Add features for list and show details of variables in API

app/models/ci/variable.rb

@@ -9,6 +9,7 @@
 #  encrypted_value      :text
 #  encrypted_value_salt :string(255)
 #  encrypted_value_iv   :string(255)
+#  gl_project_id        :integer
 #
 
 module Ci

lib/api/api.rb

@@ -54,5 +54,7 @@ module API
     mount Keys
     mount Tags
     mount Triggers
+
+    mount Variables
   end
 end

lib/api/entities.rb

@@ -365,5 +365,9 @@ module API
     class TriggerRequest < Grape::Entity
       expose :id, :variables
     end
+
+    class Variable < Grape::Entity
+      expose :id, :key, :value
+    end
   end
 end

lib/api/variables.rb

+module API
+  # Projects variables API
+  class Variables < Grape::API
+    before { authenticate! }
+    before { authorize_admin_project }
+
+    resource :projects do
+      # Get project variables
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   page (optional) - The page number for pagination
+      #   per_page (optional) - The value of items per page to show
+      # Example Request:
+      #   GET /projects/:id/variables
+      get ':id/variables' do
+        variables = user_project.variables
+        present paginate(variables), with: Entities::Variable
+      end
+
+      # Get specifica bariable of a project
+      #
+      # Parameters:
+      #   id (required) - The ID of a project
+      #   variable_id (required) - The ID OR `key` of variable to show; if variable_id contains only digits it's treated
+      #                            as ID other ways it's treated as `key`
+      # Example Reuest:
+      #   GET /projects/:id/variables/:variable_id
+      get ':id/variables/:variable_id' do
+        variable_id = params[:variable_id]
+        variables = user_project.variables
+        variables =
+          if variable_id.match(/^\d+$/)
+            variables.where(id: variable_id.to_i)
+          else
+            variables.where(key: variable_id)
+          end
+
+        present variables.first, with: Entities::Variable
+      end
+    end
+  end
+end

spec/factories/ci/variables.rb

+# == Schema Information
+#
+# Table name: ci_variables
+#
+#  id                   :integer          not null, primary key
+#  project_id           :integer          not null
+#  key                  :string(255)
+#  value                :text
+#  encrypted_value      :text
+#  encrypted_value_salt :string(255)
+#  encrypted_value_iv   :string(255)
+#  gl_project_id        :integer
+#
+
+# Read about factories at https://github.com/thoughtbot/factory_girl
+
+FactoryGirl.define do
+  factory :ci_variable, class: Ci::Variable do
+    id 1
+    key 'TEST_VARIABLE_1'
+    value 'VALUE_1'
+
+    project factory: :empty_project
+  end
+end

spec/requests/api/variables_spec.rb

+require 'spec_helper'
+
+describe API::API, api: true do
+  include ApiHelpers
+
+  let(:user) { create(:user) }
+  let(:user2) { create(:user) }
+  let!(:project) { create(:project, creator_id: user.id) }
+  let!(:master) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) }
+  let!(:developer) { create(:project_member, user: user2, project: project, access_level: ProjectMember::DEVELOPER) }
+  let!(:variable) { create(:ci_variable, project: project) }
+
+  describe 'GET /projects/:id/variables' do
+    context 'authorized user with proper permissions' do
+      it 'should return project variables' do
+        get api("/projects/#{project.id}/variables", user)
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_a(Array)
+      end
+    end
+
+    context 'authorized user with invalid permissions' do
+      it 'should not return project variables' do
+        get api("/projects/#{project.id}/variables", user2)
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'unauthorized user' do
+      it 'should not return project variables' do
+        get api("/projects/#{project.id}/variables")
+
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+
+  describe 'GET /projects/:id/variables/:variable_id' do
+    context 'authorized user with proper permissions' do
+      it 'should return project variable details when ID is used as :variable_id' do
+        get api("/projects/#{project.id}/variables/1", user)
+
+        expect(response.status).to eq(200)
+        expect(json_response['key']).to eq('TEST_VARIABLE_1')
+        expect(json_response['value']).to eq('VALUE_1')
+      end
+
+      it 'should return project variable details when `key` is used as :variable_id' do
+        get api("/projects/#{project.id}/variables/TEST_VARIABLE_1", user)
+
+        expect(response.status).to eq(200)
+        expect(json_response['id']).to eq(1)
+        expect(json_response['value']).to eq('VALUE_1')
+      end
+    end
+
+    context 'authorized user with invalid permissions' do
+      it 'should not return project variable details' do
+        get api("/projects/#{project.id}/variables/1", user2)
+
+        expect(response.status).to eq(403)
+      end
+    end
+
+    context 'unauthorized user' do
+      it 'should not return project variable details' do
+        get api("/projects/#{project.id}/variables/1")
+
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+end