Commit 5d131e75 authored by Eugenia Grieff's avatar Eugenia Grieff

Add validation to issues_statistics endpoint

- Add specs
parent 5c2f3a77
...@@ -114,6 +114,7 @@ module API ...@@ -114,6 +114,7 @@ module API
end end
get '/issues_statistics' do get '/issues_statistics' do
authenticate! unless params[:scope] == 'all' authenticate! unless params[:scope] == 'all'
validate_anonymous_search_access! if params[:search].present?
present issues_statistics, with: Grape::Presenters::Presenter present issues_statistics, with: Grape::Presenters::Presenter
end end
...@@ -189,6 +190,8 @@ module API ...@@ -189,6 +190,8 @@ module API
use :issues_stats_params use :issues_stats_params
end end
get ":id/issues_statistics" do get ":id/issues_statistics" do
validate_anonymous_search_access! if declared_params[:search].present?
present issues_statistics(group_id: user_group.id, include_subgroups: true), with: Grape::Presenters::Presenter present issues_statistics(group_id: user_group.id, include_subgroups: true), with: Grape::Presenters::Presenter
end end
end end
...@@ -225,6 +228,8 @@ module API ...@@ -225,6 +228,8 @@ module API
use :issues_stats_params use :issues_stats_params
end end
get ":id/issues_statistics" do get ":id/issues_statistics" do
validate_anonymous_search_access! if declared_params[:search].present?
present issues_statistics(project_id: user_project.id), with: Grape::Presenters::Presenter present issues_statistics(project_id: user_project.id), with: Grape::Presenters::Presenter
end end
......
...@@ -262,6 +262,38 @@ RSpec.describe API::Issues do ...@@ -262,6 +262,38 @@ RSpec.describe API::Issues do
it_behaves_like 'issues statistics' it_behaves_like 'issues statistics'
end end
context 'with search param' do
let(:params) { { scope: 'all', search: 'foo' } }
let(:counts) { { all: 1, closed: 0, opened: 1 } }
it_behaves_like 'issues statistics'
context 'with anonymous user' do
let(:user) { nil }
context 'with disable_anonymous_search disabled' do
before do
stub_feature_flags(disable_anonymous_search: false)
end
it_behaves_like 'issues statistics'
end
context 'with disable_anonymous_search enabled' do
before do
stub_feature_flags(disable_anonymous_search: true)
end
it 'returns a unprocessable entity 422' do
get api("/issues_statistics"), params: params
expect(response).to have_gitlab_http_status(:unprocessable_entity)
expect(json_response['message']).to include('User must be authenticated to use search')
end
end
end
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment