BigW Consortium Gitlab

notes_spec.rb 13.8 KB
Newer Older
1 2
require 'spec_helper'

3
describe API::API, api: true  do
4 5
  include ApiHelpers
  let(:user) { create(:user) }
6
  let!(:project) { create(:project, :public, namespace: user.namespace) }
7
  let!(:issue) { create(:issue, project: project, author: user) }
8
  let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) }
Andrew8xx8 committed
9
  let!(:snippet) { create(:project_snippet, project: project, author: user) }
10
  let!(:issue_note) { create(:note, noteable: issue, project: project, author: user) }
11
  let!(:merge_request_note) { create(:note, noteable: merge_request, project: project, author: user) }
12
  let!(:snippet_note) { create(:note, noteable: snippet, project: project, author: user) }
13 14 15

  # For testing the cross-reference of a private issue in a public issue
  let(:private_user)    { create(:user) }
16
  let(:private_project) do
17 18
    create(:project, namespace: private_user.namespace).
    tap { |p| p.team << [private_user, :master] }
19 20 21
  end
  let(:private_issue)    { create(:issue, project: private_project) }

22 23 24
  let(:ext_proj)  { create(:project, :public) }
  let(:ext_issue) { create(:issue, project: ext_proj) }

25
  let!(:cross_reference_note) do
26 27 28 29
    create :note,
    noteable: ext_issue, project: ext_proj,
    note: "mentioned in issue #{private_issue.to_reference(ext_proj)}",
    system: true
30
  end
31

Dmitriy Zaporozhets committed
32
  before { project.team << [user, :reporter] }
33 34

  describe "GET /projects/:id/noteable/:noteable_id/notes" do
35 36 37 38
    it_behaves_like 'a paginated resources' do
      let(:request) { get api("/projects/#{project.id}/issues/#{issue.id}/notes", user) }
    end

39
    context "when noteable is an Issue" do
Nihad Abbasov committed
40
      it "should return an array of issue notes" do
41
        get api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
42

43 44 45
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.first['body']).to eq(issue_note.note)
46
      end
47 48

      it "should return a 404 error when issue id not found" do
49
        get api("/projects/#{project.id}/issues/12345/notes", user)
50

51
        expect(response.status).to eq(404)
52
      end
53

54
      context "and current user cannot view the notes" do
55 56
        it "should return an empty array" do
          get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", user)
57

58 59 60 61 62
          expect(response.status).to eq(200)
          expect(json_response).to be_an Array
          expect(json_response).to be_empty
        end

63 64 65 66 67
        context "and issue is confidential" do
          before { ext_issue.update_attributes(confidential: true) }

          it "returns 404" do
            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", user)
68

69 70 71 72
            expect(response.status).to eq(404)
          end
        end

73 74 75
        context "and current user can view the note" do
          it "should return an empty array" do
            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", private_user)
76

77 78 79 80 81 82
            expect(response.status).to eq(200)
            expect(json_response).to be_an Array
            expect(json_response.first['body']).to eq(cross_reference_note.note)
          end
        end
      end
83 84 85
    end

    context "when noteable is a Snippet" do
Nihad Abbasov committed
86
      it "should return an array of snippet notes" do
87
        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
88

89 90 91
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.first['body']).to eq(snippet_note.note)
92
      end
93 94 95

      it "should return a 404 error when snippet id not found" do
        get api("/projects/#{project.id}/snippets/42/notes", user)
96

97
        expect(response.status).to eq(404)
98
      end
99 100 101

      it "returns 404 when not authorized" do
        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", private_user)
102

103 104
        expect(response.status).to eq(404)
      end
105
    end
106 107 108 109

    context "when noteable is a Merge Request" do
      it "should return an array of merge_requests notes" do
        get api("/projects/#{project.id}/merge_requests/#{merge_request.id}/notes", user)
110

111 112 113
        expect(response.status).to eq(200)
        expect(json_response).to be_an Array
        expect(json_response.first['body']).to eq(merge_request_note.note)
114
      end
115 116 117

      it "should return a 404 error if merge request id not found" do
        get api("/projects/#{project.id}/merge_requests/4444/notes", user)
118

119
        expect(response.status).to eq(404)
120
      end
121 122 123

      it "returns 404 when not authorized" do
        get api("/projects/#{project.id}/merge_requests/4444/notes", private_user)
124

125 126
        expect(response.status).to eq(404)
      end
127
    end
128
  end
Nihad Abbasov committed
129 130 131 132 133

  describe "GET /projects/:id/noteable/:noteable_id/notes/:note_id" do
    context "when noteable is an Issue" do
      it "should return an issue note by id" do
        get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", user)
134

135 136
        expect(response.status).to eq(200)
        expect(json_response['body']).to eq(issue_note.note)
Nihad Abbasov committed
137
      end
138 139

      it "should return a 404 error if issue note not found" do
140
        get api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user)
141

142
        expect(response.status).to eq(404)
143
      end
144

145
      context "and current user cannot view the note" do
146 147
        it "should return a 404 error" do
          get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes/#{cross_reference_note.id}", user)
148

149 150 151
          expect(response.status).to eq(404)
        end

152 153 154 155 156 157 158 159 160 161 162
        context "when issue is confidential" do
          before { issue.update_attributes(confidential: true) }

          it "returns 404" do
            get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", private_user)

            expect(response.status).to eq(404)
          end
        end


163 164 165
        context "and current user can view the note" do
          it "should return an issue note by id" do
            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes/#{cross_reference_note.id}", private_user)
166

167 168 169 170 171
            expect(response.status).to eq(200)
            expect(json_response['body']).to eq(cross_reference_note.note)
          end
        end
      end
Nihad Abbasov committed
172 173 174 175 176
    end

    context "when noteable is a Snippet" do
      it "should return a snippet note by id" do
        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/#{snippet_note.id}", user)
177

178 179
        expect(response.status).to eq(200)
        expect(json_response['body']).to eq(snippet_note.note)
Nihad Abbasov committed
180
      end
181 182

      it "should return a 404 error if snippet note not found" do
183
        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/12345", user)
184

185
        expect(response.status).to eq(404)
186
      end
Nihad Abbasov committed
187 188
    end
  end
Nihad Abbasov committed
189 190 191 192 193

  describe "POST /projects/:id/noteable/:noteable_id/notes" do
    context "when noteable is an Issue" do
      it "should create a new issue note" do
        post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'
194

195 196 197
        expect(response.status).to eq(201)
        expect(json_response['body']).to eq('hi!')
        expect(json_response['author']['username']).to eq(user.username)
Nihad Abbasov committed
198
      end
199 200 201

      it "should return a 400 bad request error if body not given" do
        post api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
202

203
        expect(response.status).to eq(400)
204 205 206 207
      end

      it "should return a 401 unauthorized error if user not authenticated" do
        post api("/projects/#{project.id}/issues/#{issue.id}/notes"), body: 'hi!'
208

209
        expect(response.status).to eq(401)
210
      end
211 212 213 214 215 216

      context 'when an admin or owner makes the request' do
        it 'accepts the creation date to be set' do
          creation_time = 2.weeks.ago
          post api("/projects/#{project.id}/issues/#{issue.id}/notes", user),
            body: 'hi!', created_at: creation_time
217

218 219 220 221 222 223 224
          expect(response.status).to eq(201)
          expect(json_response['body']).to eq('hi!')
          expect(json_response['author']['username']).to eq(user.username)
          expect(Time.parse(json_response['created_at'])).to be_within(1.second).of(creation_time)
        end
      end

Nihad Abbasov committed
225 226 227 228 229
    end

    context "when noteable is a Snippet" do
      it "should create a new snippet note" do
        post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user), body: 'hi!'
230

231 232 233
        expect(response.status).to eq(201)
        expect(json_response['body']).to eq('hi!')
        expect(json_response['author']['username']).to eq(user.username)
Nihad Abbasov committed
234
      end
235 236 237

      it "should return a 400 bad request error if body not given" do
        post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
238

239
        expect(response.status).to eq(400)
240 241 242 243
      end

      it "should return a 401 unauthorized error if user not authenticated" do
        post api("/projects/#{project.id}/snippets/#{snippet.id}/notes"), body: 'hi!'
244

245
        expect(response.status).to eq(401)
246 247
      end
    end
248 249 250 251 252 253 254 255 256 257 258 259 260

    context 'when user does not have access to create noteable' do
      let(:private_issue) { create(:issue, project: create(:project, :private)) }

      ##
      # We are posting to project user has access to, but we use issue id
      # from a different project, see #15577
      #
      before do
        post api("/projects/#{project.id}/issues/#{private_issue.id}/notes", user),
             body: 'Hi!'
      end

261 262
      it 'responds with resource not found error' do
        expect(response.status).to eq 404
263 264 265 266 267 268
      end

      it 'does not create new note' do
        expect(private_issue.notes.reload).to be_empty
      end
    end
Nihad Abbasov committed
269
  end
270 271 272

  describe "POST /projects/:id/noteable/:noteable_id/notes to test observer on create" do
    it "should create an activity event when an issue note is created" do
273
      expect(Event).to receive(:create)
274 275 276 277

      post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'
    end
  end
278 279 280 281 282 283

  describe 'PUT /projects/:id/noteable/:noteable_id/notes/:note_id' do
    context 'when noteable is an Issue' do
      it 'should return modified note' do
        put api("/projects/#{project.id}/issues/#{issue.id}/"\
                  "notes/#{issue_note.id}", user), body: 'Hello!'
284

285 286
        expect(response.status).to eq(200)
        expect(json_response['body']).to eq('Hello!')
287 288 289
      end

      it 'should return a 404 error when note id not found' do
290
        put api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user),
291
                body: 'Hello!'
292

293
        expect(response.status).to eq(404)
294 295 296 297 298
      end

      it 'should return a 400 bad request error if body not given' do
        put api("/projects/#{project.id}/issues/#{issue.id}/"\
                  "notes/#{issue_note.id}", user)
299

300
        expect(response.status).to eq(400)
301 302 303 304 305 306 307
      end
    end

    context 'when noteable is a Snippet' do
      it 'should return modified note' do
        put api("/projects/#{project.id}/snippets/#{snippet.id}/"\
                  "notes/#{snippet_note.id}", user), body: 'Hello!'
308

309 310
        expect(response.status).to eq(200)
        expect(json_response['body']).to eq('Hello!')
311 312 313 314
      end

      it 'should return a 404 error when note id not found' do
        put api("/projects/#{project.id}/snippets/#{snippet.id}/"\
315
                  "notes/12345", user), body: "Hello!"
316

317
        expect(response.status).to eq(404)
318 319 320 321 322 323 324
      end
    end

    context 'when noteable is a Merge Request' do
      it 'should return modified note' do
        put api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\
                  "notes/#{merge_request_note.id}", user), body: 'Hello!'
325

326 327
        expect(response.status).to eq(200)
        expect(json_response['body']).to eq('Hello!')
328 329 330 331
      end

      it 'should return a 404 error when note id not found' do
        put api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\
332
                  "notes/12345", user), body: "Hello!"
333

334
        expect(response.status).to eq(404)
335 336 337 338
      end
    end
  end

339
  describe 'DELETE /projects/:id/noteable/:noteable_id/notes/:note_id' do
340
    context 'when noteable is an Issue' do
341
      it 'deletes a note' do
342 343
        delete api("/projects/#{project.id}/issues/#{issue.id}/"\
                   "notes/#{issue_note.id}", user)
344

345
        expect(response.status).to eq(200)
346 347 348 349
        # Check if note is really deleted
        delete api("/projects/#{project.id}/issues/#{issue.id}/"\
                   "notes/#{issue_note.id}", user)
        expect(response.status).to eq(404)
350 351
      end

352
      it 'returns a 404 error when note id not found' do
353
        delete api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user)
354

355 356 357 358 359
        expect(response.status).to eq(404)
      end
    end

    context 'when noteable is a Snippet' do
360
      it 'deletes a note' do
361 362
        delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
                   "notes/#{snippet_note.id}", user)
363

364
        expect(response.status).to eq(200)
365 366 367 368
        # Check if note is really deleted
        delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
                   "notes/#{snippet_note.id}", user)
        expect(response.status).to eq(404)
369 370
      end

371
      it 'returns a 404 error when note id not found' do
372
        delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
373
                   "notes/12345", user)
374

375 376 377 378 379
        expect(response.status).to eq(404)
      end
    end

    context 'when noteable is a Merge Request' do
380
      it 'deletes a note' do
381 382
        delete api("/projects/#{project.id}/merge_requests/"\
                   "#{merge_request.id}/notes/#{merge_request_note.id}", user)
383

384
        expect(response.status).to eq(200)
385 386 387 388
        # Check if note is really deleted
        delete api("/projects/#{project.id}/merge_requests/"\
                   "#{merge_request.id}/notes/#{merge_request_note.id}", user)
        expect(response.status).to eq(404)
389 390
      end

391
      it 'returns a 404 error when note id not found' do
392
        delete api("/projects/#{project.id}/merge_requests/"\
393
                   "#{merge_request.id}/notes/12345", user)
394

395 396 397 398 399
        expect(response.status).to eq(404)
      end
    end
  end

400
end