Merge branch '27532_api_changes' into 'master'

Use iids as filter parameter See merge request !1216

Merge branch '27532_api_changes' into 'master'
Use iids as filter parameter See merge request !1216
b77c1ae7 · Sean McGivern · 9fa97202 · 7150761c · b77c1ae7 · b77c1ae7
Commit b77c1ae7 authored Mar 03, 2017 by Sean McGivern
8 changed files
--- a/changelogs/unreleased/27532_api_changes.yml
+++ b/changelogs/unreleased/27532_api_changes.yml
+---
+title: Use iids as filter parameter
+merge_request: 9096
+author:
--- a/doc/api/milestones.md
+++ b/doc/api/milestones.md
@@ -6,8 +6,8 @@ Returns a list of project milestones.

 ```
 GET /projects/:id/milestones
-GET /projects/:id/milestones?iid=42
-GET /projects/:id/milestones?iid[]=42&iid[]=43
+GET /projects/:id/milestones?iids=42
+GET /projects/:id/milestones?iids[]=42&iids[]=43
 GET /projects/:id/milestones?state=active
 GET /projects/:id/milestones?state=closed
 GET /projects/:id/milestones?search=version
@@ -18,7 +18,7 @@ Parameters:
 | Attribute | Type | Required | Description |
 | --------- | ---- | -------- | ----------- |
 | `id` | integer | yes | The ID of a project |
-| `iid` | Array[integer] | optional | Return only the milestone having the given `iid` |
+| `iids` | Array[integer] | optional | Return only the milestones having the given `iids` |
 | `state` | string | optional | Return only `active` or `closed` milestones` |
 | `search` | string | optional | Return only milestones with a title or description matching the provided string |


--- a/doc/api/v3_to_v4.md
+++ b/doc/api/v3_to_v4.md
@@ -52,6 +52,7 @@ changes are in V4:
 - Return HTTP status code `400` for all validation errors when creating or updating a member instead of sometimes `422` error. [!9523](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9523)
 - Remove `GET /groups/owned`. Use `GET /groups?owned=true` instead [!9505](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9505)
 - Return 202 with JSON body on async removals on V4 API (DELETE `/projects/:id/repository/merged_branches` and DELETE `/projects/:id`) [!9449](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9449)
+- `projects/:id/milestones?iid[]=x&iid[]=y` array filter has been renamed to `iids` [!9096](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9096)

 #### EE-specific


--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -24,6 +24,7 @@ module API
      mount ::API::V3::ProjectGitHook
      mount ::API::V3::ProjectHooks
      mount ::API::V3::ProjectPushRule
+      mount ::API::V3::Milestones
      mount ::API::V3::Projects
      mount ::API::V3::ProjectSnippets
      mount ::API::V3::Repositories

--- a/lib/api/milestones.rb
+++ b/lib/api/milestones.rb
@@ -30,7 +30,7 @@ module API
      params do
        optional :state, type: String, values: %w[active closed all], default: 'all',
                         desc: 'Return "active", "closed", or "all" milestones'
-        optional :iid, type: Array[Integer], desc: 'The IID of the milestone'
+        optional :iids, type: Array[Integer], desc: 'The IIDs of the milestones'
        optional :search, type: String, desc: 'The search criteria for the title or description of the milestone'
        use :pagination
      end
@@ -39,7 +39,7 @@ module API

        milestones = user_project.milestones
        milestones = filter_milestones_state(milestones, params[:state])
-        milestones = filter_by_iid(milestones, params[:iid]) if params[:iid].present?
+        milestones = filter_by_iid(milestones, params[:iids]) if params[:iids].present?
        milestones = filter_by_search(milestones, params[:search]) if params[:search]

        present paginate(milestones), with: Entities::Milestone

--- a/lib/api/v3/milestones.rb
+++ b/lib/api/v3/milestones.rb
+module API
+  module V3
+    class Milestones < Grape::API
+      include PaginationParams
+
+      before { authenticate! }
+
+      helpers do
+        def filter_milestones_state(milestones, state)
+          case state
+          when 'active' then milestones.active
+          when 'closed' then milestones.closed
+          else milestones
+          end
+        end
+      end
+
+      params do
+        requires :id, type: String, desc: 'The ID of a project'
+      end
+      resource :projects do
+        desc 'Get a list of project milestones' do
+          success ::API::Entities::Milestone
+        end
+        params do
+          optional :state, type: String, values: %w[active closed all], default: 'all',
+                           desc: 'Return "active", "closed", or "all" milestones'
+          optional :iid, type: Array[Integer], desc: 'The IID of the milestone'
+          use :pagination
+        end
+        get ":id/milestones" do
+          authorize! :read_milestone, user_project
+
+          milestones = user_project.milestones
+          milestones = filter_milestones_state(milestones, params[:state])
+          milestones = filter_by_iid(milestones, params[:iid]) if params[:iid].present?
+
+          present paginate(milestones), with: ::API::Entities::Milestone
+        end
+      end
+    end
+  end
+end
--- a/spec/requests/api/milestones_spec.rb
+++ b/spec/requests/api/milestones_spec.rb
@@ -45,8 +45,37 @@ describe API::Milestones, api: true  do
      expect(json_response.first['id']).to eq(closed_milestone.id)
    end

-    it 'returns a project milestone by iid' do
-      get api("/projects/#{project.id}/milestones?iid=#{closed_milestone.iid}", user)
+    it 'returns an array of milestones specified by iids' do
+      other_milestone = create(:milestone, project: project)
+
+      get api("/projects/#{project.id}/milestones", user), iids: [closed_milestone.iid, other_milestone.iid]
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_an Array
+      expect(json_response.length).to eq(2)
+      expect(json_response.map{ |m| m['id'] }).to match_array([closed_milestone.id, other_milestone.id])
+    end
+
+    it 'does not return any milestone if none found' do
+      get api("/projects/#{project.id}/milestones", user), iids: [Milestone.maximum(:iid).succ]
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_an Array
+      expect(json_response.length).to eq(0)
+    end
+  end
+
+  describe 'GET /projects/:id/milestones/:milestone_id' do
+    it 'returns a project milestone by id' do
+      get api("/projects/#{project.id}/milestones/#{milestone.id}", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response['title']).to eq(milestone.title)
+      expect(json_response['iid']).to eq(milestone.iid)
+    end
+
+    it 'returns a project milestone by iids array' do
+      get api("/projects/#{project.id}/milestones?iids=#{closed_milestone.iid}", user)

      expect(response.status).to eq 200
      expect(response).to include_pagination_headers
@@ -56,16 +85,6 @@ describe API::Milestones, api: true  do
      expect(json_response.first['id']).to eq closed_milestone.id
    end

-    it 'returns a project milestone by iid array' do
-      get api("/projects/#{project.id}/milestones", user), iid: [milestone.iid, closed_milestone.iid]
-
-      expect(response).to have_http_status(200)
-      expect(response).to include_pagination_headers
-      expect(json_response.size).to eq(2)
-      expect(json_response.first['title']).to eq milestone.title
-      expect(json_response.first['id']).to eq milestone.id
-    end
-
    it 'returns a project milestone by searching for title' do
      get api("/projects/#{project.id}/milestones", user), search: 'version2'


--- a/spec/requests/api/v3/milestones_spec.rb
+++ b/spec/requests/api/v3/milestones_spec.rb
+require 'spec_helper'
+
+describe API::V3::Milestones, api: true  do
+  include ApiHelpers
+  let(:user) { create(:user) }
+  let!(:project) { create(:empty_project, namespace: user.namespace ) }
+  let!(:closed_milestone) { create(:closed_milestone, project: project) }
+  let!(:milestone) { create(:milestone, project: project) }
+
+  before { project.team << [user, :developer] }
+
+  describe 'GET /projects/:id/milestones' do
+    it 'returns project milestones' do
+      get v3_api("/projects/#{project.id}/milestones", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_an Array
+      expect(json_response.first['title']).to eq(milestone.title)
+    end
+
+    it 'returns a 401 error if user not authenticated' do
+      get v3_api("/projects/#{project.id}/milestones")
+
+      expect(response).to have_http_status(401)
+    end
+
+    it 'returns an array of active milestones' do
+      get v3_api("/projects/#{project.id}/milestones?state=active", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_an Array
+      expect(json_response.length).to eq(1)
+      expect(json_response.first['id']).to eq(milestone.id)
+    end
+
+    it 'returns an array of closed milestones' do
+      get v3_api("/projects/#{project.id}/milestones?state=closed", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_an Array
+      expect(json_response.length).to eq(1)
+      expect(json_response.first['id']).to eq(closed_milestone.id)
+    end
+  end
+
+  describe 'GET /projects/:id/milestones/:milestone_id' do
+    it 'returns a project milestone by id' do
+      get v3_api("/projects/#{project.id}/milestones/#{milestone.id}", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response['title']).to eq(milestone.title)
+      expect(json_response['iid']).to eq(milestone.iid)
+    end
+
+    it 'returns a project milestone by iid' do
+      get v3_api("/projects/#{project.id}/milestones?iid=#{closed_milestone.iid}", user)
+
+      expect(response.status).to eq 200
+      expect(json_response.size).to eq(1)
+      expect(json_response.first['title']).to eq closed_milestone.title
+      expect(json_response.first['id']).to eq closed_milestone.id
+    end
+
+    it 'returns a project milestone by iid array' do
+      get v3_api("/projects/#{project.id}/milestones", user), iid: [milestone.iid, closed_milestone.iid]
+
+      expect(response).to have_http_status(200)
+      expect(json_response.size).to eq(2)
+      expect(json_response.first['title']).to eq milestone.title
+      expect(json_response.first['id']).to eq milestone.id
+    end
+
+    it 'returns 401 error if user not authenticated' do
+      get v3_api("/projects/#{project.id}/milestones/#{milestone.id}")
+
+      expect(response).to have_http_status(401)
+    end
+
+    it 'returns a 404 error if milestone id not found' do
+      get v3_api("/projects/#{project.id}/milestones/1234", user)
+
+      expect(response).to have_http_status(404)
+    end
+  end
+
+  describe 'POST /projects/:id/milestones' do
+    it 'creates a new project milestone' do
+      post v3_api("/projects/#{project.id}/milestones", user), title: 'new milestone'
+
+      expect(response).to have_http_status(201)
+      expect(json_response['title']).to eq('new milestone')
+      expect(json_response['description']).to be_nil
+    end
+
+    it 'creates a new project milestone with description and dates' do
+      post v3_api("/projects/#{project.id}/milestones", user),
+        title: 'new milestone', description: 'release', due_date: '2013-03-02', start_date: '2013-02-02'
+
+      expect(response).to have_http_status(201)
+      expect(json_response['description']).to eq('release')
+      expect(json_response['due_date']).to eq('2013-03-02')
+      expect(json_response['start_date']).to eq('2013-02-02')
+    end
+
+    it 'returns a 400 error if title is missing' do
+      post v3_api("/projects/#{project.id}/milestones", user)
+
+      expect(response).to have_http_status(400)
+    end
+
+    it 'returns a 400 error if params are invalid (duplicate title)' do
+      post v3_api("/projects/#{project.id}/milestones", user),
+        title: milestone.title, description: 'release', due_date: '2013-03-02'
+
+      expect(response).to have_http_status(400)
+    end
+
+    it 'creates a new project with reserved html characters' do
+      post v3_api("/projects/#{project.id}/milestones", user), title: 'foo & bar 1.1 -> 2.2'
+
+      expect(response).to have_http_status(201)
+      expect(json_response['title']).to eq('foo & bar 1.1 -> 2.2')
+      expect(json_response['description']).to be_nil
+    end
+  end
+
+  describe 'PUT /projects/:id/milestones/:milestone_id' do
+    it 'updates a project milestone' do
+      put v3_api("/projects/#{project.id}/milestones/#{milestone.id}", user),
+        title: 'updated title'
+
+      expect(response).to have_http_status(200)
+      expect(json_response['title']).to eq('updated title')
+    end
+
+    it 'removes a due date if nil is passed' do
+      milestone.update!(due_date: "2016-08-05")
+
+      put v3_api("/projects/#{project.id}/milestones/#{milestone.id}", user), due_date: nil
+
+      expect(response).to have_http_status(200)
+      expect(json_response['due_date']).to be_nil
+    end
+
+    it 'returns a 404 error if milestone id not found' do
+      put v3_api("/projects/#{project.id}/milestones/1234", user),
+        title: 'updated title'
+
+      expect(response).to have_http_status(404)
+    end
+  end
+
+  describe 'PUT /projects/:id/milestones/:milestone_id to close milestone' do
+    it 'updates a project milestone' do
+      put v3_api("/projects/#{project.id}/milestones/#{milestone.id}", user),
+        state_event: 'close'
+      expect(response).to have_http_status(200)
+
+      expect(json_response['state']).to eq('closed')
+    end
+  end
+
+  describe 'PUT /projects/:id/milestones/:milestone_id to test observer on close' do
+    it 'creates an activity event when an milestone is closed' do
+      expect(Event).to receive(:create)
+
+      put v3_api("/projects/#{project.id}/milestones/#{milestone.id}", user),
+          state_event: 'close'
+    end
+  end
+
+  describe 'GET /projects/:id/milestones/:milestone_id/issues' do
+    before do
+      milestone.issues << create(:issue, project: project)
+    end
+    it 'returns project issues for a particular milestone' do
+      get v3_api("/projects/#{project.id}/milestones/#{milestone.id}/issues", user)
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_an Array
+      expect(json_response.first['milestone']['title']).to eq(milestone.title)
+    end
+
+    it 'returns a 401 error if user not authenticated' do
+      get v3_api("/projects/#{project.id}/milestones/#{milestone.id}/issues")
+
+      expect(response).to have_http_status(401)
+    end
+
+    describe 'confidential issues' do
+      let(:public_project) { create(:empty_project, :public) }
+      let(:milestone) { create(:milestone, project: public_project) }
+      let(:issue) { create(:issue, project: public_project) }
+      let(:confidential_issue) { create(:issue, confidential: true, project: public_project) }
+
+      before do
+        public_project.team << [user, :developer]
+        milestone.issues << issue << confidential_issue
+      end
+
+      it 'returns confidential issues to team members' do
+        get v3_api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user)
+
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_an Array
+        expect(json_response.size).to eq(2)
+        expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id)
+      end
+
+      it 'does not return confidential issues to team members with guest role' do
+        member = create(:user)
+        project.team << [member, :guest]
+
+        get v3_api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", member)
+
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_an Array
+        expect(json_response.size).to eq(1)
+        expect(json_response.map { |issue| issue['id'] }).to include(issue.id)
+      end
+
+      it 'does not return confidential issues to regular users' do
+        get v3_api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", create(:user))
+
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_an Array
+        expect(json_response.size).to eq(1)
+        expect(json_response.map { |issue| issue['id'] }).to include(issue.id)
+      end
+    end
+  end
+end