BigW Consortium Gitlab

project_snippets_spec.rb 8.94 KB
Newer Older
1 2
require 'rails_helper'

3
describe API::ProjectSnippets do
4
  let(:project) { create(:project, :public) }
5
  let(:user) { create(:user) }
6 7
  let(:admin) { create(:admin) }

James Lopez committed
8 9 10 11 12 13 14
  describe "GET /projects/:project_id/snippets/:id/user_agent_detail" do
    let(:snippet) { create(:project_snippet, :public, project: project) }
    let!(:user_agent_detail) { create(:user_agent_detail, subject: snippet) }

    it 'exposes known attributes' do
      get api("/projects/#{project.id}/snippets/#{snippet.id}/user_agent_detail", admin)

15
      expect(response).to have_gitlab_http_status(200)
James Lopez committed
16 17 18 19 20 21 22 23
      expect(json_response['user_agent']).to eq(user_agent_detail.user_agent)
      expect(json_response['ip_address']).to eq(user_agent_detail.ip_address)
      expect(json_response['akismet_submitted']).to eq(user_agent_detail.submitted)
    end

    it "returns unautorized for non-admin users" do
      get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/user_agent_detail", user)

24
      expect(response).to have_gitlab_http_status(403)
James Lopez committed
25 26 27
    end
  end

28
  describe 'GET /projects/:project_id/snippets/' do
29 30
    let(:user) { create(:user) }

31
    it 'returns all snippets available to team member' do
32
      project.add_developer(user)
33 34 35 36
      public_snippet = create(:project_snippet, :public, project: project)
      internal_snippet = create(:project_snippet, :internal, project: project)
      private_snippet = create(:project_snippet, :private, project: project)

37
      get api("/projects/#{project.id}/snippets", user)
38

39
      expect(response).to have_gitlab_http_status(200)
40 41
      expect(response).to include_pagination_headers
      expect(json_response).to be_an Array
42
      expect(json_response.size).to eq(3)
James Lopez committed
43
      expect(json_response.map { |snippet| snippet['id'] }).to include(public_snippet.id, internal_snippet.id, private_snippet.id)
44
      expect(json_response.last).to have_key('web_url')
45 46 47 48 49 50
    end

    it 'hides private snippets from regular user' do
      create(:project_snippet, :private, project: project)

      get api("/projects/#{project.id}/snippets/", user)
51

52
      expect(response).to have_gitlab_http_status(200)
53 54
      expect(response).to include_pagination_headers
      expect(json_response).to be_an Array
55 56 57 58
      expect(json_response.size).to eq(0)
    end
  end

59 60
  describe 'GET /projects/:project_id/snippets/:id' do
    let(:user) { create(:user) }
James Lopez committed
61
    let(:snippet) { create(:project_snippet, :public, project: project) }
62 63 64 65

    it 'returns snippet json' do
      get api("/projects/#{project.id}/snippets/#{snippet.id}", user)

66
      expect(response).to have_gitlab_http_status(200)
67 68 69 70 71 72 73 74 75

      expect(json_response['title']).to eq(snippet.title)
      expect(json_response['description']).to eq(snippet.description)
      expect(json_response['file_name']).to eq(snippet.file_name)
    end

    it 'returns 404 for invalid snippet id' do
      get api("/projects/#{project.id}/snippets/1234", user)

76
      expect(response).to have_gitlab_http_status(404)
77 78 79 80
      expect(json_response['message']).to eq('404 Not found')
    end
  end

81
  describe 'POST /projects/:project_id/snippets/' do
82 83
    let(:params) do
      {
84 85
        title: 'Test Title',
        file_name: 'test.rb',
86
        description: 'test description',
87
        code: 'puts "hello world"',
88
        visibility: 'public'
89
      }
90
    end
91

92
    it 'creates a new snippet' do
93 94
      post api("/projects/#{project.id}/snippets/", admin), params

95
      expect(response).to have_gitlab_http_status(201)
96 97
      snippet = ProjectSnippet.find(json_response['id'])
      expect(snippet.content).to eq(params[:code])
98
      expect(snippet.description).to eq(params[:description])
99 100
      expect(snippet.title).to eq(params[:title])
      expect(snippet.file_name).to eq(params[:file_name])
101
      expect(snippet.visibility_level).to eq(Snippet::PUBLIC)
102
    end
103 104 105 106 107 108

    it 'returns 400 for missing parameters' do
      params.delete(:title)

      post api("/projects/#{project.id}/snippets/", admin), params

109
      expect(response).to have_gitlab_http_status(400)
110
    end
111 112 113

    context 'when the snippet is spam' do
      def create_snippet(project, snippet_params = {})
114
        project.add_developer(user)
115 116 117 118 119

        post api("/projects/#{project.id}/snippets", user), params.merge(snippet_params)
      end

      before do
120
        allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true)
121 122
      end

123 124
      context 'when the snippet is private' do
        it 'creates the snippet' do
125 126
          expect { create_snippet(project, visibility: 'private') }
            .to change { Snippet.count }.by(1)
127 128 129
        end
      end

130
      context 'when the snippet is public' do
131
        it 'rejects the snippet' do
132 133
          expect { create_snippet(project, visibility: 'public') }
            .not_to change { Snippet.count }
134

135
          expect(response).to have_gitlab_http_status(400)
136
          expect(json_response['message']).to eq({ "error" => "Spam detected" })
137 138
        end

139
        it 'creates a spam log' do
140 141
          expect { create_snippet(project, visibility: 'public') }
            .to change { SpamLog.count }.by(1)
142 143 144
        end
      end
    end
145 146 147
  end

  describe 'PUT /projects/:project_id/snippets/:id/' do
148 149
    let(:visibility_level) { Snippet::PUBLIC }
    let(:snippet) { create(:project_snippet, author: admin, visibility_level: visibility_level) }
150

151 152
    it 'updates snippet' do
      new_content = 'New content'
153
      new_description = 'New description'
154

155
      put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), code: new_content, description: new_description
156

157
      expect(response).to have_gitlab_http_status(200)
158 159
      snippet.reload
      expect(snippet.content).to eq(new_content)
160
      expect(snippet.description).to eq(new_description)
161
    end
162 163 164 165

    it 'returns 404 for invalid snippet id' do
      put api("/projects/#{snippet.project.id}/snippets/1234", admin), title: 'foo'

166
      expect(response).to have_gitlab_http_status(404)
167 168 169 170 171 172
      expect(json_response['message']).to eq('404 Snippet Not Found')
    end

    it 'returns 400 for missing parameters' do
      put api("/projects/#{project.id}/snippets/1234", admin)

173
      expect(response).to have_gitlab_http_status(400)
174
    end
175 176 177 178 179 180 181

    context 'when the snippet is spam' do
      def update_snippet(snippet_params = {})
        put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin), snippet_params
      end

      before do
182
        allow_any_instance_of(AkismetService).to receive(:spam?).and_return(true)
183 184 185 186 187 188
      end

      context 'when the snippet is private' do
        let(:visibility_level) { Snippet::PRIVATE }

        it 'creates the snippet' do
189 190
          expect { update_snippet(title: 'Foo') }
            .to change { snippet.reload.title }.to('Foo')
191 192 193 194 195 196 197
        end
      end

      context 'when the snippet is public' do
        let(:visibility_level) { Snippet::PUBLIC }

        it 'rejects the snippet' do
198 199
          expect { update_snippet(title: 'Foo') }
            .not_to change { snippet.reload.title }
200 201 202
        end

        it 'creates a spam log' do
203 204
          expect { update_snippet(title: 'Foo') }
            .to change { SpamLog.count }.by(1)
205 206 207 208 209 210 211
        end
      end

      context 'when the private snippet is made public' do
        let(:visibility_level) { Snippet::PRIVATE }

        it 'rejects the snippet' do
212 213
          expect { update_snippet(title: 'Foo', visibility: 'public') }
            .not_to change { snippet.reload.title }
214

215
          expect(response).to have_gitlab_http_status(400)
216 217 218 219
          expect(json_response['message']).to eq({ "error" => "Spam detected" })
        end

        it 'creates a spam log' do
220 221
          expect { update_snippet(title: 'Foo', visibility: 'public') }
            .to change { SpamLog.count }.by(1)
222 223 224
        end
      end
    end
225 226 227
  end

  describe 'DELETE /projects/:project_id/snippets/:id/' do
228 229
    let(:snippet) { create(:project_snippet, author: admin) }

230 231 232
    it 'deletes snippet' do
      delete api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin)

233
      expect(response).to have_gitlab_http_status(204)
234
    end
235 236 237 238

    it 'returns 404 for invalid snippet id' do
      delete api("/projects/#{snippet.project.id}/snippets/1234", admin)

239
      expect(response).to have_gitlab_http_status(404)
240 241
      expect(json_response['message']).to eq('404 Snippet Not Found')
    end
242 243 244 245

    it_behaves_like '412 response' do
      let(:request) { api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin) }
    end
246 247 248
  end

  describe 'GET /projects/:project_id/snippets/:id/raw' do
249
    let(:snippet) { create(:project_snippet, author: admin) }
250

251
    it 'returns raw text' do
252 253
      get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/raw", admin)

254
      expect(response).to have_gitlab_http_status(200)
255 256 257
      expect(response.content_type).to eq 'text/plain'
      expect(response.body).to eq(snippet.content)
    end
258 259

    it 'returns 404 for invalid snippet id' do
Robert Schilling committed
260
      get api("/projects/#{snippet.project.id}/snippets/1234/raw", admin)
261

262
      expect(response).to have_gitlab_http_status(404)
263 264
      expect(json_response['message']).to eq('404 Snippet Not Found')
    end
265
  end
266
end