BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
050eb9a7
Commit
050eb9a7
authored
Dec 20, 2016
by
Sean McGivern
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch '4269-public-files-api' into 'master'
Allow unauthenticated access to Repositories Files API GET endpoints See merge request !8149
parents
c786b782
0349e83a
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
84 additions
and
38 deletions
+84
-38
4269-public-api.yml
changelogs/unreleased/4269-public-api.yml
+1
-1
4269-public-files-api.yml
changelogs/unreleased/4269-public-files-api.yml
+4
-0
4269-public-repositories-api.yml
changelogs/unreleased/4269-public-repositories-api.yml
+1
-1
repository_files.md
doc/api/repository_files.md
+3
-1
files.rb
lib/api/files.rb
+0
-2
files_spec.rb
spec/requests/api/files_spec.rb
+65
-22
repositories_spec.rb
spec/requests/api/repositories_spec.rb
+0
-11
repositories_shared_context.rb
spec/support/api/repositories_shared_context.rb
+10
-0
No files found.
changelogs/unreleased/4269-public-api.yml
View file @
050eb9a7
---
title
:
Allow
public access to some Project API
endpoints
title
:
Allow
unauthenticated access to some Project API GET
endpoints
merge_request
:
7843
author
:
changelogs/unreleased/4269-public-files-api.yml
0 → 100644
View file @
050eb9a7
---
title
:
Allow unauthenticated access to Repositories Files API GET endpoints
merge_request
:
author
:
changelogs/unreleased/4269-public-repositories-api.yml
View file @
050eb9a7
---
title
:
Allow
Repositories API GET endpoints to be requested anonymously
title
:
Allow
unauthenticated access to Repositories API GET endpoints
merge_request
:
8148
author
:
doc/api/repository_files.md
View file @
050eb9a7
...
...
@@ -6,7 +6,9 @@
## Get file from repository
Allows you to receive information about file in repository like name, size, content. Note that file content is Base64 encoded.
Allows you to receive information about file in repository like name, size,
content. Note that file content is Base64 encoded. This endpoint can be accessed
without authentication if the repository is publicly accessible.
```
GET /projects/:id/repository/files
...
...
lib/api/files.rb
View file @
050eb9a7
module
API
# Projects API
class
Files
<
Grape
::
API
before
{
authenticate!
}
helpers
do
def
commit_params
(
attrs
)
{
...
...
spec/requests/api/files_spec.rb
View file @
050eb9a7
...
...
@@ -4,7 +4,14 @@ describe API::Files, api: true do
include
ApiHelpers
let
(
:user
)
{
create
(
:user
)
}
let!
(
:project
)
{
create
(
:project
,
namespace:
user
.
namespace
)
}
let
(
:guest
)
{
create
(
:user
).
tap
{
|
u
|
create
(
:project_member
,
:guest
,
user:
u
,
project:
project
)
}
}
let
(
:file_path
)
{
'files/ruby/popen.rb'
}
let
(
:params
)
do
{
file_path:
file_path
,
ref:
'master'
}
end
let
(
:author_email
)
{
FFaker
::
Internet
.
email
}
# I have to remove periods from the end of the name
...
...
@@ -24,36 +31,72 @@ describe API::Files, api: true do
before
{
project
.
team
<<
[
user
,
:developer
]
}
describe
"GET /projects/:id/repository/files"
do
it
"returns file info"
do
params
=
{
file_path:
file_path
,
ref:
'master'
,
}
let
(
:route
)
{
"/projects/
#{
project
.
id
}
/repository/files"
}
get
api
(
"/projects/
#{
project
.
id
}
/repository/files"
,
user
),
params
shared_examples_for
'repository files'
do
it
"returns file info"
do
get
api
(
route
,
current_user
),
params
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
[
'file_path'
]).
to
eq
(
file_path
)
expect
(
json_response
[
'file_name'
]).
to
eq
(
'popen.rb'
)
expect
(
json_response
[
'last_commit_id'
]).
to
eq
(
'570e7b2abdd848b95f2f578043fc23bd6f6fd24d'
)
expect
(
Base64
.
decode64
(
json_response
[
'content'
]).
lines
.
first
).
to
eq
(
"require 'fileutils'
\n
"
)
end
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
[
'file_path'
]).
to
eq
(
file_path
)
expect
(
json_response
[
'file_name'
]).
to
eq
(
'popen.rb'
)
expect
(
json_response
[
'last_commit_id'
]).
to
eq
(
'570e7b2abdd848b95f2f578043fc23bd6f6fd24d'
)
expect
(
Base64
.
decode64
(
json_response
[
'content'
]).
lines
.
first
).
to
eq
(
"require 'fileutils'
\n
"
)
end
it
"returns a 400 bad request if no params given"
do
get
api
(
"/projects/
#{
project
.
id
}
/repository/files"
,
user
)
context
'when no params are given'
do
it_behaves_like
'400 response'
do
let
(
:request
)
{
get
api
(
route
,
current_user
)
}
end
end
expect
(
response
).
to
have_http_status
(
400
)
context
'when file_path does not exist'
do
let
(
:params
)
do
{
file_path:
'app/models/application.rb'
,
ref:
'master'
,
}
end
it_behaves_like
'404 response'
do
let
(
:request
)
{
get
api
(
route
,
current_user
),
params
}
let
(
:message
)
{
'404 File Not Found'
}
end
end
context
'when repository is disabled'
do
include_context
'disabled repository'
it_behaves_like
'403 response'
do
let
(
:request
)
{
get
api
(
route
,
current_user
),
params
}
end
end
end
it
"returns a 404 if such file does not exist"
do
params
=
{
file_path:
'app/models/application.rb'
,
ref:
'master'
,
}
context
'when unauthenticated'
,
'and project is public'
do
it_behaves_like
'repository files'
do
let
(
:project
)
{
create
(
:project
,
:public
)
}
let
(
:current_user
)
{
nil
}
end
end
get
api
(
"/projects/
#{
project
.
id
}
/repository/files"
,
user
),
params
context
'when unauthenticated'
,
'and project is private'
do
it_behaves_like
'404 response'
do
let
(
:request
)
{
get
api
(
route
),
params
}
let
(
:message
)
{
'404 Project Not Found'
}
end
end
context
'when authenticated'
,
'as a developer'
do
it_behaves_like
'repository files'
do
let
(
:current_user
)
{
user
}
end
end
expect
(
response
).
to
have_http_status
(
404
)
context
'when authenticated'
,
'as a guest'
do
it_behaves_like
'403 response'
do
let
(
:request
)
{
get
api
(
route
,
guest
),
params
}
end
end
end
...
...
spec/requests/api/repositories_spec.rb
View file @
050eb9a7
...
...
@@ -11,17 +11,6 @@ describe API::Repositories, api: true do
let!
(
:project
)
{
create
(
:project
,
creator_id:
user
.
id
)
}
let!
(
:master
)
{
create
(
:project_member
,
:master
,
user:
user
,
project:
project
)
}
shared_context
'disabled repository'
do
before
do
project
.
project_feature
.
update_attributes!
(
repository_access_level:
ProjectFeature
::
DISABLED
,
merge_requests_access_level:
ProjectFeature
::
DISABLED
,
builds_access_level:
ProjectFeature
::
DISABLED
)
expect
(
project
.
feature_available?
(
:repository
,
current_user
)).
to
be
false
end
end
describe
"GET /projects/:id/repository/tree"
do
let
(
:route
)
{
"/projects/
#{
project
.
id
}
/repository/tree"
}
...
...
spec/support/api/repositories_shared_context.rb
0 → 100644
View file @
050eb9a7
shared_context
'disabled repository'
do
before
do
project
.
project_feature
.
update_attributes!
(
repository_access_level:
ProjectFeature
::
DISABLED
,
merge_requests_access_level:
ProjectFeature
::
DISABLED
,
builds_access_level:
ProjectFeature
::
DISABLED
)
expect
(
project
.
feature_available?
(
:repository
,
current_user
)).
to
be
false
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
