Commit f9aae510 authored by Sean McGivern's avatar Sean McGivern

Merge branch '28865-filter-by-authorized-projects-in-v4' into 'master'

Add filter param for user's authorized projects in V4

Closes #28865

See merge request !9674
parents 433ec4d8 63576356
---
title: Add filter param for project membership for current_user in API v4
merge_request:
author:
...@@ -34,9 +34,10 @@ Parameters: ...@@ -34,9 +34,10 @@ Parameters:
| `visibility` | string | no | Limit by visibility `public`, `internal`, or `private` | | `visibility` | string | no | Limit by visibility `public`, `internal`, or `private` |
| `order_by` | string | no | Return projects ordered by `id`, `name`, `path`, `created_at`, `updated_at`, or `last_activity_at` fields. Default is `created_at` | | `order_by` | string | no | Return projects ordered by `id`, `name`, `path`, `created_at`, `updated_at`, or `last_activity_at` fields. Default is `created_at` |
| `sort` | string | no | Return projects sorted in `asc` or `desc` order. Default is `desc` | | `sort` | string | no | Return projects sorted in `asc` or `desc` order. Default is `desc` |
| `search` | string | no | Return list of authorized projects matching the search criteria | | `search` | string | no | Return list of projects matching the search criteria |
| `simple` | boolean | no | Return only the ID, URL, name, and path of each project | | `simple` | boolean | no | Return only the ID, URL, name, and path of each project |
| `owned` | boolean | no | Limit by projects owned by the current user | | `owned` | boolean | no | Limit by projects owned by the current user |
| `membership` | boolean | no | Limit by projects that the current user is a member of |
| `starred` | boolean | no | Limit by projects starred by the current user | | `starred` | boolean | no | Limit by projects starred by the current user |
```json ```json
......
...@@ -28,7 +28,12 @@ changes are in V4: ...@@ -28,7 +28,12 @@ changes are in V4:
- `/dockerfiles/:key` - `/dockerfiles/:key`
- Moved `/projects/fork/:id` to `/projects/:id/fork` [!8940](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8940) - Moved `/projects/fork/:id` to `/projects/:id/fork` [!8940](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8940)
- Moved `DELETE /todos` to `POST /todos/mark_as_done` and `DELETE /todos/:todo_id` to `POST /todos/:todo_id/mark_as_done` [!9410](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9410) - Moved `DELETE /todos` to `POST /todos/mark_as_done` and `DELETE /todos/:todo_id` to `POST /todos/:todo_id/mark_as_done` [!9410](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9410)
- Endpoints `/projects/owned`, `/projects/visible`, `/projects/starred` & `/projects/all` are consolidated into `/projects` using query parameters [!8962](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8962) - Project filters are no longer available as `GET /projects/foo`, but as `GET /projects?foo=true` instead [!8962](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8962)
- `GET /projects/visible` & `GET /projects/all` are consolidated into `GET /projects` and can be used with or without authorization
- `GET /projects/owned` moved to `GET /projects?owned=true`
- `GET /projects/starred` moved to `GET /projects?starred=true`
- `GET /projects` returns all projects visible to current user, even if the user is not a member [!9674](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9674)
- To get projects the user is a member of, use `/projects?membership=true`
- Return pagination headers for all endpoints that return an array [!8606](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8606) - Return pagination headers for all endpoints that return an array [!8606](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8606)
- Added `POST /environments/:environment_id/stop` to stop an environment [!8808](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8808) - Added `POST /environments/:environment_id/stop` to stop an environment [!8808](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8808)
- Removed `DELETE projects/:id/deploy_keys/:key_id/disable`. Use `DELETE projects/:id/deploy_keys/:key_id` instead [!9366](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9366) - Removed `DELETE projects/:id/deploy_keys/:key_id/disable`. Use `DELETE projects/:id/deploy_keys/:key_id` instead [!9366](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9366)
......
...@@ -252,6 +252,10 @@ module API ...@@ -252,6 +252,10 @@ module API
# project helpers # project helpers
def filter_projects(projects) def filter_projects(projects)
if params[:membership]
projects = projects.merge(current_user.authorized_projects)
end
if params[:owned] if params[:owned]
projects = projects.merge(current_user.owned_projects) projects = projects.merge(current_user.owned_projects)
end end
......
...@@ -46,9 +46,10 @@ module API ...@@ -46,9 +46,10 @@ module API
optional :archived, type: Boolean, default: false, desc: 'Limit by archived status' optional :archived, type: Boolean, default: false, desc: 'Limit by archived status'
optional :visibility, type: String, values: Gitlab::VisibilityLevel.string_values, optional :visibility, type: String, values: Gitlab::VisibilityLevel.string_values,
desc: 'Limit by visibility' desc: 'Limit by visibility'
optional :search, type: String, desc: 'Return list of authorized projects matching the search criteria' optional :search, type: String, desc: 'Return list of projects matching the search criteria'
optional :owned, type: Boolean, default: false, desc: 'Limit by owned by authenticated user' optional :owned, type: Boolean, default: false, desc: 'Limit by owned by authenticated user'
optional :starred, type: Boolean, default: false, desc: 'Limit by starred status' optional :starred, type: Boolean, default: false, desc: 'Limit by starred status'
optional :membership, type: Boolean, default: false, desc: 'Limit by projects that the current user is a member of'
end end
params :statistics_params do params :statistics_params do
......
...@@ -43,9 +43,10 @@ describe API::Projects, api: true do ...@@ -43,9 +43,10 @@ describe API::Projects, api: true do
describe 'GET /projects' do describe 'GET /projects' do
shared_examples_for 'projects response' do shared_examples_for 'projects response' do
it 'returns an array of projects' do it 'returns an array of projects' do
get api('/projects', current_user) get api('/projects', current_user), filter
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array expect(json_response).to be_an Array
expect(json_response.map { |p| p['id'] }).to contain_exactly(*projects.map(&:id)) expect(json_response.map { |p| p['id'] }).to contain_exactly(*projects.map(&:id))
end end
...@@ -61,6 +62,7 @@ describe API::Projects, api: true do ...@@ -61,6 +62,7 @@ describe API::Projects, api: true do
context 'when unauthenticated' do context 'when unauthenticated' do
it_behaves_like 'projects response' do it_behaves_like 'projects response' do
let(:filter) { {} }
let(:current_user) { nil } let(:current_user) { nil }
let(:projects) { [public_project] } let(:projects) { [public_project] }
end end
...@@ -68,6 +70,7 @@ describe API::Projects, api: true do ...@@ -68,6 +70,7 @@ describe API::Projects, api: true do
context 'when authenticated as regular user' do context 'when authenticated as regular user' do
it_behaves_like 'projects response' do it_behaves_like 'projects response' do
let(:filter) { {} }
let(:current_user) { user } let(:current_user) { user }
let(:projects) { [public_project, project, project2, project3] } let(:projects) { [public_project, project, project2, project3] }
end end
...@@ -133,13 +136,18 @@ describe API::Projects, api: true do ...@@ -133,13 +136,18 @@ describe API::Projects, api: true do
end end
context 'and using search' do context 'and using search' do
it 'returns searched project' do it_behaves_like 'projects response' do
get api('/projects', user), { search: project.name } let(:filter) { { search: project.name } }
let(:current_user) { user }
let(:projects) { [project] }
end
end
expect(response).to have_http_status(200) context 'and membership=true' do
expect(response).to include_pagination_headers it_behaves_like 'projects response' do
expect(json_response).to be_an Array let(:filter) { { membership: true } }
expect(json_response.length).to eq(1) let(:current_user) { user }
let(:projects) { [project, project2, project3] }
end end
end end
...@@ -216,36 +224,52 @@ describe API::Projects, api: true do ...@@ -216,36 +224,52 @@ describe API::Projects, api: true do
end end
context 'and with all query parameters' do context 'and with all query parameters' do
# | | project5 | project6 | project7 | project8 | project9 | let!(:project5) { create(:empty_project, :public, path: 'gitlab5', namespace: create(:namespace)) }
# |---------+----------+----------+----------+----------+----------|
# | search | x | | x | x | x |
# | starred | x | x | | x | x |
# | public | x | x | x | | x |
# | owned | x | x | x | x | |
let!(:project5) { create(:empty_project, :public, path: 'gitlab5', namespace: user.namespace) }
let!(:project6) { create(:empty_project, :public, path: 'project6', namespace: user.namespace) } let!(:project6) { create(:empty_project, :public, path: 'project6', namespace: user.namespace) }
let!(:project7) { create(:empty_project, :public, path: 'gitlab7', namespace: user.namespace) } let!(:project7) { create(:empty_project, :public, path: 'gitlab7', namespace: user.namespace) }
let!(:project8) { create(:empty_project, path: 'gitlab8', namespace: user.namespace) } let!(:project8) { create(:empty_project, path: 'gitlab8', namespace: user.namespace) }
let!(:project9) { create(:empty_project, :public, path: 'gitlab9') } let!(:project9) { create(:empty_project, :public, path: 'gitlab9') }
before do before do
user.update_attributes(starred_projects: [project5, project6, project8, project9]) user.update_attributes(starred_projects: [project5, project7, project8, project9])
end end
it 'returns only projects that satify all query parameters' do context 'including owned filter' do
it 'returns only projects that satisfy all query parameters' do
get api('/projects', user), { visibility: 'public', owned: true, starred: true, search: 'gitlab' } get api('/projects', user), { visibility: 'public', owned: true, starred: true, search: 'gitlab' }
expect(response).to have_http_status(200) expect(response).to have_http_status(200)
expect(response).to include_pagination_headers expect(response).to include_pagination_headers
expect(json_response).to be_an Array expect(json_response).to be_an Array
expect(json_response.size).to eq(1) expect(json_response.size).to eq(1)
expect(json_response.first['id']).to eq(project5.id) expect(json_response.first['id']).to eq(project7.id)
end
end
context 'including membership filter' do
before do
create(:project_member,
user: user,
project: project5,
access_level: ProjectMember::MASTER)
end
it 'returns only projects that satisfy all query parameters' do
get api('/projects', user), { visibility: 'public', membership: true, starred: true, search: 'gitlab' }
expect(response).to have_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.size).to eq(2)
expect(json_response.map { |project| project['id'] }).to contain_exactly(project5.id, project7.id)
end
end end
end end
end end
context 'when authenticated as a different user' do context 'when authenticated as a different user' do
it_behaves_like 'projects response' do it_behaves_like 'projects response' do
let(:filter) { {} }
let(:current_user) { user2 } let(:current_user) { user2 }
let(:projects) { [public_project] } let(:projects) { [public_project] }
end end
...@@ -253,6 +277,7 @@ describe API::Projects, api: true do ...@@ -253,6 +277,7 @@ describe API::Projects, api: true do
context 'when authenticated as admin' do context 'when authenticated as admin' do
it_behaves_like 'projects response' do it_behaves_like 'projects response' do
let(:filter) { {} }
let(:current_user) { admin } let(:current_user) { admin }
let(:projects) { Project.all } let(:projects) { Project.all }
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment