commits_spec.rb 31.7 KB
Newer Older
1 2 3
require 'spec_helper'
require 'mime/types'

4
describe API::Commits do
5
  let(:user) { create(:user) }
6 7 8 9 10 11 12
  let(:guest) { create(:user).tap { |u| project.add_guest(u) } }
  let(:project) { create(:project, :repository, creator: user, path: 'my.project') }
  let(:branch_with_dot) { project.repository.find_branch('ends-with.json') }
  let(:branch_with_slash) { project.repository.find_branch('improve/awesome') }

  let(:project_id) { project.id }
  let(:current_user) { nil }
13

14
  before do
15
    project.add_master(user)
16
  end
17

18 19
  describe 'GET /projects/:id/repository/commits' do
    context 'authorized user' do
20
      it "returns project commits" do
21
        commit = project.repository.commit
22

23
        get api("/projects/#{project_id}/repository/commits", user)
24

25
        expect(response).to have_http_status(200)
26
        expect(response).to match_response_schema('public_api/v4/commits')
27 28 29
        expect(json_response.first['id']).to eq(commit.id)
        expect(json_response.first['committer_name']).to eq(commit.committer_name)
        expect(json_response.first['committer_email']).to eq(commit.committer_email)
30
      end
31 32 33 34

      it 'include correct pagination headers' do
        commit_count = project.repository.count_commits(ref: 'master').to_s

35
        get api("/projects/#{project_id}/repository/commits", user)
36 37 38 39 40

        expect(response).to include_pagination_headers
        expect(response.headers['X-Total']).to eq(commit_count)
        expect(response.headers['X-Page']).to eql('1')
      end
41 42 43
    end

    context "unauthorized user" do
44
      it "does not return project commits" do
45 46 47
        get api("/projects/#{project_id}/repository/commits")

        expect(response).to have_http_status(404)
48 49
      end
    end
50 51

    context "since optional parameter" do
52
      it "returns project commits since provided parameter" do
53
        commits = project.repository.commits("master")
54
        after = commits.second.created_at
55

56
        get api("/projects/#{project_id}/repository/commits?since=#{after.utc.iso8601}", user)
57 58 59 60 61

        expect(json_response.size).to eq 2
        expect(json_response.first["id"]).to eq(commits.first.id)
        expect(json_response.second["id"]).to eq(commits.second.id)
      end
62 63 64 65 66 67

      it 'include correct pagination headers' do
        commits = project.repository.commits("master")
        after = commits.second.created_at
        commit_count = project.repository.count_commits(ref: 'master', after: after).to_s

68
        get api("/projects/#{project_id}/repository/commits?since=#{after.utc.iso8601}", user)
69 70 71 72 73

        expect(response).to include_pagination_headers
        expect(response.headers['X-Total']).to eq(commit_count)
        expect(response.headers['X-Page']).to eql('1')
      end
74 75 76
    end

    context "until optional parameter" do
77
      it "returns project commits until provided parameter" do
78 79 80
        commits = project.repository.commits("master")
        before = commits.second.created_at

81
        get api("/projects/#{project_id}/repository/commits?until=#{before.utc.iso8601}", user)
82

83 84 85 86 87 88
        if commits.size >= 20
          expect(json_response.size).to eq(20)
        else
          expect(json_response.size).to eq(commits.size - 1)
        end

89 90 91
        expect(json_response.first["id"]).to eq(commits.second.id)
        expect(json_response.second["id"]).to eq(commits.third.id)
      end
92 93 94 95 96 97

      it 'include correct pagination headers' do
        commits = project.repository.commits("master")
        before = commits.second.created_at
        commit_count = project.repository.count_commits(ref: 'master', before: before).to_s

98
        get api("/projects/#{project_id}/repository/commits?until=#{before.utc.iso8601}", user)
99 100 101 102 103

        expect(response).to include_pagination_headers
        expect(response.headers['X-Total']).to eq(commit_count)
        expect(response.headers['X-Page']).to eql('1')
      end
104 105 106
    end

    context "invalid xmlschema date parameters" do
107
      it "returns an invalid parameter error message" do
108
        get api("/projects/#{project_id}/repository/commits?since=invalid-date", user)
109

110
        expect(response).to have_http_status(400)
111
        expect(json_response['error']).to eq('since is invalid')
112 113
      end
    end
114 115 116 117

    context "path optional parameter" do
      it "returns project commits matching provided path parameter" do
        path = 'files/ruby/popen.rb'
118
        commit_count = project.repository.count_commits(ref: 'master', path: path).to_s
119

120
        get api("/projects/#{project_id}/repository/commits?path=#{path}", user)
121 122 123

        expect(json_response.size).to eq(3)
        expect(json_response.first["id"]).to eq("570e7b2abdd848b95f2f578043fc23bd6f6fd24d")
124 125
        expect(response).to include_pagination_headers
        expect(response.headers['X-Total']).to eq(commit_count)
126
      end
127

128 129 130 131
      it 'include correct pagination headers' do
        path = 'files/ruby/popen.rb'
        commit_count = project.repository.count_commits(ref: 'master', path: path).to_s

132
        get api("/projects/#{project_id}/repository/commits?path=#{path}", user)
133 134 135 136 137 138

        expect(response).to include_pagination_headers
        expect(response.headers['X-Total']).to eq(commit_count)
        expect(response.headers['X-Page']).to eql('1')
      end
    end
139

140 141
    context 'with pagination params' do
      let(:page) { 1 }
142 143 144
      let(:per_page) { 5 }
      let(:ref_name) { 'master' }
      let!(:request) do
145
        get api("/projects/#{project_id}/repository/commits?page=#{page}&per_page=#{per_page}&ref_name=#{ref_name}", user)
146 147
      end

148 149
      it 'returns correct headers' do
        commit_count = project.repository.count_commits(ref: ref_name).to_s
150

151
        expect(response).to include_pagination_headers
152
        expect(response.headers['X-Total']).to eq(commit_count)
153 154 155
        expect(response.headers['X-Page']).to eq('1')
        expect(response.headers['Link']).to match(/page=1&per_page=5/)
        expect(response.headers['Link']).to match(/page=2&per_page=5/)
156 157 158 159 160 161 162 163
      end

      context 'viewing the first page' do
        it 'returns the first 5 commits' do
          commit = project.repository.commit

          expect(json_response.size).to eq(per_page)
          expect(json_response.first['id']).to eq(commit.id)
164
          expect(response.headers['X-Page']).to eq('1')
165 166 167
        end
      end

168 169
      context 'viewing the third page' do
        let(:page) { 3 }
170

171 172
        it 'returns the third 5 commits' do
          commit = project.repository.commits('HEAD', offset: (page - 1) * per_page).first
173 174 175

          expect(json_response.size).to eq(per_page)
          expect(json_response.first['id']).to eq(commit.id)
176
          expect(response.headers['X-Page']).to eq('3')
177 178 179
        end
      end
    end
180 181
  end

182
  describe "POST /projects/:id/repository/commits" do
183
    let!(:url) { "/projects/#{project_id}/repository/commits" }
Marc Siegfriedt's avatar
Marc Siegfriedt committed
184 185

    it 'returns a 403 unauthorized for user without permissions' do
186
      post api(url, guest)
Marc Siegfriedt's avatar
Marc Siegfriedt committed
187 188 189 190 191 192 193 194 195 196

      expect(response).to have_http_status(403)
    end

    it 'returns a 400 bad request if no params are given' do
      post api(url, user)

      expect(response).to have_http_status(400)
    end

197
    describe 'create' do
Marc Siegfriedt's avatar
Marc Siegfriedt committed
198 199 200
      let(:message) { 'Created file' }
      let!(:invalid_c_params) do
        {
201
          branch: 'master',
Marc Siegfriedt's avatar
Marc Siegfriedt committed
202 203 204 205 206 207 208 209 210 211 212 213
          commit_message: message,
          actions: [
            {
              action: 'create',
              file_path: 'files/ruby/popen.rb',
              content: 'puts 8'
            }
          ]
        }
      end
      let!(:valid_c_params) do
        {
214
          branch: 'master',
Marc Siegfriedt's avatar
Marc Siegfriedt committed
215 216 217 218 219 220 221 222 223 224 225 226 227 228
          commit_message: message,
          actions: [
            {
              action: 'create',
              file_path: 'foo/bar/baz.txt',
              content: 'puts 8'
            }
          ]
        }
      end

