5 before(:each) { enable_observers }
6 after(:each) { disable_observers }
8 let(:user) { create(:user) }
9 let(:user2) { create(:user) }
10 let(:user3) { create(:user) }
11 let(:admin) { create(:admin) }
12 let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) }
13 let(:snippet) { create(:project_snippet, author: user, project: project, title: 'example') }
14 let(:users_project) { create(:users_project, user: user, project: project, project_access: UsersProject::MASTER) }
15 let(:users_project2) { create(:users_project, user: user3, project: project, project_access: UsersProject::DEVELOPER) }
17 describe "GET /projects" do
20 context "when unauthenticated" do
21 it "should return authentication error" do
23 response.status.should == 401
27 context "when authenticated" do
28 it "should return an array of projects" do
29 get api("/projects", user)
30 response.status.should == 200
31 json_response.should be_an Array
32 json_response.first['name'].should == project.name
33 json_response.first['owner']['email'].should == user.email
38 describe "GET /projects/all" do
41 context "when unauthenticated" do
42 it "should return authentication error" do
43 get api("/projects/all")
44 response.status.should == 401
48 context "when authenticated as regular user" do
49 it "should return authentication error" do
50 get api("/projects/all", user)
51 response.status.should == 403
55 context "when authenticated as admin" do
56 it "should return an array of all projects" do
57 get api("/projects/all", admin)
58 response.status.should == 200
59 json_response.should be_an Array
60 json_response.first['name'].should == project.name
61 json_response.first['owner']['email'].should == user.email
66 describe "POST /projects" do
67 context "maximum number of projects reached" do
69 (1..user2.projects_limit).each do |project|
70 post api("/projects", user2), name: "foo#{project}"
74 it "should not create new project" do
76 post api("/projects", user2), name: 'foo'
77 }.to change {Project.count}.by(0)
81 it "should create new project without path" do
82 expect { post api("/projects", user), name: 'foo' }.to change {Project.count}.by(1)
85 it "should not create new project without name" do
86 expect { post api("/projects", user) }.to_not change {Project.count}
89 it "should return a 400 error if name not given" do
90 post api("/projects", user)
91 response.status.should == 400
94 it "should create last project before reaching project limit" do
95 (1..user2.projects_limit-1).each { |p| post api("/projects", user2), name: "foo#{p}" }
96 post api("/projects", user2), name: "foo"
97 response.status.should == 201
100 it "should respond with 201 on success" do
101 post api("/projects", user), name: 'foo'
102 response.status.should == 201
105 it "should respond with 400 if name is not given" do
106 post api("/projects", user)
107 response.status.should == 400
110 it "should return a 403 error if project limit reached" do
111 (1..user.projects_limit).each do |p|
112 post api("/projects", user), name: "foo#{p}"
114 post api("/projects", user), name: 'bar'
115 response.status.should == 403
118 it "should assign attributes to project" do
119 project = attributes_for(:project, {
120 description: Faker::Lorem.sentence,
121 issues_enabled: false,
123 merge_requests_enabled: false,
127 post api("/projects", user), project
129 project.each_pair do |k,v|
131 json_response[k.to_s].should == v
135 it "should set a project as public" do
136 project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::PUBLIC })
137 post api("/projects", user), project
138 json_response['public'].should be_true
139 json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC
142 it "should set a project as public using :public" do
143 project = attributes_for(:project, { public: true })
144 post api("/projects", user), project
145 json_response['public'].should be_true
146 json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC
149 it "should set a project as internal" do
150 project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::INTERNAL })
151 post api("/projects", user), project
152 json_response['public'].should be_false
153 json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL
156 it "should set a project as internal overriding :public" do
157 project = attributes_for(:project, { public: true, visibility_level: Gitlab::VisibilityLevel::INTERNAL })
158 post api("/projects", user), project
159 json_response['public'].should be_false
160 json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL
163 it "should set a project as private" do
164 project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::PRIVATE })
165 post api("/projects", user), project
166 json_response['public'].should be_false
167 json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE
170 it "should set a project as private using :public" do
171 project = attributes_for(:project, { public: false })
172 post api("/projects", user), project
173 json_response['public'].should be_false
174 json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE
178 describe "POST /projects/user/:id" do
182 it "should create new project without path" do
183 expect { post api("/projects/user/#{user.id}", admin), name: 'foo' }.to change {Project.count}.by(1)
186 it "should not create new project without name" do
187 expect { post api("/projects/user/#{user.id}", admin) }.to_not change {Project.count}
190 it "should respond with 201 on success" do
191 post api("/projects/user/#{user.id}", admin), name: 'foo'
192 response.status.should == 201
195 it "should respond with 404 on failure" do
196 post api("/projects/user/#{user.id}", admin)
197 response.status.should == 404
200 it "should assign attributes to project" do
201 project = attributes_for(:project, {
202 description: Faker::Lorem.sentence,
203 issues_enabled: false,
205 merge_requests_enabled: false,
209 post api("/projects/user/#{user.id}", admin), project
211 project.each_pair do |k,v|
213 json_response[k.to_s].should == v
217 it "should set a project as public" do
218 project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::PUBLIC })
219 post api("/projects/user/#{user.id}", admin), project
220 json_response['public'].should be_true
221 json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC
224 it "should set a project as public using :public" do
225 project = attributes_for(:project, { public: true })
226 post api("/projects/user/#{user.id}", admin), project
227 json_response['public'].should be_true
228 json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC
231 it "should set a project as internal" do
232 project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::INTERNAL })
233 post api("/projects/user/#{user.id}", admin), project
234 json_response['public'].should be_false
235 json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL
238 it "should set a project as internal overriding :public" do
239 project = attributes_for(:project, { public: true, visibility_level: Gitlab::VisibilityLevel::INTERNAL })
240 post api("/projects/user/#{user.id}", admin), project
241 json_response['public'].should be_false
242 json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL
245 it "should set a project as private" do
246 project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::PRIVATE })
247 post api("/projects/user/#{user.id}", admin), project
248 json_response['public'].should be_false
249 json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE
252 it "should set a project as private using :public" do
253 project = attributes_for(:project, { public: false })
254 post api("/projects/user/#{user.id}", admin), project
255 json_response['public'].should be_false
256 json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE
260 describe "GET /projects/:id" do
263 it "should return a project by id" do
264 get api("/projects/#{project.id}", user)
265 response.status.should == 200
266 json_response['name'].should == project.name
267 json_response['owner']['email'].should == user.email
270 it "should return a project by path name" do
271 get api("/projects/#{project.id}", user)
272 response.status.should == 200
273 json_response['name'].should == project.name
276 it "should return a 404 error if not found" do
277 get api("/projects/42", user)
278 response.status.should == 404
279 json_response['message'].should == '404 Not Found'
282 it "should return a 404 error if user is not a member" do
283 other_user = create(:user)
284 get api("/projects/#{project.id}", other_user)
285 response.status.should == 404
289 describe "GET /projects/:id/events" do
290 before { users_project }
292 it "should return a project events" do
293 get api("/projects/#{project.id}/events", user)
294 response.status.should == 200
295 json_event = json_response.first
297 json_event['action_name'].should == 'joined'
298 json_event['project_id'].to_i.should == project.id
301 it "should return a 404 error if not found" do
302 get api("/projects/42/events", user)
303 response.status.should == 404
304 json_response['message'].should == '404 Not Found'
307 it "should return a 404 error if user is not a member" do
308 other_user = create(:user)
309 get api("/projects/#{project.id}/events", other_user)
310 response.status.should == 404
314 describe "GET /projects/:id/members" do
315 before { users_project }
316 before { users_project2 }
318 it "should return project team members" do
319 get api("/projects/#{project.id}/members", user)
320 response.status.should == 200
321 json_response.should be_an Array
322 json_response.count.should == 2
323 json_response.map { |u| u['email'] }.should include user.email
