Merge branch 'sh-fix-snippet-visibility-api' into 'master'

rymai · rymai · commit 1843502ff4d9 · 2019-08-29T13:57:26.000Z
Fix snippets API not working with visibility level

Closes #66050

See merge request gitlab-org/gitlab-ce!32286
diff --git a/app/services/base_service.rb b/app/services/base_service.rb
@@ -44,6 +44,10 @@ def deny_visibility_level(model, denied_visibility_level = nil)
     model.errors.add(:visibility_level, "#{level_name} has been restricted by your GitLab administrator")
   end
 
+  def visibility_level
+    params[:visibility].is_a?(String) ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level]
+  end
+
   private
 
   def error(message, http_status = nil)
diff --git a/app/services/create_snippet_service.rb b/app/services/create_snippet_service.rb
@@ -12,7 +12,7 @@ def execute
                 PersonalSnippet.new(params)
               end
 
-    unless Gitlab::VisibilityLevel.allowed_for?(current_user, params[:visibility_level])
+    unless Gitlab::VisibilityLevel.allowed_for?(current_user, snippet.visibility_level)
       deny_visibility_level(snippet)
       return snippet
     end
diff --git a/app/services/groups/create_service.rb b/app/services/groups/create_service.rb
@@ -68,9 +68,5 @@ def can_use_visibility_level?
 
       true
     end
-
-    def visibility_level
-      params[:visibility].present? ? Gitlab::VisibilityLevel.level_value(params[:visibility]) : params[:visibility_level]
-    end
   end
 end
diff --git a/app/services/update_snippet_service.rb b/app/services/update_snippet_service.rb
@@ -12,7 +12,7 @@ def initialize(project, user, snippet, params)
 
   def execute
     # check that user is allowed to set specified visibility_level
-    new_visibility = params[:visibility_level]
+    new_visibility = visibility_level
 
     if new_visibility && new_visibility.to_i != snippet.visibility_level
       unless Gitlab::VisibilityLevel.allowed_for?(current_user, new_visibility)
diff --git a/changelogs/unreleased/sh-fix-snippet-visibility-api.yml b/changelogs/unreleased/sh-fix-snippet-visibility-api.yml
@@ -0,0 +1,5 @@
+---
+title: Fix snippets API not working with visibility level
+merge_request: 32286
+author:
+type: fixed
diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb
@@ -96,6 +96,28 @@
       }
     end
 
+    context 'with a regular user' do
+      let(:user) { create(:user) }
+
+      before do
+        project.add_developer(user)
+        stub_application_setting(restricted_visibility_levels: [Gitlab::VisibilityLevel::PUBLIC, Gitlab::VisibilityLevel::PRIVATE])
+        params['visibility'] = 'internal'
+      end
+
+      it 'creates a new snippet' do
+        post api("/projects/#{project.id}/snippets/", user), params: params
+
+        expect(response).to have_gitlab_http_status(201)
+        snippet = ProjectSnippet.find(json_response['id'])
+        expect(snippet.content).to eq(params[:code])
+        expect(snippet.description).to eq(params[:description])
+        expect(snippet.title).to eq(params[:title])
+        expect(snippet.file_name).to eq(params[:file_name])
+        expect(snippet.visibility_level).to eq(Snippet::INTERNAL)
+      end
+    end
+
     it 'creates a new snippet' do
       post api("/projects/#{project.id}/snippets/", admin), params: params
 
@@ -190,12 +212,13 @@ def create_snippet(project, snippet_params = {})
       new_content = 'New content'
       new_description = 'New description'
 
-      put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), params: { code: new_content, description: new_description }
+      put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), params: { code: new_content, description: new_description, visibility: 'private' }
 
       expect(response).to have_gitlab_http_status(200)
       snippet.reload
       expect(snippet.content).to eq(new_content)
       expect(snippet.description).to eq(new_description)
+      expect(snippet.visibility).to eq('private')
     end
 
     it 'updates snippet with content parameter' do
diff --git a/spec/requests/api/snippets_spec.rb b/spec/requests/api/snippets_spec.rb
@@ -193,18 +193,32 @@
       }
     end
 
