Merge branch 'tm/feature/namespace-by-id-api' into 'master'

Add new API endpoint - get a namespace by ID Closes #40254 See merge request gitlab-org/gitlab-ce!15442

Merge branch 'tm/feature/namespace-by-id-api' into 'master'
Add new API endpoint - get a namespace by ID Closes #40254 See merge request gitlab-org/gitlab-ce!15442
94c5ca71 · Kamil Trzciński · 74b50363 · f144cce8 · 94c5ca71 · 94c5ca71
Commit 94c5ca71 authored Nov 28, 2017 by Kamil Trzciński
10 changed files
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -34,6 +34,8 @@ class GroupPolicy < BasePolicy
  rule { admin }             .enable :read_group
  rule { has_projects }      .enable :read_group

+  rule { has_access }.enable :read_namespace
+
  rule { developer }.enable :admin_milestones
  rule { reporter }.enable :admin_label


--- a/app/policies/namespace_policy.rb
+++ b/app/policies/namespace_policy.rb
@@ -8,6 +8,7 @@ class NamespacePolicy < BasePolicy
  rule { owner | admin }.policy do
    enable :create_projects
    enable :admin_namespace
+    enable :read_namespace
  end

  rule { personal_project & ~can_create_personal_project }.prevent :create_projects

--- a/changelogs/unreleased/tm-feature-namespace-by-id-api.yml
+++ b/changelogs/unreleased/tm-feature-namespace-by-id-api.yml
+---
+title: Add new API endpoint - get a namespace by ID
+merge_request: 15442
+author:
+type: added
--- a/doc/api/namespaces.md
+++ b/doc/api/namespaces.md
@@ -89,3 +89,55 @@ Example response:
  }
 ]
 ```
+
+## Get namespace by ID
+
+Get a namespace by ID.
+
+```
+GET /namespaces/:id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id`      | integer/string | yes | ID or path of the namespace |
+
+Example request:
+
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/namespaces/2
+```
+
+Example response:
+
+```json
+{
+  "id": 2,
+  "name": "group1",
+  "path": "group1",
+  "kind": "group",
+  "full_path": "group1",
+  "parent_id": "null",
+  "members_count_with_descendants": 2
+}
+```
+
+Example request:
+
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/namespaces/group1
+```
+
+Example response:
+
+```json
+{
+  "id": 2,
+  "name": "group1",
+  "path": "group1",
+  "kind": "group",
+  "full_path": "group1",
+  "parent_id": "null",
+  "members_count_with_descendants": 2
+}
+```
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -50,6 +50,10 @@ module API
      initial_current_user != current_user
    end

+    def user_namespace
+      @user_namespace ||= find_namespace!(params[:id])
+    end
+
    def user_group
      @group ||= find_group!(params[:id])
    end
@@ -112,6 +116,24 @@ module API
      end
    end

+    def find_namespace(id)
+      if id.to_s =~ /^\d+$/
+        Namespace.find_by(id: id)
+      else
+        Namespace.find_by_full_path(id)
+      end
+    end
+
+    def find_namespace!(id)
+      namespace = find_namespace(id)
+
+      if can?(current_user, :read_namespace, namespace)
+        namespace
+      else
+        not_found!('Namespace')
+      end
+    end
+
    def find_project_label(id)
      label = available_labels.find_by_id(id) || available_labels.find_by_title(id)
      label || not_found!('Label')

--- a/lib/api/namespaces.rb
+++ b/lib/api/namespaces.rb
@@ -19,6 +19,16 @@ module API

        present paginate(namespaces), with: Entities::Namespace, current_user: current_user
      end
+
+      desc 'Get a namespace by ID' do
+        success Entities::Namespace
+      end
+      params do
+        requires :id, type: String, desc: "Namespace's ID or path"
+      end
+      get ':id' do
+        present user_namespace, with: Entities::Namespace, current_user: current_user
+      end
    end
  end
 end
--- a/spec/lib/api/helpers_spec.rb
+++ b/spec/lib/api/helpers_spec.rb
+require 'spec_helper'
+
+describe API::Helpers do
+  subject { Class.new.include(described_class).new }
+
+  describe '#find_namespace' do
+    let(:namespace) { create(:namespace) }
+
+    shared_examples 'namespace finder' do
+      context 'when namespace exists' do
+        it 'returns requested namespace' do
+          expect(subject.find_namespace(existing_id)).to eq(namespace)
+        end
+      end
+
+      context "when namespace doesn't exists" do
+        it 'returns nil' do
+          expect(subject.find_namespace(non_existing_id)).to be_nil
+        end
+      end
+    end
+
+    context 'when ID is used as an argument' do
+      let(:existing_id) { namespace.id }
+      let(:non_existing_id) { 9999 }
+
+      it_behaves_like 'namespace finder'
+    end
+
+    context 'when PATH is used as an argument' do
+      let(:existing_id) { namespace.path }
+      let(:non_existing_id) { 'non-existing-path' }
