Commit 06e96907 authored by Oswaldo Ferreira's avatar Oswaldo Ferreira Committed by Toon Claes
Browse files

Add filter param for authorized projects for current_user for V4

parent a9a58156
---
title: Add filter param for authorized projects for current_user for V4
merge_request:
author:
......@@ -37,6 +37,7 @@ Parameters:
| `search` | string | no | Return list of authorized projects matching the search criteria |
| `simple` | boolean | no | Return only the ID, URL, name, and path of each project |
| `owned` | boolean | no | Limit by projects owned by the current user |
| `authorized` | boolean | no | Limit by projects authorized for the current user |
| `starred` | boolean | no | Limit by projects starred by the current user |
```json
......
......@@ -53,3 +53,4 @@ changes are in V4:
- Remove `GET /groups/owned`. Use `GET /groups?owned=true` instead [!9505](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9505)
- Return 202 with JSON body on async removals on V4 API (DELETE `/projects/:id/repository/merged_branches` and DELETE `/projects/:id`) [!9449](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9449)
- `projects/:id/milestones?iid[]=x&iid[]=y` array filter has been renamed to `iids` [!9096](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9096)
- Enable filtering user's authorized projects with boolean param `authorized` on `/projects` endpoint [!9674](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/9674)
......@@ -252,6 +252,10 @@ def handle_api_exception(exception)
# project helpers
def filter_projects(projects)
if params[:authorized]
projects = projects.merge(current_user.authorized_projects)
end
if params[:owned]
projects = projects.merge(current_user.owned_projects)
end
......
......@@ -43,9 +43,10 @@
describe 'GET /projects' do
shared_examples_for 'projects response' do
it 'returns an array of projects' do
get api('/projects', current_user)
get api('/projects', current_user), filter
expect(response).to have_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.map { |p| p['id'] }).to contain_exactly(*projects.map(&:id))
end
......@@ -61,6 +62,7 @@
context 'when unauthenticated' do
it_behaves_like 'projects response' do
let(:filter) { {} }
let(:current_user) { nil }
let(:projects) { [public_project] }
end
......@@ -68,6 +70,7 @@
context 'when authenticated as regular user' do
it_behaves_like 'projects response' do
let(:filter) { {} }
let(:current_user) { user }
let(:projects) { [public_project, project, project2, project3] }
end
......@@ -133,13 +136,18 @@
end
context 'and using search' do
it 'returns searched project' do
get api('/projects', user), { search: project.name }
it_behaves_like 'projects response' do
let(:filter) { { search: project.name } }
let(:current_user) { user }
let(:projects) { [project] }
end
end
expect(response).to have_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.length).to eq(1)
context 'and authorized=true' do
it_behaves_like 'projects response' do
let(:filter) { { authorized: true } }
let(:current_user) { user }
let(:projects) { [project, project2, project3] }
end
end
......@@ -216,36 +224,52 @@
end
context 'and with all query parameters' do
# | | project5 | project6 | project7 | project8 | project9 |
# |---------+----------+----------+----------+----------+----------|
# | search | x | | x | x | x |
# | starred | x | x | | x | x |
# | public | x | x | x | | x |
# | owned | x | x | x | x | |
let!(:project5) { create(:empty_project, :public, path: 'gitlab5', namespace: user.namespace) }
let!(:project5) { create(:empty_project, :public, path: 'gitlab5', namespace: create(:namespace)) }
let!(:project6) { create(:empty_project, :public, path: 'project6', namespace: user.namespace) }
let!(:project7) { create(:empty_project, :public, path: 'gitlab7', namespace: user.namespace) }
let!(:project8) { create(:empty_project, path: 'gitlab8', namespace: user.namespace) }
let!(:project9) { create(:empty_project, :public, path: 'gitlab9') }
before do
user.update_attributes(starred_projects: [project5, project6, project8, project9])
user.update_attributes(starred_projects: [project5, project7, project8, project9])
end
it 'returns only projects that satify all query parameters' do
get api('/projects', user), { visibility: 'public', owned: true, starred: true, search: 'gitlab' }
context 'including owned filter' do
it 'returns only projects that satify all query parameters' do
get api('/projects', user), { visibility: 'public', owned: true, starred: true, search: 'gitlab' }
expect(response).to have_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.size).to eq(1)
expect(json_response.first['id']).to eq(project5.id)
expect(response).to have_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.size).to eq(1)
expect(json_response.first['id']).to eq(project7.id)
end
end
context 'including authorized filter' do
before do
create(:project_member,
user: user,
project: project5,
access_level: ProjectMember::MASTER)
end
it 'returns only projects that satify all query parameters' do
get api('/projects', user), { visibility: 'public', authorized: true, starred: true, search: 'gitlab' }
expect(response).to have_http_status(200)
expect(response).to include_pagination_headers
expect(json_response).to be_an Array
expect(json_response.size).to eq(2)
expect(json_response.map { |project| project.fetch('id') }).to contain_exactly(project5.id, project7.id)
end
end
end
end
context 'when authenticated as a different user' do
it_behaves_like 'projects response' do
let(:filter) { {} }
let(:current_user) { user2 }
let(:projects) { [public_project] }
end
......@@ -253,6 +277,7 @@
context 'when authenticated as admin' do
it_behaves_like 'projects response' do
let(:filter) { {} }
let(:current_user) { admin }
let(:projects) { Project.all }
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment