Commit 1be15162 authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'ben.boeckel/gitlab-ce-api-visible-projects' into 'master'

Add visible projects API

## What does this MR do?

Add a new `/projects/visible` API endpoint. Originally created by @ben.boeckel in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5970.

## Are there points in the code the reviewer needs to double check?

Does the API make sense?

## Why was this MR needed?

The `/projects` endpoint only returned projects the user was explicitly a member of.

Closes #19361, #3119.

See merge request !6681
parents b58ea12a 7623ab0c
......@@ -5,6 +5,7 @@ v 8.13.0 (unreleased)
- Add link from system note to compare with previous version
- Improve issue load time performance by avoiding ORDER BY in find_by call
- Use gitlab-shell v3.6.2 (GIT TRACE logging)
- Add `/projects/visible` API endpoint (Ben Boeckel)
- Fix centering of custom header logos (Ashley Dumaine)
- AbstractReferenceFilter caches project_refs on RequestStore when active
- Replaced the check sign to arrow in the show build view. !6501
......
This diff is collapsed.
......@@ -22,14 +22,25 @@ module API
# Example Request:
# GET /projects
get do
@projects = current_user.authorized_projects
@projects = filter_projects(@projects)
@projects = paginate @projects
if params[:simple]
present @projects, with: Entities::BasicProjectDetails, user: current_user
else
present @projects, with: Entities::ProjectWithAccess, user: current_user
projects = current_user.authorized_projects
projects = filter_projects(projects)
projects = paginate projects
entity = params[:simple] ? Entities::BasicProjectDetails : Entities::ProjectWithAccess
present projects, with: entity, user: current_user
end
# Get a list of visible projects for authenticated user
#
# Example Request:
# GET /projects/visible
get '/visible' do
projects = ProjectsFinder.new.execute(current_user)
projects = filter_projects(projects)
projects = paginate projects
entity = params[:simple] ? Entities::BasicProjectDetails : Entities::ProjectWithAccess
present projects, with: entity, user: current_user
end
# Get an owned projects list for authenticated user
......@@ -37,10 +48,10 @@ module API
# Example Request:
# GET /projects/owned
get '/owned' do
@projects = current_user.owned_projects
@projects = filter_projects(@projects)
@projects = paginate @projects
present @projects, with: Entities::ProjectWithAccess, user: current_user
projects = current_user.owned_projects
projects = filter_projects(projects)
projects = paginate projects
present projects, with: Entities::ProjectWithAccess, user: current_user
end
# Gets starred project for the authenticated user
......@@ -48,10 +59,10 @@ module API
# Example Request:
# GET /projects/starred
get '/starred' do
@projects = current_user.viewable_starred_projects
@projects = filter_projects(@projects)
@projects = paginate @projects
present @projects, with: Entities::Project, user: current_user
projects = current_user.viewable_starred_projects
projects = filter_projects(projects)
projects = paginate projects
present projects, with: Entities::Project, user: current_user
end
# Get all projects for admin user
......@@ -60,10 +71,10 @@ module API
# GET /projects/all
get '/all' do
authenticated_as_admin!
@projects = Project.all
@projects = filter_projects(@projects)
@projects = paginate @projects
present @projects, with: Entities::ProjectWithAccess, user: current_user
projects = Project.all
projects = filter_projects(projects)
projects = paginate projects
present projects, with: Entities::ProjectWithAccess, user: current_user
end
# Get a single project
......
......@@ -175,6 +175,36 @@ describe API::API, api: true do
end
end
describe 'GET /projects/visible' do
let(:public_project) { create(:project, :public) }
before do
public_project
project
project2
project3
project4
end
it 'returns the projects viewable by the user' do
get api('/projects/visible', user)
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.map { |project| project['id'] }).
to contain_exactly(public_project.id, project.id, project2.id, project3.id)
end
it 'shows only public projects when the user only has access to those' do
get api('/projects/visible', user2)
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.map { |project| project['id'] }).
to contain_exactly(public_project.id)
end
end
describe 'GET /projects/starred' do
let(:public_project) { create(:project, :public) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment