Commit 97bc9cb0 authored by Timothy Andrew's avatar Timothy Andrew

API routes referencing a specific issue should use the issue `iid`

- As opposed to the issue `id` that was previously being used.
- This brings the API routes closer to the web interface's routes.
- This is specific to API v4.
parent 388488fd
...@@ -5,6 +5,8 @@ module API ...@@ -5,6 +5,8 @@ module API
version %w(v3 v4), using: :path version %w(v3 v4), using: :path
version 'v3', using: :path do version 'v3', using: :path do
helpers ::API::V3::Helpers
mount ::API::V3::AwardEmoji mount ::API::V3::AwardEmoji
mount ::API::V3::Boards mount ::API::V3::Boards
mount ::API::V3::Branches mount ::API::V3::Branches
......
...@@ -82,8 +82,8 @@ module API ...@@ -82,8 +82,8 @@ module API
label || not_found!('Label') label || not_found!('Label')
end end
def find_project_issue(id) def find_project_issue(iid)
IssuesFinder.new(current_user, project_id: user_project.id).find(id) IssuesFinder.new(current_user, project_id: user_project.id).find_by!(iid: iid)
end end
def find_project_merge_request(id) def find_project_merge_request(id)
......
...@@ -103,10 +103,10 @@ module API ...@@ -103,10 +103,10 @@ module API
success Entities::Issue success Entities::Issue
end end
params do params do
requires :issue_id, type: Integer, desc: 'The ID of a project issue' requires :issue_iid, type: Integer, desc: 'The internal ID of a project issue'
end end
get ":id/issues/:issue_id" do get ":id/issues/:issue_iid" do
issue = find_project_issue(params[:issue_id]) issue = find_project_issue(params[:issue_iid])
present issue, with: Entities::Issue, current_user: current_user, project: user_project present issue, with: Entities::Issue, current_user: current_user, project: user_project
end end
...@@ -153,7 +153,7 @@ module API ...@@ -153,7 +153,7 @@ module API
success Entities::Issue success Entities::Issue
end end
params do params do
requires :issue_id, type: Integer, desc: 'The ID of a project issue' requires :issue_iid, type: Integer, desc: 'The internal ID of a project issue'
optional :title, type: String, desc: 'The title of an issue' optional :title, type: String, desc: 'The title of an issue'
optional :updated_at, type: DateTime, optional :updated_at, type: DateTime,
desc: 'Date time when the issue was updated. Available only for admins and project owners.' desc: 'Date time when the issue was updated. Available only for admins and project owners.'
...@@ -163,8 +163,8 @@ module API ...@@ -163,8 +163,8 @@ module API
:labels, :created_at, :due_date, :confidential, :state_event, :labels, :created_at, :due_date, :confidential, :state_event,
:weight :weight
end end
put ':id/issues/:issue_id' do put ':id/issues/:issue_iid' do
issue = user_project.issues.find(params.delete(:issue_id)) issue = user_project.issues.find_by!(iid: params.delete(:issue_iid))
authorize! :update_issue, issue authorize! :update_issue, issue
# Setting created_at time only allowed for admins and project owners # Setting created_at time only allowed for admins and project owners
...@@ -191,11 +191,11 @@ module API ...@@ -191,11 +191,11 @@ module API
success Entities::Issue success Entities::Issue
end end
params do params do
requires :issue_id, type: Integer, desc: 'The ID of a project issue' requires :issue_iid, type: Integer, desc: 'The internal ID of a project issue'
requires :to_project_id, type: Integer, desc: 'The ID of the new project' requires :to_project_id, type: Integer, desc: 'The ID of the new project'
end end
post ':id/issues/:issue_id/move' do post ':id/issues/:issue_iid/move' do
issue = user_project.issues.find_by(id: params[:issue_id]) issue = user_project.issues.find_by(iid: params[:issue_iid])
not_found!('Issue') unless issue not_found!('Issue') unless issue
new_project = Project.find_by(id: params[:to_project_id]) new_project = Project.find_by(id: params[:to_project_id])
...@@ -211,10 +211,10 @@ module API ...@@ -211,10 +211,10 @@ module API
desc 'Delete a project issue' desc 'Delete a project issue'
params do params do
requires :issue_id, type: Integer, desc: 'The ID of a project issue' requires :issue_iid, type: Integer, desc: 'The internal ID of a project issue'
end end
delete ":id/issues/:issue_id" do delete ":id/issues/:issue_iid" do
issue = user_project.issues.find_by(id: params[:issue_id]) issue = user_project.issues.find_by(iid: params[:issue_iid])
not_found!('Issue') unless issue not_found!('Issue') unless issue
authorize!(:destroy_issue, issue) authorize!(:destroy_issue, issue)
......
module API
module V3
module Helpers
def find_project_issue(id)
IssuesFinder.new(current_user, project_id: user_project.id).find(id)
end
end
end
end
This diff is collapsed.
...@@ -7,13 +7,13 @@ shared_examples 'time tracking endpoints' do |issuable_name| ...@@ -7,13 +7,13 @@ shared_examples 'time tracking endpoints' do |issuable_name|
describe "POST /projects/:id/#{issuable_collection_name}/:#{issuable_name}_id/time_estimate" do describe "POST /projects/:id/#{issuable_collection_name}/:#{issuable_name}_id/time_estimate" do
context 'with an unauthorized user' do context 'with an unauthorized user' do
subject { post(api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/time_estimate", non_member), duration: '1w') } subject { post(api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/time_estimate", non_member), duration: '1w') }
it_behaves_like 'an unauthorized API user' it_behaves_like 'an unauthorized API user'
end end
it "sets the time estimate for #{issuable_name}" do it "sets the time estimate for #{issuable_name}" do
post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/time_estimate", user), duration: '1w' post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/time_estimate", user), duration: '1w'
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(json_response['human_time_estimate']).to eq('1w') expect(json_response['human_time_estimate']).to eq('1w')
...@@ -21,12 +21,12 @@ shared_examples 'time tracking endpoints' do |issuable_name| ...@@ -21,12 +21,12 @@ shared_examples 'time tracking endpoints' do |issuable_name|
describe 'updating the current estimate' do describe 'updating the current estimate' do
before do before do
post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/time_estimate", user), duration: '1w' post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/time_estimate", user), duration: '1w'
end end
context 'when duration has a bad format' do context 'when duration has a bad format' do
it 'does not modify the original estimate' do it 'does not modify the original estimate' do
post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/time_estimate", user), duration: 'foo' post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/time_estimate", user), duration: 'foo'
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
expect(issuable.reload.human_time_estimate).to eq('1w') expect(issuable.reload.human_time_estimate).to eq('1w')
...@@ -35,7 +35,7 @@ shared_examples 'time tracking endpoints' do |issuable_name| ...@@ -35,7 +35,7 @@ shared_examples 'time tracking endpoints' do |issuable_name|
context 'with a valid duration' do context 'with a valid duration' do
it 'updates the estimate' do it 'updates the estimate' do
post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/time_estimate", user), duration: '3w1h' post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/time_estimate", user), duration: '3w1h'
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(issuable.reload.human_time_estimate).to eq('3w 1h') expect(issuable.reload.human_time_estimate).to eq('3w 1h')
...@@ -46,13 +46,13 @@ shared_examples 'time tracking endpoints' do |issuable_name| ...@@ -46,13 +46,13 @@ shared_examples 'time tracking endpoints' do |issuable_name|
describe "POST /projects/:id/#{issuable_collection_name}/:#{issuable_name}_id/reset_time_estimate" do describe "POST /projects/:id/#{issuable_collection_name}/:#{issuable_name}_id/reset_time_estimate" do
context 'with an unauthorized user' do context 'with an unauthorized user' do
subject { post(api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/reset_time_estimate", non_member)) } subject { post(api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/reset_time_estimate", non_member)) }
it_behaves_like 'an unauthorized API user' it_behaves_like 'an unauthorized API user'
end end
it "resets the time estimate for #{issuable_name}" do it "resets the time estimate for #{issuable_name}" do
post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/reset_time_estimate", user) post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/reset_time_estimate", user)
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(json_response['time_estimate']).to eq(0) expect(json_response['time_estimate']).to eq(0)
...@@ -62,7 +62,7 @@ shared_examples 'time tracking endpoints' do |issuable_name| ...@@ -62,7 +62,7 @@ shared_examples 'time tracking endpoints' do |issuable_name|
describe "POST /projects/:id/#{issuable_collection_name}/:#{issuable_name}_id/add_spent_time" do describe "POST /projects/:id/#{issuable_collection_name}/:#{issuable_name}_id/add_spent_time" do
context 'with an unauthorized user' do context 'with an unauthorized user' do
subject do subject do
post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/add_spent_time", non_member), post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/add_spent_time", non_member),
duration: '2h' duration: '2h'
end end
...@@ -70,7 +70,7 @@ shared_examples 'time tracking endpoints' do |issuable_name| ...@@ -70,7 +70,7 @@ shared_examples 'time tracking endpoints' do |issuable_name|
end end
it "add spent time for #{issuable_name}" do it "add spent time for #{issuable_name}" do
post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/add_spent_time", user), post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/add_spent_time", user),
duration: '2h' duration: '2h'
expect(response).to have_http_status(201) expect(response).to have_http_status(201)
...@@ -81,7 +81,7 @@ shared_examples 'time tracking endpoints' do |issuable_name| ...@@ -81,7 +81,7 @@ shared_examples 'time tracking endpoints' do |issuable_name|
it 'subtracts time of the total spent time' do it 'subtracts time of the total spent time' do
issuable.update_attributes!(spend_time: { duration: 7200, user: user }) issuable.update_attributes!(spend_time: { duration: 7200, user: user })
post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/add_spent_time", user), post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/add_spent_time", user),
duration: '-1h' duration: '-1h'
expect(response).to have_http_status(201) expect(response).to have_http_status(201)
...@@ -93,7 +93,7 @@ shared_examples 'time tracking endpoints' do |issuable_name| ...@@ -93,7 +93,7 @@ shared_examples 'time tracking endpoints' do |issuable_name|
it 'does not modify the total time spent' do it 'does not modify the total time spent' do
issuable.update_attributes!(spend_time: { duration: 7200, user: user }) issuable.update_attributes!(spend_time: { duration: 7200, user: user })
post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/add_spent_time", user), post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/add_spent_time", user),
duration: '-1w' duration: '-1w'
expect(response).to have_http_status(400) expect(response).to have_http_status(400)
...@@ -104,13 +104,13 @@ shared_examples 'time tracking endpoints' do |issuable_name| ...@@ -104,13 +104,13 @@ shared_examples 'time tracking endpoints' do |issuable_name|
describe "POST /projects/:id/#{issuable_collection_name}/:#{issuable_name}_id/reset_spent_time" do describe "POST /projects/:id/#{issuable_collection_name}/:#{issuable_name}_id/reset_spent_time" do
context 'with an unauthorized user' do context 'with an unauthorized user' do
subject { post(api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/reset_spent_time", non_member)) } subject { post(api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/reset_spent_time", non_member)) }
it_behaves_like 'an unauthorized API user' it_behaves_like 'an unauthorized API user'
end end
it "resets spent time for #{issuable_name}" do it "resets spent time for #{issuable_name}" do
post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/reset_spent_time", user) post api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/reset_spent_time", user)
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(json_response['total_time_spent']).to eq(0) expect(json_response['total_time_spent']).to eq(0)
...@@ -122,7 +122,7 @@ shared_examples 'time tracking endpoints' do |issuable_name| ...@@ -122,7 +122,7 @@ shared_examples 'time tracking endpoints' do |issuable_name|
issuable.update_attributes!(spend_time: { duration: 1800, user: user }, issuable.update_attributes!(spend_time: { duration: 1800, user: user },
time_estimate: 3600) time_estimate: 3600)
get api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.id}/time_stats", user) get api("/projects/#{project.id}/#{issuable_collection_name}/#{issuable.iid}/time_stats", user)
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(json_response['total_time_spent']).to eq(1800) expect(json_response['total_time_spent']).to eq(1800)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment