Add latest changes from gitlab-org/gitlab@master

3 files changed, 370 insertions, 0 deletions

diff --git a/spec/services/snippets/create_service_spec.rb b/spec/services/snippets/create_service_spec.rb
new file mode 100644
index 00000000000..6f7ce7959ff
--- /dev/null
+++ b/spec/services/snippets/create_service_spec.rb
@@ -0,0 +1,170 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Snippets::CreateService do
+  describe '#execute' do
+    let_it_be(:user) { create(:user) }
+    let_it_be(:admin) { create(:user, :admin) }
+    let(:opts) { base_opts.merge(extra_opts) }
+    let(:base_opts) do
+      {
+        title: 'Test snippet',
+        file_name: 'snippet.rb',
+        content: 'puts "hello world"',
+        visibility_level: Gitlab::VisibilityLevel::PRIVATE
+      }
+    end
+    let(:extra_opts) { {} }
+    let(:creator) { admin }
+
+    subject { Snippets::CreateService.new(project, creator, opts).execute }
+
+    let(:snippet) { subject.payload[:snippet] }
+
+    shared_examples 'a service that creates a snippet' do
+      it 'creates a snippet with the provided attributes' do
+        expect(snippet.title).to eq(opts[:title])
+        expect(snippet.file_name).to eq(opts[:file_name])
+        expect(snippet.content).to eq(opts[:content])
+        expect(snippet.visibility_level).to eq(opts[:visibility_level])
+      end
+    end
+
+    shared_examples 'public visibility level restrictions apply' do
+      let(:extra_opts) { { visibility_level: Gitlab::VisibilityLevel::PUBLIC } }
+
+      before do
+        stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+      end
+
+      context 'when user is not an admin' do
+        let(:creator) { user }
+
+        it 'responds with an error' do
+          expect(subject).to be_error
+        end
+
+        it 'does not create a public snippet' do
+          expect(subject.message).to match('has been restricted')
+        end
+      end
+
+      context 'when user is an admin' do
+        it 'responds with success' do
+          expect(subject).to be_success
+        end
+
+        it 'creates a public snippet' do
+          expect(snippet.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
+        end
+      end
+
+      describe 'when visibility level is passed as a string' do
+        let(:extra_opts) { { visibility: 'internal' } }
+
+        before do
+          base_opts.delete(:visibility_level)
+        end
+
+        it 'assigns the correct visibility level' do
+          expect(subject).to be_success
+          expect(snippet.visibility_level).to eq(Gitlab::VisibilityLevel::INTERNAL)
+        end
+      end
+    end
+
+    shared_examples 'spam check is performed' do
+      shared_examples 'marked as spam' do
+        it 'marks a snippet as spam ' do
+          expect(snippet).to be_spam
+        end
+
+        it 'invalidates the snippet' do
+          expect(snippet).to be_invalid
+        end
+
+        it 'creates a new spam_log' do
+          expect { snippet }
+            .to log_spam(title: snippet.title, noteable_type: snippet.class.name)
+        end
+
+        it 'assigns a spam_log to an issue' do
+          expect(snippet.spam_log).to eq(SpamLog.last)
+        end
+      end
+
+      let(:extra_opts) do
+        { visibility_level: Gitlab::VisibilityLevel::PUBLIC, request: double(:request, env: {}) }
+      end
+
+      before do
+        expect_next_instance_of(AkismetService) do |akismet_service|
+          expect(akismet_service).to receive_messages(spam?: true)
+        end
+      end
+
+      [true, false, nil].each do |allow_possible_spam|
+        context "when recaptcha_disabled flag is #{allow_possible_spam.inspect}" do
+          before do
+            stub_feature_flags(allow_possible_spam: allow_possible_spam) unless allow_possible_spam.nil?
+          end
+
+          it_behaves_like 'marked as spam'
+        end
+      end
+    end
+
+    shared_examples 'snippet create data is tracked' do
+      let(:counter) { Gitlab::UsageDataCounters::SnippetCounter }
+
+      it 'increments count when create succeeds' do
+        expect { subject }.to change { counter.read(:create) }.by 1
+      end
+
+      context 'when create fails' do
+        let(:opts) { {} }
+
+        it 'does not increment count' do
+          expect { subject }.not_to change { counter.read(:create) }
+        end
+      end
+    end
+
+    shared_examples 'an error service response when save fails' do
+      let(:extra_opts) { { content: nil } }
+
+      it 'responds with an error' do
+        expect(subject).to be_error
+      end
+
+      it 'does not create the snippet' do
+        expect { subject }.not_to change { Snippet.count }
+      end
+    end
+
+    context 'when Project Snippet' do
+      let_it_be(:project) { create(:project) }
+
+      before do
+        project.add_developer(user)
+      end
+
+      it_behaves_like 'a service that creates a snippet'
+      it_behaves_like 'public visibility level restrictions apply'
+      it_behaves_like 'spam check is performed'
+      it_behaves_like 'snippet create data is tracked'
+      it_behaves_like 'an error service response when save fails'
+    end
+
+    context 'when PersonalSnippet' do
+      let(:project) { nil }
+
+      it_behaves_like 'a service that creates a snippet'
+      it_behaves_like 'public visibility level restrictions apply'
+      it_behaves_like 'spam check is performed'
+      it_behaves_like 'snippet create data is tracked'
+      it_behaves_like 'an error service response when save fails'
+    end
+  end
+end
diff --git a/spec/services/snippets/destroy_service_spec.rb b/spec/services/snippets/destroy_service_spec.rb
new file mode 100644
index 00000000000..bb035d275ab
--- /dev/null
+++ b/spec/services/snippets/destroy_service_spec.rb
@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Snippets::DestroyService do
+  let_it_be(:project) { create(:project) }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:other_user) { create(:user) }
+
+  describe '#execute' do
+    subject { Snippets::DestroyService.new(user, snippet).execute }
+
+    context 'when snippet is nil' do
+      let(:snippet) { nil }
+
+      it 'returns a ServiceResponse error' do
+        expect(subject).to be_error
+      end
+    end
+
+    shared_examples 'a successful destroy' do
+      it 'deletes the snippet' do
+        expect { subject }.to change { Snippet.count }.by(-1)
+      end
+
+      it 'returns ServiceResponse success' do
+        expect(subject).to be_success
+      end
+    end
+
+    shared_examples 'an unsuccessful destroy' do
+      it 'does not delete the snippet' do
+        expect { subject }.to change { Snippet.count }.by(0)
+      end
+
+      it 'returns ServiceResponse error' do
+        expect(subject).to be_error
+      end
+    end
+
+    context 'when ProjectSnippet' do
+      let!(:snippet) { create(:project_snippet, project: project, author: author) }
+
+      context 'when user is able to admin_project_snippet' do
+        let(:author) { user }
+
+        before do
+          project.add_developer(user)
+        end
+
+        it_behaves_like 'a successful destroy'
+      end
+
+      context 'when user is not able to admin_project_snippet' do
+        let(:author) { other_user }
+
+        it_behaves_like 'an unsuccessful destroy'
+      end
+    end
+
+    context 'when PersonalSnippet' do
+      let!(:snippet) { create(:personal_snippet, author: author) }
+
+      context 'when user is able to admin_personal_snippet' do
+        let(:author) { user }
+
+        it_behaves_like 'a successful destroy'
+      end
+
+      context 'when user is not able to admin_personal_snippet' do
+        let(:author) { other_user }
+
+        it_behaves_like 'an unsuccessful destroy'
+      end
+    end
+  end
+end
diff --git a/spec/services/snippets/update_service_spec.rb b/spec/services/snippets/update_service_spec.rb
new file mode 100644
index 00000000000..b8215f9779d
--- /dev/null
+++ b/spec/services/snippets/update_service_spec.rb
@@ -0,0 +1,123 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Snippets::UpdateService do
+  describe '#execute' do
+    let_it_be(:user) { create(:user) }
+    let_it_be(:admin) { create :user, admin: true }
+    let(:visibility_level) { Gitlab::VisibilityLevel::PRIVATE }
+    let(:options) do
+      {
+        title: 'Test snippet',
+        file_name: 'snippet.rb',
+        content: 'puts "hello world"',
+        visibility_level: visibility_level
+      }
+    end
+    let(:updater) { user }
+
+    subject do
+      Snippets::UpdateService.new(
+        project,
+        updater,
+        options
+      ).execute(snippet)
+    end
+
+    shared_examples 'a service that updates a snippet' do
+      it 'updates a snippet with the provided attributes' do
+        expect { subject }.to change { snippet.title }.from(snippet.title).to(options[:title])
+          .and change { snippet.file_name }.from(snippet.file_name).to(options[:file_name])
+          .and change { snippet.content }.from(snippet.content).to(options[:content])
+      end
+    end
+
+    shared_examples 'public visibility level restrictions apply' do
+      let(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC }
+
+      before do
+        stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC])
+      end
+
+      context 'when user is not an admin' do
+        it 'responds with an error' do
+          expect(subject).to be_error
+        end
+
+        it 'does not update snippet to public visibility' do
+          original_visibility = snippet.visibility_level
+
+          expect(subject.message).to match('has been restricted')
+          expect(snippet.visibility_level).to eq(original_visibility)
+        end
+      end
+
+      context 'when user is an admin' do
+        let(:updater) { admin }
+
+        it 'responds with success' do
+          expect(subject).to be_success
+        end
+
+        it 'updates the snippet to public visibility' do
+          old_visibility = snippet.visibility_level
+
+          expect(subject.payload[:snippet]).not_to be_nil
+          expect(snippet.visibility_level).not_to eq(old_visibility)
+          expect(snippet.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
+        end
+      end
+
+      context 'when visibility level is passed as a string' do
+        before do
+          options[:visibility] = 'internal'
+          options.delete(:visibility_level)
+        end
+
+        it 'assigns the correct visibility level' do
+          expect(subject).to be_success
+          expect(snippet.visibility_level).to eq(Gitlab::VisibilityLevel::INTERNAL)
+        end
+      end
+    end
+
+    shared_examples 'snippet update data is tracked' do
+      let(:counter) { Gitlab::UsageDataCounters::SnippetCounter }
+
+      it 'increments count when create succeeds' do
+        expect { subject }.to change { counter.read(:update) }.by 1
+      end
+
+      context 'when update fails' do
+        let(:options) { { title: '' } }
+
+        it 'does not increment count' do
+          expect { subject }.not_to change { counter.read(:update) }
+        end
+      end
+    end
+
+    context 'when Project Snippet' do
+      let_it_be(:project) { create(:project) }
+      let!(:snippet) { create(:project_snippet, author: user, project: project) }
+
+      before do
+        project.add_developer(user)
+      end
+
+      it_behaves_like 'a service that updates a snippet'
+      it_behaves_like 'public visibility level restrictions apply'
+      it_behaves_like 'snippet update data is tracked'
+    end
+
+    context 'when PersonalSnippet' do
+      let(:project) { nil }
+      let!(:snippet) { create(:personal_snippet, author: user) }
+
+      it_behaves_like 'a service that updates a snippet'
+      it_behaves_like 'public visibility level restrictions apply'
+      it_behaves_like 'snippet update data is tracked'
+    end
+  end
+end