Merge branch 'refactor-composer-api-group-checks' into 'master'

Refactor composer api group checks See merge request gitlab-org/gitlab!38642

Merge branch 'refactor-composer-api-group-checks' into 'master'
Refactor composer api group checks See merge request gitlab-org/gitlab!38642
41b12044 · charlie ablett · 50192cda · 2104c924 · 41b12044 · 41b12044
Commit 41b12044 authored Aug 11, 2020 by charlie ablett
2 changed files
--- a/spec/requests/api/composer_packages_spec.rb
+++ b/spec/requests/api/composer_packages_spec.rb
@@ -11,6 +11,8 @@ RSpec.describe API::ComposerPackages do
  let_it_be(:project, reload: true) { create(:project, :custom_repo, files: { 'composer.json' => { name: package_name }.to_json }, group: group) }
  let(:headers) { {} }

+  using RSpec::Parameterized::TableSyntax
+
  describe 'GET /api/v4/group/:id/-/packages/composer/packages' do
    let(:url) { "/group/#{group.id}/-/packages/composer/packages.json" }

@@ -19,32 +21,73 @@ RSpec.describe API::ComposerPackages do
    context 'with valid project' do
      let!(:package) { create(:composer_package, :with_metadatum, project: project) }

-      using RSpec::Parameterized::TableSyntax
+      context 'with a public group' do
+        before do
+          group.update!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+        end
+
+        where(:project_visibility_level, :user_role, :member, :user_token, :include_package) do
+          'PUBLIC'  | :developer  | true  | true  | :include_package
+          'PUBLIC'  | :developer  | true  | false | :include_package
+          'PUBLIC'  | :developer  | false | false | :include_package
+          'PUBLIC'  | :developer  | false | true  | :include_package
+          'PUBLIC'  | :guest      | true  | true  | :include_package
+          'PUBLIC'  | :guest      | true  | false | :include_package
+          'PUBLIC'  | :guest      | false | true  | :include_package
+          'PUBLIC'  | :guest      | false | false | :include_package
+          'PUBLIC'  | :anonymous  | false | true  | :include_package
+          'PRIVATE' | :developer  | true  | true  | :include_package
+          'PRIVATE' | :developer  | true  | false | :does_not_include_package
+          'PRIVATE' | :developer  | false | true  | :does_not_include_package
+          'PRIVATE' | :developer  | false | false | :does_not_include_package
+          'PRIVATE' | :guest      | true  | true  | :does_not_include_package
+          'PRIVATE' | :guest      | true  | false | :does_not_include_package
+          'PRIVATE' | :guest      | false | true  | :does_not_include_package
+          'PRIVATE' | :guest      | false | false | :does_not_include_package
+          'PRIVATE' | :anonymous  | false | true  | :does_not_include_package
+        end

-      where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
-        'PUBLIC'  | :developer  | true  | true  | 'Composer package index'       | :success
-        'PUBLIC'  | :guest      | true  | true  | 'Composer package index'       | :success
-        'PUBLIC'  | :developer  | true  | false | 'Composer package index'       | :success
-        'PUBLIC'  | :guest      | true  | false | 'Composer package index'       | :success
-        'PUBLIC'  | :developer  | false | true  | 'Composer package index'       | :success
-        'PUBLIC'  | :guest      | false | true  | 'Composer package index'       | :success
-        'PUBLIC'  | :developer  | false | false | 'Composer package index'       | :success
-        'PUBLIC'  | :guest      | false | false | 'Composer package index'       | :success
-        'PUBLIC'  | :anonymous  | false | true  | 'Composer package index'       | :success
-        'PRIVATE' | :developer  | true  | true  | 'Composer package index'       | :success
-        'PRIVATE' | :guest      | true  | true  | 'Composer package index'       | :success
-        'PRIVATE' | :developer  | true  | false | 'process Composer api request' | :not_found
-        'PRIVATE' | :guest      | true  | false | 'process Composer api request' | :not_found
-        'PRIVATE' | :developer  | false | true  | 'process Composer api request' | :not_found
-        'PRIVATE' | :guest      | false | true  | 'process Composer api request' | :not_found
-        'PRIVATE' | :developer  | false | false | 'process Composer api request' | :not_found
-        'PRIVATE' | :guest      | false | false | 'process Composer api request' | :not_found
-        'PRIVATE' | :anonymous  | false | true  | 'process Composer api request' | :not_found
+        with_them do
+          include_context 'Composer api project access', params[:project_visibility_level], params[:user_role], params[:user_token] do
+            it_behaves_like 'Composer package index', params[:user_role], :success, params[:member], params[:include_package]
+          end
+        end
+      end
+
+      context 'with a private group' do
+        before do
+          group.update!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
+        end
+
+        context 'with access to the api' do
+          where(:project_visibility_level, :user_role, :member, :user_token, :include_package) do
+            'PRIVATE' | :developer  | true  | true  | :include_package
+            'PRIVATE' | :guest      | true  | true  | :does_not_include_package
          end

