Commit 1a3bcc76 authored by Nick Thomas's avatar Nick Thomas

Fix the user-agent detail API endpoint for project snippets

parent f17d7a4b
...@@ -131,12 +131,13 @@ Available only for admins. ...@@ -131,12 +131,13 @@ Available only for admins.
GET /projects/:id/snippets/:snippet_id/user_agent_detail GET /projects/:id/snippets/:snippet_id/user_agent_detail
``` ```
| Attribute | Type | Required | Description | | Attribute | Type | Required | Description |
|-------------|---------|----------|--------------------------------------| |---------------|---------|----------|--------------------------------------|
| `id` | Integer | yes | The ID of a snippet | | `id` | Integer | yes | The ID of a project |
| `snippet_id` | Integer | yes | The ID of a snippet |
```bash ```bash
curl --request GET --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/1/snippets/1/user_agent_detail curl --request GET --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/projects/1/snippets/2/user_agent_detail
``` ```
Example response: Example response:
......
...@@ -143,7 +143,7 @@ module API ...@@ -143,7 +143,7 @@ module API
get ":id/snippets/:snippet_id/user_agent_detail" do get ":id/snippets/:snippet_id/user_agent_detail" do
authenticated_as_admin! authenticated_as_admin!
snippet = Snippet.find_by!(id: params[:id]) snippet = Snippet.find_by!(id: params[:snippet_id], project_id: params[:id])
return not_found!('UserAgentDetail') unless snippet.user_agent_detail return not_found!('UserAgentDetail') unless snippet.user_agent_detail
......
require 'rails_helper' require 'rails_helper'
describe API::ProjectSnippets do describe API::ProjectSnippets do
let(:project) { create(:project, :public) } set(:project) { create(:project, :public) }
let(:user) { create(:user) } set(:user) { create(:user) }
let(:admin) { create(:admin) } set(:admin) { create(:admin) }
describe "GET /projects/:project_id/snippets/:id/user_agent_detail" do describe "GET /projects/:project_id/snippets/:id/user_agent_detail" do
let(:snippet) { create(:project_snippet, :public, project: project) } let(:snippet) { create(:project_snippet, :public, project: project) }
...@@ -18,6 +18,13 @@ describe API::ProjectSnippets do ...@@ -18,6 +18,13 @@ describe API::ProjectSnippets do
expect(json_response['akismet_submitted']).to eq(user_agent_detail.submitted) expect(json_response['akismet_submitted']).to eq(user_agent_detail.submitted)
end end
it 'respects project scoping' do
other_project = create(:project)
get api("/projects/#{other_project.id}/snippets/#{snippet.id}/user_agent_detail", admin)
expect(response).to have_gitlab_http_status(404)
end
it "returns unautorized for non-admin users" do it "returns unautorized for non-admin users" do
get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/user_agent_detail", user) get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/user_agent_detail", user)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment