events_spec.rb 11 KB
Newer Older
Mark Fletcher's avatar
Mark Fletcher committed
1 2
require 'spec_helper'

3
describe API::Events do
Mark Fletcher's avatar
Mark Fletcher committed
4
  include ApiHelpers
5

Mark Fletcher's avatar
Mark Fletcher committed
6 7
  let(:user) { create(:user) }
  let(:non_member) { create(:user) }
8
  let(:private_project) { create(:project, :private, creator_id: user.id, namespace: user.namespace) }
Mark Fletcher's avatar
Mark Fletcher committed
9 10 11 12 13 14 15 16
  let(:closed_issue) { create(:closed_issue, project: private_project, author: user) }
  let!(:closed_issue_event) { create(:event, project: private_project, author: user, target: closed_issue, action: Event::CLOSED, created_at: Date.new(2016, 12, 30)) }

  describe 'GET /events' do
    context 'when unauthenticated' do
      it 'returns authentication error' do
        get api('/events')

17
        expect(response).to have_gitlab_http_status(401)
Mark Fletcher's avatar
Mark Fletcher committed
18 19 20 21 22 23 24
      end
    end

    context 'when authenticated' do
      it 'returns users events' do
        get api('/events?action=closed&target_type=issue&after=2016-12-1&before=2016-12-31', user)

25
        expect(response).to have_gitlab_http_status(200)
Mark Fletcher's avatar
Mark Fletcher committed
26 27 28 29 30
        expect(response).to include_pagination_headers
        expect(json_response).to be_an Array
        expect(json_response.size).to eq(1)
      end
    end
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53

    context 'when the requesting token has "read_user" scope' do
      let(:token) { create(:personal_access_token, scopes: ['read_user'], user: user) }

      it 'returns users events' do
        get api('/events?action=closed&target_type=issue&after=2016-12-1&before=2016-12-31', personal_access_token: token)

        expect(response).to have_gitlab_http_status(200)
        expect(response).to include_pagination_headers
        expect(json_response).to be_an Array
        expect(json_response.size).to eq(1)
      end
    end

    context 'when the requesting token does not have "read_user" or "api" scope' do
      let(:token_without_scopes) { create(:personal_access_token, scopes: ['read_repository'], user: user) }

      it 'returns a "403" response' do
        get api('/events', personal_access_token: token_without_scopes)

        expect(response).to have_gitlab_http_status(403)
      end
    end
Mark Fletcher's avatar
Mark Fletcher committed
54 55 56
  end

  describe 'GET /users/:id/events' do
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
    context "as a user that cannot see another user" do
      it 'returns a "404" response' do
        allow(Ability).to receive(:allowed?).and_call_original
        allow(Ability).to receive(:allowed?).with(non_member, :read_user, user).and_return(false)

        get api("/users/#{user.id}/events", non_member)

        expect(response).to have_gitlab_http_status(200)
        expect(json_response).to be_empty
      end
    end

    context "as a user token that cannot see another user" do
      let(:non_member_token) { create(:personal_access_token, scopes: ['read_user'], user: non_member) }

      it 'returns a "404" response' do
        allow(Ability).to receive(:allowed?).and_call_original
        allow(Ability).to receive(:allowed?).with(non_member, :read_user, user).and_return(false)

        get api("/users/#{user.id}/events", personal_access_token: non_member_token)
Mark Fletcher's avatar
Mark Fletcher committed
77

78
        expect(response).to have_gitlab_http_status(200)
Mark Fletcher's avatar
Mark Fletcher committed
79 80 81 82 83
        expect(json_response).to be_empty
      end
    end

    context "as a user that can see the event's project" do
84 85 86
      it 'accepts a username' do
        get api("/users/#{user.username}/events", user)

87
        expect(response).to have_gitlab_http_status(200)
88 89 90 91 92
        expect(response).to include_pagination_headers
        expect(json_response).to be_an Array
        expect(json_response.size).to eq(1)
      end

Mark Fletcher's avatar
Mark Fletcher committed
93 94 95
      it 'returns the events' do
        get api("/users/#{user.id}/events", user)

96
        expect(response).to have_gitlab_http_status(200)
Mark Fletcher's avatar
Mark Fletcher committed
97 98 99 100 101
        expect(response).to include_pagination_headers
        expect(json_response).to be_an Array
        expect(json_response.size).to eq(1)
      end

102 103 104 105 106 107 108 109 110 111 112 113 114
      context 'when the list of events includes push events' do
        let(:event) do
          create(:push_event, author: user, project: private_project)
        end

        let!(:payload) { create(:push_event_payload, event: event) }
        let(:payload_hash) { json_response[0]['push_data'] }

        before do
          get api("/users/#{user.id}/events?action=pushed", user)
        end

        it 'responds with HTTP 200 OK' do
115
          expect(response).to have_gitlab_http_status(200)
116 117 118 119 120 121 122 123 124 125 126 127 128 129
        end

        it 'includes the push payload as a Hash' do
          expect(payload_hash).to be_an_instance_of(Hash)
        end

        it 'includes the push payload details' do
          expect(payload_hash['commit_count']).to eq(payload.commit_count)
          expect(payload_hash['action']).to eq(payload.action)
          expect(payload_hash['ref_type']).to eq(payload.ref_type)
          expect(payload_hash['commit_to']).to eq(payload.commit_to)
        end
      end

Mark Fletcher's avatar
Mark Fletcher committed
130
      context 'when there are multiple events from different projects' do
131
        let(:second_note) { create(:note_on_issue, project: create(:project)) }
Mark Fletcher's avatar
Mark Fletcher committed
132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162

        before do
          second_note.project.add_user(user, :developer)

          [second_note].each do |note|
            EventCreateService.new.leave_note(note, user)
          end
        end

        it 'returns events in the correct order (from newest to oldest)' do
          get api("/users/#{user.id}/events", user)

          comment_events = json_response.select { |e| e['action_name'] == 'commented on' }
          close_events = json_response.select { |e| e['action_name'] == 'closed' }

          expect(comment_events[0]['target_id']).to eq(second_note.id)
          expect(close_events[0]['target_id']).to eq(closed_issue.id)
        end

        it 'accepts filter parameters' do
          get api("/users/#{user.id}/events?action=closed&target_type=issue&after=2016-12-1&before=2016-12-31", user)

          expect(json_response.size).to eq(1)
          expect(json_response[0]['target_id']).to eq(closed_issue.id)
        end
      end
    end

    it 'returns a 404 error if not found' do
      get api('/users/42/events', user)

163
      expect(response).to have_gitlab_http_status(404)
Mark Fletcher's avatar
Mark Fletcher committed
164 165 166 167 168 169 170 171 172
      expect(json_response['message']).to eq('404 User Not Found')
    end
  end

  describe 'GET /projects/:id/events' do
    context 'when unauthenticated ' do
      it 'returns 404 for private project' do
        get api("/projects/#{private_project.id}/events")

173
        expect(response).to have_gitlab_http_status(404)
Mark Fletcher's avatar
Mark Fletcher committed
174 175 176
      end

      it 'returns 200 status for a public project' do
177
        public_project = create(:project, :public)
Mark Fletcher's avatar
Mark Fletcher committed
178 179 180

        get api("/projects/#{public_project.id}/events")

181
        expect(response).to have_gitlab_http_status(200)
Mark Fletcher's avatar
Mark Fletcher committed
182 183 184
      end
    end

185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246
    context 'with inaccessible events' do
      let(:public_project) { create(:project, :public, creator_id: user.id, namespace: user.namespace) }
      let(:confidential_issue) { create(:closed_issue, confidential: true, project: public_project, author: user) }
      let!(:confidential_event) { create(:event, project: public_project, author: user, target: confidential_issue, action: Event::CLOSED) }
      let(:public_issue) { create(:closed_issue, project: public_project, author: user) }
      let!(:public_event) { create(:event, project: public_project, author: user, target: public_issue, action: Event::CLOSED) }

      it 'returns only accessible events' do
        get api("/projects/#{public_project.id}/events", non_member)

        expect(response).to have_gitlab_http_status(200)
        expect(json_response.size).to eq(1)
      end

      it 'returns all events when the user has access' do
        get api("/projects/#{public_project.id}/events", user)

        expect(response).to have_gitlab_http_status(200)
        expect(json_response.size).to eq(2)
      end
    end

    context 'pagination' do
      let(:public_project) { create(:project, :public) }

      before do
        create(:event,
               project: public_project,
               target: create(:issue, project: public_project, title: 'Issue 1'),
               action: Event::CLOSED,
               created_at: Date.parse('2018-12-10'))
        create(:event,
               project: public_project,
               target: create(:issue, confidential: true, project: public_project, title: 'Confidential event'),
               action: Event::CLOSED,
               created_at: Date.parse('2018-12-11'))
        create(:event,
               project: public_project,
               target: create(:issue, project: public_project, title: 'Issue 2'),
               action: Event::CLOSED,
               created_at: Date.parse('2018-12-12'))
      end

      it 'correctly returns the second page without inaccessible events' do
        get api("/projects/#{public_project.id}/events", user), per_page: 2, page: 2

        titles = json_response.map { |event| event['target_title'] }

        expect(titles.first).to eq('Issue 1')
        expect(titles).not_to include('Confidential event')
      end

      it 'correctly returns the first page without inaccessible events' do
        get api("/projects/#{public_project.id}/events", user), per_page: 2, page: 1

        titles = json_response.map { |event| event['target_title'] }

        expect(titles.first).to eq('Issue 2')
        expect(titles).not_to include('Confidential event')
      end
    end

Mark Fletcher's avatar
Mark Fletcher committed
247 248 249 250
    context 'when not permitted to read' do
      it 'returns 404' do
        get api("/projects/#{private_project.id}/events", non_member)

251
        expect(response).to have_gitlab_http_status(404)
Mark Fletcher's avatar
Mark Fletcher committed
252 253 254 255 256 257 258
      end
    end

    context 'when authenticated' do
      it 'returns project events' do
        get api("/projects/#{private_project.id}/events?action=closed&target_type=issue&after=2016-12-1&before=2016-12-31", user)

259
        expect(response).to have_gitlab_http_status(200)
Mark Fletcher's avatar
Mark Fletcher committed
260 261 262 263 264 265 266 267
        expect(response).to include_pagination_headers
        expect(json_response).to be_an Array
        expect(json_response.size).to eq(1)
      end

      it 'returns 404 if project does not exist' do
        get api("/projects/1234/events", user)

268
        expect(response).to have_gitlab_http_status(404)
Mark Fletcher's avatar
Mark Fletcher committed
269 270
      end
    end
sue445's avatar
sue445 committed
271 272

    context 'when exists some events' do
273 274 275
      let(:merge_request1) { create(:merge_request, :closed, author: user, assignee: user, source_project: private_project, title: 'Test') }
      let(:merge_request2) { create(:merge_request, :closed, author: user, assignee: user, source_project: private_project, title: 'Test') }

sue445's avatar
sue445 committed
276 277 278 279 280
      before do
        create_event(merge_request1)
      end

      it 'avoids N+1 queries' do
281
        control_count = ActiveRecord::QueryRecorder.new(skip_cached: false) do
282
          get api("/projects/#{private_project.id}/events", user), target_type: :merge_request
sue445's avatar
sue445 committed
283 284 285 286 287
        end.count

        create_event(merge_request2)

        expect do
288
          get api("/projects/#{private_project.id}/events", user), target_type: :merge_request
289
        end.not_to exceed_all_query_limit(control_count)
sue445's avatar
sue445 committed
290

291
        expect(response).to have_gitlab_http_status(200)
sue445's avatar
sue445 committed
292
        expect(response).to include_pagination_headers
293 294
        expect(json_response.size).to eq(2)
        expect(json_response.map { |r| r['target_id'] }).to match_array([merge_request1.id, merge_request2.id])
sue445's avatar
sue445 committed
295 296 297 298 299 300
      end

      def create_event(target)
        create(:event, project: private_project, author: user, target: target)
      end
    end
Mark Fletcher's avatar
Mark Fletcher committed
301 302
  end
end