      it 'a new file in project repo' do
        post api(url, user), valid_c_params

229
        expect(response).to have_gitlab_http_status(201)
Marc Siegfriedt's avatar
Marc Siegfriedt committed
230
        expect(json_response['title']).to eq(message)
231 232
        expect(json_response['committer_name']).to eq(user.name)
        expect(json_response['committer_email']).to eq(user.email)
Marc Siegfriedt's avatar
Marc Siegfriedt committed
233 234 235 236 237 238 239
      end

      it 'returns a 400 bad request if file exists' do
        post api(url, user), invalid_c_params

        expect(response).to have_http_status(400)
      end
240

241 242
      context 'with project path containing a dot in URL' do
        let(:url) { "/projects/#{CGI.escape(project.full_path)}/repository/commits" }
243 244 245 246 247 248 249

        it 'a new file in project repo' do
          post api(url, user), valid_c_params

          expect(response).to have_http_status(201)
        end
      end
Marc Siegfriedt's avatar
Marc Siegfriedt committed
250 251
    end

252
    describe 'delete' do
Marc Siegfriedt's avatar
Marc Siegfriedt committed
253 254 255
      let(:message) { 'Deleted file' }
      let!(:invalid_d_params) do
        {
256
          branch: 'markdown',
Marc Siegfriedt's avatar
Marc Siegfriedt committed
257 258 259 260 261 262 263 264 265 266 267
          commit_message: message,
          actions: [
            {
              action: 'delete',
              file_path: 'doc/api/projects.md'
            }
          ]
        }
      end
      let!(:valid_d_params) do
        {
268
          branch: 'markdown',
Marc Siegfriedt's avatar
Marc Siegfriedt committed
269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292
          commit_message: message,
          actions: [
            {
              action: 'delete',
              file_path: 'doc/api/users.md'
            }
          ]
        }
      end

      it 'an existing file in project repo' do
        post api(url, user), valid_d_params

        expect(response).to have_http_status(201)
        expect(json_response['title']).to eq(message)
      end

      it 'returns a 400 bad request if file does not exist' do
        post api(url, user), invalid_d_params

        expect(response).to have_http_status(400)
      end
    end

293
    describe 'move' do
Marc Siegfriedt's avatar
Marc Siegfriedt committed
294 295 296
      let(:message) { 'Moved file' }
      let!(:invalid_m_params) do
        {
297
          branch: 'feature',
Marc Siegfriedt's avatar
Marc Siegfriedt committed
298 299 300 301 302 303 304 305 306 307 308 309 310
          commit_message: message,
          actions: [
            {
              action: 'move',
              file_path: 'CHANGELOG',
              previous_path: 'VERSION',
              content: '6.7.0.pre'
            }
          ]
        }
      end
      let!(:valid_m_params) do
        {
311
          branch: 'feature',
Marc Siegfriedt's avatar
Marc Siegfriedt committed
312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337
          commit_message: message,
          actions: [
            {
              action: 'move',
              file_path: 'VERSION.txt',
              previous_path: 'VERSION',
              content: '6.7.0.pre'
            }
          ]
        }
      end

      it 'an existing file in project repo' do
        post api(url, user), valid_m_params

        expect(response).to have_http_status(201)
        expect(json_response['title']).to eq(message)
      end

      it 'returns a 400 bad request if file does not exist' do
        post api(url, user), invalid_m_params

        expect(response).to have_http_status(400)
      end
    end

338
    describe 'update' do
Marc Siegfriedt's avatar
Marc Siegfriedt committed
339 340 341
      let(:message) { 'Updated file' }
      let!(:invalid_u_params) do
        {
342
          branch: 'master',
Marc Siegfriedt's avatar
Marc Siegfriedt committed
343 344 345 346 347 348 349 350 351 352 353 354
          commit_message: message,
          actions: [
            {
              action: 'update',
              file_path: 'foo/bar.baz',
              content: 'puts 8'
            }
          ]
        }
      end
      let!(:valid_u_params) do
        {
355
          branch: 'master',
Marc Siegfriedt's avatar
Marc Siegfriedt committed
356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380
          commit_message: message,
          actions: [
            {
              action: 'update',
              file_path: 'files/ruby/popen.rb',
              content: 'puts 8'
            }
          ]
        }
      end

      it 'an existing file in project repo' do
        post api(url, user), valid_u_params

        expect(response).to have_http_status(201)
        expect(json_response['title']).to eq(message)
      end

      it 'returns a 400 bad request if file does not exist' do
        post api(url, user), invalid_u_params

        expect(response).to have_http_status(400)
      end
    end

381
    describe 'multiple operations' do
Marc Siegfriedt's avatar
Marc Siegfriedt committed
382 383 384
      let(:message) { 'Multiple actions' }
      let!(:invalid_mo_params) do
        {
385
          branch: 'master',
Marc Siegfriedt's avatar
Marc Siegfriedt committed
386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412
          commit_message: message,
          actions: [
            {
              action: 'create',
              file_path: 'files/ruby/popen.rb',
              content: 'puts 8'
            },
            {
              action: 'delete',
              file_path: 'doc/api/projects.md'
            },
            {
              action: 'move',
              file_path: 'CHANGELOG',
              previous_path: 'VERSION',
              content: '6.7.0.pre'
            },
            {
              action: 'update',
              file_path: 'foo/bar.baz',
              content: 'puts 8'
            }
          ]
        }
      end
      let!(:valid_mo_params) do
        {
413
          branch: 'master',
Marc Siegfriedt's avatar
Marc Siegfriedt committed
414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454
          commit_message: message,
          actions: [
            {
              action: 'create',
              file_path: 'foo/bar/baz.txt',
              content: 'puts 8'
            },
            {
              action: 'delete',
              file_path: 'Gemfile.zip'
            },
            {
              action: 'move',
              file_path: 'VERSION.txt',
              previous_path: 'VERSION',
              content: '6.7.0.pre'
            },
            {
              action: 'update',
              file_path: 'files/ruby/popen.rb',
              content: 'puts 8'
            }
          ]
        }
      end

      it 'are commited as one in project repo' do
        post api(url, user), valid_mo_params

        expect(response).to have_http_status(201)
        expect(json_response['title']).to eq(message)
      end

      it 'return a 400 bad request if there are any issues' do
        post api(url, user), invalid_mo_params

        expect(response).to have_http_status(400)
      end
    end
  end

455 456 457 458
  describe 'GET /projects/:id/repository/commits/:sha' do
    let(:commit) { project.repository.commit }
    let(:commit_id) { commit.id }
    let(:route) { "/projects/#{project_id}/repository/commits/#{commit_id}" }
459

460 461 462 463 464 465
    shared_examples_for 'ref commit' do
      it 'returns the ref last commit' do
        get api(route, current_user)

        expect(response).to have_gitlab_http_status(200)
        expect(response).to match_response_schema('public_api/v4/commit/detail')
466 467 468 469 470 471 472 473 474 475 476 477 478 479
        expect(json_response['id']).to eq(commit.id)
        expect(json_response['short_id']).to eq(commit.short_id)
        expect(json_response['title']).to eq(commit.title)
        expect(json_response['message']).to eq(commit.safe_message)
        expect(json_response['author_name']).to eq(commit.author_name)
        expect(json_response['author_email']).to eq(commit.author_email)
        expect(json_response['authored_date']).to eq(commit.authored_date.iso8601(3))
        expect(json_response['committer_name']).to eq(commit.committer_name)
        expect(json_response['committer_email']).to eq(commit.committer_email)
        expect(json_response['committed_date']).to eq(commit.committed_date.iso8601(3))
        expect(json_response['parent_ids']).to eq(commit.parent_ids)
        expect(json_response['stats']['additions']).to eq(commit.stats.additions)
        expect(json_response['stats']['deletions']).to eq(commit.stats.deletions)
        expect(json_response['stats']['total']).to eq(commit.stats.total)
480
        expect(json_response['status']).to be_nil
481 482
      end

483 484 485 486 487 488 489
      context 'when ref does not exist' do
        let(:commit_id) { 'unknown' }

        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
          let(:message) { '404 Commit Not Found' }
        end
490
      end
491

492 493
      context 'when repository is disabled' do
        include_context 'disabled repository'
494

495 496 497
        it_behaves_like '403 response' do
          let(:request) { get api(route, current_user) }
        end
498
      end
499
    end
500

501 502
    context 'when unauthenticated', 'and project is public' do
      let(:project) { create(:project, :public, :repository) }
503

504 505
      it_behaves_like 'ref commit'
    end
506

507 508 509 510
    context 'when unauthenticated', 'and project is private' do
      it_behaves_like '404 response' do
        let(:request) { get api(route) }
        let(:message) { '404 Project Not Found' }
511
      end
512
    end
513

514 515
    context 'when authenticated', 'as a master' do
      let(:current_user) { user }
516

517
      it_behaves_like 'ref commit'
518

519 520 521 522 523
      context 'when branch contains a dot' do
        let(:commit) { project.repository.commit(branch_with_dot.name) }
        let(:commit_id) { branch_with_dot.name }

        it_behaves_like 'ref commit'
524
      end
525

526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577
      context 'when branch contains a slash' do
        let(:commit_id) { branch_with_slash.name }

        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
        end
      end

      context 'when branch contains an escaped slash' do
        let(:commit) { project.repository.commit(branch_with_slash.name) }
        let(:commit_id) { CGI.escape(branch_with_slash.name) }

        it_behaves_like 'ref commit'
      end

      context 'requesting with the escaped project full path' do
        let(:project_id) { CGI.escape(project.full_path) }

        it_behaves_like 'ref commit'

        context 'when branch contains a dot' do
          let(:commit) { project.repository.commit(branch_with_dot.name) }
          let(:commit_id) { branch_with_dot.name }

          it_behaves_like 'ref commit'
        end
      end

      context 'when the ref has a pipeline' do
        let!(:pipeline) { project.pipelines.create(source: :push, ref: 'master', sha: commit.sha) }

        it 'includes a "created" status' do
          get api(route, current_user)

          expect(response).to have_http_status(200)
          expect(response).to match_response_schema('public_api/v4/commit/detail')
          expect(json_response['status']).to eq('created')
        end

        context 'when pipeline succeeds' do
          before do
            pipeline.update(status: 'success')
          end

          it 'includes a "success" status' do
            get api(route, current_user)

            expect(response).to have_http_status(200)
            expect(response).to match_response_schema('public_api/v4/commit/detail')
            expect(json_response['status']).to eq('success')
          end
        end
578 579 580 581
      end
    end
  end

582 583 584 585 586 587 588 589 590 591 592 593
  describe 'GET /projects/:id/repository/commits/:sha/diff' do
    let(:commit) { project.repository.commit }
    let(:commit_id) { commit.id }
    let(:route) { "/projects/#{project_id}/repository/commits/#{commit_id}/diff" }

    shared_examples_for 'ref diff' do
      it 'returns the diff of the selected commit' do
        get api(route, current_user)

        expect(response).to have_gitlab_http_status(200)
        expect(json_response.size).to be >= 1
        expect(json_response.first.keys).to include 'diff'
594
      end
595

596 597
      context 'when ref does not exist' do
        let(:commit_id) { 'unknown' }
598

599 600 601 602
        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
          let(:message) { '404 Commit Not Found' }
        end
603 604
      end

605 606 607 608 609 610
      context 'when repository is disabled' do
        include_context 'disabled repository'

        it_behaves_like '403 response' do
          let(:request) { get api(route, current_user) }
        end
611 612 613
      end
    end

614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661
    context 'when unauthenticated', 'and project is public' do
      let(:project) { create(:project, :public, :repository) }

      it_behaves_like 'ref diff'
    end

    context 'when unauthenticated', 'and project is private' do
      it_behaves_like '404 response' do
        let(:request) { get api(route) }
        let(:message) { '404 Project Not Found' }
      end
    end

    context 'when authenticated', 'as a master' do
      let(:current_user) { user }

      it_behaves_like 'ref diff'

      context 'when branch contains a dot' do
        let(:commit_id) { branch_with_dot.name }

        it_behaves_like 'ref diff'
      end

      context 'when branch contains a slash' do
        let(:commit_id) { branch_with_slash.name }

        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
        end
      end

      context 'when branch contains an escaped slash' do
        let(:commit_id) { CGI.escape(branch_with_slash.name) }

        it_behaves_like 'ref diff'
      end

      context 'requesting with the escaped project full path' do
        let(:project_id) { CGI.escape(project.full_path) }

        it_behaves_like 'ref diff'

        context 'when branch contains a dot' do
          let(:commit_id) { branch_with_dot.name }

          it_behaves_like 'ref diff'
        end
662 663 664
      end
    end
  end
665

666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686
  describe 'GET /projects/:id/repository/commits/:sha/comments' do
    let(:commit) { project.repository.commit }
    let(:commit_id) { commit.id }
    let(:route) { "/projects/#{project_id}/repository/commits/#{commit_id}/comments" }

    shared_examples_for 'ref comments' do
      context 'when ref exists' do
        before do
          create(:note_on_commit, author: user, project: project, commit_id: commit.id, note: 'a comment on a commit')
          create(:note_on_commit, author: user, project: project, commit_id: commit.id, note: 'another comment on a commit')
        end

        it 'returns the diff of the selected commit' do
          get api(route, current_user)

          expect(response).to have_gitlab_http_status(200)
          expect(response).to match_response_schema('public_api/v4/commit_notes')
          expect(json_response.size).to eq(2)
          expect(json_response.first['note']).to eq('a comment on a commit')
          expect(json_response.first['author']['id']).to eq(user.id)
        end
687 688
      end

689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716
      context 'when ref does not exist' do
        let(:commit_id) { 'unknown' }

        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
          let(:message) { '404 Commit Not Found' }
        end
      end

      context 'when repository is disabled' do
        include_context 'disabled repository'

        it_behaves_like '403 response' do
          let(:request) { get api(route, current_user) }
        end
      end
    end

    context 'when unauthenticated', 'and project is public' do
      let(:project) { create(:project, :public, :repository) }

      it_behaves_like 'ref comments'
    end

    context 'when unauthenticated', 'and project is private' do
      it_behaves_like '404 response' do
        let(:request) { get api(route) }
        let(:message) { '404 Project Not Found' }
717 718 719
      end
    end

720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758
    context 'when authenticated', 'as a master' do
      let(:current_user) { user }

      it_behaves_like 'ref comments'

      context 'when branch contains a dot' do
        let(:commit) { project.repository.commit(branch_with_dot.name) }
        let(:commit_id) { branch_with_dot.name }

        it_behaves_like 'ref comments'
      end

      context 'when branch contains a slash' do
        let(:commit) { project.repository.commit(branch_with_slash.name) }
        let(:commit_id) { branch_with_slash.name }

        it_behaves_like '404 response' do
          let(:request) { get api(route, current_user) }
        end
      end

      context 'when branch contains an escaped slash' do
        let(:commit) { project.repository.commit(branch_with_slash.name) }
        let(:commit_id) { CGI.escape(branch_with_slash.name) }

        it_behaves_like 'ref comments'
      end

      context 'requesting with the escaped project full path' do
        let(:project_id) { CGI.escape(project.full_path) }

        it_behaves_like 'ref comments'

        context 'when branch contains a dot' do
          let(:commit) { project.repository.commit(branch_with_dot.name) }
          let(:commit_id) { branch_with_dot.name }

          it_behaves_like 'ref comments'
        end
759 760
      end
    end
761 762

    context 'when the commit is present on two projects' do
763 764 765 766
      let(:forked_project) { create(:project, :repository, creator: guest, namespace: guest.namespace) }
      let!(:forked_project_note) { create(:note_on_commit, author: guest, project: forked_project, commit_id: forked_project.repository.commit.id, note: 'a comment on a commit for fork') }
      let(:project_id) { forked_project.id }
      let(:commit_id) { forked_project.repository.commit.id }
767 768

      it 'returns the comments for the target project' do
769
        get api(route, guest)
770

771 772 773
        expect(response).to have_gitlab_http_status(200)
        expect(response).to match_response_schema('public_api/v4/commit_notes')
        expect(json_response.size).to eq(1)
774
        expect(json_response.first['note']).to eq('a comment on a commit for fork')
775
        expect(json_response.first['author']['id']).to eq(guest.id)
776 777
      end
    end
778 779
  end

780
  describe 'POST :id/repository/commits/:sha/cherry_pick' do
781 782 783 784 785 786 787 788 789 790 791 792 793
    let(:commit) { project.commit('7d3b0f7cff5f37573aea97cebfd5692ea1689924') }
    let(:commit_id) { commit.id }
    let(:branch) { 'master' }
    let(:route) { "/projects/#{project_id}/repository/commits/#{commit_id}/cherry_pick" }

    shared_examples_for 'ref cherry-pick' do
      context 'when ref exists' do
        it 'cherry-picks the ref commit' do
          post api(route, current_user), branch: branch

          expect(response).to have_gitlab_http_status(201)
          expect(response).to match_response_schema('public_api/v4/commit/basic')
          expect(json_response['title']).to eq(commit.title)
794
          expect(json_response['message']).to eq(commit.cherry_pick_message(project, branch))
795 796 797 798
          expect(json_response['author_name']).to eq(commit.author_name)
          expect(json_response['committer_name']).to eq(user.name)
        end
      end
799

800 801
      context 'when repository is disabled' do
        include_context 'disabled repository'
802

803 804 805
        it_behaves_like '403 response' do
          let(:request) { post api(route, current_user), branch: 'master' }
        end
806
      end
807
    end
808

809 810
    context 'when unauthenticated', 'and project is public' do
      let(:project) { create(:project, :public, :repository) }
811

812 813 814 815 816 817 818 819 820
      it_behaves_like '403 response' do
        let(:request) { post api(route), branch: 'master' }
      end
    end

    context 'when unauthenticated', 'and project is private' do
      it_behaves_like '404 response' do
        let(:request) { post api(route), branch: 'master' }
        let(:message) { '404 Project Not Found' }
821
      end
822
    end
823

824 825
    context 'when authenticated', 'as an owner' do
      let(:current_user) { user }
826

827
      it_behaves_like 'ref cherry-pick'
828

829 830 831 832 833 834 835 836 837 838 839 840 841
      context 'when ref does not exist' do
        let(:commit_id) { 'unknown' }

        it_behaves_like '404 response' do
          let(:request) { post api(route, current_user), branch: 'master' }
          let(:message) { '404 Commit Not Found' }
        end
      end

      context 'when branch is missing' do
        it_behaves_like '400 response' do
          let(:request) { post api(route, current_user) }
        end
842 843
      end

844 845 846 847 848 849
      context 'when branch does not exist' do
        it_behaves_like '404 response' do
          let(:request) { post api(route, current_user), branch: 'foo' }
          let(:message) { '404 Branch Not Found' }
        end
      end
850

851 852 853 854
      context 'when commit is already included in the target branch' do
        it_behaves_like '400 response' do
          let(:request) { post api(route, current_user), branch: 'markdown' }
        end
855 856
      end

857 858 859
      context 'when ref contains a dot' do
        let(:commit) { project.repository.commit(branch_with_dot.name) }
        let(:commit_id) { branch_with_dot.name }
860

861
        it_behaves_like 'ref cherry-pick'
862 863
      end

864 865
      context 'when ref contains a slash' do
        let(:commit_id) { branch_with_slash.name }
866

867 868 869
        it_behaves_like '404 response' do
          let(:request) { post api(route, current_user), branch: 'master' }
        end
870 871
      end

872 873
      context 'requesting with the escaped project full path' do
        let(:project_id) { CGI.escape(project.full_path) }
874

875 876 877 878 879 880 881 882
        it_behaves_like 'ref cherry-pick'

        context 'when ref contains a dot' do
          let(:commit) { project.repository.commit(branch_with_dot.name) }
          let(:commit_id) { branch_with_dot.name }

          it_behaves_like 'ref cherry-pick'
        end
883 884 885
      end
    end

886 887 888 889 890 891 892 893 894 895 896 897 898 899
    context 'when authenticated', 'as a developer' do
      let(:current_user) { guest }

      before do
        project.add_developer(guest)
      end

      context 'when branch is protected' do
        before do
          create(:protected_branch, project: project, name: 'feature')
        end

        it 'returns 400 if you are not allowed to push to the target branch' do
          post api(route, current_user), branch: 'feature'
900

901 902 903
          expect(response).to have_gitlab_http_status(400)
          expect(json_response['message']).to eq('You are not allowed to push into this branch')
        end
904 905 906 907
      end
    end
  end

908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925
  describe 'POST /projects/:id/repository/commits/:sha/comments' do
    let(:commit) { project.repository.commit }
    let(:commit_id) { commit.id }
    let(:note) { 'My comment' }
    let(:route) { "/projects/#{project_id}/repository/commits/#{commit_id}/comments" }

    shared_examples_for 'ref new comment' do
      context 'when ref exists' do
        it 'creates the comment' do
          post api(route, current_user), note: note

          expect(response).to have_gitlab_http_status(201)
          expect(response).to match_response_schema('public_api/v4/commit_note')
          expect(json_response['note']).to eq('My comment')
          expect(json_response['path']).to be_nil
          expect(json_response['line']).to be_nil
          expect(json_response['line_type']).to be_nil
        end
926 927
      end

928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956
      context 'when repository is disabled' do
        include_context 'disabled repository'

        it_behaves_like '403 response' do
          let(:request) { post api(route, current_user), note: 'My comment' }
        end
      end
    end

    context 'when unauthenticated', 'and project is public' do
      let(:project) { create(:project, :public, :repository) }

      it_behaves_like '400 response' do
        let(:request) { post api(route), note: 'My comment' }
      end
    end

    context 'when unauthenticated', 'and project is private' do
      it_behaves_like '404 response' do
        let(:request) { post api(route), note: 'My comment' }
        let(:message) { '404 Project Not Found' }
      end
    end

    context 'when authenticated', 'as an owner' do
      let(:current_user) { user }

      it_behaves_like 'ref new comment'

957
      it 'returns the inline comment' do
958
        post api(route, current_user), note: 'My comment', path: project.repository.commit.raw_diffs.first.new_path, line: 1, line_type: 'new'
959

960 961
        expect(response).to have_gitlab_http_status(201)
        expect(response).to match_response_schema('public_api/v4/commit_note')
962
        expect(json_response['note']).to eq('My comment')
963
        expect(json_response['path']).to eq(project.repository.commit.raw_diffs.first.new_path)
964
        expect(json_response['line']).to eq(1)
965
        expect(json_response['line_type']).to eq('new')
966 967
      end

968 969 970 971 972 973 974 975 976
      context 'when ref does not exist' do
        let(:commit_id) { 'unknown' }

        it_behaves_like '404 response' do
          let(:request) { post api(route, current_user), note: 'My comment' }
          let(:message) { '404 Commit Not Found' }
        end
      end

977
      it 'returns 400 if note is missing' do
978 979 980
        post api(route, current_user)

        expect(response).to have_gitlab_http_status(400)
981 982
      end

983 984 985 986
      context 'when ref contains a dot' do
        let(:commit_id) { branch_with_dot.name }

        it_behaves_like 'ref new comment'
987 988
      end

989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012
      context 'when ref contains a slash' do
        let(:commit_id) { branch_with_slash.name }

        it_behaves_like '404 response' do
          let(:request) { post api(route, current_user), note: 'My comment' }
        end
      end

      context 'when ref contains an escaped slash' do
        let(:commit_id) { CGI.escape(branch_with_slash.name) }

        it_behaves_like 'ref new comment'
      end

      context 'requesting with the escaped project full path' do
        let(:project_id) { CGI.escape(project.full_path) }

        it_behaves_like 'ref new comment'

        context 'when ref contains a dot' do
          let(:commit_id) { branch_with_dot.name }

          it_behaves_like 'ref new comment'
        end
1013 1014 1015
      end
    end
  end
1016
end