gitlab-org--gitlab-foss/spec/requests/api/groups_spec.rb

529 lines
16 KiB
Ruby
Raw Normal View History

2013-02-01 08:59:22 -05:00
require 'spec_helper'
describe API::Groups, api: true do
2013-02-01 08:59:22 -05:00
include ApiHelpers
2016-08-18 10:31:44 -04:00
include UploadHelpers
2013-02-01 08:59:22 -05:00
let(:user1) { create(:user, can_create_group: false) }
let(:user2) { create(:user) }
let(:user3) { create(:user) }
2013-02-01 08:59:22 -05:00
let(:admin) { create(:admin) }
2016-08-18 10:31:44 -04:00
let!(:group1) { create(:group, avatar: File.open(uploaded_image_temp_path)) }
2016-03-20 17:55:08 -04:00
let!(:group2) { create(:group, :private) }
let!(:project1) { create(:empty_project, namespace: group1) }
let!(:project2) { create(:empty_project, namespace: group2) }
let!(:project3) { create(:empty_project, namespace: group1, path: 'test', visibility_level: Gitlab::VisibilityLevel::PRIVATE) }
2013-09-26 07:52:17 -04:00
before do
group1.add_owner(user1)
group2.add_owner(user2)
end
2013-02-01 08:59:22 -05:00
describe "GET /groups" do
context "when unauthenticated" do
it "returns authentication error" do
2013-02-01 08:59:22 -05:00
get api("/groups")
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(401)
2013-02-01 08:59:22 -05:00
end
end
context "when authenticated as user" do
it "normal user: returns an array of groups of user1" do
2013-02-01 08:59:22 -05:00
get api("/groups", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(group1.name)
2013-02-01 08:59:22 -05:00
end
it "does not include statistics" do
get api("/groups", user1), statistics: true
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first).not_to include 'statistics'
end
2013-02-01 08:59:22 -05:00
end
2013-03-20 17:46:30 -04:00
context "when authenticated as admin" do
it "admin: returns an array of all groups" do
2013-02-01 08:59:22 -05:00
get api("/groups", admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.length).to eq(2)
2013-02-01 08:59:22 -05:00
end
it "does not include statistics by default" do
get api("/groups", admin)
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first).not_to include('statistics')
end
it "includes statistics if requested" do
attributes = {
storage_size: 702,
repository_size: 123,
lfs_objects_size: 234,
build_artifacts_size: 345,
}
project1.statistics.update!(attributes)
get api("/groups", admin), statistics: true
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first['statistics']).to eq attributes.stringify_keys
end
2013-02-01 08:59:22 -05:00
end
2016-09-01 13:23:39 -04:00
context "when using skip_groups in request" do
it "returns all groups excluding skipped groups" do
get api("/groups", admin), skip_groups: [group2.id]
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
end
end
context "when using all_available in request" do
let(:response_groups) { json_response.map { |group| group['name'] } }
it "returns all groups you have access to" do
public_group = create :group, :public
get api("/groups", user1), all_available: true
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(response_groups).to contain_exactly(public_group.name, group1.name)
end
end
context "when using sorting" do
let(:group3) { create(:group, name: "a#{group1.name}", path: "z#{group1.path}") }
let(:response_groups) { json_response.map { |group| group['name'] } }
before do
group3.add_owner(user1)
end
it "sorts by name ascending by default" do
get api("/groups", user1)
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(response_groups).to eq([group3.name, group1.name])
end
it "sorts in descending order when passed" do
get api("/groups", user1), sort: "desc"
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(response_groups).to eq([group1.name, group3.name])
end
it "sorts by the order_by param" do
get api("/groups", user1), order_by: "path"
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(response_groups).to eq([group1.name, group3.name])
end
end
2013-02-01 08:59:22 -05:00
end
2013-03-20 17:46:30 -04:00
2016-10-25 09:22:12 -04:00
describe 'GET /groups/owned' do
context 'when unauthenticated' do
it 'returns authentication error' do
get api('/groups/owned')
2016-10-25 09:22:12 -04:00
expect(response).to have_http_status(401)
end
end
context 'when authenticated as group owner' do
it 'returns an array of groups the user owns' do
get api('/groups/owned', user2)
2016-10-25 09:22:12 -04:00
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.first['name']).to eq(group2.name)
end
end
end
2013-02-01 08:59:22 -05:00
describe "GET /groups/:id" do
context "when authenticated as user" do
2016-07-08 04:59:52 -04:00
it "returns one of user1's groups" do
project = create(:empty_project, namespace: group2, path: 'Foo')
2016-07-08 04:59:52 -04:00
create(:project_group_link, project: project, group: group1)
2013-02-01 08:59:22 -05:00
get api("/groups/#{group1.id}", user1)
2016-07-08 04:59:52 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2016-07-08 04:59:52 -04:00
expect(json_response['id']).to eq(group1.id)
expect(json_response['name']).to eq(group1.name)
expect(json_response['path']).to eq(group1.path)
expect(json_response['description']).to eq(group1.description)
expect(json_response['visibility_level']).to eq(group1.visibility_level)
expect(json_response['avatar_url']).to eq(group1.avatar_url)
expect(json_response['web_url']).to eq(group1.web_url)
expect(json_response['request_access_enabled']).to eq(group1.request_access_enabled)
expect(json_response['full_name']).to eq(group1.full_name)
expect(json_response['full_path']).to eq(group1.full_path)
2016-07-08 04:59:52 -04:00
expect(json_response['projects']).to be_an Array
expect(json_response['projects'].length).to eq(2)
expect(json_response['shared_projects']).to be_an Array
expect(json_response['shared_projects'].length).to eq(1)
expect(json_response['shared_projects'][0]['id']).to eq(project.id)
2013-02-01 08:59:22 -05:00
end
2013-03-20 17:46:30 -04:00
it "does not return a non existing group" do
2013-02-01 08:59:22 -05:00
get api("/groups/1328", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2013-02-01 08:59:22 -05:00
end
2013-03-20 17:46:30 -04:00
it "does not return a group not attached to user1" do
2013-02-01 08:59:22 -05:00
get api("/groups/#{group2.id}", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2013-02-01 08:59:22 -05:00
end
end
2013-03-20 17:46:30 -04:00
2013-02-01 08:59:22 -05:00
context "when authenticated as admin" do
it "returns any existing group" do
2013-02-01 08:59:22 -05:00
get api("/groups/#{group2.id}", admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2015-12-08 07:34:09 -05:00
expect(json_response['name']).to eq(group2.name)
2013-02-01 08:59:22 -05:00
end
2013-03-20 17:46:30 -04:00
it "does not return a non existing group" do
2013-02-01 08:59:22 -05:00
get api("/groups/1328", admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2013-02-01 08:59:22 -05:00
end
end
2015-01-30 04:46:08 -05:00
context 'when using group path in URL' do
it 'returns any existing group' do
2015-01-30 04:46:08 -05:00
get api("/groups/#{group1.path}", admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2015-12-08 07:34:09 -05:00
expect(json_response['name']).to eq(group1.name)
2015-01-30 04:46:08 -05:00
end
it 'does not return a non existing group' do
2015-01-30 04:46:08 -05:00
get api('/groups/unknown', admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2015-01-30 04:46:08 -05:00
end
it 'does not return a group not attached to user1' do
2015-01-30 04:46:08 -05:00
get api("/groups/#{group2.path}", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2015-01-30 04:46:08 -05:00
end
end
2013-02-01 08:59:22 -05:00
end
2013-03-20 17:46:30 -04:00
2016-04-07 04:12:49 -04:00
describe 'PUT /groups/:id' do
let(:new_group_name) { 'New Group'}
context 'when authenticated as the group owner' do
2016-04-07 04:12:49 -04:00
it 'updates the group' do
put api("/groups/#{group1.id}", user1), name: new_group_name, request_access_enabled: true
2016-04-07 04:12:49 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2016-04-07 04:12:49 -04:00
expect(json_response['name']).to eq(new_group_name)
expect(json_response['request_access_enabled']).to eq(true)
2016-04-07 04:12:49 -04:00
end
it 'returns 404 for a non existing group' do
2016-11-07 10:54:39 -05:00
put api('/groups/1328', user1), name: new_group_name
2016-04-07 04:12:49 -04:00
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2016-04-07 04:12:49 -04:00
end
end
context 'when authenticated as the admin' do
2016-04-07 04:12:49 -04:00
it 'updates the group' do
put api("/groups/#{group1.id}", admin), name: new_group_name
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2016-04-07 04:12:49 -04:00
expect(json_response['name']).to eq(new_group_name)
end
end
context 'when authenticated as an user that can see the group' do
it 'does not updates the group' do
2016-04-07 04:12:49 -04:00
put api("/groups/#{group1.id}", user2), name: new_group_name
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(403)
2016-04-07 04:12:49 -04:00
end
end
context 'when authenticated as an user that cannot see the group' do
it 'returns 404 when trying to update the group' do
put api("/groups/#{group2.id}", user1), name: new_group_name
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
end
end
2016-04-07 04:12:49 -04:00
end
2015-12-08 07:34:09 -05:00
describe "GET /groups/:id/projects" do
context "when authenticated as user" do
it "returns the group's projects" do
2015-12-08 07:34:09 -05:00
get api("/groups/#{group1.id}/projects", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response.length).to eq(2)
project_names = json_response.map { |proj| proj['name' ] }
expect(project_names).to match_array([project1.name, project3.name])
expect(json_response.first['visibility_level']).to be_present
end
it "returns the group's projects with simple representation" do
get api("/groups/#{group1.id}/projects", user1), simple: true
expect(response).to have_http_status(200)
expect(json_response.length).to eq(2)
project_names = json_response.map { |proj| proj['name' ] }
expect(project_names).to match_array([project1.name, project3.name])
expect(json_response.first['visibility_level']).not_to be_present
2015-12-08 07:34:09 -05:00
end
2016-12-12 03:55:29 -05:00
it 'filters the groups projects' do
public_project = create(:empty_project, :public, path: 'test1', group: group1)
2016-12-12 03:55:29 -05:00
get api("/groups/#{group1.id}/projects", user1), visibility: 'public'
expect(response).to have_http_status(200)
expect(json_response).to be_an(Array)
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(public_project.name)
2016-12-12 03:55:29 -05:00
end
it "does not return a non existing group" do
2015-12-08 07:34:09 -05:00
get api("/groups/1328/projects", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2015-12-08 07:34:09 -05:00
end
it "does not return a group not attached to user1" do
2015-12-08 07:34:09 -05:00
get api("/groups/#{group2.id}/projects", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2015-12-08 07:34:09 -05:00
end
it "only returns projects to which user has access" do
project3.team << [user3, :developer]
get api("/groups/#{group1.id}/projects", user3)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(project3.name)
end
2015-12-08 07:34:09 -05:00
end
context "when authenticated as admin" do
it "returns any existing group" do
2015-12-08 07:34:09 -05:00
get api("/groups/#{group2.id}/projects", admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2015-12-08 07:34:09 -05:00
expect(json_response.length).to eq(1)
expect(json_response.first['name']).to eq(project2.name)
end
it "does not return a non existing group" do
2015-12-08 07:34:09 -05:00
get api("/groups/1328/projects", admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2015-12-08 07:34:09 -05:00
end
end
context 'when using group path in URL' do
it 'returns any existing group' do
2015-12-08 07:34:09 -05:00
get api("/groups/#{group1.path}/projects", admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
project_names = json_response.map { |proj| proj['name' ] }
expect(project_names).to match_array([project1.name, project3.name])
2015-12-08 07:34:09 -05:00
end
it 'does not return a non existing group' do
2015-12-08 07:34:09 -05:00
get api('/groups/unknown/projects', admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2015-12-08 07:34:09 -05:00
end
it 'does not return a group not attached to user1' do
2015-12-08 07:34:09 -05:00
get api("/groups/#{group2.path}/projects", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2015-12-08 07:34:09 -05:00
end
end
end
2013-02-01 08:59:22 -05:00
describe "POST /groups" do
context "when authenticated as user without group permissions" do
it "does not create group" do
2013-02-01 08:59:22 -05:00
post api("/groups", user1), attributes_for(:group)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(403)
2013-02-01 08:59:22 -05:00
end
end
2013-03-20 17:46:30 -04:00
context "when authenticated as user with group permissions" do
it "creates group" do
group = attributes_for(:group, { request_access_enabled: false })
post api("/groups", user3), group
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(201)
expect(json_response["name"]).to eq(group[:name])
expect(json_response["path"]).to eq(group[:path])
expect(json_response["request_access_enabled"]).to eq(group[:request_access_enabled])
2013-02-01 08:59:22 -05:00
end
2013-02-01 12:58:53 -05:00
it "does not create group, duplicate" do
post api("/groups", user3), { name: 'Duplicate Test', path: group2.path }
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(400)
expect(response.message).to eq("Bad Request")
2013-02-01 12:58:53 -05:00
end
it "returns 400 bad request error if name not given" do
post api("/groups", user3), { path: group2.path }
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(400)
end
it "returns 400 bad request error if path not given" do
post api("/groups", user3), { name: 'test' }
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(400)
end
2013-02-01 08:59:22 -05:00
end
end
2012-11-14 15:37:52 -05:00
2013-10-07 06:18:37 -04:00
describe "DELETE /groups/:id" do
context "when authenticated as user" do
it "removes group" do
2013-10-07 06:18:37 -04:00
delete api("/groups/#{group1.id}", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2013-10-07 06:18:37 -04:00
end
it "does not remove a group if not an owner" do
user4 = create(:user)
group1.add_master(user4)
2013-10-07 06:18:37 -04:00
delete api("/groups/#{group1.id}", user3)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(403)
2013-10-07 06:18:37 -04:00
end
it "does not remove a non existing group" do
2013-10-07 06:18:37 -04:00
delete api("/groups/1328", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2013-10-07 06:18:37 -04:00
end
it "does not remove a group not attached to user1" do
2013-10-07 06:18:37 -04:00
delete api("/groups/#{group2.id}", user1)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2013-10-07 06:18:37 -04:00
end
end
context "when authenticated as admin" do
it "removes any existing group" do
2013-10-07 06:18:37 -04:00
delete api("/groups/#{group2.id}", admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(200)
2013-10-07 06:18:37 -04:00
end
it "does not remove a non existing group" do
2013-10-07 06:18:37 -04:00
delete api("/groups/1328", admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(404)
2013-10-07 06:18:37 -04:00
end
end
end
2012-11-14 15:37:52 -05:00
describe "POST /groups/:id/projects/:project_id" do
let(:project) { create(:empty_project) }
let(:project_path) { "#{project.namespace.path}%2F#{project.path}" }
2012-11-14 15:37:52 -05:00
before(:each) do
2015-05-21 17:49:06 -04:00
allow_any_instance_of(Projects::TransferService).
to receive(:execute).and_return(true)
2012-11-14 15:37:52 -05:00
end
context "when authenticated as user" do
it "does not transfer project to group" do
2012-11-14 15:37:52 -05:00
post api("/groups/#{group1.id}/projects/#{project.id}", user2)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(403)
2012-11-14 15:37:52 -05:00
end
end
context "when authenticated as admin" do
it "transfers project to group" do
2012-11-14 15:37:52 -05:00
post api("/groups/#{group1.id}/projects/#{project.id}", admin)
2016-06-27 14:10:42 -04:00
expect(response).to have_http_status(201)
2012-11-14 15:37:52 -05:00
end
context 'when using project path in URL' do
context 'with a valid project path' do
it "transfers project to group" do
post api("/groups/#{group1.id}/projects/#{project_path}", admin)
expect(response).to have_http_status(201)
end
end
context 'with a non-existent project path' do
it "does not transfer project to group" do
post api("/groups/#{group1.id}/projects/nogroup%2Fnoproject", admin)
expect(response).to have_http_status(404)
end
end
end
context 'when using a group path in URL' do
context 'with a valid group path' do
it "transfers project to group" do
post api("/groups/#{group1.path}/projects/#{project_path}", admin)
expect(response).to have_http_status(201)
end
end
context 'with a non-existent group path' do
it "does not transfer project to group" do
post api("/groups/noexist/projects/#{project_path}", admin)
expect(response).to have_http_status(404)
end
end
end
2012-11-14 15:37:52 -05:00
end
end
2013-02-01 08:59:22 -05:00
end