          with_them do
-        include_context 'Composer api group access', params[:project_visibility_level], params[:user_role], params[:user_token] do
-          it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member]
+            include_context 'Composer api project access', params[:project_visibility_level], params[:user_role], params[:user_token] do
+              it_behaves_like 'Composer package index', params[:user_role], :success, params[:member], params[:include_package]
+            end
+          end
+        end
+
+        context 'without access to the api' do
+          where(:project_visibility_level, :user_role, :member, :user_token) do
+            'PRIVATE' | :developer  | true  | false
+            'PRIVATE' | :developer  | false | true
+            'PRIVATE' | :developer  | false | false
+            'PRIVATE' | :guest      | true  | false
+            'PRIVATE' | :guest      | false | true
+            'PRIVATE' | :guest      | false | false
+            'PRIVATE' | :anonymous  | false | true
+          end
+
+          with_them do
+            include_context 'Composer api project access', params[:project_visibility_level], params[:user_role], params[:user_token] do
+              it_behaves_like 'process Composer api request', params[:user_role], :not_found, params[:member]
+            end
+          end
        end
      end
    end
@@ -60,25 +103,23 @@ RSpec.describe API::ComposerPackages do
    subject { get api(url), headers: headers }

    context 'with valid project' do
-      using RSpec::Parameterized::TableSyntax
-
      where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
        'PUBLIC'  | :developer  | true  | true  | 'Composer provider index'       | :success
-        'PUBLIC'  | :guest      | true  | true  | 'Composer provider index'       | :success
        'PUBLIC'  | :developer  | true  | false | 'Composer provider index'       | :success
-        'PUBLIC'  | :guest      | true  | false | 'Composer provider index'       | :success
        'PUBLIC'  | :developer  | false | true  | 'Composer provider index'       | :success
-        'PUBLIC'  | :guest      | false | true  | 'Composer provider index'       | :success
        'PUBLIC'  | :developer  | false | false | 'Composer provider index'       | :success
+        'PUBLIC'  | :guest      | true  | true  | 'Composer provider index'       | :success
+        'PUBLIC'  | :guest      | true  | false | 'Composer provider index'       | :success
+        'PUBLIC'  | :guest      | false | true  | 'Composer provider index'       | :success
        'PUBLIC'  | :guest      | false | false | 'Composer provider index'       | :success
        'PUBLIC'  | :anonymous  | false | true  | 'Composer provider index'       | :success
        'PRIVATE' | :developer  | true  | true  | 'Composer provider index'       | :success
-        'PRIVATE' | :guest      | true  | true  | 'Composer empty provider index' | :success
        'PRIVATE' | :developer  | true  | false | 'process Composer api request'  | :not_found
-        'PRIVATE' | :guest      | true  | false | 'process Composer api request'  | :not_found
        'PRIVATE' | :developer  | false | true  | 'process Composer api request'  | :not_found
-        'PRIVATE' | :guest      | false | true  | 'process Composer api request'  | :not_found
        'PRIVATE' | :developer  | false | false | 'process Composer api request'  | :not_found
+        'PRIVATE' | :guest      | true  | true  | 'Composer empty provider index' | :success
+        'PRIVATE' | :guest      | true  | false | 'process Composer api request'  | :not_found
+        'PRIVATE' | :guest      | false | true  | 'process Composer api request'  | :not_found
        'PRIVATE' | :guest      | false | false | 'process Composer api request'  | :not_found
        'PRIVATE' | :anonymous  | false | true  | 'process Composer api request'  | :not_found
      end
@@ -106,27 +147,25 @@ RSpec.describe API::ComposerPackages do
    end

    context 'with valid project' do
-      using RSpec::Parameterized::TableSyntax
-
      let!(:package) { create(:composer_package, :with_metadatum, name: package_name, project: project) }

      where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
        'PUBLIC'  | :developer  | true  | true  | 'Composer package api request' | :success
-        'PUBLIC'  | :guest      | true  | true  | 'Composer package api request' | :success
        'PUBLIC'  | :developer  | true  | false | 'Composer package api request' | :success
-        'PUBLIC'  | :guest      | true  | false | 'Composer package api request' | :success
        'PUBLIC'  | :developer  | false | true  | 'Composer package api request' | :success
-        'PUBLIC'  | :guest      | false | true  | 'Composer package api request' | :success
        'PUBLIC'  | :developer  | false | false | 'Composer package api request' | :success
+        'PUBLIC'  | :guest      | true  | true  | 'Composer package api request' | :success
+        'PUBLIC'  | :guest      | true  | false | 'Composer package api request' | :success
+        'PUBLIC'  | :guest      | false | true  | 'Composer package api request' | :success
        'PUBLIC'  | :guest      | false | false | 'Composer package api request' | :success
        'PUBLIC'  | :anonymous  | false | true  | 'Composer package api request' | :success
        'PRIVATE' | :developer  | true  | true  | 'Composer package api request' | :success
-        'PRIVATE' | :guest      | true  | true  | 'process Composer api request' | :not_found
        'PRIVATE' | :developer  | true  | false | 'process Composer api request' | :not_found
-        'PRIVATE' | :guest      | true  | false | 'process Composer api request' | :not_found
        'PRIVATE' | :developer  | false | true  | 'process Composer api request' | :not_found
-        'PRIVATE' | :guest      | false | true  | 'process Composer api request' | :not_found
        'PRIVATE' | :developer  | false | false | 'process Composer api request' | :not_found
+        'PRIVATE' | :guest      | true  | true  | 'process Composer api request' | :not_found
+        'PRIVATE' | :guest      | true  | false | 'process Composer api request' | :not_found
+        'PRIVATE' | :guest      | false | true  | 'process Composer api request' | :not_found
        'PRIVATE' | :guest      | false | false | 'process Composer api request' | :not_found
        'PRIVATE' | :anonymous  | false | true  | 'process Composer api request' | :not_found
      end
@@ -153,25 +192,23 @@ RSpec.describe API::ComposerPackages do

    shared_examples 'composer package publish' do
      context 'with valid project' do
-        using RSpec::Parameterized::TableSyntax
-
        where(:project_visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
          'PUBLIC'  | :developer  | true  | true  | 'Composer package creation'    | :created
-          'PUBLIC'  | :guest      | true  | true  | 'process Composer api request' | :forbidden
          'PUBLIC'  | :developer  | true  | false | 'process Composer api request' | :unauthorized
-          'PUBLIC'  | :guest      | true  | false | 'process Composer api request' | :unauthorized
          'PUBLIC'  | :developer  | false | true  | 'process Composer api request' | :forbidden
-          'PUBLIC'  | :guest      | false | true  | 'process Composer api request' | :forbidden
          'PUBLIC'  | :developer  | false | false | 'process Composer api request' | :unauthorized
+          'PUBLIC'  | :guest      | true  | true  | 'process Composer api request' | :forbidden
+          'PUBLIC'  | :guest      | true  | false | 'process Composer api request' | :unauthorized
+          'PUBLIC'  | :guest      | false | true  | 'process Composer api request' | :forbidden
          'PUBLIC'  | :guest      | false | false | 'process Composer api request' | :unauthorized
          'PUBLIC'  | :anonymous  | false | true  | 'process Composer api request' | :unauthorized
          'PRIVATE' | :developer  | true  | true  | 'Composer package creation'    | :created
-          'PRIVATE' | :guest      | true  | true  | 'process Composer api request' | :forbidden
          'PRIVATE' | :developer  | true  | false | 'process Composer api request' | :unauthorized
-          'PRIVATE' | :guest      | true  | false | 'process Composer api request' | :unauthorized
          'PRIVATE' | :developer  | false | true  | 'process Composer api request' | :not_found
-          'PRIVATE' | :guest      | false | true  | 'process Composer api request' | :not_found
          'PRIVATE' | :developer  | false | false | 'process Composer api request' | :unauthorized
+          'PRIVATE' | :guest      | true  | true  | 'process Composer api request' | :forbidden
+          'PRIVATE' | :guest      | true  | false | 'process Composer api request' | :unauthorized
+          'PRIVATE' | :guest      | false | true  | 'process Composer api request' | :not_found
          'PRIVATE' | :guest      | false | false | 'process Composer api request' | :unauthorized
          'PRIVATE' | :anonymous  | false | true  | 'process Composer api request' | :unauthorized
        end
@@ -251,25 +288,23 @@ RSpec.describe API::ComposerPackages do
        let(:branch) { project.repository.find_branch('master') }
        let(:sha) { branch.target }

-        using RSpec::Parameterized::TableSyntax
-
        where(:project_visibility_level, :user_role, :member, :user_token, :expected_status) do
          'PUBLIC'  | :developer  | true  | true  | :success
-          'PUBLIC'  | :guest      | true  | true  | :success
          'PUBLIC'  | :developer  | true  | false | :success
-          'PUBLIC'  | :guest      | true  | false | :success
          'PUBLIC'  | :developer  | false | true  | :success
-          'PUBLIC'  | :guest      | false | true  | :success
          'PUBLIC'  | :developer  | false | false | :success
+          'PUBLIC'  | :guest      | true  | true  | :success
+          'PUBLIC'  | :guest      | true  | false | :success
+          'PUBLIC'  | :guest      | false | true  | :success
          'PUBLIC'  | :guest      | false | false | :success
          'PUBLIC'  | :anonymous  | false | true  | :success
          'PRIVATE' | :developer  | true  | true  | :success
-          'PRIVATE' | :guest      | true  | true  | :success
          'PRIVATE' | :developer  | true  | false | :success
-          'PRIVATE' | :guest      | true  | false | :success
          'PRIVATE' | :developer  | false | true  | :success
-          'PRIVATE' | :guest      | false | true  | :success
          'PRIVATE' | :developer  | false | false | :success
+          'PRIVATE' | :guest      | true  | true  | :success
+          'PRIVATE' | :guest      | true  | false | :success
+          'PRIVATE' | :guest      | false | true  | :success
          'PRIVATE' | :guest      | false | false | :success
          'PRIVATE' | :anonymous  | false | true  | :success
        end

--- a/spec/support/shared_examples/requests/api/composer_packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/composer_packages_shared_examples.rb
@@ -7,13 +7,17 @@ RSpec.shared_context 'Composer user type' do |user_type, add_member|
  end
 end

-RSpec.shared_examples 'Composer package index' do |user_type, status, add_member = true|
+RSpec.shared_examples 'Composer package index' do |user_type, status, add_member, include_package|
  include_context 'Composer user type', user_type, add_member do
+    let(:expected_packages) { include_package == :include_package ? [package] : [] }
+    let(:presenter) { ::Packages::Composer::PackagesPresenter.new(group, expected_packages ) }
+
    it 'returns the package index' do
      subject

      expect(response).to have_gitlab_http_status(status)
      expect(response).to match_response_schema('public_api/v4/packages/composer/index')
+      expect(json_response).to eq presenter.root
    end
  end
 end