326 it "finds team members with query string" do
327 get api("/projects/#{project.id}/members", user), query: user.username
328 response.status.should == 200
329 json_response.should be_an Array
330 json_response.count.should == 1
331 json_response.first['email'].should == user.email
334 it "should return a 404 error if id not found" do
335 get api("/projects/9999/members", user)
336 response.status.should == 404
340 describe "GET /projects/:id/members/:user_id" do
341 before { users_project }
343 it "should return project team member" do
344 get api("/projects/#{project.id}/members/#{user.id}", user)
345 response.status.should == 200
346 json_response['email'].should == user.email
347 json_response['access_level'].should == UsersProject::MASTER
350 it "should return a 404 error if user id not found" do
351 get api("/projects/#{project.id}/members/1234", user)
352 response.status.should == 404
356 describe "POST /projects/:id/members" do
357 it "should add user to project team" do
359 post api("/projects/#{project.id}/members", user), user_id: user2.id,
360 access_level: UsersProject::DEVELOPER
361 }.to change { UsersProject.count }.by(1)
363 response.status.should == 201
364 json_response['email'].should == user2.email
365 json_response['access_level'].should == UsersProject::DEVELOPER
368 it "should return a 201 status if user is already project member" do
369 post api("/projects/#{project.id}/members", user), user_id: user2.id,
370 access_level: UsersProject::DEVELOPER
372 post api("/projects/#{project.id}/members", user), user_id: user2.id,
373 access_level: UsersProject::DEVELOPER
374 }.not_to change { UsersProject.count }.by(1)
376 response.status.should == 201
377 json_response['email'].should == user2.email
378 json_response['access_level'].should == UsersProject::DEVELOPER
381 it "should return a 400 error when user id is not given" do
382 post api("/projects/#{project.id}/members", user), access_level: UsersProject::MASTER
383 response.status.should == 400
386 it "should return a 400 error when access level is not given" do
387 post api("/projects/#{project.id}/members", user), user_id: user2.id
388 response.status.should == 400
391 it "should return a 422 error when access level is not known" do
392 post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
393 response.status.should == 422
397 describe "PUT /projects/:id/members/:user_id" do
398 before { users_project2 }
400 it "should update project team member" do
401 put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: UsersProject::MASTER
402 response.status.should == 200
403 json_response['email'].should == user3.email
404 json_response['access_level'].should == UsersProject::MASTER
407 it "should return a 404 error if user_id is not found" do
408 put api("/projects/#{project.id}/members/1234", user), access_level: UsersProject::MASTER
409 response.status.should == 404
412 it "should return a 400 error when access level is not given" do
413 put api("/projects/#{project.id}/members/#{user3.id}", user)
414 response.status.should == 400
417 it "should return a 422 error when access level is not known" do
418 put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
419 response.status.should == 422
423 describe "DELETE /projects/:id/members/:user_id" do
424 before { users_project }
425 before { users_project2 }
427 it "should remove user from project team" do
429 delete api("/projects/#{project.id}/members/#{user3.id}", user)
430 }.to change { UsersProject.count }.by(-1)
433 it "should return 200 if team member is not part of a project" do
434 delete api("/projects/#{project.id}/members/#{user3.id}", user)
436 delete api("/projects/#{project.id}/members/#{user3.id}", user)
437 }.to_not change { UsersProject.count }.by(1)
440 it "should return 200 if team member already removed" do
441 delete api("/projects/#{project.id}/members/#{user3.id}", user)
442 delete api("/projects/#{project.id}/members/#{user3.id}", user)
443 response.status.should == 200
446 it "should return 200 OK when the user was not member" do
448 delete api("/projects/#{project.id}/members/1000000", user)
449 }.to change { UsersProject.count }.by(0)
450 response.status.should == 200
451 json_response['message'].should == "Access revoked"
452 json_response['id'].should == 1000000
456 describe "GET /projects/:id/snippets" do
459 it "should return an array of project snippets" do
460 get api("/projects/#{project.id}/snippets", user)
461 response.status.should == 200
462 json_response.should be_an Array
463 json_response.first['title'].should == snippet.title
467 describe "GET /projects/:id/snippets/:snippet_id" do
468 it "should return a project snippet" do
469 get api("/projects/#{project.id}/snippets/#{snippet.id}", user)
470 response.status.should == 200
471 json_response['title'].should == snippet.title
474 it "should return a 404 error if snippet id not found" do
475 get api("/projects/#{project.id}/snippets/1234", user)
476 response.status.should == 404
480 describe "POST /projects/:id/snippets" do
481 it "should create a new project snippet" do
482 post api("/projects/#{project.id}/snippets", user),
483 title: 'api test', file_name: 'sample.rb', code: 'test'
484 response.status.should == 201
485 json_response['title'].should == 'api test'
488 it "should return a 400 error if title is not given" do
489 post api("/projects/#{project.id}/snippets", user),
490 file_name: 'sample.rb', code: 'test'
491 response.status.should == 400
494 it "should return a 400 error if file_name not given" do
495 post api("/projects/#{project.id}/snippets", user),
496 title: 'api test', code: 'test'
497 response.status.should == 400
500 it "should return a 400 error if code not given" do
501 post api("/projects/#{project.id}/snippets", user),
502 title: 'api test', file_name: 'sample.rb'
503 response.status.should == 400
507 describe "PUT /projects/:id/snippets/:shippet_id" do
508 it "should update an existing project snippet" do
509 put api("/projects/#{project.id}/snippets/#{snippet.id}", user),
511 response.status.should == 200
512 json_response['title'].should == 'example'
513 snippet.reload.content.should == 'updated code'
516 it "should update an existing project snippet with new title" do
517 put api("/projects/#{project.id}/snippets/#{snippet.id}", user),
518 title: 'other api test'
519 response.status.should == 200
520 json_response['title'].should == 'other api test'
524 describe "DELETE /projects/:id/snippets/:snippet_id" do
527 it "should delete existing project snippet" do
529 delete api("/projects/#{project.id}/snippets/#{snippet.id}", user)
530 }.to change { Snippet.count }.by(-1)
531 response.status.should == 200
534 it "should return success when deleting unknown snippet id" do
535 delete api("/projects/#{project.id}/snippets/1234", user)
536 response.status.should == 200
540 describe "GET /projects/:id/snippets/:snippet_id/raw" do
541 it "should get a raw project snippet" do
542 get api("/projects/#{project.id}/snippets/#{snippet.id}/raw", user)
543 response.status.should == 200
546 it "should return a 404 error if raw project snippet not found" do
547 get api("/projects/#{project.id}/snippets/5555/raw", user)
548 response.status.should == 404
552 describe :deploy_keys do
553 let(:deploy_keys_project) { create(:deploy_keys_project, project: project) }
554 let(:deploy_key) { deploy_keys_project.deploy_key }
556 describe "GET /projects/:id/keys" do
557 before { deploy_key }
559 it "should return array of ssh keys" do
560 get api("/projects/#{project.id}/keys", user)
561 response.status.should == 200
562 json_response.should be_an Array
563 json_response.first['title'].should == deploy_key.title
567 describe "GET /projects/:id/keys/:key_id" do
568 it "should return a single key" do
569 get api("/projects/#{project.id}/keys/#{deploy_key.id}", user)
570 response.status.should == 200
571 json_response['title'].should == deploy_key.title
574 it "should return 404 Not Found with invalid ID" do
575 get api("/projects/#{project.id}/keys/404", user)
576 response.status.should == 404
580 describe "POST /projects/:id/keys" do
581 it "should not create an invalid ssh key" do
582 post api("/projects/#{project.id}/keys", user), { title: "invalid key" }
583 response.status.should == 404
586 it "should create new ssh key" do
587 key_attrs = attributes_for :key
589 post api("/projects/#{project.id}/keys", user), key_attrs
590 }.to change{ project.deploy_keys.count }.by(1)
594 describe "DELETE /projects/:id/keys/:key_id" do
595 before { deploy_key }
597 it "should delete existing key" do
599 delete api("/projects/#{project.id}/keys/#{deploy_key.id}", user)
600 }.to change{ project.deploy_keys.count }.by(-1)
603 it "should return 404 Not Found with invalid ID" do
604 delete api("/projects/#{project.id}/keys/404", user)
605 response.status.should == 404
610 describe :fork_admin do
611 let(:project_fork_target) { create(:project) }
612 let(:project_fork_source) { create(:project, visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
614 describe "POST /projects/:id/fork/:forked_from_id" do
615 let(:new_project_fork_source) { create(:project, visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
617 it "shouldn't available for non admin users" do
618 post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", user)
619 response.status.should == 403
622 it "should allow project to be forked from an existing project" do
623 project_fork_target.forked?.should_not be_true
624 post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin)
625 response.status.should == 201