+
+      it_behaves_like 'namespace finder'
+    end
+  end
+
+  shared_examples 'user namespace finder' do
+    let(:user1) { create(:user) }
+
+    before do
+      allow(subject).to receive(:current_user).and_return(user1)
+      allow(subject).to receive(:header).and_return(nil)
+      allow(subject).to receive(:not_found!).and_raise('404 Namespace not found')
+    end
+
+    context 'when namespace is group' do
+      let(:namespace) { create(:group) }
+
+      context 'when user has access to group' do
+        before do
+          namespace.add_guest(user1)
+          namespace.save!
+        end
+
+        it 'returns requested namespace' do
+          expect(namespace_finder).to eq(namespace)
+        end
+      end
+
+      context "when user doesn't have access to group" do
+        it 'raises not found error' do
+          expect { namespace_finder }.to raise_error(RuntimeError, '404 Namespace not found')
+        end
+      end
+    end
+
+    context "when namespace is user's personal namespace" do
+      let(:namespace) { create(:namespace) }
+
+      context 'when user owns the namespace' do
+        before do
+          namespace.owner = user1
+          namespace.save!
+        end
+
+        it 'returns requested namespace' do
+          expect(namespace_finder).to eq(namespace)
+        end
+      end
+
+      context "when user doesn't own the namespace" do
+        it 'raises not found error' do
+          expect { namespace_finder }.to raise_error(RuntimeError, '404 Namespace not found')
+        end
+      end
+    end
+  end
+
+  describe '#find_namespace!' do
+    let(:namespace_finder) do
+      subject.find_namespace!(namespace.id)
+    end
+
+    it_behaves_like 'user namespace finder'
+  end
+
+  describe '#user_namespace' do
+    let(:namespace_finder) do
+      subject.user_namespace
+    end
+
+    before do
+      allow(subject).to receive(:params).and_return({ id: namespace.id })
+    end
+
+    it_behaves_like 'user namespace finder'
+  end
+end
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -56,6 +56,7 @@ describe GroupPolicy do
      expect_disallowed(*developer_permissions)
      expect_disallowed(*master_permissions)
      expect_disallowed(*owner_permissions)
+      expect_disallowed(:read_namespace)
    end
  end

@@ -63,7 +64,7 @@ describe GroupPolicy do
    let(:current_user) { guest }

    it do
-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_disallowed(*reporter_permissions)
      expect_disallowed(*developer_permissions)
      expect_disallowed(*master_permissions)
@@ -75,7 +76,7 @@ describe GroupPolicy do
    let(:current_user) { reporter }

    it do
-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_allowed(*reporter_permissions)
      expect_disallowed(*developer_permissions)
      expect_disallowed(*master_permissions)
@@ -87,7 +88,7 @@ describe GroupPolicy do
    let(:current_user) { developer }

    it do
-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_allowed(*reporter_permissions)
      expect_allowed(*developer_permissions)
      expect_disallowed(*master_permissions)
@@ -99,7 +100,7 @@ describe GroupPolicy do
    let(:current_user) { master }

    it do
-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_allowed(*reporter_permissions)
      expect_allowed(*developer_permissions)
      expect_allowed(*master_permissions)
@@ -113,7 +114,7 @@ describe GroupPolicy do
    it do
      allow(Group).to receive(:supports_nested_groups?).and_return(true)

-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_allowed(*reporter_permissions)
      expect_allowed(*developer_permissions)
      expect_allowed(*master_permissions)
@@ -127,7 +128,7 @@ describe GroupPolicy do
    it do
      allow(Group).to receive(:supports_nested_groups?).and_return(true)

-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_allowed(*reporter_permissions)
      expect_allowed(*developer_permissions)
      expect_allowed(*master_permissions)

--- a/spec/policies/namespace_policy_spec.rb
+++ b/spec/policies/namespace_policy_spec.rb
 require 'spec_helper'

 describe NamespacePolicy do
-  let(:current_user) { create(:user) }
-  let(:namespace) { current_user.namespace }
+  let(:user) { create(:user) }
+  let(:owner) { create(:user) }
+  let(:admin) { create(:admin) }
+  let(:namespace) { create(:namespace, owner: owner) }
+
+  let(:owner_permissions) { [:create_projects, :admin_namespace, :read_namespace] }

  subject { described_class.new(current_user, namespace) }

-  context "create projects" do
-    context "user namespace" do
-      it { is_expected.to be_allowed(:create_projects) }
-    end
+  context 'with no user' do
+    let(:current_user) { nil }
+
+    it { is_expected.to be_banned }
+  end
+
+  context 'regular user' do
+    let(:current_user) { user }
+
+    it { is_expected.to be_disallowed(*owner_permissions) }
+  end
+
+  context 'owner' do
+    let(:current_user) { owner }
+
+    it { is_expected.to be_allowed(*owner_permissions) }

-    context "user who has exceeded project limit" do
-      let(:current_user) { create(:user, projects_limit: 0) }
+    context 'user who has exceeded project limit' do
+      let(:owner) { create(:user, projects_limit: 0) }

      it { is_expected.not_to be_allowed(:create_projects) }
    end
  end
+
+  context 'admin' do
+    let(:current_user) { admin }
+
+    it { is_expected.to be_allowed(*owner_permissions) }
+  end
 end
--- a/spec/requests/api/namespaces_spec.rb
+++ b/spec/requests/api/namespaces_spec.rb
@@ -91,4 +91,127 @@ describe API::Namespaces do
      end
    end
  end
+
+  describe 'GET /namespaces/:id' do
+    let(:owned_group) { group1 }
+    let(:user2) { create(:user) }
+
+    shared_examples 'can access namespace' do
+      it 'returns namespace details' do
+        get api("/namespaces/#{namespace_id}", request_actor)
+
+        expect(response).to have_gitlab_http_status(200)
+
+        expect(json_response['id']).to eq(requested_namespace.id)
+        expect(json_response['path']).to eq(requested_namespace.path)
+        expect(json_response['name']).to eq(requested_namespace.name)
+      end
+    end
+
+    shared_examples 'namespace reader' do
+      let(:requested_namespace) { owned_group }
+
+      before do
+        owned_group.add_owner(request_actor)
+      end
+
+      context 'when namespace exists' do
+        context 'when requested by ID' do
+          context 'when requesting group' do
+            let(:namespace_id) { owned_group.id }
+
+            it_behaves_like 'can access namespace'
+          end
+
+          context 'when requesting personal namespace' do
+            let(:namespace_id) { request_actor.namespace.id }
+            let(:requested_namespace) { request_actor.namespace }
+
+            it_behaves_like 'can access namespace'
+          end
+        end
+
+        context 'when requested by path' do
+          context 'when requesting group' do
+            let(:namespace_id) { owned_group.path }
+
+            it_behaves_like 'can access namespace'
+          end
+
+          context 'when requesting personal namespace' do
+            let(:namespace_id) { request_actor.namespace.path }
+            let(:requested_namespace) { request_actor.namespace }
+
+            it_behaves_like 'can access namespace'
+          end
+        end
+      end
+
+      context "when namespace doesn't exist" do
+        it 'returns not-found' do
+          get api('/namespaces/9999', request_actor)
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+      end
+    end
+
+    context 'when unauthenticated' do
+      it 'returns authentication error' do
+        get api("/namespaces/#{group1.id}")
+
+        expect(response).to have_gitlab_http_status(401)
+      end
+    end
+
+    context 'when authenticated as regular user' do
+      let(:request_actor) { user }
+
+      context 'when requested namespace is not owned by user' do
+        context 'when requesting group' do
+          it 'returns not-found' do
+            get api("/namespaces/#{group2.id}", request_actor)
+
+            expect(response).to have_gitlab_http_status(404)
+          end
+        end
+
+        context 'when requesting personal namespace' do
+          it 'returns not-found' do
+            get api("/namespaces/#{user2.namespace.id}", request_actor)
+
+            expect(response).to have_gitlab_http_status(404)
+          end
+        end
+      end
+
+      context 'when requested namespace is owned by user' do
+        it_behaves_like 'namespace reader'
+      end
+    end
+
+    context 'when authenticated as admin' do
+      let(:request_actor) { admin }
+
+      context 'when requested namespace is not owned by user' do
+        context 'when requesting group' do
+          let(:namespace_id) { group2.id }
+          let(:requested_namespace) { group2 }
+
+          it_behaves_like 'can access namespace'
+        end
+
+        context 'when requesting personal namespace' do
+          let(:namespace_id) { user2.namespace.id }
+          let(:requested_namespace) { user2.namespace }
+
+          it_behaves_like 'can access namespace'
+        end
+      end
+
+      context 'when requested namespace is owned by user' do
+        it_behaves_like 'namespace reader'
+      end
+    end
+  end
 end