Change HTTP Status Code when repository disabled

2019-06-24 22:12:42 +00:00 · 2019-06-24 22:12:42 +00:00 · 3457695b1e
parent 9e6c3f56fd
commit 3457695b1e
6 changed files with 29 additions and 14 deletions
--- a/changelogs/unreleased/50834-change-http-status-code-when-repository-disabled.yml
+++ b/changelogs/unreleased/50834-change-http-status-code-when-repository-disabled.yml
@ -0,0 +1,5 @@
+---
+title: "Changed HTTP Status Code for disabled repository on /branches and /commits to 404"
+merge_request: 29585
+author: Sam Battalio
+type: changed
--- a/lib/api/branches.rb
+++ b/lib/api/branches.rb
@ -8,7 +8,10 @@ module API

    BRANCH_ENDPOINT_REQUIREMENTS = API::NAMESPACE_OR_PROJECT_REQUIREMENTS.merge(branch: API::NO_SLASH_URL_PART_REGEX)

-    before { authorize! :download_code, user_project }
+    before do
+      require_repository_enabled!
+      authorize! :download_code, user_project
+    end

    helpers do
      params :filter_params do
--- a/lib/api/commits.rb
+++ b/lib/api/commits.rb
@ -6,7 +6,10 @@ module API
  class Commits < Grape::API
    include PaginationParams

-    before { authorize! :download_code, user_project }
+    before do
+      require_repository_enabled!
+      authorize! :download_code, user_project
+    end

    helpers do
      def user_access
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@ -250,6 +250,10 @@ module API
      authorize! :update_build, user_project
    end

+    def require_repository_enabled!(subject = :global)
+      not_found!("Repository") unless user_project.feature_available?(:repository, current_user)
+    end
+
    def require_gitlab_workhorse!
      unless env['HTTP_GITLAB_WORKHORSE'].present?
        forbidden!('Request should be executed via GitLab Workhorse')
--- a/spec/requests/api/branches_spec.rb
+++ b/spec/requests/api/branches_spec.rb
@ -65,7 +65,7 @@ describe API::Branches do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
        end
      end
@ -175,7 +175,7 @@ describe API::Branches do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
        end
      end
@ -337,7 +337,7 @@ describe API::Branches do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { put api(route, current_user) }
        end
      end
@ -471,7 +471,7 @@ describe API::Branches do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { put api(route, current_user) }
        end
      end
@ -547,7 +547,7 @@ describe API::Branches do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { post api(route, current_user) }
        end
      end
--- a/spec/requests/api/commits_spec.rb
+++ b/spec/requests/api/commits_spec.rb
@ -736,7 +736,7 @@ describe API::Commits do
    context 'when repository is disabled' do
      include_context 'disabled repository'

-      it_behaves_like '403 response' do
+      it_behaves_like '404 response' do
        let(:request) { get api(route, current_user) }
      end
    end
@ -825,7 +825,7 @@ describe API::Commits do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
        end
      end
@ -968,7 +968,7 @@ describe API::Commits do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
        end
      end
@ -1067,7 +1067,7 @@ describe API::Commits do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
        end
      end
@ -1169,7 +1169,7 @@ describe API::Commits do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { post api(route, current_user), params: { branch: 'master' } }
        end
      end
@ -1324,7 +1324,7 @@ describe API::Commits do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { post api(route, current_user), params: { branch: branch } }
        end
      end
@ -1435,7 +1435,7 @@ describe API::Commits do
      context 'when repository is disabled' do
        include_context 'disabled repository'

-        it_behaves_like '403 response' do
+        it_behaves_like '404 response' do
          let(:request) { post api(route, current_user), params: { note: 'My comment' } }
        end
      end