diff options
Diffstat (limited to 'spec/requests/api/files_spec.rb')
| -rw-r--r-- | spec/requests/api/files_spec.rb | 715 |
1 files changed, 448 insertions, 267 deletions
diff --git a/spec/requests/api/files_spec.rb b/spec/requests/api/files_spec.rb index 06d22e7e218..e95a626b4aa 100644 --- a/spec/requests/api/files_spec.rb +++ b/spec/requests/api/files_spec.rb @@ -5,13 +5,21 @@ require 'spec_helper' RSpec.describe API::Files do include RepoHelpers - let(:user) { create(:user) } + let_it_be(:group) { create(:group, :public) } + let_it_be_with_refind(:user) { create(:user) } + let_it_be(:inherited_guest) { create(:user) } + let_it_be(:inherited_reporter) { create(:user) } + let_it_be(:inherited_developer) { create(:user) } + let!(:project) { create(:project, :repository, namespace: user.namespace ) } let(:guest) { create(:user) { |u| project.add_guest(u) } } - let(:file_path) { "files%2Fruby%2Fpopen%2Erb" } - let(:executable_file_path) { "files%2Fexecutables%2Fls" } - let(:rouge_file_path) { "%2e%2e%2f" } - let(:absolute_path) { "%2Fetc%2Fpasswd.rb" } + let(:file_path) { 'files%2Fruby%2Fpopen%2Erb' } + let(:file_name) { 'popen.rb' } + let(:last_commit_id) { '570e7b2abdd848b95f2f578043fc23bd6f6fd24d' } + let(:content_sha256) { 'c440cd09bae50c4632cc58638ad33c6aa375b6109d811e76a9cc3a613c1e8887' } + let(:executable_file_path) { 'files%2Fexecutables%2Fls' } + let(:invalid_file_path) { '%2e%2e%2f' } + let(:absolute_path) { '%2Fetc%2Fpasswd.rb' } let(:invalid_file_message) { 'file_path should be a valid file path' } let(:params) do { @@ -46,6 +54,12 @@ RSpec.describe API::Files do fake_class.new end + before_all do + group.add_guest(inherited_guest) + group.add_reporter(inherited_reporter) + group.add_developer(inherited_developer) + end + before do project.add_developer(user) end @@ -70,8 +84,10 @@ RSpec.describe API::Files do expect(helper.headers).to eq({ 'X-Gitlab-Test' => '1' }) end - it 'raises exception if value is an Enumerable' do - expect { helper.set_http_headers(test: [1]) }.to raise_error(ArgumentError) + context 'when value is an Enumerable' do + it 'raises an exception' do + expect { helper.set_http_headers(test: [1]) }.to raise_error(ArgumentError) + end end end @@ -87,12 +103,12 @@ RSpec.describe API::Files do end end - describe "HEAD /projects/:id/repository/files/:file_path" do + describe 'HEAD /projects/:id/repository/files/:file_path' do shared_examples_for 'repository files' do let(:options) { {} } it 'returns 400 when file path is invalid' do - head api(route(rouge_file_path), current_user, **options), params: params + head api(route(invalid_file_path), current_user, **options), params: params expect(response).to have_gitlab_http_status(:bad_request) end @@ -106,16 +122,16 @@ RSpec.describe API::Files do expect(response).to have_gitlab_http_status(:ok) expect(response.headers['X-Gitlab-File-Path']).to eq(CGI.unescape(file_path)) - expect(response.headers['X-Gitlab-File-Name']).to eq('popen.rb') - expect(response.headers['X-Gitlab-Last-Commit-Id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d') - expect(response.headers['X-Gitlab-Content-Sha256']).to eq('c440cd09bae50c4632cc58638ad33c6aa375b6109d811e76a9cc3a613c1e8887') + expect(response.headers['X-Gitlab-File-Name']).to eq(file_name) + expect(response.headers['X-Gitlab-Last-Commit-Id']).to eq(last_commit_id) + expect(response.headers['X-Gitlab-Content-Sha256']).to eq(content_sha256) end it 'caches sha256 of the content', :use_clean_rails_redis_caching do head api(route(file_path), current_user, **options), params: params expect(Rails.cache.fetch("blob_content_sha256:#{project.full_path}:#{response.headers['X-Gitlab-Blob-Id']}")) - .to eq('c440cd09bae50c4632cc58638ad33c6aa375b6109d811e76a9cc3a613c1e8887') + .to eq(content_sha256) expect_next_instance_of(Gitlab::Git::Blob) do |instance| expect(instance).not_to receive(:load_all_data!) @@ -126,8 +142,8 @@ RSpec.describe API::Files do it 'returns file by commit sha' do # This file is deleted on HEAD - file_path = "files%2Fjs%2Fcommit%2Ejs%2Ecoffee" - params[:ref] = "6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9" + file_path = 'files%2Fjs%2Fcommit%2Ejs%2Ecoffee' + params[:ref] = '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9' head api(route(file_path), current_user, **options), params: params @@ -137,15 +153,15 @@ RSpec.describe API::Files do end context 'when mandatory params are not given' do - it "responds with a 400 status" do - head api(route("any%2Ffile"), current_user, **options) + it 'responds with a 400 status' do + head api(route('any%2Ffile'), current_user, **options) expect(response).to have_gitlab_http_status(:bad_request) end end context 'when file_path does not exist' do - it "responds with a 404 status" do + it 'responds with a 404 status' do params[:ref] = 'master' head api(route('app%2Fmodels%2Fapplication%2Erb'), current_user, **options), params: params @@ -157,7 +173,7 @@ RSpec.describe API::Files do context 'when file_path does not exist' do include_context 'disabled repository' - it "responds with a 403 status" do + it 'responds with a 403 status' do head api(route(file_path), current_user, **options), params: params expect(response).to have_gitlab_http_status(:forbidden) @@ -165,20 +181,22 @@ RSpec.describe API::Files do end end - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository files' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } + context 'when unauthenticated' do + context 'and project is public' do + it_behaves_like 'repository files' do + let(:project) { create(:project, :public, :repository) } + let(:current_user) { nil } + end end - end - context 'when unauthenticated', 'and project is private' do - it "responds with a 404 status" do - current_user = nil + context 'and project is private' do + it 'responds with a 404 status' do + current_user = nil - head api(route(file_path), current_user), params: params + head api(route(file_path), current_user), params: params - expect(response).to have_gitlab_http_status(:not_found) + expect(response).to have_gitlab_http_status(:not_found) + end end end @@ -190,25 +208,41 @@ RSpec.describe API::Files do end end - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository files' do - let(:current_user) { user } + context 'when authenticated' do + context 'and user is a developer' do + it_behaves_like 'repository files' do + let(:current_user) { user } + end end - end - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { head api(route(file_path), guest), params: params } + context 'and user is a guest' do + it_behaves_like '403 response' do + let(:request) { head api(route(file_path), guest), params: params } + end end end end - describe "GET /projects/:id/repository/files/:file_path" do - shared_examples_for 'repository files' do - let(:options) { {} } + describe 'GET /projects/:id/repository/files/:file_path' do + let(:options) { {} } + + shared_examples 'returns non-executable file attributes as json' do + specify do + get api(route(file_path), api_user, **options), params: params + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['file_path']).to eq(CGI.unescape(file_path)) + expect(json_response['file_name']).to eq(file_name) + expect(json_response['last_commit_id']).to eq(last_commit_id) + expect(json_response['content_sha256']).to eq(content_sha256) + expect(json_response['execute_filemode']).to eq(false) + expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n") + end + end + shared_examples_for 'repository files' do it 'returns 400 for invalid file path' do - get api(route(rouge_file_path), api_user, **options), params: params + get api(route(invalid_file_path), api_user, **options), params: params expect(response).to have_gitlab_http_status(:bad_request) expect(json_response['error']).to eq(invalid_file_message) @@ -218,17 +252,7 @@ RSpec.describe API::Files do subject { get api(route(absolute_path), api_user, **options), params: params } end - it 'returns file attributes as json' do - get api(route(file_path), api_user, **options), params: params - - expect(response).to have_gitlab_http_status(:ok) - expect(json_response['file_path']).to eq(CGI.unescape(file_path)) - expect(json_response['file_name']).to eq('popen.rb') - expect(json_response['last_commit_id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d') - expect(json_response['content_sha256']).to eq('c440cd09bae50c4632cc58638ad33c6aa375b6109d811e76a9cc3a613c1e8887') - expect(json_response['execute_filemode']).to eq(false) - expect(Base64.decode64(json_response['content']).lines.first).to eq("require 'fileutils'\n") - end + it_behaves_like 'returns non-executable file attributes as json' context 'for executable file' do it 'returns file attributes as json' do @@ -247,7 +271,7 @@ RSpec.describe API::Files do end it 'returns json when file has txt extension' do - file_path = "bar%2Fbranch-test.txt" + file_path = 'bar%2Fbranch-test.txt' get api(route(file_path), api_user, **options), params: params @@ -277,8 +301,8 @@ RSpec.describe API::Files do it 'returns file by commit sha' do # This file is deleted on HEAD - file_path = "files%2Fjs%2Fcommit%2Ejs%2Ecoffee" - params[:ref] = "6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9" + file_path = 'files%2Fjs%2Fcommit%2Ejs%2Ecoffee' + params[:ref] = '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9' get api(route(file_path), api_user, **options), params: params @@ -289,9 +313,9 @@ RSpec.describe API::Files do end it 'returns raw file info' do - url = route(file_path) + "/raw" + url = route(file_path) + '/raw' expect_to_send_git_blob(api(url, api_user, **options), params) - expect(headers[Gitlab::Workhorse::DETECT_HEADER]).to eq "true" + expect(headers[Gitlab::Workhorse::DETECT_HEADER]).to eq 'true' end it 'returns blame file info' do @@ -303,16 +327,16 @@ RSpec.describe API::Files do end it 'sets inline content disposition by default' do - url = route(file_path) + "/raw" + url = route(file_path) + '/raw' get api(url, api_user, **options), params: params - expect(headers['Content-Disposition']).to eq(%q(inline; filename="popen.rb"; filename*=UTF-8''popen.rb)) + expect(headers['Content-Disposition']).to eq(%(inline; filename="#{file_name}"; filename*=UTF-8''#{file_name})) end context 'when mandatory params are not given' do it_behaves_like '400 response' do - let(:request) { get api(route("any%2Ffile"), current_user, **options) } + let(:request) { get api(route('any%2Ffile'), current_user, **options) } end end @@ -334,40 +358,96 @@ RSpec.describe API::Files do end end - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository files' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } - let(:api_user) { nil } + context 'when unauthenticated' do + context 'and project is public' do + it_behaves_like 'repository files' do + let(:project) { create(:project, :public, :repository) } + let(:current_user) { nil } + let(:api_user) { nil } + end end - end - context 'when PATs are used' do - it_behaves_like 'repository files' do - let(:token) { create(:personal_access_token, scopes: ['read_repository'], user: user) } - let(:current_user) { user } - let(:api_user) { nil } - let(:options) { { personal_access_token: token } } + context 'and project is private' do + it_behaves_like '404 response' do + let(:request) { get api(route(file_path)), params: params } + let(:message) { '404 Project Not Found' } + end end end - context 'when unauthenticated', 'and project is private' do - it_behaves_like '404 response' do - let(:request) { get api(route(file_path)), params: params } - let(:message) { '404 Project Not Found' } - end - end + context 'when authenticated' do + context 'and user is a direct project member' do + context 'and project is private' do + context 'and user is a developer' do + it_behaves_like 'repository files' do + let(:current_user) { user } + let(:api_user) { user } + end + + context 'and PATs are used' do + it_behaves_like 'repository files' do + let(:token) { create(:personal_access_token, scopes: ['read_repository'], user: user) } + let(:current_user) { user } + let(:api_user) { nil } + let(:options) { { personal_access_token: token } } + end + end + end - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository files' do - let(:current_user) { user } - let(:api_user) { user } + context 'and user is a guest' do + it_behaves_like '403 response' do + let(:request) { get api(route(file_path), guest), params: params } + end + end + end end end - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { get api(route(file_path), guest), params: params } + context 'when authenticated' do + context 'and user is an inherited member from the group' do + context 'when project is public with private repository' do + let_it_be(:project) { create(:project, :public, :repository, :repository_private, group: group) } + + context 'and user is a guest' do + it_behaves_like 'returns non-executable file attributes as json' do + let(:api_user) { inherited_guest } + end + end + + context 'and user is a reporter' do + it_behaves_like 'returns non-executable file attributes as json' do + let(:api_user) { inherited_reporter } + end + end + + context 'and user is a developer' do + it_behaves_like 'returns non-executable file attributes as json' do + let(:api_user) { inherited_developer } + end + end + end + + context 'when project is private' do + let_it_be(:project) { create(:project, :private, :repository, group: group) } + + context 'and user is a guest' do + it_behaves_like '403 response' do + let(:request) { get api(route(file_path), inherited_guest), params: params } + end + end + + context 'and user is a reporter' do + it_behaves_like 'returns non-executable file attributes as json' do + let(:api_user) { inherited_reporter } + end + end + + context 'and user is a developer' do + it_behaves_like 'returns non-executable file attributes as json' do + let(:api_user) { inherited_developer } + end + end + end end end end @@ -406,11 +486,10 @@ RSpec.describe API::Files do expect(response).to have_gitlab_http_status(:ok) expect(response.headers['X-Gitlab-File-Path']).to eq(CGI.unescape(file_path)) - expect(response.headers['X-Gitlab-File-Name']).to eq('popen.rb') - expect(response.headers['X-Gitlab-Last-Commit-Id']).to eq('570e7b2abdd848b95f2f578043fc23bd6f6fd24d') - expect(response.headers['X-Gitlab-Content-Sha256']) - .to eq('c440cd09bae50c4632cc58638ad33c6aa375b6109d811e76a9cc3a613c1e8887') - expect(response.headers['X-Gitlab-Execute-Filemode']).to eq("false") + expect(response.headers['X-Gitlab-File-Name']).to eq(file_name) + expect(response.headers['X-Gitlab-Last-Commit-Id']).to eq(last_commit_id) + expect(response.headers['X-Gitlab-Content-Sha256']).to eq(content_sha256) + expect(response.headers['X-Gitlab-Execute-Filemode']).to eq('false') end context 'for executable file' do @@ -424,13 +503,13 @@ RSpec.describe API::Files do expect(response.headers['X-Gitlab-Last-Commit-Id']).to eq('6b8dc4a827797aa025ff6b8f425e583858a10d4f') expect(response.headers['X-Gitlab-Content-Sha256']) .to eq('2c74b1181ef780dfb692c030d3a0df6e0b624135c38a9344e56b9f80007b6191') - expect(response.headers['X-Gitlab-Execute-Filemode']).to eq("true") + expect(response.headers['X-Gitlab-Execute-Filemode']).to eq('true') end end end it 'returns 400 when file path is invalid' do - get api(route(rouge_file_path) + '/blame', current_user), params: params + get api(route(invalid_file_path) + '/blame', current_user), params: params expect(response).to have_gitlab_http_status(:bad_request) expect(json_response['error']).to eq(invalid_file_message) @@ -573,29 +652,33 @@ RSpec.describe API::Files do end end - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository blame files' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } + context 'when unauthenticated' do + context 'and project is public' do + it_behaves_like 'repository blame files' do + let(:project) { create(:project, :public, :repository) } + let(:current_user) { nil } + end end - end - context 'when unauthenticated', 'and project is private' do - it_behaves_like '404 response' do - let(:request) { get api(route(file_path)), params: params } - let(:message) { '404 Project Not Found' } + context 'and project is private' do + it_behaves_like '404 response' do + let(:request) { get api(route(file_path)), params: params } + let(:message) { '404 Project Not Found' } + end end end - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository blame files' do - let(:current_user) { user } + context 'when authenticated' do + context 'and user is a developer' do + it_behaves_like 'repository blame files' do + let(:current_user) { user } + end end - end - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { get api(route(file_path) + '/blame', guest), params: params } + context 'and user is a guest' do + it_behaves_like '403 response' do + let(:request) { get api(route(file_path) + '/blame', guest), params: params } + end end end @@ -614,10 +697,10 @@ RSpec.describe API::Files do end end - describe "GET /projects/:id/repository/files/:file_path/raw" do + describe 'GET /projects/:id/repository/files/:file_path/raw' do shared_examples_for 'repository raw files' do it 'returns 400 when file path is invalid' do - get api(route(rouge_file_path) + "/raw", current_user), params: params + get api(route(invalid_file_path) + '/raw', current_user), params: params expect(response).to have_gitlab_http_status(:bad_request) expect(json_response['error']).to eq(invalid_file_message) @@ -628,7 +711,7 @@ RSpec.describe API::Files do end it 'returns raw file info' do - url = route(file_path) + "/raw" + url = route(file_path) + '/raw' expect_to_send_git_blob(api(url, current_user), params) end @@ -639,39 +722,39 @@ RSpec.describe API::Files do end it 'returns response :ok', :aggregate_failures do - url = route(file_path) + "/raw" + url = route(file_path) + '/raw' expect_to_send_git_blob(api(url, current_user), {}) end end it 'returns raw file info for files with dots' do - url = route('.gitignore') + "/raw" + url = route('.gitignore') + '/raw' expect_to_send_git_blob(api(url, current_user), params) end it 'returns file by commit sha' do # This file is deleted on HEAD - file_path = "files%2Fjs%2Fcommit%2Ejs%2Ecoffee" - params[:ref] = "6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9" + file_path = 'files%2Fjs%2Fcommit%2Ejs%2Ecoffee' + params[:ref] = '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9' - expect_to_send_git_blob(api(route(file_path) + "/raw", current_user), params) + expect_to_send_git_blob(api(route(file_path) + '/raw', current_user), params) end it 'sets no-cache headers' do - url = route('.gitignore') + "/raw" + url = route('.gitignore') + '/raw' expect_to_send_git_blob(api(url, current_user), params) - expect(response.headers["Cache-Control"]).to eq("max-age=0, private, must-revalidate, no-store, no-cache") - expect(response.headers["Pragma"]).to eq("no-cache") - expect(response.headers["Expires"]).to eq("Fri, 01 Jan 1990 00:00:00 GMT") + expect(response.headers['Cache-Control']).to eq('max-age=0, private, must-revalidate, no-store, no-cache') + expect(response.headers['Pragma']).to eq('no-cache') + expect(response.headers['Expires']).to eq('Fri, 01 Jan 1990 00:00:00 GMT') end context 'when mandatory params are not given' do it_behaves_like '400 response' do - let(:request) { get api(route("any%2Ffile"), current_user) } + let(:request) { get api(route('any%2Ffile'), current_user) } end end @@ -693,29 +776,33 @@ RSpec.describe API::Files do end end - context 'when unauthenticated', 'and project is public' do - it_behaves_like 'repository raw files' do - let(:project) { create(:project, :public, :repository) } - let(:current_user) { nil } + context 'when unauthenticated' do + context 'and project is public' do + it_behaves_like 'repository raw files' do + let(:project) { create(:project, :public, :repository) } + let(:current_user) { nil } + end end - end - context 'when unauthenticated', 'and project is private' do - it_behaves_like '404 response' do - let(:request) { get api(route(file_path)), params: params } - let(:message) { '404 Project Not Found' } + context 'and project is private' do + it_behaves_like '404 response' do + let(:request) { get api(route(file_path)), params: params } + let(:message) { '404 Project Not Found' } + end end end - context 'when authenticated', 'as a developer' do - it_behaves_like 'repository raw files' do - let(:current_user) { user } + context 'when authenticated' do + context 'and user is a developer' do + it_behaves_like 'repository raw files' do + let(:current_user) { user } + end end - end - context 'when authenticated', 'as a guest' do - it_behaves_like '403 response' do - let(:request) { get api(route(file_path), guest), params: params } + context 'and user is a guest' do + it_behaves_like '403 response' do + let(:request) { get api(route(file_path), guest), params: params } + end end end @@ -724,139 +811,205 @@ RSpec.describe API::Files do token = create(:personal_access_token, scopes: ['read_repository'], user: user) # This file is deleted on HEAD - file_path = "files%2Fjs%2Fcommit%2Ejs%2Ecoffee" - params[:ref] = "6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9" - url = api(route(file_path) + "/raw", personal_access_token: token) + file_path = 'files%2Fjs%2Fcommit%2Ejs%2Ecoffee' + params[:ref] = '6f6d7e7ed97bb5f0054f2b1df789b39ca89b6ff9' + url = api(route(file_path) + '/raw', personal_access_token: token) expect_to_send_git_blob(url, params) end end end - describe "POST /projects/:id/repository/files/:file_path" do - let!(:file_path) { "new_subfolder%2Fnewfile%2Erb" } + describe 'POST /projects/:id/repository/files/:file_path' do + let!(:file_path) { 'new_subfolder%2Fnewfile%2Erb' } + let(:params) do { - branch: "master", - content: "puts 8", - commit_message: "Added newfile" + branch: 'master', + content: 'puts 8', + commit_message: 'Added newfile' } end let(:executable_params) do { - branch: "master", - content: "puts 8", - commit_message: "Added newfile", + branch: 'master', + content: 'puts 8', + commit_message: 'Added newfile', execute_filemode: true } end - it 'returns 400 when file path is invalid' do - post api(route(rouge_file_path), user), params: params + shared_examples 'creates a new file in the project repo' do + specify do + post api(route(file_path), current_user), params: params - expect(response).to have_gitlab_http_status(:bad_request) - expect(json_response['error']).to eq(invalid_file_message) + expect(response).to have_gitlab_http_status(:created) + expect(json_response['file_path']).to eq(CGI.unescape(file_path)) + last_commit = project.repository.commit.raw + expect(last_commit.author_email).to eq(current_user.email) + expect(last_commit.author_name).to eq(current_user.name) + expect(project.repository.blob_at_branch(params[:branch], CGI.unescape(file_path)).executable?).to eq(false) + end end - it_behaves_like 'when path is absolute' do - subject { post api(route(absolute_path), user), params: params } - end + context 'when authenticated', 'as a direct project member' do + context 'when project is private' do + context 'and user is a developer' do + it 'returns 400 when file path is invalid' do + post api(route(invalid_file_path), user), params: params - it "creates a new file in project repo" do - post api(route(file_path), user), params: params + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['error']).to eq(invalid_file_message) + end - expect(response).to have_gitlab_http_status(:created) - expect(json_response["file_path"]).to eq(CGI.unescape(file_path)) - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(user.email) - expect(last_commit.author_name).to eq(user.name) - expect(project.repository.blob_at_branch(params[:branch], CGI.unescape(file_path)).executable?).to eq(false) - end + it_behaves_like 'when path is absolute' do + subject { post api(route(absolute_path), user), params: params } + end - it "creates a new executable file in project repo" do - post api(route(file_path), user), params: executable_params + it_behaves_like 'creates a new file in the project repo' do + let(:current_user) { user } + end - expect(response).to have_gitlab_http_status(:created) - expect(json_response["file_path"]).to eq(CGI.unescape(file_path)) - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(user.email) - expect(last_commit.author_name).to eq(user.name) - expect(project.repository.blob_at_branch(params[:branch], CGI.unescape(file_path)).executable?).to eq(true) - end + it 'creates a new executable file in project repo' do + post api(route(file_path), user), params: executable_params - it "returns a 400 bad request if no mandatory params given" do - post api(route("any%2Etxt"), user) + expect(response).to have_gitlab_http_status(:created) + expect(json_response['file_path']).to eq(CGI.unescape(file_path)) + last_commit = project.repository.commit.raw + expect(last_commit.author_email).to eq(user.email) + expect(last_commit.author_name).to eq(user.name) + expect(project.repository.blob_at_branch(params[:branch], CGI.unescape(file_path)).executable?).to eq(true) + end - expect(response).to have_gitlab_http_status(:bad_request) - end + context 'when no mandatory params given' do + it 'returns a 400 bad request' do + post api(route('any%2Etxt'), user) - it 'returns a 400 bad request if the commit message is empty' do - params[:commit_message] = '' + expect(response).to have_gitlab_http_status(:bad_request) + end + end - post api(route(file_path), user), params: params + context 'when the commit message is empty' do + before do + params[:commit_message] = '' + end - expect(response).to have_gitlab_http_status(:bad_request) - end + it 'returns a 400 bad request' do + post api(route(file_path), user), params: params - it "returns a 400 if editor fails to create file" do - allow_next_instance_of(Repository) do |instance| - allow(instance).to receive(:create_file).and_raise(Gitlab::Git::CommitError, 'Cannot create file') - end + expect(response).to have_gitlab_http_status(:bad_request) + end + end - post api(route("any%2Etxt"), user), params: params + context 'when editor fails to create file' do + before do + allow_next_instance_of(Repository) do |instance| + allow(instance).to receive(:create_file).and_raise(Gitlab::Git::CommitError, 'Cannot create file') + end + end - expect(response).to have_gitlab_http_status(:bad_request) - end + it 'returns a 400 bad request' do + post api(route('any%2Etxt'), user), params: params - context 'with PATs' do - it 'returns 403 with `read_repository` scope' do - token = create(:personal_access_token, scopes: ['read_repository'], user: user) + expect(response).to have_gitlab_http_status(:bad_request) + end + end - post api(route(file_path), personal_access_token: token), params: params + context 'and PATs are used' do + it 'returns 403 with `read_repository` scope' do + token = create(:personal_access_token, scopes: ['read_repository'], user: user) - expect(response).to have_gitlab_http_status(:forbidden) - end + post api(route(file_path), personal_access_token: token), params: params - it 'returns 201 with `api` scope' do - token = create(:personal_access_token, scopes: ['api'], user: user) + expect(response).to have_gitlab_http_status(:forbidden) + end - post api(route(file_path), personal_access_token: token), params: params + it 'returns 201 with `api` scope' do + token = create(:personal_access_token, scopes: ['api'], user: user) - expect(response).to have_gitlab_http_status(:created) - end - end + post api(route(file_path), personal_access_token: token), params: params - context "when specifying an author" do - it "creates a new file with the specified author" do - params.merge!(author_email: author_email, author_name: author_name) + expect(response).to have_gitlab_http_status(:created) + end + end - post api(route("new_file_with_author%2Etxt"), user), params: params + context 'and the repo is empty' do + let!(:project) { create(:project_empty_repo, namespace: user.namespace ) } - expect(response).to have_gitlab_http_status(:created) - expect(response.media_type).to eq('application/json') - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(author_email) - expect(last_commit.author_name).to eq(author_name) + it_behaves_like 'creates a new file in the project repo' do + let(:current_user) { user } + let(:file_path) { 'newfile%2Erb' } + end + end + + context 'when specifying an author' do + it 'creates a new file with the specified author' do + params.merge!(author_email: author_email, author_name: author_name) + + post api(route('new_file_with_author%2Etxt'), user), params: params + + expect(response).to have_gitlab_http_status(:created) + expect(response.media_type).to eq('application/json') + last_commit = project.repository.commit.raw + expect(last_commit.author_email).to eq(author_email) + expect(last_commit.author_name).to eq(author_name) + end + end + end end end - context 'when the repo is empty' do - let!(:project) { create(:project_empty_repo, namespace: user.namespace ) } + context 'when authenticated' do + context 'and user is an inherited member from the group' do + context 'when project is public with private repository' do + let_it_be(:project) { create(:project, :public, :repository, :repository_private, group: group) } - it "creates a new file in project repo" do - post api(route("newfile%2Erb"), user), params: params + context 'and user is a guest' do + it_behaves_like '403 response' do + let(:request) { post api(route(file_path), inherited_guest), params: params } + end + end - expect(response).to have_gitlab_http_status(:created) - expect(json_response['file_path']).to eq('newfile.rb') - last_commit = project.repository.commit.raw - expect(last_commit.author_email).to eq(user.email) - expect(last_commit.author_name).to eq(user.name) + context 'and user is a reporter' do + it_behaves_like '403 response' do + let(:request) { post api(route(file_path), inherited_reporter), params: params } + end + end + + context 'and user is a developer' do + it_behaves_like 'creates a new file in the project repo' do + let(:current_user) { inherited_developer } + end + end + end + + context 'when project is private' do + let_it_be(:project) { create(:project, :private, :repository, group: group) } + + context 'and user is a guest' do + it_behaves_like '403 response' do + let(:request) { post api(route(file_path), inherited_guest), params: params } + end + end + + context 'and user is a reporter' do + it_behaves_like '403 response' do + let(:request) { post api(route(file_path), inherited_reporter), params: params } + end + end + + context 'and user is a developer' do + it_behaves_like 'creates a new file in the project repo' do + let(:current_user) { inherited_developer } + end + end + end end end end - describe "PUT /projects/:id/repository/files" do + describe 'PUT /projects/:id/repository/files' do let(:params) do { branch: 'master', @@ -865,7 +1018,7 @@ RSpec.describe API::Files do } end - it "updates existing file in project repo" do + it 'updates existing file in project repo' do put api(route(file_path), user), params: params expect(response).to have_gitlab_http_status(:ok) @@ -875,42 +1028,58 @@ RSpec.describe API::Files do expect(last_commit.author_name).to eq(user.name) end - it 'returns a 400 bad request if the commit message is empty' do - params[:commit_message] = '' + context 'when the commit message is empty' do + before do + params[:commit_message] = '' + end - put api(route(file_path), user), params: params + it 'returns a 400 bad request' do + put api(route(file_path), user), params: params - expect(response).to have_gitlab_http_status(:bad_request) + expect(response).to have_gitlab_http_status(:bad_request) + end end - it "returns a 400 bad request if update existing file with stale last commit id" do - params_with_stale_id = params.merge(last_commit_id: 'stale') + context 'when updating an existing file with stale last commit id' do + let(:params_with_stale_id) { params.merge(last_commit_id: 'stale') } - put api(route(file_path), user), params: params_with_stale_id + it 'returns a 400 bad request' do + put api(route(file_path), user), params: params_with_stale_id - expect(response).to have_gitlab_http_status(:bad_request) - expect(json_response['message']).to eq(_('You are attempting to update a file that has changed since you started editing it.')) + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['message']).to eq(_('You are attempting to update a file that has changed since you started editing it.')) + end end - it "updates existing file in project repo with accepts correct last commit id" do - last_commit = Gitlab::Git::Commit - .last_for_path(project.repository, 'master', Addressable::URI.unencode_component(file_path)) - params_with_correct_id = params.merge(last_commit_id: last_commit.id) + context 'with correct last commit id' do + let(:last_commit) do + Gitlab::Git::Commit + .last_for_path(project.repository, 'master', Addressable::URI.unencode_component(file_path)) + end - put api(route(file_path), user), params: params_with_correct_id + let(:params_with_correct_id) { params.merge(last_commit_id: last_commit.id) } - expect(response).to have_gitlab_http_status(:ok) + it 'updates existing file in project repo' do + put api(route(file_path), user), params: params_with_correct_id + + expect(response).to have_gitlab_http_status(:ok) + end end - it "returns 400 when file path is invalid" do - last_commit = Gitlab::Git::Commit - .last_for_path(project.repository, 'master', Addressable::URI.unencode_component(file_path)) - params_with_correct_id = params.merge(last_commit_id: last_commit.id) + context 'when file path is invalid' do + let(:last_commit) do + Gitlab::Git::Commit + .last_for_path(project.repository, 'master', Addressable::URI.unencode_component(file_path)) + end - put api(route(rouge_file_path), user), params: params_with_correct_id + let(:params_with_correct_id) { params.merge(last_commit_id: last_commit.id) } - expect(response).to have_gitlab_http_status(:bad_request) - expect(json_response['error']).to eq(invalid_file_message) + it 'returns a 400 bad request' do + put api(route(invalid_file_path), user), params: params_with_correct_id + + expect(response).to have_gitlab_http_status(:bad_request) + expect(json_response['error']).to eq(invalid_file_message) + end end it_behaves_like 'when path is absolute' do @@ -924,15 +1093,17 @@ RSpec.describe API::Files do subject { put api(route(absolute_path), user), params: params_with_correct_id } end - it "returns a 400 bad request if no params given" do - put api(route(file_path), user) + context 'when no params given' do + it 'returns a 400 bad request' do + put api(route(file_path), user) - expect(response).to have_gitlab_http_status(:bad_request) + expect(response).to have_gitlab_http_status(:bad_request) + end end - context "when specifying an author" do - it "updates a file with the specified author" do - params.merge!(author_email: author_email, author_name: author_name, content: "New content") + context 'when specifying an author' do + it 'updates a file with the specified author' do + params.merge!(author_email: author_email, author_name: author_name, content: 'New content') put api(route(file_path), user), params: params @@ -982,7 +1153,7 @@ RSpec.describe API::Files do end end - describe "DELETE /projects/:id/repository/files" do + describe 'DELETE /projects/:id/repository/files' do let(:params) do { branch: 'master', @@ -991,7 +1162,7 @@ RSpec.describe API::Files do end it 'returns 400 when file path is invalid' do - delete api(route(rouge_file_path), user), params: params + delete api(route(invalid_file_path), user), params: params expect(response).to have_gitlab_http_status(:bad_request) expect(json_response['error']).to eq(invalid_file_message) @@ -1001,38 +1172,48 @@ RSpec.describe API::Files do subject { delete api(route(absolute_path), user), params: params } end - it "deletes existing file in project repo" do + it 'deletes existing file in project repo' do delete api(route(file_path), user), params: params expect(response).to have_gitlab_http_status(:no_content) end - it "returns a 400 bad request if no params given" do - delete api(route(file_path), user) + context 'when no params given' do + it 'returns a 400 bad request' do + delete api(route(file_path), user) - expect(response).to have_gitlab_http_status(:bad_request) + expect(response).to have_gitlab_http_status(:bad_request) + end end - it 'returns a 400 bad request if the commit message is empty' do - params[:commit_message] = '' + context 'when the commit message is empty' do + before do + params[:commit_message] = '' + end - delete api(route(file_path), user), params: params + it 'returns a 400 bad request' do + delete api(route(file_path), user), params: params - expect(response).to have_gitlab_http_status(:bad_request) + expect(response).to have_gitlab_http_status(:bad_request) + end end - it "returns a 400 if fails to delete file" do - allow_next_instance_of(Repository) do |instance| - allow(instance).to receive(:delete_file).and_raise(Gitlab::Git::CommitError, 'Cannot delete file') + context 'when fails to delete file' do + before do + allow_next_instance_of(Repository) do |instance| + allow(instance).to receive(:delete_file).and_raise(Gitlab::Git::CommitError, 'Cannot delete file') + end end - delete api(route(file_path), user), params: params + it 'returns a 400 bad request' do + delete api(route(file_path), user), params: params - expect(response).to have_gitlab_http_status(:bad_request) + expect(response).to have_gitlab_http_status(:bad_request) + end end - context "when specifying an author" do - it "removes a file with the specified author" do + context 'when specifying an author' do + it 'removes a file with the specified author' do params.merge!(author_email: author_email, author_name: author_name) delete api(route(file_path), user), params: params @@ -1042,7 +1223,7 @@ RSpec.describe API::Files do end end - describe "POST /projects/:id/repository/files with binary file" do + describe 'POST /projects/:id/repository/files with binary file' do let(:file_path) { 'test%2Ebin' } let(:put_params) do { @@ -1063,7 +1244,7 @@ RSpec.describe API::Files do post api(route(file_path), user), params: put_params end - it "remains unchanged" do + it 'remains unchanged' do get api(route(file_path), user), params: get_params expect(response).to have_gitlab_http_status(:ok) |