diff options
| author | Tomasz Maczukin <tomasz@maczukin.pl> | 2016-01-29 18:44:29 +0300 |
|---|---|---|
| committer | Tomasz Maczukin <tomasz@maczukin.pl> | 2016-02-19 15:18:46 +0300 |
| commit | 53f775ae6d6d0cd33a6a1421e736670b45e59309 (patch) | |
| tree | c3d68f270ca486525f926a16300b2c258f433b3e | |
| parent | 8c37f0ff3093995566f7f24788f8362f481b56b6 (diff) | |
Fix runners filtering in API
| -rw-r--r-- | lib/api/runners.rb | 6 | ||||
| -rw-r--r-- | spec/requests/api/runners_spec.rb | 41 |
2 files changed, 27 insertions, 20 deletions
diff --git a/lib/api/runners.rb b/lib/api/runners.rb index b7294258c7d..799c10a1897 100644 --- a/lib/api/runners.rb +++ b/lib/api/runners.rb @@ -121,11 +121,11 @@ module API return runners unless scope.present? available_scopes = ::Ci::Runner::AVAILABLE_SCOPES - unless (available_scopes && scope).empty? - runners.send(scope) - else + if (available_scopes & [scope]).empty? render_api_error!('Scope contains invalid value', 400) end + + runners.send(scope) end def get_runner(id) diff --git a/spec/requests/api/runners_spec.rb b/spec/requests/api/runners_spec.rb index 9ffa59dac07..d600b2312c5 100644 --- a/spec/requests/api/runners_spec.rb +++ b/spec/requests/api/runners_spec.rb @@ -22,35 +22,42 @@ describe API::API, api: true do let!(:two_projects_runner_project2) { create(:ci_runner_project, runner: two_projects_runner, project: project2) } describe 'GET /runners' do - context 'authorized user with admin privileges' do - it 'should return all runners' do - get api('/runners', admin) - shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr} + context 'authorized user' do + context 'authorized user with admin privileges' do + it 'should return all runners' do + get api('/runners', admin) + shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr} - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(shared).to be_truthy + expect(response.status).to eq(200) + expect(json_response).to be_an Array + expect(shared).to be_truthy + end end - it 'should filter runners by scope' do - get api('/runners?scope=specific', admin) - shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr} + context 'authorized user without admin privileges' do + it 'should return user available runners' do + get api('/runners', user) + shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr} - expect(response.status).to eq(200) - expect(json_response).to be_an Array - expect(shared).to be_falsey + expect(response.status).to eq(200) + expect(json_response).to be_an Array + expect(shared).to be_falsey + end end - end - context 'authorized user without admin privileges' do - it 'should return user available runners' do - get api('/runners', user) + it 'should filter runners by scope' do + get api('/runners?scope=specific', user) shared = false || json_response.map{ |r| r['is_shared'] }.inject{ |sum, shr| sum || shr} expect(response.status).to eq(200) expect(json_response).to be_an Array expect(shared).to be_falsey end + + it 'should avoid filtering if scope is invalid' do + get api('/runners?scope=unknown', user) + expect(response.status).to eq(400) + end end context 'unauthorized user' do |