BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
25e4c512
Commit
25e4c512
authored
Feb 20, 2013
by
Dmitriy Zaporozhets
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #3011 from Asquera/fix_access_to_nonvisible_hook
API: fixes visibility of project hook
parents
c56d32c7
e9d3b965
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
33 additions
and
10 deletions
+33
-10
projects.rb
lib/api/projects.rb
+1
-0
projects_spec.rb
spec/requests/api/projects_spec.rb
+32
-10
No files found.
lib/api/projects.rb
View file @
25e4c512
...
@@ -155,6 +155,7 @@ module Gitlab
...
@@ -155,6 +155,7 @@ module Gitlab
# Example Request:
# Example Request:
# GET /projects/:id/hooks/:hook_id
# GET /projects/:id/hooks/:hook_id
get
":id/hooks/:hook_id"
do
get
":id/hooks/:hook_id"
do
authorize!
:admin_project
,
user_project
@hook
=
user_project
.
hooks
.
find
(
params
[
:hook_id
])
@hook
=
user_project
.
hooks
.
find
(
params
[
:hook_id
])
present
@hook
,
with:
Entities
::
Hook
present
@hook
,
with:
Entities
::
Hook
end
end
...
...
spec/requests/api/projects_spec.rb
View file @
25e4c512
...
@@ -196,22 +196,44 @@ describe Gitlab::API do
...
@@ -196,22 +196,44 @@ describe Gitlab::API do
end
end
describe
"GET /projects/:id/hooks"
do
describe
"GET /projects/:id/hooks"
do
it
"should return project hooks"
do
context
"authorized user"
do
get
api
(
"/projects/
#{
project
.
id
}
/hooks"
,
user
)
it
"should return project hooks"
do
get
api
(
"/projects/
#{
project
.
id
}
/hooks"
,
user
)
response
.
status
.
should
==
200
response
.
status
.
should
==
200
json_response
.
should
be_an
Array
json_response
.
count
.
should
==
1
json_response
.
first
[
'url'
].
should
==
"http://example.com"
end
end
json_response
.
should
be_an
Array
context
"unauthorized user"
do
json_response
.
count
.
should
==
1
it
"should not access project hooks"
do
json_response
.
first
[
'url'
].
should
==
"http://example.com"
get
api
(
"/projects/
#{
project
.
id
}
/hooks"
,
user3
)
response
.
status
.
should
==
403
end
end
end
end
end
describe
"GET /projects/:id/hooks/:hook_id"
do
describe
"GET /projects/:id/hooks/:hook_id"
do
it
"should return a project hook"
do
context
"authorized user"
do
get
api
(
"/projects/
#{
project
.
id
}
/hooks/
#{
hook
.
id
}
"
,
user
)
it
"should return a project hook"
do
response
.
status
.
should
==
200
get
api
(
"/projects/
#{
project
.
id
}
/hooks/
#{
hook
.
id
}
"
,
user
)
json_response
[
'url'
].
should
==
hook
.
url
response
.
status
.
should
==
200
json_response
[
'url'
].
should
==
hook
.
url
end
it
"should return a 404 error if hook id is not available"
do
get
api
(
"/projects/
#{
project
.
id
}
/hooks/1234"
,
user
)
response
.
status
.
should
==
404
end
end
context
"unauthorized user"
do
it
"should not access an existing hook"
do
get
api
(
"/projects/
#{
project
.
id
}
/hooks/
#{
hook
.
id
}
"
,
user3
)
response
.
status
.
should
==
403
end
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment