Commit 115c00fd authored by Rémy Coutable's avatar Rémy Coutable

Fix doc linting errors and remove useless API specs

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 5010be77
...@@ -30,8 +30,8 @@ GET /projects/:id/access_requests ...@@ -30,8 +30,8 @@ GET /projects/:id/access_requests
| `id` | integer/string | yes | The group/project ID or path | | `id` | integer/string | yes | The group/project ID or path |
```bash ```bash
curl -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/access_requests curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/access_requests
curl -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/access_requests curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/access_requests
``` ```
Example response: Example response:
...@@ -73,8 +73,8 @@ POST /projects/:id/access_requests ...@@ -73,8 +73,8 @@ POST /projects/:id/access_requests
| `id` | integer/string | yes | The group/project ID or path | | `id` | integer/string | yes | The group/project ID or path |
```bash ```bash
curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/access_requests curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/access_requests
curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/access_requests curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/access_requests
``` ```
Example response: Example response:
...@@ -108,8 +108,8 @@ PUT /projects/:id/access_requests/:user_id/approve ...@@ -108,8 +108,8 @@ PUT /projects/:id/access_requests/:user_id/approve
| `access_level` | integer | no | A valid access level (defaults: `30`, developer access level) | | `access_level` | integer | no | A valid access level (defaults: `30`, developer access level) |
```bash ```bash
curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/access_requests/:user_id/approve?access_level=20 curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/access_requests/:user_id/approve?access_level=20
curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/access_requests/:user_id/approve?access_level=20 curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/access_requests/:user_id/approve?access_level=20
``` ```
Example response: Example response:
...@@ -142,6 +142,6 @@ DELETE /projects/:id/access_requests/:user_id ...@@ -142,6 +142,6 @@ DELETE /projects/:id/access_requests/:user_id
| `user_id` | integer | yes | The user ID of the access requester | | `user_id` | integer | yes | The user ID of the access requester |
```bash ```bash
curl -X DELETE -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/access_requests/:user_id curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/access_requests/:user_id
curl -X DELETE -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/access_requests/:user_id curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/access_requests/:user_id
``` ```
...@@ -29,8 +29,8 @@ GET /projects/:id/members ...@@ -29,8 +29,8 @@ GET /projects/:id/members
| `query` | string | no | A query string to search for members | | `query` | string | no | A query string to search for members |
```bash ```bash
curl -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/members curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/members
curl -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/members curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/members
``` ```
Example response: Example response:
...@@ -73,8 +73,8 @@ GET /projects/:id/members/:user_id ...@@ -73,8 +73,8 @@ GET /projects/:id/members/:user_id
| `user_id` | integer | yes | The user ID of the member | | `user_id` | integer | yes | The user ID of the member |
```bash ```bash
curl -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/members/:user_id curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/members/:user_id
curl -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/members/:user_id curl --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/members/:user_id
``` ```
Example response: Example response:
...@@ -108,8 +108,8 @@ POST /projects/:id/members ...@@ -108,8 +108,8 @@ POST /projects/:id/members
| `access_level` | integer | yes | A valid access level | | `access_level` | integer | yes | A valid access level |
```bash ```bash
curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/members/:user_id?access_level=30 curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/members/:user_id?access_level=30
curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/members/:user_id?access_level=30 curl --request POST --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/members/:user_id?access_level=30
``` ```
Example response: Example response:
...@@ -143,8 +143,8 @@ PUT /projects/:id/members/:user_id ...@@ -143,8 +143,8 @@ PUT /projects/:id/members/:user_id
| `access_level` | integer | yes | A valid access level | | `access_level` | integer | yes | A valid access level |
```bash ```bash
curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/members/:user_id?access_level=40 curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/members/:user_id?access_level=40
curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/members/:user_id?access_level=40 curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/members/:user_id?access_level=40
``` ```
Example response: Example response:
...@@ -177,6 +177,6 @@ DELETE /projects/:id/members/:user_id ...@@ -177,6 +177,6 @@ DELETE /projects/:id/members/:user_id
| `user_id` | integer | yes | The user ID of the member | | `user_id` | integer | yes | The user ID of the member |
```bash ```bash
curl -X DELETE -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/members/:user_id curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/groups/:id/members/:user_id
curl -X DELETE -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/members/:user_id curl --request DELETE --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/:id/members/:user_id
``` ```
require 'spec_helper'
describe API::API, api: true do
include ApiHelpers
let(:owner) { create(:user) }
let(:reporter) { create(:user) }
let(:developer) { create(:user) }
let(:master) { create(:user) }
let(:guest) { create(:user) }
let(:stranger) { create(:user) }
let!(:group_with_members) do
group = create(:group, :private)
group.add_users([reporter.id], GroupMember::REPORTER)
group.add_users([developer.id], GroupMember::DEVELOPER)
group.add_users([master.id], GroupMember::MASTER)
group.add_users([guest.id], GroupMember::GUEST)
group
end
let!(:group_no_members) { create(:group) }
before do
group_with_members.add_owner owner
group_no_members.add_owner owner
end
describe "GET /groups/:id/members" do
context "when authenticated as user that is part or the group" do
it "each user: returns an array of members groups of group3" do
[owner, master, developer, reporter, guest].each do |user|
get api("/groups/#{group_with_members.id}/members", user)
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.size).to eq(5)
expect(json_response.find { |e| e['id'] == owner.id }['access_level']).to eq(GroupMember::OWNER)
expect(json_response.find { |e| e['id'] == reporter.id }['access_level']).to eq(GroupMember::REPORTER)
expect(json_response.find { |e| e['id'] == developer.id }['access_level']).to eq(GroupMember::DEVELOPER)
expect(json_response.find { |e| e['id'] == master.id }['access_level']).to eq(GroupMember::MASTER)
expect(json_response.find { |e| e['id'] == guest.id }['access_level']).to eq(GroupMember::GUEST)
end
end
it 'users not part of the group should get access error' do
get api("/groups/#{group_with_members.id}/members", stranger)
expect(response).to have_http_status(404)
end
end
end
describe "POST /groups/:id/members" do
context "when not a member of the group" do
it "does not add guest as member of group_no_members when adding being done by person outside the group" do
post api("/groups/#{group_no_members.id}/members", reporter), user_id: guest.id, access_level: GroupMember::MASTER
expect(response).to have_http_status(403)
end
end
context "when a member of the group" do
it "returns ok and add new member" do
new_user = create(:user)
expect do
post api("/groups/#{group_no_members.id}/members", owner), user_id: new_user.id, access_level: GroupMember::MASTER
end.to change { group_no_members.members.count }.by(1)
expect(response).to have_http_status(201)
expect(json_response['name']).to eq(new_user.name)
expect(json_response['access_level']).to eq(GroupMember::MASTER)
end
it "does not allow guest to modify group members" do
new_user = create(:user)
expect do
post api("/groups/#{group_with_members.id}/members", guest), user_id: new_user.id, access_level: GroupMember::MASTER
end.not_to change { group_with_members.members.count }
expect(response).to have_http_status(403)
end
it "returns error if member already exists" do
post api("/groups/#{group_with_members.id}/members", owner), user_id: master.id, access_level: GroupMember::MASTER
expect(response).to have_http_status(409)
end
it "returns a 400 error when user id is not given" do
post api("/groups/#{group_no_members.id}/members", owner), access_level: GroupMember::MASTER
expect(response).to have_http_status(400)
end
it "returns a 400 error when access level is not given" do
post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id
expect(response).to have_http_status(400)
end
it "returns a 422 error when access level is not known" do
post api("/groups/#{group_no_members.id}/members", owner), user_id: master.id, access_level: 1234
expect(response).to have_http_status(422)
end
end
end
describe 'PUT /groups/:id/members/:user_id' do
context 'when not a member of the group' do
it 'returns a 409 error if the user is not a group member' do
put(
api("/groups/#{group_no_members.id}/members/#{developer.id}",
owner), access_level: GroupMember::MASTER
)
expect(response).to have_http_status(404)
end
end
context 'when a member of the group' do
it 'returns ok and update member access level' do
put(
api("/groups/#{group_with_members.id}/members/#{reporter.id}",
owner),
access_level: GroupMember::MASTER
)
expect(response).to have_http_status(200)
get api("/groups/#{group_with_members.id}/members", owner)
json_reporter = json_response.find do |e|
e['id'] == reporter.id
end
expect(json_reporter['access_level']).to eq(GroupMember::MASTER)
end
it 'does not allow guest to modify group members' do
put(
api("/groups/#{group_with_members.id}/members/#{developer.id}",
guest),
access_level: GroupMember::MASTER
)
expect(response).to have_http_status(403)
get api("/groups/#{group_with_members.id}/members", owner)
json_developer = json_response.find do |e|
e['id'] == developer.id
end
expect(json_developer['access_level']).to eq(GroupMember::DEVELOPER)
end
it 'returns a 400 error when access level is not given' do
put(
api("/groups/#{group_with_members.id}/members/#{master.id}", owner)
)
expect(response).to have_http_status(400)
end
it 'returns a 422 error when access level is not known' do
put(
api("/groups/#{group_with_members.id}/members/#{master.id}", owner),
access_level: 1234
)
expect(response).to have_http_status(422)
end
end
end
describe 'DELETE /groups/:id/members/:user_id' do
context 'when not a member of the group' do
it "does not delete guest's membership of group_with_members" do
random_user = create(:user)
delete api("/groups/#{group_with_members.id}/members/#{owner.id}", random_user)
expect(response).to have_http_status(404)
end
end
context "when a member of the group" do
it "deletes guest's membership of group" do
expect do
delete api("/groups/#{group_with_members.id}/members/#{guest.id}", owner)
end.to change { group_with_members.members.count }.by(-1)
expect(response).to have_http_status(200)
end
it "returns a 404 error when user id is not known" do
delete api("/groups/#{group_with_members.id}/members/1328", owner)
expect(response).to have_http_status(404)
end
it "does not allow guest to modify group members" do
delete api("/groups/#{group_with_members.id}/members/#{master.id}", guest)
expect(response).to have_http_status(403)
end
end
end
end
require 'spec_helper'
describe API::API, api: true do
include ApiHelpers
let(:user) { create(:user) }
let(:user2) { create(:user) }
let(:user3) { create(:user) }
let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) }
let(:project_member) { create(:project_member, :master, user: user, project: project) }
let(:project_member2) { create(:project_member, :developer, user: user3, project: project) }
describe "GET /projects/:id/members" do
before { project_member }
before { project_member2 }
it "returns project team members" do
get api("/projects/#{project.id}/members", user)
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.count).to eq(2)
expect(json_response.map { |u| u['username'] }).to include user.username
end
it "finds team members with query string" do
get api("/projects/#{project.id}/members", user), query: user.username
expect(response).to have_http_status(200)
expect(json_response).to be_an Array
expect(json_response.count).to eq(1)
expect(json_response.first['username']).to eq(user.username)
end
it "returns a 404 error if id not found" do
get api("/projects/9999/members", user)
expect(response).to have_http_status(404)
end
end
describe "GET /projects/:id/members/:user_id" do
before { project_member }
it "returns project team member" do
get api("/projects/#{project.id}/members/#{user.id}", user)
expect(response).to have_http_status(200)
expect(json_response['username']).to eq(user.username)
expect(json_response['access_level']).to eq(ProjectMember::MASTER)
end
it "returns a 404 error if user id not found" do
get api("/projects/#{project.id}/members/1234", user)
expect(response).to have_http_status(404)
end
end
describe "POST /projects/:id/members" do
it "adds user to project team" do
expect do
post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: ProjectMember::DEVELOPER
end.to change { ProjectMember.count }.by(1)
expect(response).to have_http_status(201)
expect(json_response['username']).to eq(user2.username)
expect(json_response['access_level']).to eq(ProjectMember::DEVELOPER)
end
it "returns a 201 status if user is already project member" do
post api("/projects/#{project.id}/members", user),
user_id: user2.id,
access_level: ProjectMember::DEVELOPER
expect do
post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: ProjectMember::DEVELOPER
end.not_to change { ProjectMember.count }
expect(response).to have_http_status(201)
expect(json_response['username']).to eq(user2.username)
expect(json_response['access_level']).to eq(ProjectMember::DEVELOPER)
end
it "returns a 400 error when user id is not given" do
post api("/projects/#{project.id}/members", user), access_level: ProjectMember::MASTER
expect(response).to have_http_status(400)
end
it "returns a 400 error when access level is not given" do
post api("/projects/#{project.id}/members", user), user_id: user2.id
expect(response).to have_http_status(400)
end
it "returns a 422 error when access level is not known" do
post api("/projects/#{project.id}/members", user), user_id: user2.id, access_level: 1234
expect(response).to have_http_status(422)
end
end
describe "PUT /projects/:id/members/:user_id" do
before { project_member2 }
it "updates project team member" do
put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: ProjectMember::MASTER
expect(response).to have_http_status(200)
expect(json_response['username']).to eq(user3.username)
expect(json_response['access_level']).to eq(ProjectMember::MASTER)
end
it "returns a 404 error if user_id is not found" do
put api("/projects/#{project.id}/members/1234", user), access_level: ProjectMember::MASTER
expect(response).to have_http_status(404)
end
it "returns a 400 error when access level is not given" do
put api("/projects/#{project.id}/members/#{user3.id}", user)
expect(response).to have_http_status(400)
end
it "returns a 422 error when access level is not known" do
put api("/projects/#{project.id}/members/#{user3.id}", user), access_level: 123
expect(response).to have_http_status(422)
end
end
describe "DELETE /projects/:id/members/:user_id" do
before do
project_member
project_member2
end
it "removes user from project team" do
expect do
delete api("/projects/#{project.id}/members/#{user3.id}", user)
end.to change { ProjectMember.count }.by(-1)
end
it "returns 200 if team member is not part of a project" do
delete api("/projects/#{project.id}/members/#{user3.id}", user)
expect do
delete api("/projects/#{project.id}/members/#{user3.id}", user)
end.not_to change { ProjectMember.count }
expect(response).to have_http_status(200)
end
it "returns 200 if team member already removed" do
delete api("/projects/#{project.id}/members/#{user3.id}", user)
delete api("/projects/#{project.id}/members/#{user3.id}", user)
expect(response).to have_http_status(200)
end
it "returns 200 OK when the user was not member" do
expect do
delete api("/projects/#{project.id}/members/1000000", user)
end.to change { ProjectMember.count }.by(0)
expect(response).to have_http_status(200)
expect(json_response['id']).to eq(1000000)
expect(json_response['message']).to eq('Access revoked')
end
context 'when the user is not an admin or owner' do
it 'can leave the project' do
expect do
delete api("/projects/#{project.id}/members/#{user3.id}", user3)
end.to change { ProjectMember.count }.by(-1)
expect(response).to have_http_status(200)
expect(json_response['id']).to eq(user3.id)
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment