Add filter param for authorized projects for current_user for V4

840cafc6 · Oswaldo Ferreira · Toon Claes · 9fa97202 · 840cafc6 · 840cafc6
Commit 840cafc6 authored Mar 02, 2017 by Oswaldo Ferreira Committed by Toon Claes Mar 03, 2017
5 changed files
--- a/changelogs/unreleased/28865-filter-by-authorized-projects-in-v4.yml
+++ b/changelogs/unreleased/28865-filter-by-authorized-projects-in-v4.yml
+---
+title: Add filter param for authorized projects for current_user for V4
+merge_request:
+author:
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -37,6 +37,7 @@ Parameters:
 | `search` | string | no | Return list of authorized projects matching the search criteria |
 | `simple` | boolean | no | Return only the ID, URL, name, and path of each project |
 | `owned` | boolean | no | Limit by projects owned by the current user |
+| `authorized` | boolean | no | Limit by projects authorized for the current user |
 | `starred` | boolean | no | Limit by projects starred by the current user |

 ```json

--- a/doc/api/v3_to_v4.md
+++ b/doc/api/v3_to_v4.md
@@ -52,6 +52,7 @@ changes are in V4:
 - Return HTTP status code `400` for all validation errors when creating or updating a member instead of sometimes `422` error. [!9523](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9523)
 - Remove `GET /groups/owned`. Use `GET /groups?owned=true` instead [!9505](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9505)
 - Return 202 with JSON body on async removals on V4 API (DELETE `/projects/:id/repository/merged_branches` and DELETE `/projects/:id`) [!9449](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9449)
+- Enable filtering user's authorized projects with boolean param `authorized` on `/projects` endpoint [!9674](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9674)

 #### EE-specific


--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -259,6 +259,10 @@ module API
    # project helpers

    def filter_projects(projects)
+      if params[:authorized]
+        projects = projects.merge(current_user.authorized_projects)
+      end
+
      if params[:owned]
        projects = projects.merge(current_user.owned_projects)
      end

--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -43,9 +43,10 @@ describe API::Projects, api: true  do
  describe 'GET /projects' do
    shared_examples_for 'projects response' do
      it 'returns an array of projects' do
-        get api('/projects', current_user)
+        get api('/projects', current_user), filter

        expect(response).to have_http_status(200)
+        expect(response).to include_pagination_headers
        expect(json_response).to be_an Array
        expect(json_response.map { |p| p['id'] }).to contain_exactly(*projects.map(&:id))
      end
@@ -61,6 +62,7 @@ describe API::Projects, api: true  do

    context 'when unauthenticated' do
      it_behaves_like 'projects response' do
+        let(:filter) { {} }
        let(:current_user) { nil }
        let(:projects) { [public_project] }
      end
@@ -68,6 +70,7 @@ describe API::Projects, api: true  do

    context 'when authenticated as regular user' do
      it_behaves_like 'projects response' do
+        let(:filter) { {} }
        let(:current_user) { user }
        let(:projects) { [public_project, project, project2, project3] }
      end
@@ -133,13 +136,18 @@ describe API::Projects, api: true  do
      end

      context 'and using search' do
-        it 'returns searched project' do
-          get api('/projects', user), { search: project.name }
+        it_behaves_like 'projects response' do
+          let(:filter) { { search: project.name } }
+          let(:current_user) { user }
+          let(:projects) { [project] }
+        end
+      end

-          expect(response).to have_http_status(200)
-          expect(response).to include_pagination_headers
-          expect(json_response).to be_an Array
-          expect(json_response.length).to eq(1)
+      context 'and authorized=true' do
+        it_behaves_like 'projects response' do
+          let(:filter) { { authorized: true } }
+          let(:current_user) { user }
+          let(:projects) { [project, project2, project3] }
        end
      end

@@ -216,36 +224,52 @@ describe API::Projects, api: true  do
      end

      context 'and with all query parameters' do
-        # |         | project5 | project6 | project7 | project8 | project9 |
-        # |---------+----------+----------+----------+----------+----------|
-        # | search  | x        |          | x        | x        | x        |
-        # | starred | x        | x        |          | x        | x        |
-        # | public  | x        | x        | x        |          | x        |
-        # | owned   | x        | x        | x        | x        |          |
-        let!(:project5) { create(:empty_project, :public, path: 'gitlab5', namespace: user.namespace) }
+        let!(:project5) { create(:empty_project, :public, path: 'gitlab5', namespace: create(:namespace)) }
        let!(:project6) { create(:empty_project, :public, path: 'project6', namespace: user.namespace) }
        let!(:project7) { create(:empty_project, :public, path: 'gitlab7', namespace: user.namespace) }
        let!(:project8) { create(:empty_project, path: 'gitlab8', namespace: user.namespace) }
        let!(:project9) { create(:empty_project, :public, path: 'gitlab9') }

        before do
-          user.update_attributes(starred_projects: [project5, project6, project8, project9])
+          user.update_attributes(starred_projects: [project5, project7, project8, project9])
        end

-        it 'returns only projects that satify all query parameters' do
-          get api('/projects', user), { visibility: 'public', owned: true, starred: true, search: 'gitlab' }
+        context 'including owned filter' do
+          it 'returns only projects that satify all query parameters' do
+            get api('/projects', user), { visibility: 'public', owned: true, starred: true, search: 'gitlab' }

-          expect(response).to have_http_status(200)
-          expect(response).to include_pagination_headers
-          expect(json_response).to be_an Array
-          expect(json_response.size).to eq(1)
-          expect(json_response.first['id']).to eq(project5.id)
+            expect(response).to have_http_status(200)
+            expect(response).to include_pagination_headers
+            expect(json_response).to be_an Array
+            expect(json_response.size).to eq(1)
+            expect(json_response.first['id']).to eq(project7.id)
+          end
+        end
+
+        context 'including authorized filter' do
+          before do
+            create(:project_member,
+                   user: user,
+                   project: project5,
+                   access_level: ProjectMember::MASTER)
+          end
+
+          it 'returns only projects that satify all query parameters' do
+            get api('/projects', user), { visibility: 'public', authorized: true, starred: true, search: 'gitlab' }
+
+            expect(response).to have_http_status(200)
+            expect(response).to include_pagination_headers
+            expect(json_response).to be_an Array
+            expect(json_response.size).to eq(2)
+            expect(json_response.map { |project| project.fetch('id') }).to contain_exactly(project5.id, project7.id)
+          end
        end
      end
    end

    context 'when authenticated as a different user' do
      it_behaves_like 'projects response' do
+        let(:filter) { {} }
        let(:current_user) { user2 }
        let(:projects) { [public_project] }
      end
@@ -253,6 +277,7 @@ describe API::Projects, api: true  do

    context 'when authenticated as admin' do
      it_behaves_like 'projects response' do
+        let(:filter) { {} }
        let(:current_user) { admin }
        let(:projects) { Project.all }
      end