Merge branch '4269-public-files-api' into 'master'
Allow unauthenticated access to Repositories Files API GET endpoints See merge request !8149
This commit is contained in:
commit
050eb9a715
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
title: Allow public access to some Project API endpoints
|
||||
title: Allow unauthenticated access to some Project API GET endpoints
|
||||
merge_request: 7843
|
||||
author:
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
title: Allow unauthenticated access to Repositories Files API GET endpoints
|
||||
merge_request:
|
||||
author:
|
|
@ -1,4 +1,4 @@
|
|||
---
|
||||
title: Allow Repositories API GET endpoints to be requested anonymously
|
||||
title: Allow unauthenticated access to Repositories API GET endpoints
|
||||
merge_request: 8148
|
||||
author:
|
||||
|
|
|
@ -6,7 +6,9 @@
|
|||
|
||||
## Get file from repository
|
||||
|
||||
Allows you to receive information about file in repository like name, size, content. Note that file content is Base64 encoded.
|
||||
Allows you to receive information about file in repository like name, size,
|
||||
content. Note that file content is Base64 encoded. This endpoint can be accessed
|
||||
without authentication if the repository is publicly accessible.
|
||||
|
||||
```
|
||||
GET /projects/:id/repository/files
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
module API
|
||||
# Projects API
|
||||
class Files < Grape::API
|
||||
before { authenticate! }
|
||||
|
||||
helpers do
|
||||
def commit_params(attrs)
|
||||
{
|
||||
|
|
|
@ -4,7 +4,14 @@ describe API::Files, api: true do
|
|||
include ApiHelpers
|
||||
let(:user) { create(:user) }
|
||||
let!(:project) { create(:project, namespace: user.namespace ) }
|
||||
let(:guest) { create(:user).tap { |u| create(:project_member, :guest, user: u, project: project) } }
|
||||
let(:file_path) { 'files/ruby/popen.rb' }
|
||||
let(:params) do
|
||||
{
|
||||
file_path: file_path,
|
||||
ref: 'master'
|
||||
}
|
||||
end
|
||||
let(:author_email) { FFaker::Internet.email }
|
||||
|
||||
# I have to remove periods from the end of the name
|
||||
|
@ -24,13 +31,11 @@ describe API::Files, api: true do
|
|||
before { project.team << [user, :developer] }
|
||||
|
||||
describe "GET /projects/:id/repository/files" do
|
||||
it "returns file info" do
|
||||
params = {
|
||||
file_path: file_path,
|
||||
ref: 'master',
|
||||
}
|
||||
let(:route) { "/projects/#{project.id}/repository/files" }
|
||||
|
||||
get api("/projects/#{project.id}/repository/files", user), params
|
||||
shared_examples_for 'repository files' do
|
||||
it "returns file info" do
|
||||
get api(route, current_user), params
|
||||
|
||||
expect(response).to have_http_status(200)
|
||||
expect(json_response['file_path']).to eq(file_path)
|
||||
|
@ -39,21 +44,59 @@ describe API::Files, api: true do
|
|||
expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n")
|
||||
end
|
||||
|
||||
it "returns a 400 bad request if no params given" do
|
||||
get api("/projects/#{project.id}/repository/files", user)
|
||||
|
||||
expect(response).to have_http_status(400)
|
||||
context 'when no params are given' do
|
||||
it_behaves_like '400 response' do
|
||||
let(:request) { get api(route, current_user) }
|
||||
end
|
||||
end
|
||||
|
||||
it "returns a 404 if such file does not exist" do
|
||||
params = {
|
||||
context 'when file_path does not exist' do
|
||||
let(:params) do
|
||||
{
|
||||
file_path: 'app/models/application.rb',
|
||||
ref: 'master',
|
||||
}
|
||||
end
|
||||
|
||||
get api("/projects/#{project.id}/repository/files", user), params
|
||||
it_behaves_like '404 response' do
|
||||
let(:request) { get api(route, current_user), params }
|
||||
let(:message) { '404 File Not Found' }
|
||||
end
|
||||
end
|
||||
|
||||
expect(response).to have_http_status(404)
|
||||
context 'when repository is disabled' do
|
||||
include_context 'disabled repository'
|
||||
|
||||
it_behaves_like '403 response' do
|
||||
let(:request) { get api(route, current_user), params }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when unauthenticated', 'and project is public' do
|
||||
it_behaves_like 'repository files' do
|
||||
let(:project) { create(:project, :public) }
|
||||
let(:current_user) { nil }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when unauthenticated', 'and project is private' do
|
||||
it_behaves_like '404 response' do
|
||||
let(:request) { get api(route), params }
|
||||
let(:message) { '404 Project Not Found' }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when authenticated', 'as a developer' do
|
||||
it_behaves_like 'repository files' do
|
||||
let(:current_user) { user }
|
||||
end
|
||||
end
|
||||
|
||||
context 'when authenticated', 'as a guest' do
|
||||
it_behaves_like '403 response' do
|
||||
let(:request) { get api(route, guest), params }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -11,17 +11,6 @@ describe API::Repositories, api: true do
|
|||
let!(:project) { create(:project, creator_id: user.id) }
|
||||
let!(:master) { create(:project_member, :master, user: user, project: project) }
|
||||
|
||||
shared_context 'disabled repository' do
|
||||
before do
|
||||
project.project_feature.update_attributes!(
|
||||
repository_access_level: ProjectFeature::DISABLED,
|
||||
merge_requests_access_level: ProjectFeature::DISABLED,
|
||||
builds_access_level: ProjectFeature::DISABLED
|
||||
)
|
||||
expect(project.feature_available?(:repository, current_user)).to be false
|
||||
end
|
||||
end
|
||||
|
||||
describe "GET /projects/:id/repository/tree" do
|
||||
let(:route) { "/projects/#{project.id}/repository/tree" }
|
||||
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
shared_context 'disabled repository' do
|
||||
before do
|
||||
project.project_feature.update_attributes!(
|
||||
repository_access_level: ProjectFeature::DISABLED,
|
||||
merge_requests_access_level: ProjectFeature::DISABLED,
|
||||
builds_access_level: ProjectFeature::DISABLED
|
||||
)
|
||||
expect(project.feature_available?(:repository, current_user)).to be false
|
||||
end
|
||||
end
|
Loading…
Reference in New Issue