project_snippets_spec.rb 7.31 KB
Newer Older
1 2
require 'rails_helper'

3
describe API::ProjectSnippets do
4
  let(:project) { create(:project, :public) }
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85
  let(:user) { create(:user) }
  let(:admin) { create(:admin) }

  describe 'GET /projects/:project_id/snippets/:id' do
    # TODO (rspeicher): Deprecated; remove in 9.0
    it 'always exposes expires_at as nil' do
      snippet = create(:project_snippet, author: admin)

      get v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin)

      expect(json_response).to have_key('expires_at')
      expect(json_response['expires_at']).to be_nil
    end
  end

  describe 'GET /projects/:project_id/snippets/' do
    let(:user) { create(:user) }

    it 'returns all snippets available to team member' do
      project.add_developer(user)
      public_snippet = create(:project_snippet, :public, project: project)
      internal_snippet = create(:project_snippet, :internal, project: project)
      private_snippet = create(:project_snippet, :private, project: project)

      get v3_api("/projects/#{project.id}/snippets/", user)

      expect(response).to have_http_status(200)
      expect(json_response.size).to eq(3)
      expect(json_response.map{ |snippet| snippet['id']} ).to include(public_snippet.id, internal_snippet.id, private_snippet.id)
      expect(json_response.last).to have_key('web_url')
    end

    it 'hides private snippets from regular user' do
      create(:project_snippet, :private, project: project)

      get v3_api("/projects/#{project.id}/snippets/", user)
      expect(response).to have_http_status(200)
      expect(json_response.size).to eq(0)
    end
  end

  describe 'POST /projects/:project_id/snippets/' do
    let(:params) do
      {
        title: 'Test Title',
        file_name: 'test.rb',
        code: 'puts "hello world"',
        visibility_level: Snippet::PUBLIC
      }
    end

    it 'creates a new snippet' do
      post v3_api("/projects/#{project.id}/snippets/", admin), params

      expect(response).to have_http_status(201)
      snippet = ProjectSnippet.find(json_response['id'])
      expect(snippet.content).to eq(params[:code])
      expect(snippet.title).to eq(params[:title])
      expect(snippet.file_name).to eq(params[:file_name])
      expect(snippet.visibility_level).to eq(params[:visibility_level])
    end

    it 'returns 400 for missing parameters' do
      params.delete(:title)

      post v3_api("/projects/#{project.id}/snippets/", admin), params

      expect(response).to have_http_status(400)
    end

    context 'when the snippet is spam' do
      def create_snippet(project, snippet_params = {})
        project.add_developer(user)

        post v3_api("/projects/#{project.id}/snippets", user), params.merge(snippet_params)
      end

      before do
        allow_any_instance_of(AkismetService).to receive(:is_spam?).and_return(true)
      end

86 87
      context 'when the snippet is private' do
        it 'creates the snippet' do
88 89
          expect { create_snippet(project, visibility_level: Snippet::PRIVATE) }
            .to change { Snippet.count }.by(1)
90 91 92
        end
      end

93 94
      context 'when the snippet is public' do
        it 'rejects the shippet' do
95 96
          expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }
            .not_to change { Snippet.count }
97 98 99

          expect(response).to have_http_status(400)
          expect(json_response['message']).to eq({ "error" => "Spam detected" })
100 101
        end

102
        it 'creates a spam log' do
103 104
          expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }
            .to change { SpamLog.count }.by(1)
105 106 107 108 109 110
        end
      end
    end
  end

  describe 'PUT /projects/:project_id/snippets/:id/' do
111 112
    let(:visibility_level) { Snippet::PUBLIC }
    let(:snippet) { create(:project_snippet, author: admin, visibility_level: visibility_level) }
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135

    it 'updates snippet' do
      new_content = 'New content'

      put v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), code: new_content

      expect(response).to have_http_status(200)
      snippet.reload
      expect(snippet.content).to eq(new_content)
    end

    it 'returns 404 for invalid snippet id' do
      put v3_api("/projects/#{snippet.project.id}/snippets/1234", admin), title: 'foo'

      expect(response).to have_http_status(404)
      expect(json_response['message']).to eq('404 Snippet Not Found')
    end

    it 'returns 400 for missing parameters' do
      put v3_api("/projects/#{project.id}/snippets/1234", admin)

      expect(response).to have_http_status(400)
    end
136 137 138 139 140 141 142 143 144 145 146 147 148 149

    context 'when the snippet is spam' do
      def update_snippet(snippet_params = {})
        put v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin), snippet_params
      end

      before do
        allow_any_instance_of(AkismetService).to receive(:is_spam?).and_return(true)
      end

      context 'when the snippet is private' do
        let(:visibility_level) { Snippet::PRIVATE }

        it 'creates the snippet' do
150 151
          expect { update_snippet(title: 'Foo') }
            .to change { snippet.reload.title }.to('Foo')
152 153 154 155 156 157 158
        end
      end

      context 'when the snippet is public' do
        let(:visibility_level) { Snippet::PUBLIC }

        it 'rejects the snippet' do
159 160
          expect { update_snippet(title: 'Foo') }
            .not_to change { snippet.reload.title }
161 162 163
        end

        it 'creates a spam log' do
164 165
          expect { update_snippet(title: 'Foo') }
            .to change { SpamLog.count }.by(1)
166 167 168 169 170 171 172
        end
      end

      context 'when the private snippet is made public' do
        let(:visibility_level) { Snippet::PRIVATE }

        it 'rejects the snippet' do
173 174
          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }
            .not_to change { snippet.reload.title }
175 176 177 178 179 180

          expect(response).to have_http_status(400)
          expect(json_response['message']).to eq({ "error" => "Spam detected" })
        end

        it 'creates a spam log' do
181 182
          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }
            .to change { SpamLog.count }.by(1)
183 184 185
        end
      end
    end
186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226
  end

  describe 'DELETE /projects/:project_id/snippets/:id/' do
    let(:snippet) { create(:project_snippet, author: admin) }

    it 'deletes snippet' do
      admin = create(:admin)
      snippet = create(:project_snippet, author: admin)

      delete v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin)

      expect(response).to have_http_status(200)
    end

    it 'returns 404 for invalid snippet id' do
      delete v3_api("/projects/#{snippet.project.id}/snippets/1234", admin)

      expect(response).to have_http_status(404)
      expect(json_response['message']).to eq('404 Snippet Not Found')
    end
  end

  describe 'GET /projects/:project_id/snippets/:id/raw' do
    let(:snippet) { create(:project_snippet, author: admin) }

    it 'returns raw text' do
      get v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/raw", admin)

      expect(response).to have_http_status(200)
      expect(response.content_type).to eq 'text/plain'
      expect(response.body).to eq(snippet.content)
    end

    it 'returns 404 for invalid snippet id' do
      delete v3_api("/projects/#{snippet.project.id}/snippets/1234", admin)

      expect(response).to have_http_status(404)
      expect(json_response['message']).to eq('404 Snippet Not Found')
    end
  end
end