Commit 1843502f authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'sh-fix-snippet-visibility-api' into 'master'

Fix snippets API not working with visibility level

Closes #66050

See merge request gitlab-org/gitlab-ce!32286
parents f7e36934 680f4377
...@@ -44,6 +44,10 @@ class BaseService ...@@ -44,6 +44,10 @@ class BaseService
model.errors.add(:visibility_level, "#{level_name} has been restricted by your GitLab administrator") model.errors.add(:visibility_level, "#{level_name} has been restricted by your GitLab administrator")
end end
def visibility_level
params[:visibility].is_a?(String) ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level]
end
private private
def error(message, http_status = nil) def error(message, http_status = nil)
......
...@@ -12,7 +12,7 @@ class CreateSnippetService < BaseService ...@@ -12,7 +12,7 @@ class CreateSnippetService < BaseService
PersonalSnippet.new(params) PersonalSnippet.new(params)
end end
unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level]) unless Gitlab::VisibilityLevel.allowed_for?(current_user, snippet.visibility_level)
deny_visibility_level(snippet) deny_visibility_level(snippet)
return snippet return snippet
end end
......
...@@ -68,9 +68,5 @@ module Groups ...@@ -68,9 +68,5 @@ module Groups
true true
end end
def visibility_level
params[:visibility].present? ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level]
end
end end
end end
...@@ -12,7 +12,7 @@ class UpdateSnippetService < BaseService ...@@ -12,7 +12,7 @@ class UpdateSnippetService < BaseService
def execute def execute
# check that user is allowed to set specified visibility_level # check that user is allowed to set specified visibility_level
new_visibility = params[:visibility_level] new_visibility = visibility_level
if new_visibility && new_visibility.to_i != snippet.visibility_level if new_visibility && new_visibility.to_i != snippet.visibility_level
unless Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility) unless Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
......
---
title: Fix snippets API not working with visibility level
merge_request: 32286
author:
type: fixed
...@@ -96,6 +96,28 @@ describe API::ProjectSnippets do ...@@ -96,6 +96,28 @@ describe API::ProjectSnippets do
} }
end end
context 'with a regular user' do
let(:user) { create(:user) }
before do
project.add_developer(user)
stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::PRIVATE])
params['visibility'] = 'internal'
end
it 'creates a new snippet' do
post api("/projects/#{project.id}/snippets/", user), params: params
expect(response).to have_gitlab_http_status(201)
snippet = ProjectSnippet.find(json_response['id'])
expect(snippet.content).to eq(params[:code])
expect(snippet.description).to eq(params[:description])
expect(snippet.title).to eq(params[:title])
expect(snippet.file_name).to eq(params[:file_name])
expect(snippet.visibility_level).to eq(Snippet::INTERNAL)
end
end
it 'creates a new snippet' do it 'creates a new snippet' do
post api("/projects/#{project.id}/snippets/", admin), params: params post api("/projects/#{project.id}/snippets/", admin), params: params
...@@ -190,12 +212,13 @@ describe API::ProjectSnippets do ...@@ -190,12 +212,13 @@ describe API::ProjectSnippets do
new_content = 'New content' new_content = 'New content'
new_description = 'New description' new_description = 'New description'
put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), params: { code: new_content, description: new_description } put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), params: { code: new_content, description: new_description, visibility: 'private' }
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
snippet.reload snippet.reload
expect(snippet.content).to eq(new_content) expect(snippet.content).to eq(new_content)
expect(snippet.description).to eq(new_description) expect(snippet.description).to eq(new_description)
expect(snippet.visibility).to eq('private')
end end
it 'updates snippet with content parameter' do it 'updates snippet with content parameter' do
......
...@@ -193,6 +193,7 @@ describe API::Snippets do ...@@ -193,6 +193,7 @@ describe API::Snippets do
} }
end end
shared_examples 'snippet creation' do
it 'creates a new snippet' do it 'creates a new snippet' do
expect do expect do
post api("/snippets/", user), params: params post api("/snippets/", user), params: params
...@@ -204,6 +205,19 @@ describe API::Snippets do ...@@ -204,6 +205,19 @@ describe API::Snippets do
expect(json_response['file_name']).to eq(params[:file_name]) expect(json_response['file_name']).to eq(params[:file_name])
expect(json_response['visibility']).to eq(params[:visibility]) expect(json_response['visibility']).to eq(params[:visibility])
end end
end
context 'with restricted visibility settings' do
before do
stub_application_setting(restricted_visibility_levels:
[Gitlab::VisibilityLevel::INTERNAL,
Gitlab::VisibilityLevel::PRIVATE])
end
it_behaves_like 'snippet creation'
end
it_behaves_like 'snippet creation'
it 'returns 400 for missing parameters' do it 'returns 400 for missing parameters' do
params.delete(:title) params.delete(:title)
...@@ -253,17 +267,32 @@ describe API::Snippets do ...@@ -253,17 +267,32 @@ describe API::Snippets do
create(:personal_snippet, author: user, visibility_level: visibility_level) create(:personal_snippet, author: user, visibility_level: visibility_level)
end end
it 'updates snippet' do shared_examples 'snippet updates' do
it 'updates a snippet' do
new_content = 'New content' new_content = 'New content'
new_description = 'New description' new_description = 'New description'
put api("/snippets/#{snippet.id}", user), params: { content: new_content, description: new_description } put api("/snippets/#{snippet.id}", user), params: { content: new_content, description: new_description, visibility: 'internal' }
expect(response).to have_gitlab_http_status(200) expect(response).to have_gitlab_http_status(200)
snippet.reload snippet.reload
expect(snippet.content).to eq(new_content) expect(snippet.content).to eq(new_content)
expect(snippet.description).to eq(new_description) expect(snippet.description).to eq(new_description)
expect(snippet.visibility).to eq('internal')
end end
end
context 'with restricted visibility settings' do
before do
stub_application_setting(restricted_visibility_levels:
[Gitlab::VisibilityLevel::PUBLIC,
Gitlab::VisibilityLevel::PRIVATE])
end
it_behaves_like 'snippet updates'
end
it_behaves_like 'snippet updates'
it 'returns 404 for invalid snippet id' do it 'returns 404 for invalid snippet id' do
put api("/snippets/1234", user), params: { title: 'foo' } put api("/snippets/1234", user), params: { title: 'foo' }
......
...@@ -34,6 +34,19 @@ describe CreateSnippetService do ...@@ -34,6 +34,19 @@ describe CreateSnippetService do
expect(snippet.errors.any?).to be_falsey expect(snippet.errors.any?).to be_falsey
expect(snippet.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC) expect(snippet.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
end end
describe "when visibility level is passed as a string" do
before do
@opts[:visibility] = 'internal'
@opts.delete(:visibility_level)
end
it "assigns the correct visibility level" do
snippet = create_snippet(nil, @user, @opts)
expect(snippet.errors.any?).to be_falsey
expect(snippet.visibility_level).to eq(Gitlab::VisibilityLevel::INTERNAL)
end
end
end end
describe 'usage counter' do describe 'usage counter' do
......
...@@ -32,12 +32,25 @@ describe UpdateSnippetService do ...@@ -32,12 +32,25 @@ describe UpdateSnippetService do
expect(@snippet.visibility_level).to eq(old_visibility) expect(@snippet.visibility_level).to eq(old_visibility)
end end
it 'admins should be able to update to pubic visibility' do it 'admins should be able to update to public visibility' do
old_visibility = @snippet.visibility_level old_visibility = @snippet.visibility_level
update_snippet(@project, @admin, @snippet, @opts) update_snippet(@project, @admin, @snippet, @opts)
expect(@snippet.visibility_level).not_to eq(old_visibility) expect(@snippet.visibility_level).not_to eq(old_visibility)
expect(@snippet.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC) expect(@snippet.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
end end
describe "when visibility level is passed as a string" do
before do
@opts[:visibility] = 'internal'
@opts.delete(:visibility_level)
end
it "assigns the correct visibility level" do
update_snippet(@project, @user, @snippet, @opts)
expect(@snippet.errors.any?).to be_falsey
expect(@snippet.visibility_level).to eq(Gitlab::VisibilityLevel::INTERNAL)
end
end
end end
describe 'usage counter' do describe 'usage counter' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment