Adding authenticated public mode (internal).

Added visibility_level icons to project view (rather than just text).
Added public projects to search results.
Added ability to restrict visibility levels standard users can set.

8 files changed, 534 insertions, 24 deletions

diff --git a/spec/contexts/projects_create_context_spec.rb b/spec/contexts/projects_create_context_spec.rb
index 8b2a49dbee5..d5b1cb83510 100644
--- a/spec/contexts/projects_create_context_spec.rb
+++ b/spec/contexts/projects_create_context_spec.rb
@@ -7,6 +7,7 @@ describe Projects::CreateContext do
   describe :create_by_user do
     before do
       @user = create :user
+      @admin = create :user, admin: true
       @opts = {
         name: "GitLab",
         namespace: @user.namespace
@@ -37,7 +38,7 @@ describe Projects::CreateContext do
       it { @project.namespace.should == @group }
     end
 
-    context 'respect configured public setting' do
+    context 'respect configured visibility setting' do
       before(:each) do
         @settings = double("settings")
         @settings.stub(:issues) { true }
@@ -46,25 +47,90 @@ describe Projects::CreateContext do
         @settings.stub(:wall) { true }
         @settings.stub(:snippets) { true }
         stub_const("Settings", Class.new)
+        @restrictions = double("restrictions")
+        @restrictions.stub(:restricted_visibility_levels) { [] }
+        Settings.stub_chain(:gitlab).and_return(@restrictions)
         Settings.stub_chain(:gitlab, :default_projects_features).and_return(@settings)
       end
 
       context 'should be public when setting is public' do
         before do
-          @settings.stub(:public) { true }
+          @settings.stub(:visibility_level) { Gitlab::VisibilityLevel::PUBLIC }
           @project = create_project(@user, @opts)
         end
 
-        it { @project.public.should be_true }
+        it { @project.public?.should be_true }
       end
 
-      context 'should be private when setting is not public' do
+      context 'should be private when setting is private' do
         before do
-          @settings.stub(:public) { false }
+          @settings.stub(:visibility_level) { Gitlab::VisibilityLevel::PRIVATE }
           @project = create_project(@user, @opts)
         end
 