-    it 'creates a new snippet' do
-      expect do
-        post api("/snippets/", user), params: params
-      end.to change { PersonalSnippet.count }.by(1)
+    shared_examples 'snippet creation' do
+      it 'creates a new snippet' do
+        expect do
+          post api("/snippets/", user), params: params
+        end.to change { PersonalSnippet.count }.by(1)
+
+        expect(response).to have_gitlab_http_status(201)
+        expect(json_response['title']).to eq(params[:title])
+        expect(json_response['description']).to eq(params[:description])
+        expect(json_response['file_name']).to eq(params[:file_name])
+        expect(json_response['visibility']).to eq(params[:visibility])
+      end
+    end
+
+    context 'with restricted visibility settings' do
+      before do
+        stub_application_setting(restricted_visibility_levels:
+                                   [Gitlab::VisibilityLevel::INTERNAL,
+                                    Gitlab::VisibilityLevel::PRIVATE])
+      end
 
-      expect(response).to have_gitlab_http_status(201)
-      expect(json_response['title']).to eq(params[:title])
-      expect(json_response['description']).to eq(params[:description])
-      expect(json_response['file_name']).to eq(params[:file_name])
-      expect(json_response['visibility']).to eq(params[:visibility])
+      it_behaves_like 'snippet creation'
     end
 
+    it_behaves_like 'snippet creation'
+
     it 'returns 400 for missing parameters' do
       params.delete(:title)
 
@@ -253,18 +267,33 @@ def create_snippet(snippet_params = {})
       create(:personal_snippet, author: user, visibility_level: visibility_level)
     end
 
-    it 'updates snippet' do
-      new_content = 'New content'
-      new_description = 'New description'
+    shared_examples 'snippet updates' do
+      it 'updates a snippet' do
+        new_content = 'New content'
+        new_description = 'New description'
 
-      put api("/snippets/#{snippet.id}", user), params: { content: new_content, description: new_description }
+        put api("/snippets/#{snippet.id}", user), params: { content: new_content, description: new_description, visibility: 'internal' }
 
-      expect(response).to have_gitlab_http_status(200)
-      snippet.reload
-      expect(snippet.content).to eq(new_content)
-      expect(snippet.description).to eq(new_description)
+        expect(response).to have_gitlab_http_status(200)
+        snippet.reload
+        expect(snippet.content).to eq(new_content)
+        expect(snippet.description).to eq(new_description)
+        expect(snippet.visibility).to eq('internal')
+      end
     end
 
+    context 'with restricted visibility settings' do
+      before do
+        stub_application_setting(restricted_visibility_levels:
+                                   [Gitlab::VisibilityLevel::PUBLIC,
+                                    Gitlab::VisibilityLevel::PRIVATE])
+      end
+
+      it_behaves_like 'snippet updates'
+    end
+
+    it_behaves_like 'snippet updates'
+
     it 'returns 404 for invalid snippet id' do
       put api("/snippets/1234", user), params: { title: 'foo' }
 
diff --git a/spec/services/create_snippet_service_spec.rb b/spec/services/create_snippet_service_spec.rb
@@ -34,6 +34,19 @@
       expect(snippet.errors.any?).to be_falsey
       expect(snippet.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
     end
+
+    describe "when visibility level is passed as a string" do
+      before do
+        @opts[:visibility] = 'internal'
+        @opts.delete(:visibility_level)
+      end
+
+      it "assigns the correct visibility level" do
+        snippet = create_snippet(nil, @user, @opts)
+        expect(snippet.errors.any?).to be_falsey
+        expect(snippet.visibility_level).to eq(Gitlab::VisibilityLevel::INTERNAL)
+      end
+    end
   end
 
   describe 'usage counter' do
diff --git a/spec/services/update_snippet_service_spec.rb b/spec/services/update_snippet_service_spec.rb
@@ -32,12 +32,25 @@
       expect(@snippet.visibility_level).to eq(old_visibility)
     end
 
-    it 'admins should be able to update to pubic visibility' do
+    it 'admins should be able to update to public visibility' do
       old_visibility = @snippet.visibility_level
       update_snippet(@project, @admin, @snippet, @opts)
       expect(@snippet.visibility_level).not_to eq(old_visibility)
       expect(@snippet.visibility_level).to eq(Gitlab::VisibilityLevel::PUBLIC)
     end
+
+    describe "when visibility level is passed as a string" do
+      before do
+        @opts[:visibility] = 'internal'
+        @opts.delete(:visibility_level)
+      end
+
+      it "assigns the correct visibility level" do
+        update_snippet(@project, @user, @snippet, @opts)
+        expect(@snippet.errors.any?).to be_falsey
+        expect(@snippet.visibility_level).to eq(Gitlab::VisibilityLevel::INTERNAL)
+      end
+    end
   end
 
   describe 'usage counter' do
