of 404. The resource itself exists but the request is incomplete. Specs added to check different status codes when accessing, creating and updating notes. 2013-02-06 10:34:06 -05:00
			`it "should return a 404 error if issue note not found" do`
			`get api("/projects/#{project.id}/issues/#{issue.id}/notes/123", user)`
			`response.status.should == 404`
			`end`
API: get a single note 2012-11-29 14:33:41 -05:00			`end`

			`context "when noteable is a Snippet" do`
			`it "should return a snippet note by id" do`
			`get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/#{snippet_note.id}", user)`
			`response.status.should == 200`
			`json_response['body'].should == snippet_note.note`
			`end`
Status code 400 is returned if body is missing on note creation. If a note is created with a POST request via API (`/projects/:id/notes`) status code 400 is returned instead of 404. The resource itself exists but the request is incomplete. Specs added to check different status codes when accessing, creating and updating notes. 2013-02-06 10:34:06 -05:00
			`it "should return a 404 error if snippet note not found" do`
			`get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/123", user)`
			`response.status.should == 404`
			`end`
API: get a single note 2012-11-29 14:33:41 -05:00			`end`
			`end`
API: create new notes 2012-11-29 15:06:24 -05:00
			`describe "POST /projects/:id/noteable/:noteable_id/notes" do`
			`context "when noteable is an Issue" do`
			`it "should create a new issue note" do`
			`post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'`
			`response.status.should == 201`
			`json_response['body'].should == 'hi!'`
			`json_response['author']['email'].should == user.email`
			`end`
API: fixes return codes for notes, documentation updated The notes API documentation updated with return codes. API now returns `400 Bad Request` if required attributes are not present. Return codes are documented now, also tested in added tests. The documentation now reflects the current state of the API. 2013-02-20 16:17:05 -05:00
			`it "should return a 400 bad request error if body not given" do`
			`post api("/projects/#{project.id}/issues/#{issue.id}/notes", user)`
			`response.status.should == 400`
			`end`

			`it "should return a 401 unauthorized error if user not authenticated" do`
			`post api("/projects/#{project.id}/issues/#{issue.id}/notes"), body: 'hi!'`
			`response.status.should == 401`
			`end`
API: create new notes 2012-11-29 15:06:24 -05:00			`end`

			`context "when noteable is a Snippet" do`
			`it "should create a new snippet note" do`
			`post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user), body: 'hi!'`
			`response.status.should == 201`
			`json_response['body'].should == 'hi!'`
			`json_response['author']['email'].should == user.email`
			`end`
API: fixes return codes for notes, documentation updated The notes API documentation updated with return codes. API now returns `400 Bad Request` if required attributes are not present. Return codes are documented now, also tested in added tests. The documentation now reflects the current state of the API. 2013-02-20 16:17:05 -05:00
			`it "should return a 400 bad request error if body not given" do`
			`post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)`
			`response.status.should == 400`
			`end`

			`it "should return a 401 unauthorized error if user not authenticated" do`
			`post api("/projects/#{project.id}/snippets/#{snippet.id}/notes"), body: 'hi!'`
			`response.status.should == 401`
			`end`
			`end`
API: create new notes 2012-11-29 15:06:24 -05:00			`end`
Fixing unsafe use of Thread.current variable :current_user 2013-10-04 15:11:50 -04:00
			`describe "POST /projects/:id/noteable/:noteable_id/notes to test observer on create" do`
			`before { enable_observers }`
			`after { disable_observers }`

			`it "should create an activity event when an issue note is created" do`
			`Event.should_receive(:create)`

			`post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'`
			`end`
			`end`

API: list wall, snippet and issue notes 2012-11-27 14:43:39 -05:00			`end`