-        it { @project.public.should be_false }
+        it { @project.private?.should be_true }
+      end
+
+      context 'should be internal when setting is internal' do
+        before do
+          @settings.stub(:visibility_level) { Gitlab::VisibilityLevel::INTERNAL }
+          @project = create_project(@user, @opts)
+        end
+
+        it { @project.internal?.should be_true }
+      end
+    end
+
+    context 'respect configured visibility restrictions setting' do
+      before(:each) do
+        @settings = double("settings")
+        @settings.stub(:issues) { true }
+        @settings.stub(:merge_requests) { true }
+        @settings.stub(:wiki) { true }
+        @settings.stub(:wall) { true }
+        @settings.stub(:snippets) { true }
+        @settings.stub(:visibility_level) { Gitlab::VisibilityLevel::PRIVATE }
+        stub_const("Settings", Class.new)
+        @restrictions = double("restrictions")
+        @restrictions.stub(:restricted_visibility_levels) { [ Gitlab::VisibilityLevel::PUBLIC ] }
+        Settings.stub_chain(:gitlab).and_return(@restrictions)
+        Settings.stub_chain(:gitlab, :default_projects_features).and_return(@settings)
+      end
+
+      context 'should be private when option is public' do
+        before do
+          @opts.merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+          @project = create_project(@user, @opts)
+        end
+
+        it { @project.private?.should be_true }
+      end
+
+      context 'should be public when option is public for admin' do
+        before do
+          @opts.merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+          @project = create_project(@admin, @opts)
+        end
+
+        it { @project.public?.should be_true }
+      end
+
+      context 'should be private when option is private' do
+        before do
+          @opts.merge!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
+          @project = create_project(@user, @opts)
+        end
+
+        it { @project.private?.should be_true }
+      end
+
+      context 'should be internal when option is internal' do
+        before do
+          @opts.merge!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
+          @project = create_project(@user, @opts)
+        end
+
+        it { @project.internal?.should be_true }
       end
     end
   end
@@ -73,3 +139,4 @@ describe Projects::CreateContext do
     Projects::CreateContext.new(user, opts).execute
   end
 end
+
diff --git a/spec/contexts/projects_update_context_spec.rb b/spec/contexts/projects_update_context_spec.rb
new file mode 100644
index 00000000000..edcaf844e5d
--- /dev/null
+++ b/spec/contexts/projects_update_context_spec.rb
@@ -0,0 +1,111 @@
+require 'spec_helper'
+
+describe Projects::UpdateContext do
+  before(:each) { ActiveRecord::Base.observers.enable(:user_observer) }
+  after(:each) { ActiveRecord::Base.observers.disable(:user_observer) }
+
+  describe :update_by_user do
+    before do
+      @user = create :user
+      @admin = create :user, admin: true
+      @project = create :project, creator_id: @user.id, namespace: @user.namespace
+      @opts = { project: {} }
+    end
+
+    context 'should be private when updated to private' do
+      before do
+       @created_private = @project.private?
+
+        @opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
+        update_project(@project, @user, @opts)
+      end
+
+      it { @created_private.should be_true }
+      it { @project.private?.should be_true }
+    end
+
+    context 'should be internal when updated to internal' do
+      before do
+        @created_private = @project.private?
+
+        @opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
+        update_project(@project, @user, @opts)
+      end
+
+      it { @created_private.should be_true }
+      it { @project.internal?.should be_true }
+    end
+
+    context 'should be public when updated to public' do
+      before do
+        @created_private = @project.private?
+
+        @opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+        update_project(@project, @user, @opts)
+      end
+
+      it { @created_private.should be_true }
+      it { @project.public?.should be_true }
+    end
+
+    context 'respect configured visibility restrictions setting' do
+      before(:each) do
+        @restrictions = double("restrictions")
+        @restrictions.stub(:restricted_visibility_levels) { [ Gitlab::VisibilityLevel::PUBLIC ] }
+        Settings.stub_chain(:gitlab).and_return(@restrictions)
+      end
+
+      context 'should be private when updated to private' do
+        before do
+          @created_private = @project.private?
+
+          @opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::PRIVATE)
+          update_project(@project, @user, @opts)
+        end
+
+        it { @created_private.should be_true }
+        it { @project.private?.should be_true }
+      end
+
+      context 'should be internal when updated to internal' do
+        before do
+          @created_private = @project.private?
+
+          @opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::INTERNAL)
+          update_project(@project, @user, @opts)
+        end
+
+        it { @created_private.should be_true }
+        it { @project.internal?.should be_true }
+      end
+
+      context 'should be private when updated to public' do
+        before do
+          @created_private = @project.private?
+
+          @opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+          update_project(@project, @user, @opts)
+        end
+
+        it { @created_private.should be_true }
+        it { @project.private?.should be_true }
+      end
+
+      context 'should be public when updated to public by admin' do
+        before do
+          @created_private = @project.private?
+
+          @opts[:project].merge!(visibility_level: Gitlab::VisibilityLevel::PUBLIC)
+          update_project(@project, @admin, @opts)
+        end
+
+        it { @created_private.should be_true }
+        it { @project.public?.should be_true }
+      end
+    end
+  end
+
+  def update_project(project, user, opts)
+    Projects::UpdateContext.new(project, user, opts).execute
+  end
+end
\ No newline at end of file
diff --git a/spec/contexts/search_context_spec.rb b/spec/contexts/search_context_spec.rb
index 58f747e8725..c25743e0032 100644
--- a/spec/contexts/search_context_spec.rb
+++ b/spec/contexts/search_context_spec.rb
@@ -3,23 +3,39 @@ require 'spec_helper'
 describe SearchContext do
   let(:found_namespace) { create(:namespace, name: 'searchable namespace', path:'another_thing') }
   let(:user) { create(:user, namespace: found_namespace) }
-  let!(:found_project) { create(:project, name: 'searchable_project', creator_id: user.id, namespace: found_namespace, public: false) }
+  let!(:found_project) { create(:project, name: 'searchable_project', creator_id: user.id, namespace: found_namespace, visibility_level: Gitlab::VisibilityLevel::PRIVATE) }
 
   let(:unfound_namespace) { create(:namespace, name: 'unfound namespace', path: 'yet_something_else') }
-  let!(:unfound_project) { create(:project, name: 'unfound_project', creator_id: user.id, namespace: unfound_namespace, public: false) }
-  let(:public_namespace) { create(:namespace, path: 'something_else',name: 'searchable public namespace') }
-  let(:other_user) { create(:user, namespace: public_namespace) }
-  let!(:public_project) { create(:project, name: 'searchable_public_project', creator_id: other_user.id, namespace: public_namespace, public: true) }
+  let!(:unfound_project) { create(:project, name: 'unfound_project', creator_id: user.id, namespace: unfound_namespace, visibility_level: Gitlab::VisibilityLevel::PRIVATE) }
+  
+  let(:internal_namespace) { create(:namespace, path: 'something_internal',name: 'searchable internal namespace') }
+  let(:internal_user) { create(:user, namespace: internal_namespace) }
+  let!(:internal_project) { create(:project, name: 'searchable_internal_project', creator_id: internal_user.id, namespace: internal_namespace, visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
+  
+  let(:public_namespace) { create(:namespace, path: 'something_public',name: 'searchable public namespace') }
+  let(:public_user) { create(:user, namespace: public_namespace) }
+  let!(:public_project) { create(:project, name: 'searchable_public_project', creator_id: public_user.id, namespace: public_namespace, visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
 
   describe '#execute' do
     it 'public projects should be searchable' do
-      context = SearchContext.new([found_project.id], {search_code:  false, search: "searchable"})
+      context = SearchContext.new([found_project.id], nil, {search_code:  false, search: "searchable"})
       results = context.execute
       results[:projects].should == [found_project, public_project]
     end
 
+    it 'internal projects should be searchable' do
+      context = SearchContext.new([found_project.id], user, {search_code:  false, search: "searchable"})
+      results = context.execute
+      # can't seem to rely on the return order, so check this way
+      #subject { results[:projects] }
+      results[:projects].should have(3).items
+      results[:projects].should include(found_project)
+      results[:projects].should include(internal_project)
+      results[:projects].should include(public_project)
+    end
+
     it 'namespace name should be searchable' do
-      context = SearchContext.new([found_project.id], {search_code:  false, search: "searchable namespace"})
+      context = SearchContext.new([found_project.id], user, {search_code:  false, search: "searchable namespace"})
       results = context.execute
       results[:projects].should == [found_project]
     end
diff --git a/spec/features/security/project/internal_access_spec.rb b/spec/features/security/project/internal_access_spec.rb
new file mode 100644
index 00000000000..5abccd259d4
--- /dev/null
+++ b/spec/features/security/project/internal_access_spec.rb
@@ -0,0 +1,251 @@
+require 'spec_helper'
+
+describe "Internal Project Access" do
+  let(:project) { create(:project_with_code) }
+
+  let(:master) { create(:user) }
+  let(:guest) { create(:user) }
+  let(:reporter) { create(:user) }
+
+  before do
+    # internal project
+    project.visibility_level = Gitlab::VisibilityLevel::INTERNAL
+    project.save!
+
+    # full access
+    project.team << [master, :master]
+
+    # readonly
+    project.team << [reporter, :reporter]
+
+  end
+
+  describe "Project should be internal" do
+    subject { project }
+
+    its(:internal?) { should be_true }
+  end
+
+  describe "GET /:project_path" do
+    subject { project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/tree/master" do
+    subject { project_tree_path(project, project.repository.root_ref) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/commits/master" do
+    subject { project_commits_path(project, project.repository.root_ref, limit: 1) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/commit/:sha" do
+    subject { project_commit_path(project, project.repository.commit) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/compare" do
+    subject { project_compare_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/team" do
+    subject { project_team_index_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/wall" do
+    subject { project_wall_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/blob" do
+    before do
+      commit = project.repository.commit
+      path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob) }.first.name
+      @blob_path = project_blob_path(project, File.join(commit.id, path))
+    end
+
+    it { @blob_path.should be_allowed_for master }
+    it { @blob_path.should be_allowed_for reporter }
+    it { @blob_path.should be_allowed_for :admin }
+    it { @blob_path.should be_allowed_for guest }
+    it { @blob_path.should be_allowed_for :user }
+    it { @blob_path.should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/edit" do
+    subject { edit_project_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/deploy_keys" do
+    subject { project_deploy_keys_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/issues" do
+    subject { project_issues_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets" do
+    subject { project_snippets_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/snippets/new" do
+    subject { new_project_snippet_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests" do
+    subject { project_merge_requests_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/merge_requests/new" do
+    subject { new_project_merge_request_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches/recent" do
+    subject { recent_project_branches_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/branches" do
+    subject { project_branches_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:branches).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/tags" do
+    subject { project_tags_path(project) }
+
+    before do
+      # Speed increase
+      Project.any_instance.stub(:tags).and_return([])
+    end
+
+    it { should be_allowed_for master }
+    it { should be_allowed_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_allowed_for guest }
+    it { should be_allowed_for :user }
+    it { should be_denied_for :visitor }
+  end
+
+  describe "GET /:project_path/hooks" do
+    subject { project_hooks_path(project) }
+
+    it { should be_allowed_for master }
+    it { should be_denied_for reporter }
+    it { should be_allowed_for :admin }
+    it { should be_denied_for guest }
+    it { should be_denied_for :user }
+    it { should be_denied_for :visitor }
+  end
+end
diff --git a/spec/features/security/project/private_access_spec.rb b/spec/features/security/project/private_access_spec.rb
index 7f3f8c50f02..481d8cec416 100644
--- a/spec/features/security/project/private_access_spec.rb
+++ b/spec/features/security/project/private_access_spec.rb
@@ -15,6 +15,12 @@ describe "Private Project Access" do
     project.team << [reporter, :reporter]
   end
 
+  describe "Project should be private" do
+    subject { project }
+
+    its(:private?) { should be_true }
+  end
+
   describe "GET /:project_path" do
     subject { project_path(project) }
 
diff --git a/spec/features/security/project/public_access_spec.rb b/spec/features/security/project/public_access_spec.rb
index 267643fd8ef..3f1016473f5 100644
--- a/spec/features/security/project/public_access_spec.rb
+++ b/spec/features/security/project/public_access_spec.rb
@@ -9,7 +9,7 @@ describe "Public Project Access" do
 
   before do
     # public project
-    project.public = true
+    project.visibility_level = Gitlab::VisibilityLevel::PUBLIC
     project.save!
 
     # full access
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index d5803d8cec3..0167d51dd39 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -14,13 +14,13 @@
 #  merge_requests_enabled :boolean          default(TRUE), not null
 #  wiki_enabled           :boolean          default(TRUE), not null
 #  namespace_id           :integer
-#  public                 :boolean          default(FALSE), not null
 #  issues_tracker         :string(255)      default("gitlab"), not null
 #  issues_tracker_id      :string(255)
 #  snippets_enabled       :boolean          default(TRUE), not null
 #  last_activity_at       :datetime
 #  imported               :boolean          default(FALSE), not null
 #  import_url             :string(255)
+#  visibility_level       :integer          default(0), not null
 #
 
 require 'spec_helper'
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index e4cef6c587c..7322d793c95 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -132,15 +132,45 @@ describe API::API do
     end
 
     it "should set a project as public" do
+      project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::PUBLIC })
+      post api("/projects", user), project
+      json_response['public'].should be_true
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC
+    end
+
+    it "should set a project as public using :public" do
       project = attributes_for(:project, { public: true })
       post api("/projects", user), project
       json_response['public'].should be_true
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC
+    end
+
+    it "should set a project as internal" do
+      project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::INTERNAL })
+      post api("/projects", user), project
+      json_response['public'].should be_false
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL
+    end
+
+    it "should set a project as internal overriding :public" do
+      project = attributes_for(:project, { public: true, visibility_level: Gitlab::VisibilityLevel::INTERNAL })
+      post api("/projects", user), project
+      json_response['public'].should be_false
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL
     end
 
     it "should set a project as private" do
+      project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::PRIVATE })
+      post api("/projects", user), project
+      json_response['public'].should be_false
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE
+    end
+
+    it "should set a project as private using :public" do
       project = attributes_for(:project, { public: false })
       post api("/projects", user), project
       json_response['public'].should be_false
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE
     end
   end
 
@@ -183,19 +213,46 @@ describe API::API do
     end
 
     it "should set a project as public" do
+      project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::PUBLIC })
+      post api("/projects/user/#{user.id}", admin), project
+      json_response['public'].should be_true
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC
+    end
+
+    it "should set a project as public using :public" do
       project = attributes_for(:project, { public: true })
       post api("/projects/user/#{user.id}", admin), project
       json_response['public'].should be_true
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::PUBLIC
+    end
 
+    it "should set a project as internal" do
+      project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::INTERNAL })
+      post api("/projects/user/#{user.id}", admin), project
+      json_response['public'].should be_false
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL
     end
 
-    it "should set a project as private" do
-      project = attributes_for(:project, { public: false })
+    it "should set a project as internal overriding :public" do
+      project = attributes_for(:project, { public: true, visibility_level: Gitlab::VisibilityLevel::INTERNAL })
       post api("/projects/user/#{user.id}", admin), project
       json_response['public'].should be_false
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::INTERNAL
+    end
 
+    it "should set a project as private" do
+      project = attributes_for(:project, { visibility_level: Gitlab::VisibilityLevel::PRIVATE })
+      post api("/projects/user/#{user.id}", admin), project
+      json_response['public'].should be_false
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE
     end
 
+    it "should set a project as private using :public" do
+      project = attributes_for(:project, { public: false })
+      post api("/projects/user/#{user.id}", admin), project
+      json_response['public'].should be_false
+      json_response['visibility_level'].should == Gitlab::VisibilityLevel::PRIVATE
+    end
   end
 
   describe "GET /projects/:id" do
@@ -649,10 +706,10 @@ describe API::API do
 
   describe :fork_admin do
     let(:project_fork_target) { create(:project) }
-    let(:project_fork_source) { create(:project, public: true) }
+    let(:project_fork_source) { create(:project, visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
 
     describe "POST /projects/:id/fork/:forked_from_id" do
-      let(:new_project_fork_source) { create(:project, public: true) }
+      let(:new_project_fork_source) { create(:project, visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
 
       it "shouldn't available for non admin users" do
         post api("/projects/#{project_fork_target.id}/fork/#{project_fork_source.id}", user)
@@ -721,8 +778,10 @@ describe API::API do
     let!(:post) { create(:project, name: "#{query}_post", creator_id: user.id, namespace: user.namespace) }
     let!(:pre_post) { create(:project, name: "pre_#{query}_post", creator_id: user.id, namespace: user.namespace) }
     let!(:unfound) { create(:project, name: 'unfound', creator_id: user.id, namespace: user.namespace) }
-    let!(:public) { create(:project, name: "another #{query}",public: true) }
-    let!(:unfound_public) { create(:project, name: 'unfound public', public: true) }
+    let!(:internal) { create(:project, name: "internal #{query}", visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
+    let!(:unfound_internal) { create(:project, name: 'unfound internal', visibility_level: Gitlab::VisibilityLevel::INTERNAL) }
+    let!(:public) { create(:project, name: "public #{query}", visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
+    let!(:unfound_public) { create(:project, name: 'unfound public', visibility_level: Gitlab::VisibilityLevel::PUBLIC) }
 
     context "when unauthenticated" do
       it "should return authentication error" do
@@ -736,7 +795,7 @@ describe API::API do
         get api("/projects/search/#{query}",user)
         response.status.should == 200
         json_response.should be_an Array
-        json_response.size.should == 5
+        json_response.size.should == 6
         json_response.each {|project| project['name'].should =~ /.*query.*/}
       end
     end
@@ -746,8 +805,8 @@ describe API::API do
         get api("/projects/search/#{query}", user2)
         response.status.should == 200
         json_response.should be_an Array
-        json_response.size.should == 1
-        json_response.first['name'].should == "another #{query}"
+        json_response.size.should == 2
+        json_response.each {|project| project['name'].should =~ /(internal|public) query/}
       end
     end
   end