gitlab-org--gitlab-foss/spec/requests/api/notes_spec.rb

407 lines
14 KiB
Ruby
Raw Normal View History

require 'spec_helper'
2014-04-11 15:45:56 -04:00
describe API::API, api: true do
include ApiHelpers
let(:user) { create(:user) }
2016-05-16 15:43:19 -04:00
let!(:project) { create(:project, :public, namespace: user.namespace) }
let!(:issue) { create(:issue, project: project, author: user) }
Merge Request on forked projects The good: - You can do a merge request for a forked commit and it will merge properly (i.e. it does work). - Push events take into account merge requests on forked projects - Tests around merge_actions now present, spinach, and other rspec tests - Satellites now clean themselves up rather then recreate The questionable: - Events only know about target projects - Project's merge requests only hold on to MR's where they are the target - All operations performed in the satellite The bad: - Duplication between project's repositories and satellites (e.g. commits_between) (for reference: http://feedback.gitlab.com/forums/176466-general/suggestions/3456722-merge-requests-between-projects-repos) Fixes: Make test repos/satellites only create when needed -Spinach/Rspec now only initialize test directory, and setup stubs (things that are relatively cheap) -project_with_code, source_project_with_code, and target_project_with_code now create/destroy their repos individually -fixed remote removal -How to merge renders properly -Update emails to show project/branches -Edit MR doesn't set target branch -Fix some failures on editing/creating merge requests, added a test -Added back a test around merge request observer -Clean up project_transfer_spec, Remove duplicate enable/disable observers -Ensure satellite lock files are cleaned up, Attempted to add some testing around these as well -Signifant speed ups for tests -Update formatting ordering in notes_on_merge_requests -Remove wiki schema update Fixes for search/search results -Search results was using by_project for a list of projects, updated this to use in_projects -updated search results to reference the correct (target) project -udpated search results to print both sides of the merge request Change-Id: I19407990a0950945cc95d62089cbcc6262dab1a8
2013-04-25 10:15:33 -04:00
let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) }
2013-03-25 03:20:14 -04:00
let!(:snippet) { create(:project_snippet, project: project, author: user) }
let!(:issue_note) { create(:note, noteable: issue, project: project, author: user) }
let!(:merge_request_note) { create(:note, noteable: merge_request, project: project, author: user) }
let!(:snippet_note) { create(:note, noteable: snippet, project: project, author: user) }
# For testing the cross-reference of a private issue in a public issue
let(:private_user) { create(:user) }
2016-01-14 04:04:48 -05:00
let(:private_project) do
create(:project, namespace: private_user.namespace).
tap { |p| p.team << [private_user, :master] }
2016-01-14 04:04:48 -05:00
end
let(:private_issue) { create(:issue, project: private_project) }
let(:ext_proj) { create(:project, :public) }
let(:ext_issue) { create(:issue, project: ext_proj) }
2016-01-14 04:04:48 -05:00
let!(:cross_reference_note) do
create :note,
noteable: ext_issue, project: ext_proj,
note: "Mentioned in issue #{private_issue.to_reference(ext_proj)}",
system: true
2016-01-14 04:04:48 -05:00
end
2013-01-04 11:50:31 -05:00
before { project.team << [user, :reporter] }
describe "GET /projects/:id/noteable/:noteable_id/notes" do
it_behaves_like 'a paginated resources' do
let(:request) { get api("/projects/#{project.id}/issues/#{issue.id}/notes", user) }
end
context "when noteable is an Issue" do
it "returns an array of issue notes" do
get api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first['body']).to eq(issue_note.note)
end
it "returns a 404 error when issue id not found" do
get api("/projects/#{project.id}/issues/12345/notes", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
2016-05-16 15:43:19 -04:00
context "and current user cannot view the notes" do
it "returns an empty array" do
get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response).to be_empty
end
context "and issue is confidential" do
before { ext_issue.update_attributes(confidential: true) }
it "returns 404" do
get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
end
context "and current user can view the note" do
it "returns an empty array" do
get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", private_user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first['body']).to eq(cross_reference_note.note)
end
end
end
end
context "when noteable is a Snippet" do
it "returns an array of snippet notes" do
get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first['body']).to eq(snippet_note.note)
end
it "returns a 404 error when snippet id not found" do
get api("/projects/#{project.id}/snippets/42/notes", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
it "returns 404 when not authorized" do
get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", private_user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
end
context "when noteable is a Merge Request" do
it "returns an array of merge_requests notes" do
get api("/projects/#{project.id}/merge_requests/#{merge_request.id}/notes", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first['body']).to eq(merge_request_note.note)
end
it "returns a 404 error if merge request id not found" do
get api("/projects/#{project.id}/merge_requests/4444/notes", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
it "returns 404 when not authorized" do
get api("/projects/#{project.id}/merge_requests/4444/notes", private_user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
end
end
2012-11-29 14:33:41 -05:00
describe "GET /projects/:id/noteable/:noteable_id/notes/:note_id" do
context "when noteable is an Issue" do
it "returns an issue note by id" do
2012-11-29 14:33:41 -05:00
get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response['body']).to eq(issue_note.note)
2012-11-29 14:33:41 -05:00
end
it "returns a 404 error if issue note not found" do
get api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
2016-05-16 15:43:19 -04:00
context "and current user cannot view the note" do
it "returns a 404 error" do
get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes/#{cross_reference_note.id}", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
2016-05-16 15:43:19 -04:00
context "when issue is confidential" do
before { issue.update_attributes(confidential: true) }
it "returns 404" do
get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", private_user)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2016-05-16 15:43:19 -04:00
end
end
context "and current user can view the note" do
it "returns an issue note by id" do
get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes/#{cross_reference_note.id}", private_user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response['body']).to eq(cross_reference_note.note)
end
end
end
2012-11-29 14:33:41 -05:00
end
context "when noteable is a Snippet" do
it "returns a snippet note by id" do
2012-11-29 14:33:41 -05:00
get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/#{snippet_note.id}", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response['body']).to eq(snippet_note.note)
2012-11-29 14:33:41 -05:00
end
it "returns a 404 error if snippet note not found" do
get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/12345", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
2012-11-29 14:33:41 -05:00
end
end
2012-11-29 15:06:24 -05:00
describe "POST /projects/:id/noteable/:noteable_id/notes" do
context "when noteable is an Issue" do
it "creates a new issue note" do
2012-11-29 15:06:24 -05:00
post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(201)
expect(json_response['body']).to eq('hi!')
expect(json_response['author']['username']).to eq(user.username)
2012-11-29 15:06:24 -05:00
end
it "returns a 400 bad request error if body not given" do
post api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(400)
end
it "returns a 401 unauthorized error if user not authenticated" do
post api("/projects/#{project.id}/issues/#{issue.id}/notes"), body: 'hi!'
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(401)
end
2016-04-05 14:04:11 -04:00
context 'when an admin or owner makes the request' do
it 'accepts the creation date to be set' do
creation_time = 2.weeks.ago
post api("/projects/#{project.id}/issues/#{issue.id}/notes", user),
body: 'hi!', created_at: creation_time
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(201)
2016-04-05 14:04:11 -04:00
expect(json_response['body']).to eq('hi!')
expect(json_response['author']['username']).to eq(user.username)
expect(Time.parse(json_response['created_at'])).to be_within(1.second).of(creation_time)
end
end
context 'when the user is posting an award emoji' do
it 'returns an award emoji' do
post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: ':+1:'
expect(response).to have_http_status(201)
expect(json_response['awardable_id']).to eq issue.id
end
end
2012-11-29 15:06:24 -05:00
end
context "when noteable is a Snippet" do
it "creates a new snippet note" do
2012-11-29 15:06:24 -05:00
post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user), body: 'hi!'
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(201)
expect(json_response['body']).to eq('hi!')
expect(json_response['author']['username']).to eq(user.username)
2012-11-29 15:06:24 -05:00
end
it "returns a 400 bad request error if body not given" do
post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(400)
end
it "returns a 401 unauthorized error if user not authenticated" do
post api("/projects/#{project.id}/snippets/#{snippet.id}/notes"), body: 'hi!'
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(401)
end
end
context 'when user does not have access to create noteable' do
let(:private_issue) { create(:issue, project: create(:project, :private)) }
##
# We are posting to project user has access to, but we use issue id
# from a different project, see #15577
#
before do
post api("/projects/#{project.id}/issues/#{private_issue.id}/notes", user),
body: 'Hi!'
end
it 'responds with resource not found error' do
expect(response.status).to eq 404
end
it 'does not create new note' do
expect(private_issue.notes.reload).to be_empty
end
end
2012-11-29 15:06:24 -05:00
end
describe "POST /projects/:id/noteable/:noteable_id/notes to test observer on create" do
it "creates an activity event when an issue note is created" do
expect(Event).to receive(:create)
post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'
end
end
describe 'PUT /projects/:id/noteable/:noteable_id/notes/:note_id' do
context 'when noteable is an Issue' do
it 'returns modified note' do
put api("/projects/#{project.id}/issues/#{issue.id}/"\
"notes/#{issue_note.id}", user), body: 'Hello!'
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response['body']).to eq('Hello!')
end
it 'returns a 404 error when note id not found' do
put api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user),
body: 'Hello!'
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
it 'returns a 400 bad request error if body not given' do
put api("/projects/#{project.id}/issues/#{issue.id}/"\
"notes/#{issue_note.id}", user)
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(400)
end
end
context 'when noteable is a Snippet' do
it 'returns modified note' do
put api("/projects/#{project.id}/snippets/#{snippet.id}/"\
"notes/#{snippet_note.id}", user), body: 'Hello!'
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response['body']).to eq('Hello!')
end
it 'returns a 404 error when note id not found' do
put api("/projects/#{project.id}/snippets/#{snippet.id}/"\
"notes/12345", user), body: "Hello!"
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
end
context 'when noteable is a Merge Request' do
it 'returns modified note' do
put api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\
"notes/#{merge_request_note.id}", user), body: 'Hello!'
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response['body']).to eq('Hello!')
end
it 'returns a 404 error when note id not found' do
put api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\
"notes/12345", user), body: "Hello!"
2016-05-10 15:06:02 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
end
end
2016-04-06 13:04:17 -04:00
describe 'DELETE /projects/:id/noteable/:noteable_id/notes/:note_id' do
2016-04-05 19:21:02 -04:00
context 'when noteable is an Issue' do
2016-04-12 09:43:29 -04:00
it 'deletes a note' do
2016-04-05 19:21:02 -04:00
delete api("/projects/#{project.id}/issues/#{issue.id}/"\
"notes/#{issue_note.id}", user)
2016-04-06 13:04:17 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2016-04-06 13:04:17 -04:00
# Check if note is really deleted
delete api("/projects/#{project.id}/issues/#{issue.id}/"\
"notes/#{issue_note.id}", user)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2016-04-05 19:21:02 -04:00
end
2016-04-12 09:43:29 -04:00
it 'returns a 404 error when note id not found' do
delete api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user)
2016-04-06 13:04:17 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2016-04-05 19:21:02 -04:00
end
end
context 'when noteable is a Snippet' do
2016-04-12 09:43:29 -04:00
it 'deletes a note' do
2016-04-05 19:21:02 -04:00
delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
"notes/#{snippet_note.id}", user)
2016-04-06 13:04:17 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2016-04-06 13:04:17 -04:00
# Check if note is really deleted
delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
"notes/#{snippet_note.id}", user)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2016-04-05 19:21:02 -04:00
end
2016-04-12 09:43:29 -04:00
it 'returns a 404 error when note id not found' do
2016-04-05 19:21:02 -04:00
delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
"notes/12345", user)
2016-04-06 13:04:17 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2016-04-05 19:21:02 -04:00
end
end
context 'when noteable is a Merge Request' do
2016-04-12 09:43:29 -04:00
it 'deletes a note' do
2016-04-05 19:21:02 -04:00
delete api("/projects/#{project.id}/merge_requests/"\
"#{merge_request.id}/notes/#{merge_request_note.id}", user)
2016-04-06 13:04:17 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2016-04-06 13:04:17 -04:00
# Check if note is really deleted
delete api("/projects/#{project.id}/merge_requests/"\
"#{merge_request.id}/notes/#{merge_request_note.id}", user)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2016-04-05 19:21:02 -04:00
end
2016-04-12 09:43:29 -04:00
it 'returns a 404 error when note id not found' do
2016-04-05 19:21:02 -04:00
delete api("/projects/#{project.id}/merge_requests/"\
"#{merge_request.id}/notes/12345", user)
2016-04-06 13:04:17 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2016-04-05 19:21:02 -04:00
end
end
end
end