626 project_fork_target.reload
627 project_fork_target.forked_from_project.id.should == project_fork_source.id
628 project_fork_target.forked_project_link.should_not be_nil
629 project_fork_target.forked?.should be_true
632 it "should fail if forked_from project which does not exist" do
633 post api("/projects/#{project_fork_target.id}/fork/9999", admin)
634 response.status.should == 404
637 it "should fail with 409 if already forked" do
638 post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin)
639 project_fork_target.reload
640 project_fork_target.forked_from_project.id.should == project_fork_source.id
641 post api("/projects/#{project_fork_target.id}/fork/#{new_project_fork_source.id}", admin)
642 response.status.should == 409
643 project_fork_target.reload
644 project_fork_target.forked_from_project.id.should == project_fork_source.id
645 project_fork_target.forked?.should be_true
649 describe "DELETE /projects/:id/fork" do
651 it "shouldn't available for non admin users" do
652 delete api("/projects/#{project_fork_target.id}/fork", user)
653 response.status.should == 403
656 it "should make forked project unforked" do
657 post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", admin)
658 project_fork_target.reload
659 project_fork_target.forked_from_project.should_not be_nil
660 project_fork_target.forked?.should be_true
661 delete api("/projects/#{project_fork_target.id}/fork", admin)
662 response.status.should == 200
663 project_fork_target.reload
664 project_fork_target.forked_from_project.should be_nil
665 project_fork_target.forked?.should_not be_true
668 it "should be idempotent if not forked" do
669 project_fork_target.forked_from_project.should be_nil
670 delete api("/projects/#{project_fork_target.id}/fork", admin)
671 response.status.should == 200
672 project_fork_target.reload.forked_from_project.should be_nil
677 describe "GET /projects/search/:query" do
678 let!(:query) { 'query'}
679 let!(:search) { create(:empty_project, name: query, creator_id: user.id, namespace: user.namespace) }
680 let!(:pre) { create(:empty_project, name: "pre_#{query}", creator_id: user.id, namespace: user.namespace) }
681 let!(:post) { create(:empty_project, name: "#{query}_post", creator_id: user.id, namespace: user.namespace) }
682 let!(:pre_post) { create(:empty_project, name: "pre_#{query}_post", creator_id: user.id, namespace: user.namespace) }
683 let!(:unfound) { create(:empty_project, name: 'unfound', creator_id: user.id, namespace: user.namespace) }
684 let!(:internal) { create(:empty_project, name: "internal #{query}", visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
685 let!(:unfound_internal) { create(:empty_project, name: 'unfound internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
686 let!(:public) { create(:empty_project, name: "public #{query}", visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
687 let!(:unfound_public) { create(:empty_project, name: 'unfound public', visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
689 context "when unauthenticated" do
690 it "should return authentication error" do
691 get api("/projects/search/#{query}")
692 response.status.should == 401
696 context "when authenticated" do
697 it "should return an array of projects" do
698 get api("/projects/search/#{query}",user)
699 response.status.should == 200
700 json_response.should be_an Array
701 json_response.size.should == 6
702 json_response.each {|project| project['name'].should =~ /.*query.*/}
706 context "when authenticated as a different user" do
707 it "should return matching public projects" do
708 get api("/projects/search/#{query}", user2)
709 response.status.should == 200
710 json_response.should be_an Array
711 json_response.size.should == 2
712 json_response.each {|project| project['name'].should =~ /(internal|public) query/}
717 describe "DELETE /projects/:id" do
718 context "when authenticated as user" do
719 it "should remove project" do
720 delete api("/projects/#{project.id}", user)
721 response.status.should == 200
724 it "should not remove a project if not an owner" do
725 user3 = create(:user)
726 project.team << [user3, :developer]
727 delete api("/projects/#{project.id}", user3)
728 response.status.should == 403
731 it "should not remove a non existing project" do
732 delete api("/projects/1328", user)
733 response.status.should == 404
736 it "should not remove a project not attached to user" do
737 delete api("/projects/#{project.id}", user2)
738 response.status.should == 404
742 context "when authenticated as admin" do
743 it "should remove any existing project" do
744 delete api("/projects/#{project.id}", admin)
745 response.status.should == 200
748 it "should not remove a non existing project" do
749 delete api("/projects/1328", admin)
750 response.status.should == 404