Merge branch 'ee-tm/feature/namespace-by-id-api' into 'master'

Add new API endpoint - get a namespace by ID See merge request gitlab-org/gitlab-ee!3450

Merge branch 'ee-tm/feature/namespace-by-id-api' into 'master'
Add new API endpoint - get a namespace by ID See merge request gitlab-org/gitlab-ee!3450
df940acb · Kamil Trzciński · a66161d1 · 0074e7da · df940acb · df940acb
Commit df940acb authored Nov 28, 2017 by Kamil Trzciński
10 changed files
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -45,6 +45,8 @@ class GroupPolicy < BasePolicy
  rule { admin }             .enable :read_group
  rule { has_projects }      .enable :read_group
+  rule { has_access }.enable :read_namespace
  rule { developer }.enable :admin_milestones
  rule { reporter }.enable :admin_label

--- a/app/policies/namespace_policy.rb
+++ b/app/policies/namespace_policy.rb
@@ -8,6 +8,7 @@ class NamespacePolicy < BasePolicy
  rule { owner | admin }.policy do
    enable :create_projects
    enable :admin_namespace
+    enable :read_namespace
  end
  rule { personal_project & ~can_create_personal_project }.prevent :create_projects

--- a/changelogs/unreleased/tm-feature-namespace-by-id-api.yml
+++ b/changelogs/unreleased/tm-feature-namespace-by-id-api.yml
+---
+title: Add new API endpoint - get a namespace by ID
+merge_request: 15442
+author:
+type: added
--- a/doc/api/namespaces.md
+++ b/doc/api/namespaces.md
@@ -90,3 +90,55 @@ Example response:
  }
 ]
 ```
+## Get namespace by ID
+Get a namespace by ID.
+```
+GET /namespaces/:id
+```
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id`      | integer/string | yes | ID or path of the namespace |
+Example request:
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/namespaces/2
+```
+Example response:
+```json
+{
+  "id": 2,
+  "name": "group1",
+  "path": "group1",
+  "kind": "group",
+  "full_path": "group1",
+  "parent_id": "null",
+  "members_count_with_descendants": 2
+}
+```
+Example request:
+```bash
+curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/namespaces/group1
+```
+Example response:
+```json
+{
+  "id": 2,
+  "name": "group1",
+  "path": "group1",
+  "kind": "group",
+  "full_path": "group1",
+  "parent_id": "null",
+  "members_count_with_descendants": 2
+}
+```
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -52,6 +52,10 @@ module API
      initial_current_user != current_user
    end
+    def user_namespace
+      @user_namespace ||= find_namespace!(params[:id])
+    end
    def user_group
      @group ||= find_group!(params[:id])
    end
@@ -109,14 +113,6 @@ module API
      end
    end
-    def find_namespace(id)
-      if id =~ /^\d+$/
-        Namespace.find_by(id: id)
-      else
-        Namespace.find_by_full_path(id)
-      end
-    end
    def find_group!(id)
      # CI job token authentication:
      # currently we do not allow any group access for CI job token
@@ -131,6 +127,24 @@ module API
      end
    end
+    def find_namespace(id)
+      if id.to_s =~ /^\d+$/
+        Namespace.find_by(id: id)
+      else
+        Namespace.find_by_full_path(id)
+      end
+    end
+    def find_namespace!(id)
+      namespace = find_namespace(id)
+      if can?(current_user, :read_namespace, namespace)
+        namespace
+      else
+        not_found!('Namespace')
+      end
+    end
    def find_project_label(id)
      label = available_labels.find_by_id(id) || available_labels.find_by_title(id)
      label || not_found!('Label')

--- a/lib/api/namespaces.rb
+++ b/lib/api/namespaces.rb
@@ -40,6 +40,16 @@ module API
          render_validation_error!(namespace)
        end
      end
+      desc 'Get a namespace by ID' do
+        success Entities::Namespace
+      end
+      params do
+        requires :id, type: String, desc: "Namespace's ID or path"
+      end
+      get ':id' do
+        present user_namespace, with: Entities::Namespace, current_user: current_user
+      end
    end
  end
 end
--- a/spec/lib/api/helpers_spec.rb
+++ b/spec/lib/api/helpers_spec.rb
+require 'spec_helper'
+describe API::Helpers do
+  subject { Class.new.include(described_class).new }
+  describe '#find_namespace' do
+    let(:namespace) { create(:namespace) }
+    shared_examples 'namespace finder' do
+      context 'when namespace exists' do
+        it 'returns requested namespace' do
+          expect(subject.find_namespace(existing_id)).to eq(namespace)
+        end
+      end
+      context "when namespace doesn't exists" do
+        it 'returns nil' do
+          expect(subject.find_namespace(non_existing_id)).to be_nil
+        end
+      end
+    end
+    context 'when ID is used as an argument' do
+      let(:existing_id) { namespace.id }
+      let(:non_existing_id) { 9999 }
+      it_behaves_like 'namespace finder'
+    end
+    context 'when PATH is used as an argument' do
+      let(:existing_id) { namespace.path }
+      let(:non_existing_id) { 'non-existing-path' }
+      it_behaves_like 'namespace finder'
+    end
+  end
+  shared_examples 'user namespace finder' do
+    let(:user1) { create(:user) }
+    before do
+      allow(subject).to receive(:current_user).and_return(user1)
+      allow(subject).to receive(:header).and_return(nil)
+      allow(subject).to receive(:not_found!).and_raise('404 Namespace not found')
+    end
+    context 'when namespace is group' do
+      let(:namespace) { create(:group) }
+      context 'when user has access to group' do
+        before do
+          namespace.add_guest(user1)
+          namespace.save!
+        end
+        it 'returns requested namespace' do
+          expect(namespace_finder).to eq(namespace)
+        end
+      end
+      context "when user doesn't have access to group" do
+        it 'raises not found error' do
+          expect { namespace_finder }.to raise_error(RuntimeError, '404 Namespace not found')
+        end
+      end
+    end
+    context "when namespace is user's personal namespace" do
+      let(:namespace) { create(:namespace) }
+      context 'when user owns the namespace' do
+        before do
+          namespace.owner = user1
+          namespace.save!
+        end
+        it 'returns requested namespace' do
+          expect(namespace_finder).to eq(namespace)
+        end
+      end
+      context "when user doesn't own the namespace" do
+        it 'raises not found error' do
+          expect { namespace_finder }.to raise_error(RuntimeError, '404 Namespace not found')
+        end
+      end
+    end
+  end
+  describe '#find_namespace!' do
+    let(:namespace_finder) do
+      subject.find_namespace!(namespace.id)
+    end
+    it_behaves_like 'user namespace finder'
+  end
+  describe '#user_namespace' do
+    let(:namespace_finder) do
+      subject.user_namespace
+    end
+    before do
+      allow(subject).to receive(:params).and_return({ id: namespace.id })
+    end
+    it_behaves_like 'user namespace finder'
+  end
+end
--- a/spec/policies/group_policy_spec.rb
+++ b/spec/policies/group_policy_spec.rb
@@ -57,6 +57,7 @@ describe GroupPolicy do
      expect_disallowed(*developer_permissions)
      expect_disallowed(*master_permissions)
      expect_disallowed(*owner_permissions)
+      expect_disallowed(:read_namespace)
    end
  end
@@ -64,7 +65,7 @@ describe GroupPolicy do
    let(:current_user) { guest }
    it do
-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_disallowed(*reporter_permissions)
      expect_disallowed(*developer_permissions)
      expect_disallowed(*master_permissions)
@@ -76,7 +77,7 @@ describe GroupPolicy do
    let(:current_user) { reporter }
    it do
-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_allowed(*reporter_permissions)
      expect_disallowed(*developer_permissions)
      expect_disallowed(*master_permissions)
@@ -88,7 +89,7 @@ describe GroupPolicy do
    let(:current_user) { developer }
    it do
-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_allowed(*reporter_permissions)
      expect_allowed(*developer_permissions)
      expect_disallowed(*master_permissions)
@@ -100,7 +101,7 @@ describe GroupPolicy do
    let(:current_user) { master }
    it do
-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_allowed(*reporter_permissions)
      expect_allowed(*developer_permissions)
      expect_allowed(*master_permissions)
@@ -114,7 +115,7 @@ describe GroupPolicy do
    it do
      allow(Group).to receive(:supports_nested_groups?).and_return(true)
-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_allowed(*reporter_permissions)
      expect_allowed(*developer_permissions)
      expect_allowed(*master_permissions)
@@ -128,7 +129,7 @@ describe GroupPolicy do
    it do
      allow(Group).to receive(:supports_nested_groups?).and_return(true)
-      expect_allowed(:read_group)
+      expect_allowed(:read_group, :read_namespace)
      expect_allowed(*reporter_permissions)
      expect_allowed(*developer_permissions)
      expect_allowed(*master_permissions)

--- a/spec/policies/namespace_policy_spec.rb
+++ b/spec/policies/namespace_policy_spec.rb
@@ -7,9 +7,7 @@ describe NamespacePolicy do
  let(:admin) { create(:admin) }
  let(:namespace) { create(:namespace, owner: owner) }
-  let(:owner_permissions) { [:create_projects, :admin_namespace] }
+  let(:owner_permissions) { [:create_projects, :admin_namespace, :read_namespace] }
-  let(:admin_permissions) { owner_permissions }
  subject { described_class.new(current_user, namespace) }
@@ -29,6 +27,12 @@ describe NamespacePolicy do
    let(:current_user) { owner }
    it { is_expected.to be_allowed(*owner_permissions) }
