Merge branch...

Merge branch '37320-ensure-project-snippet-feature-status-in-project-snippet-api-endpoints' into 'master' Resolve "Ensure project snippet feature status in project API endpoints" See merge request gitlab-org/gitlab!26064

Merge branch...
Merge branch '37320-ensure-project-snippet-feature-status-in-project-snippet-api-endpoints' into 'master' Resolve "Ensure project snippet feature status in project API endpoints" See merge request gitlab-org/gitlab!26064
96283954 · Dmytro Zaporozhets · 1985328c · 3cf805b2 · 96283954 · 96283954
Commit 96283954 authored Mar 03, 2020 by Dmytro Zaporozhets
3 changed files
--- a/changelogs/unreleased/37320-ensure-project-snippet-api-status.yml
+++ b/changelogs/unreleased/37320-ensure-project-snippet-api-status.yml
+---
+title: Project Snippets API endpoints check feature status
+merge_request: 26064
+author:
+type: performance
--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
@@ -5,12 +5,17 @@ module API
    include PaginationParams

    before { authenticate! }
+    before { check_snippets_enabled }

    params do
      requires :id, type: String, desc: 'The ID of a project'
    end
    resource :projects, requirements: API::NAMESPACE_OR_PROJECT_REQUIREMENTS do
      helpers do
+        def check_snippets_enabled
+          forbidden! unless user_project.feature_available?(:snippets, current_user)
+        end
+
        def handle_project_member_errors(errors)
          if errors[:project_access].any?
            error!(errors[:project_access], 422)

--- a/spec/requests/api/project_snippets_spec.rb
+++ b/spec/requests/api/project_snippets_spec.rb
@@ -6,6 +6,12 @@ describe API::ProjectSnippets do
  let_it_be(:project) { create(:project, :public) }
  let_it_be(:user) { create(:user) }
  let_it_be(:admin) { create(:admin) }
+  let_it_be(:project_no_snippets) { create(:project, :snippets_disabled) }
+
+  before do
+    project_no_snippets.add_developer(admin)
+    project_no_snippets.add_developer(user)
+  end

  describe "GET /projects/:project_id/snippets/:id/user_agent_detail" do
    let(:snippet) { create(:project_snippet, :public, project: project) }
@@ -32,6 +38,12 @@ describe API::ProjectSnippets do

      expect(response).to have_gitlab_http_status(:forbidden)
    end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/123/user_agent_detail", admin) }
+      end
+    end
  end

  describe 'GET /projects/:project_id/snippets/' do
@@ -63,6 +75,12 @@ describe API::ProjectSnippets do
      expect(json_response).to be_an Array
      expect(json_response.size).to eq(0)
    end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { get api("/projects/#{project_no_snippets.id}/snippets", user) }
+      end
+    end
  end

  describe 'GET /projects/:project_id/snippets/:id' do
@@ -85,6 +103,12 @@ describe API::ProjectSnippets do
      expect(response).to have_gitlab_http_status(:not_found)
      expect(json_response['message']).to eq('404 Not found')
    end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/123", user) }
+      end
+    end
  end

  describe 'POST /projects/:project_id/snippets/' do
@@ -244,11 +268,17 @@ describe API::ProjectSnippets do
        end
      end
    end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { post api("/projects/#{project_no_snippets.id}/snippets", user), params: params }
+      end
+    end
  end

  describe 'PUT /projects/:project_id/snippets/:id/' do
    let(:visibility_level) { Snippet::PUBLIC }
-    let(:snippet) { create(:project_snippet, author: admin, visibility_level: visibility_level) }
+    let(:snippet) { create(:project_snippet, author: admin, visibility_level: visibility_level, project: project) }

    it 'updates snippet' do
      new_content = 'New content'
@@ -354,10 +384,16 @@ describe API::ProjectSnippets do
        end
      end
    end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { put api("/projects/#{project_no_snippets.id}/snippets/123", admin), params: { description: 'foo' } }
+      end
+    end
  end

  describe 'DELETE /projects/:project_id/snippets/:id/' do
-    let(:snippet) { create(:project_snippet, author: admin) }
+    let(:snippet) { create(:project_snippet, author: admin, project: project) }

    it 'deletes snippet' do
      delete api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin)
@@ -375,10 +411,16 @@ describe API::ProjectSnippets do
    it_behaves_like '412 response' do
      let(:request) { api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin) }
    end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { delete api("/projects/#{project_no_snippets.id}/snippets/123", admin) }
+      end
+    end
  end

  describe 'GET /projects/:project_id/snippets/:id/raw' do
-    let(:snippet) { create(:project_snippet, author: admin) }
+    let(:snippet) { create(:project_snippet, author: admin, project: project) }

    it 'returns raw text' do
      get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/raw", admin)
@@ -394,5 +436,11 @@ describe API::ProjectSnippets do
      expect(response).to have_gitlab_http_status(:not_found)
      expect(json_response['message']).to eq('404 Snippet Not Found')
    end
+
+    context 'with snippets disabled' do
+      it_behaves_like '403 response' do
+        let(:request) { get api("/projects/#{project_no_snippets.id}/snippets/123/raw", admin) }
+      end
+    end
  end
 end