+    context 'user who has exceeded project limit' do
+      let(:owner) { create(:user, projects_limit: 0) }
+      it { is_expected.to be_disallowed(:create_projects) }
+    end
  end
  context 'auditor' do

--- a/spec/requests/api/namespaces_spec.rb
+++ b/spec/requests/api/namespaces_spec.rb
@@ -139,4 +139,127 @@ describe API::Namespaces do
      end
    end
  end
+  describe 'GET /namespaces/:id' do
+    let(:owned_group) { group1 }
+    let(:user2) { create(:user) }
+    shared_examples 'can access namespace' do
+      it 'returns namespace details' do
+        get api("/namespaces/#{namespace_id}", request_actor)
+        expect(response).to have_gitlab_http_status(200)
+        expect(json_response['id']).to eq(requested_namespace.id)
+        expect(json_response['path']).to eq(requested_namespace.path)
+        expect(json_response['name']).to eq(requested_namespace.name)
+      end
+    end
+    shared_examples 'namespace reader' do
+      let(:requested_namespace) { owned_group }
+      before do
+        owned_group.add_owner(request_actor)
+      end
+      context 'when namespace exists' do
+        context 'when requested by ID' do
+          context 'when requesting group' do
+            let(:namespace_id) { owned_group.id }
+            it_behaves_like 'can access namespace'
+          end
+          context 'when requesting personal namespace' do
+            let(:namespace_id) { request_actor.namespace.id }
+            let(:requested_namespace) { request_actor.namespace }
+            it_behaves_like 'can access namespace'
+          end
+        end
+        context 'when requested by path' do
+          context 'when requesting group' do
+            let(:namespace_id) { owned_group.path }
+            it_behaves_like 'can access namespace'
+          end
+          context 'when requesting personal namespace' do
+            let(:namespace_id) { request_actor.namespace.path }
+            let(:requested_namespace) { request_actor.namespace }
+            it_behaves_like 'can access namespace'
+          end
+        end
+      end
+      context "when namespace doesn't exist" do
+        it 'returns not-found' do
+          get api('/namespaces/9999', request_actor)
+          expect(response).to have_gitlab_http_status(404)
+        end
+      end
+    end
+    context 'when unauthenticated' do
+      it 'returns authentication error' do
+        get api("/namespaces/#{group1.id}")
+        expect(response).to have_gitlab_http_status(401)
+      end
+    end
+    context 'when authenticated as regular user' do
+      let(:request_actor) { user }
+      context 'when requested namespace is not owned by user' do
+        context 'when requesting group' do
+          it 'returns not-found' do
+            get api("/namespaces/#{group2.id}", request_actor)
+            expect(response).to have_gitlab_http_status(404)
+          end
+        end
+        context 'when requesting personal namespace' do
+          it 'returns not-found' do
+            get api("/namespaces/#{user2.namespace.id}", request_actor)
+            expect(response).to have_gitlab_http_status(404)
+          end
+        end
+      end
+      context 'when requested namespace is owned by user' do
+        it_behaves_like 'namespace reader'
+      end
+    end
+    context 'when authenticated as admin' do
+      let(:request_actor) { admin }
+      context 'when requested namespace is not owned by user' do
+        context 'when requesting group' do
+          let(:namespace_id) { group2.id }
+          let(:requested_namespace) { group2 }
+          it_behaves_like 'can access namespace'
+        end
+        context 'when requesting personal namespace' do
+          let(:namespace_id) { user2.namespace.id }
+          let(:requested_namespace) { user2.namespace }
+          it_behaves_like 'can access namespace'
+        end
+      end
+      context 'when requested namespace is owned by user' do
+        it_behaves_like 'namespace reader'
+      end
+    end
+  end
 end