From 2a669fc89997376af1e76bf3ed574d948009c5b2 Mon Sep 17 00:00:00 2001 From: Felix Gilcher Date: Tue, 29 Jan 2013 18:20:59 +0100 Subject: rescue all errors and return the proper format This rescues all errors and returns a proper JSON response. Fixes #2833. --- lib/api.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib') diff --git a/lib/api.rb b/lib/api.rb index f58b82ff98e..3dd827158db 100644 --- a/lib/api.rb +++ b/lib/api.rb @@ -8,6 +8,10 @@ module Gitlab rack_response({'message' => '404 Not found'}.to_json, 404) end + rescue_from :all do + rack_response({'message' => '500 Internal Server Error'}, 500) + end + format :json error_format :json helpers APIHelpers -- cgit v1.2.1 From c72910a8bf782c10662dd4392e81ef6408f801ee Mon Sep 17 00:00:00 2001 From: Felix Gilcher Date: Fri, 1 Feb 2013 09:42:02 +0000 Subject: log fatal errors that we catch In case we rescue from a fatal error, we want the error and the backtrace to the error logged, so we can debug later on. This change injects the configured logger from the rails app to the grape API and logs error as well as backtrace in a rails-like fashion. --- lib/api.rb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/api.rb b/lib/api.rb index 3dd827158db..15d99cc767b 100644 --- a/lib/api.rb +++ b/lib/api.rb @@ -8,7 +8,16 @@ module Gitlab rack_response({'message' => '404 Not found'}.to_json, 404) end - rescue_from :all do + rescue_from :all do |exception| + # lifted from https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/middleware/debug_exceptions.rb#L60 + # why is this not wrapped in something reusable? + trace = exception.backtrace + + message = "\n#{exception.class} (#{exception.message}):\n" + message << exception.annoted_source_code.to_s if exception.respond_to?(:annoted_source_code) + message << " " << trace.join("\n ") + + API.logger.add Logger::FATAL, message rack_response({'message' => '500 Internal Server Error'}, 500) end -- cgit v1.2.1 From ce6436b98a8a86356ee93e6eaf136d27d7f77b93 Mon Sep 17 00:00:00 2001 From: Felix Gilcher Date: Fri, 1 Feb 2013 13:53:35 +0000 Subject: Don't crash when removing a user that's not project member The attempt to revoke project access for a user that was not member of the project results in a 500 Internal Server error where it actually should result in a 200 OK since after the operation, the user is not member of the project. This turns the operation into an idempotent call that can be repeated with no ill effects. Updated the spec and changed the code accordingly. However, the result differs slightly, as we can't return the users project access level if the user was not member. I'm not aware if anybody relies on the result of this call. Fixes #2832 --- lib/api/projects.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index cbef1ed3b50..5444ba6a205 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -132,7 +132,11 @@ module Gitlab delete ":id/members/:user_id" do authorize! :admin_project, user_project users_project = user_project.users_projects.find_by_user_id params[:user_id] - users_project.destroy + unless users_project.nil? + users_project.destroy + else + {:message => "Access revoked", :id => params[:user_id].to_i} + end end # Get project hooks -- cgit v1.2.1 From 413952ff944d10164d9d08a8a48e7725fe44b1b3 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Tue, 5 Feb 2013 17:13:47 +0100 Subject: Creating or updating a MR returns more informative status codes. Using the API library to create or update a merge request at the moment a 404 error is returned. This is fine when the merge request in question does not exist, but does not provide good information that for example a required attribute is missing. A status code of 400 (Bad request) is returned when creating or updating a merge request when either `source_branch` or `target_branch` is missing. A status code of 409 is returned when `source_branch` and `target_branch` are the same. Tests are added for these cases. --- lib/api/merge_requests.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'lib') diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 470cd1e1c2d..25ee8f05ba0 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -60,6 +60,13 @@ module Gitlab merge_request.reload_code present merge_request, with: Entities::MergeRequest else + if merge_request.errors[:target_branch].any? + error!(merge_request.errors[:target_branch], 400) + elsif merge_request.errors[:source_branch].any? + error!(merge_request.errors[:source_branch], 400) + elsif merge_request.errors[:base].any? + error!(merge_request.errors[:base], 422) + end not_found! end end @@ -88,6 +95,13 @@ module Gitlab merge_request.mark_as_unchecked present merge_request, with: Entities::MergeRequest else + if merge_request.errors[:target_branch].any? + error!(merge_request.errors[:target_branch], 400) + elsif merge_request.errors[:source_branch].any? + error!(merge_request.errors[:source_branch], 400) + elsif merge_request.errors[:base].any? + error!(merge_request.errors[:base], 422) + end not_found! end end -- cgit v1.2.1 From 3f4e215c804f13def585dea995efa29b2af266ec Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Tue, 5 Feb 2013 18:36:36 +0100 Subject: Extracted helper method to avoid code duplication --- lib/api/merge_requests.rb | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'lib') diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 25ee8f05ba0..ec63b352474 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -5,6 +5,23 @@ module Gitlab resource :projects do + helpers do + # If an error occurred this helper method provides an appropriate status code + # + # Parameters: + # merge_request_errors (required) - The errors collection of MR + # + def handle_merge_request_error(merge_request_errors) + if merge_request_errors[:target_branch].any? + error!(merge_request_errors[:target_branch], 400) + elsif merge_request_errors[:source_branch].any? + error!(merge_request_errors[:source_branch], 400) + elsif merge_request_errors[:base].any? + error!(merge_request_errors[:base], 422) + end + end + end + # List merge requests # # Parameters: @@ -60,13 +77,7 @@ module Gitlab merge_request.reload_code present merge_request, with: Entities::MergeRequest else - if merge_request.errors[:target_branch].any? - error!(merge_request.errors[:target_branch], 400) - elsif merge_request.errors[:source_branch].any? - error!(merge_request.errors[:source_branch], 400) - elsif merge_request.errors[:base].any? - error!(merge_request.errors[:base], 422) - end + handle_merge_request_error(merge_request.errors) not_found! end end @@ -95,13 +106,7 @@ module Gitlab merge_request.mark_as_unchecked present merge_request, with: Entities::MergeRequest else - if merge_request.errors[:target_branch].any? - error!(merge_request.errors[:target_branch], 400) - elsif merge_request.errors[:source_branch].any? - error!(merge_request.errors[:source_branch], 400) - elsif merge_request.errors[:base].any? - error!(merge_request.errors[:base], 422) - end + handle_merge_request_error(merge_request.errors) not_found! end end -- cgit v1.2.1 From f978a71f41d5546be2c0c6b33052979c06912bd1 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Tue, 5 Feb 2013 18:37:44 +0100 Subject: Creating MR comment without a note returns status code 400 (Bad request) Creating a comment to an existing merge request via API without providing a note returns a status code 400 now, suggesting a bad request. The reason for this is the resource itself (MR) exists but the required property is not set. --- lib/api/merge_requests.rb | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index ec63b352474..a0ca3026acb 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -128,6 +128,9 @@ module Gitlab if note.save present note, with: Entities::MRNote else + if note.errors[:note].any? + error!(note.errors[:note], 400) + end not_found! end end -- cgit v1.2.1 From 5be0265fe7e82a127e9fd2805e81e4e40f5e3c5f Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 6 Feb 2013 15:03:05 +0100 Subject: Status code 400 returned if title not given in a milestone (via API) If a milestone is created via API but no title given then status code 400 (Bad request) is returned instead of 404. A small helper method handles the errors collection of a milestone. --- lib/api/milestones.rb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'lib') diff --git a/lib/api/milestones.rb b/lib/api/milestones.rb index 6aca9d01b09..1f7d0876120 100644 --- a/lib/api/milestones.rb +++ b/lib/api/milestones.rb @@ -4,6 +4,20 @@ module Gitlab before { authenticate! } resource :projects do + + helpers do + # If an error occurs this helper method handles error codes for a given milestone + # + # Parameters: + # milestone_errors (required) - The erros collection of a milestone + # + def handle_milestone_errors(milestone_errors) + if milestone_errors[:title].any? + error!(milestone_errors[:title], 400) + end + end + end + # Get a list of project milestones # # Parameters: @@ -47,6 +61,7 @@ module Gitlab if @milestone.save present @milestone, with: Entities::Milestone else + handle_milestone_errors(@milestone.errors) not_found! end end @@ -70,6 +85,7 @@ module Gitlab if @milestone.update_attributes attrs present @milestone, with: Entities::Milestone else + handle_milestone_errors(@milestone.errors) not_found! end end -- cgit v1.2.1 From bb24275f8d0e726aec347c8be7f199346e90793d Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 6 Feb 2013 16:34:06 +0100 Subject: Status code 400 is returned if body is missing on note creation. If a note is created with a POST request via API (`/projects/:id/notes`) status code 400 is returned instead of 404. The resource itself exists but the request is incomplete. Specs added to check different status codes when accessing, creating and updating notes. --- lib/api/notes.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/api/notes.rb b/lib/api/notes.rb index 4613db54578..75ea238fe23 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -43,6 +43,8 @@ module Gitlab if @note.save present @note, with: Entities::Note else + # :note is exposed as :body, but :note is set on error + error!(@note.errors[:note], 400) if @note.errors[:note].any? not_found! end end -- cgit v1.2.1 From 818caf0b5d1fc4f0cb2889ca5bd9e2d0d7fd8ac8 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Fri, 8 Feb 2013 14:33:29 +0100 Subject: API: refined status code handling when adding or updating a project member When a user is added to a project that is already a member of, a status code 201 is now returned to signal an idempotent operation. If something fails then instead of returning error code 404 different more specific error codes are returned. Status code 400 (Bad request) is returned when a required attribute, e.g. `access_level` is not given or 422 if there is a semantic error, e.g. should the `access_level` have an unsupported value. Specs are added to check these status codes. --- lib/api/projects.rb | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 47ab4e1aab0..e6df6b4ee88 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -89,15 +89,26 @@ module Gitlab # POST /projects/:id/members post ":id/members" do authorize! :admin_project, user_project - users_project = user_project.users_projects.new( - user_id: params[:user_id], - project_access: params[:access_level] - ) - if users_project.save - @member = users_project.user + error!("User id not given", 400) if !params.has_key? :user_id + error!("Access level not given", 400) if !params.has_key? :access_level + + # either the user is already a team member or a new one + team_member = user_project.team_member_by_id(params[:user_id]) + if team_member.nil? + team_member = user_project.users_projects.new( + user_id: params[:user_id], + project_access: params[:access_level] + ) + end + + if team_member.save + @member = team_member.user present @member, with: Entities::ProjectMember, project: user_project else + if team_member.errors[:project_access].any? + error!(team_member.errors[:project_access], 422) + end not_found! end end @@ -112,12 +123,18 @@ module Gitlab # PUT /projects/:id/members/:user_id put ":id/members/:user_id" do authorize! :admin_project, user_project - users_project = user_project.users_projects.find_by_user_id params[:user_id] - if users_project.update_attributes(project_access: params[:access_level]) - @member = users_project.user + team_member = user_project.users_projects.find_by_user_id(params[:user_id]) + error!("Access level not given", 400) if !params.has_key? :access_level + error!("User can not be found", 404) if team_member.nil? + + if team_member.update_attributes(project_access: params[:access_level]) + @member = team_member.user present @member, with: Entities::ProjectMember, project: user_project else + if team_member.errors[:project_access].any? + error!(team_member.errors[:project_access], 422) + end not_found! end end -- cgit v1.2.1 From 9544f9038981b881b539419be72276b2b2fd079f Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Fri, 8 Feb 2013 16:33:15 +0100 Subject: Adding a project hook returns status code 400 if url is not given When adding a project hook a url must be specified or a 400 error code is returned * Specs added to check status code on handling project hooks * refactored code, extracted a method --- lib/api/projects.rb | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index e6df6b4ee88..f1e0f32e606 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -4,6 +4,15 @@ module Gitlab before { authenticate! } resource :projects do + helpers do + def handle_project_member_errors(errors) + if errors[:project_access].any? + error!(errors[:project_access], 422) + end + not_found! + end + end + # Get a projects list for authenticated user # # Example Request: @@ -36,6 +45,7 @@ module Gitlab # Example Request # POST /projects post do + error!("Name is required", 400) if !params.has_key? :name attrs = attributes_for_keys [:name, :description, :default_branch, @@ -43,6 +53,7 @@ module Gitlab :wall_enabled, :merge_requests_enabled, :wiki_enabled] + @project = ::Projects::CreateContext.new(current_user, attrs).execute if @project.saved? present @project, with: Entities::Project @@ -106,10 +117,7 @@ module Gitlab @member = team_member.user present @member, with: Entities::ProjectMember, project: user_project else - if team_member.errors[:project_access].any? - error!(team_member.errors[:project_access], 422) - end - not_found! + handle_project_member_errors team_member.errors end end @@ -132,10 +140,7 @@ module Gitlab @member = team_member.user present @member, with: Entities::ProjectMember, project: user_project else - if team_member.errors[:project_access].any? - error!(team_member.errors[:project_access], 422) - end - not_found! + handle_project_member_errors team_member.errors end end @@ -210,8 +215,9 @@ module Gitlab @hook = user_project.hooks.find(params[:hook_id]) authorize! :admin_project, user_project - attrs = attributes_for_keys [:url] + error!("Url not given", 400) if !params.has_key? :url + attrs = attributes_for_keys [:url] if @hook.update_attributes attrs present @hook, with: Entities::Hook else -- cgit v1.2.1 From 7cc4339f71be5a71e1d8a95c4524c4671e9d8a24 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Tue, 12 Feb 2013 17:44:42 +0100 Subject: API: changed status codes for project hooks functions Different status codes in the API lib are returned on hook creation, update or deletion. If a required parameter is not given (e.g. `url` in `/projects/:id/hooks/:hook_id`) status code 400 (Bad request) is returned. On hook deletion a 200 status code is returned, regardless if the hook is present or not. This makes the DELETE function an idempotent operation. Appropriate tests are added to check these status codes. --- lib/api/projects.rb | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index f1e0f32e606..293353ab286 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -195,11 +195,14 @@ module Gitlab # POST /projects/:id/hooks post ":id/hooks" do authorize! :admin_project, user_project + + error!("Url not given", 400) unless params.has_key? :url + @hook = user_project.hooks.new({"url" => params[:url]}) if @hook.save present @hook, with: Entities::Hook else - error!({'message' => '404 Not found'}, 404) + not_found! end end @@ -215,7 +218,7 @@ module Gitlab @hook = user_project.hooks.find(params[:hook_id]) authorize! :admin_project, user_project - error!("Url not given", 400) if !params.has_key? :url + error!("Url not given", 400) unless params.has_key? :url attrs = attributes_for_keys [:url] if @hook.update_attributes attrs @@ -234,8 +237,13 @@ module Gitlab # DELETE /projects/:id/hooks delete ":id/hooks" do authorize! :admin_project, user_project - @hook = user_project.hooks.find(params[:hook_id]) - @hook.destroy + error!("Hook id not given", 400) unless params.has_key? :hook_id + + begin + @hook = ProjectHook.find(params[:hook_id]) + @hook.destroy + rescue + end end # Get a project repository branches -- cgit v1.2.1 From fd01f3aacda1e7e1966489e7d9a31f89745cd509 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 13 Feb 2013 12:09:16 +0100 Subject: API: fixes a few return codes for project snippets When using project snippets via API the functions now provide status codes for different situations other then only returning 404 error. If required parameters are missing, e.g. `title` when creating a project snippet a 400 (Bad request) error is returned. The snippet delete function now is idempotent and returns a 200 (Ok) regardless if the snippet with the given id is available or not. Changing return codes of these functions has the advantage that the 404 error is used only for resources, which are not available. Tests added to check these status codes when handling project snippets. --- lib/api/projects.rb | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index f8c9701ecaf..02f10b60cb7 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -368,6 +368,10 @@ module Gitlab post ":id/snippets" do authorize! :write_snippet, user_project + error!("Title not given", 400) if !params[:title].present? + error!("Filename not given", 400) if !params[:file_name].present? + error!("Code not given", 400) if !params[:code].present? + attrs = attributes_for_keys [:title, :file_name] attrs[:expires_at] = params[:lifetime] if params[:lifetime].present? attrs[:content] = params[:code] if params[:code].present? @@ -415,10 +419,12 @@ module Gitlab # Example Request: # DELETE /projects/:id/snippets/:snippet_id delete ":id/snippets/:snippet_id" do - @snippet = user_project.snippets.find(params[:snippet_id]) - authorize! :modify_snippet, @snippet - - @snippet.destroy + begin + @snippet = user_project.snippets.find(params[:snippet_id]) + authorize! :modify_snippet, user_project + @snippet.destroy + rescue + end end # Get a raw project snippet -- cgit v1.2.1 From 54ab9bb6df3a2cd9f9384aebae07e0b18acee10b Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 13 Feb 2013 14:47:59 +0100 Subject: API: return status code 400 if filepath of raw file blob not given --- lib/api/projects.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 02f10b60cb7..24761cd5b55 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -451,6 +451,8 @@ module Gitlab get ":id/repository/commits/:sha/blob" do authorize! :download_code, user_project + error!("Filepath must be specified", 400) if !params.has_key? :filepath + ref = params[:sha] commit = user_project.repository.commit ref -- cgit v1.2.1 From 6fc3263e15b71830e6f1b2a66891da5f4c055137 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 13 Feb 2013 15:48:52 +0100 Subject: API: extracted helper method to provide 400 bad request error with description Extracted a method for 400 error (Bad request) and adjusted code accordingly. The name of the missing attribute is used to show which one was missing from the request. It is used to give an appropriate message in the json response. --- lib/api/helpers.rb | 6 ++++++ lib/api/merge_requests.rb | 6 +++--- lib/api/milestones.rb | 2 +- lib/api/notes.rb | 2 +- lib/api/projects.rb | 24 ++++++++++++------------ 5 files changed, 23 insertions(+), 17 deletions(-) (limited to 'lib') diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 6bd8111c2b2..becb3bce5b0 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -55,6 +55,12 @@ module Gitlab render_api_error!('403 Forbidden', 403) end + def bad_request!(attribute) + message = ["400 (Bad request)"] + message << "\"" + attribute.to_s + "\" not given" + render_api_error!(message.join(' '), 400) + end + def not_found!(resource = nil) message = ["404"] message << resource if resource diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index a0ca3026acb..0c18ece3824 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -13,9 +13,9 @@ module Gitlab # def handle_merge_request_error(merge_request_errors) if merge_request_errors[:target_branch].any? - error!(merge_request_errors[:target_branch], 400) + bad_request!(:target_branch) elsif merge_request_errors[:source_branch].any? - error!(merge_request_errors[:source_branch], 400) + bad_request!(:source_branch) elsif merge_request_errors[:base].any? error!(merge_request_errors[:base], 422) end @@ -129,7 +129,7 @@ module Gitlab present note, with: Entities::MRNote else if note.errors[:note].any? - error!(note.errors[:note], 400) + bad_request!(:note) end not_found! end diff --git a/lib/api/milestones.rb b/lib/api/milestones.rb index 1f7d0876120..cdb0e14690d 100644 --- a/lib/api/milestones.rb +++ b/lib/api/milestones.rb @@ -13,7 +13,7 @@ module Gitlab # def handle_milestone_errors(milestone_errors) if milestone_errors[:title].any? - error!(milestone_errors[:title], 400) + bad_request!(:title) end end end diff --git a/lib/api/notes.rb b/lib/api/notes.rb index 47dead9dfae..56de6e090e5 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -44,7 +44,7 @@ module Gitlab present @note, with: Entities::Note else # :note is exposed as :body, but :note is set on error - error!(@note.errors[:note], 400) if @note.errors[:note].any? + bad_request!(:note) if @note.errors[:note].any? not_found! end end diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 24761cd5b55..ecd3401fd94 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -45,7 +45,7 @@ module Gitlab # Example Request # POST /projects post do - error!("Name is required", 400) if !params.has_key? :name + bad_request!(:name) if !params.has_key? :name attrs = attributes_for_keys [:name, :description, :default_branch, @@ -101,8 +101,8 @@ module Gitlab post ":id/members" do authorize! :admin_project, user_project - error!("User id not given", 400) if !params.has_key? :user_id - error!("Access level not given", 400) if !params.has_key? :access_level + bad_request!(:user_id) if !params.has_key? :user_id + bad_request!(:access_level) if !params.has_key? :access_level # either the user is already a team member or a new one team_member = user_project.team_member_by_id(params[:user_id]) @@ -133,8 +133,8 @@ module Gitlab authorize! :admin_project, user_project team_member = user_project.users_projects.find_by_user_id(params[:user_id]) - error!("Access level not given", 400) if !params.has_key? :access_level - error!("User can not be found", 404) if team_member.nil? + bad_request!(:access_level) if !params.has_key? :access_level + not_found!("User can not be found") if team_member.nil? if team_member.update_attributes(project_access: params[:access_level]) @member = team_member.user @@ -196,7 +196,7 @@ module Gitlab post ":id/hooks" do authorize! :admin_project, user_project - error!("Url not given", 400) unless params.has_key? :url + bad_request!(:url) unless params.has_key? :url @hook = user_project.hooks.new({"url" => params[:url]}) if @hook.save @@ -218,7 +218,7 @@ module Gitlab @hook = user_project.hooks.find(params[:hook_id]) authorize! :admin_project, user_project - error!("Url not given", 400) unless params.has_key? :url + bad_request!(:url) unless params.has_key? :url attrs = attributes_for_keys [:url] if @hook.update_attributes attrs @@ -237,7 +237,7 @@ module Gitlab # DELETE /projects/:id/hooks delete ":id/hooks" do authorize! :admin_project, user_project - error!("Hook id not given", 400) unless params.has_key? :hook_id + bad_request!(:hook_id) unless params.has_key? :hook_id begin @hook = ProjectHook.find(params[:hook_id]) @@ -368,9 +368,9 @@ module Gitlab post ":id/snippets" do authorize! :write_snippet, user_project - error!("Title not given", 400) if !params[:title].present? - error!("Filename not given", 400) if !params[:file_name].present? - error!("Code not given", 400) if !params[:code].present? + bad_request!(:title) if !params[:title].present? + bad_request!(:file_name) if !params[:file_name].present? + bad_request!(:code) if !params[:code].present? attrs = attributes_for_keys [:title, :file_name] attrs[:expires_at] = params[:lifetime] if params[:lifetime].present? @@ -451,7 +451,7 @@ module Gitlab get ":id/repository/commits/:sha/blob" do authorize! :download_code, user_project - error!("Filepath must be specified", 400) if !params.has_key? :filepath + bad_request!(:filepath) if !params.has_key? :filepath ref = params[:sha] -- cgit v1.2.1 From 6df02adc7a5cb7badf748be783f9a552cf19aeee Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Thu, 14 Feb 2013 15:51:56 +0100 Subject: API: status code 403 returned if new project would exceed limit When the project limit is reached the user is not allowed to create new ones. Instead of error code 404 the status code 403 (Forbidden) is returned with error message via API. --- lib/api/projects.rb | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index ecd3401fd94..87653f04450 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -58,6 +58,9 @@ module Gitlab if @project.saved? present @project, with: Entities::Project else + if @project.errors[:limit_reached].present? + error!(@project.errors[:limit_reached], 403) + end not_found! end end -- cgit v1.2.1 From c305eb31aa1cf1aec24b907e0db1d7b2084400dc Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Thu, 14 Feb 2013 16:55:33 +0100 Subject: API: tests that check status codes for project branches and hooks Status code 422 (Unprocessable Entity) returned if invalid url is given when creating or updating a project hook. --- lib/api/projects.rb | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 87653f04450..cf3e8257a77 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -156,9 +156,9 @@ module Gitlab # DELETE /projects/:id/members/:user_id delete ":id/members/:user_id" do authorize! :admin_project, user_project - users_project = user_project.users_projects.find_by_user_id params[:user_id] - unless users_project.nil? - users_project.destroy + team_member = user_project.users_projects.find_by_user_id(params[:user_id]) + unless team_member.nil? + team_member.destroy else {:message => "Access revoked", :id => params[:user_id].to_i} end @@ -205,6 +205,9 @@ module Gitlab if @hook.save present @hook, with: Entities::Hook else + if @hook.errors[:url].present? + error!("Invalid url given", 422) + end not_found! end end @@ -227,6 +230,9 @@ module Gitlab if @hook.update_attributes attrs present @hook, with: Entities::Hook else + if @hook.errors[:url].present? + error!("Invalid url given", 422) + end not_found! end end @@ -281,6 +287,7 @@ module Gitlab # PUT /projects/:id/repository/branches/:branch/protect put ":id/repository/branches/:branch/protect" do @branch = user_project.repo.heads.find { |item| item.name == params[:branch] } + not_found! unless @branch protected = user_project.protected_branches.find_by_name(@branch.name) unless protected @@ -299,6 +306,7 @@ module Gitlab # PUT /projects/:id/repository/branches/:branch/unprotect put ":id/repository/branches/:branch/unprotect" do @branch = user_project.repo.heads.find { |item| item.name == params[:branch] } + not_found! unless @branch protected = user_project.protected_branches.find_by_name(@branch.name) if protected -- cgit v1.2.1 From 1b97a2eee8b89320de891e3ae8496adfa7f3a84b Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 20 Feb 2013 12:10:51 +0100 Subject: API: fixes return codes, documentation updated with status codes, tests added The users API updated with return codes, e.g. if required parameters are missing a `400 Bad Request` error is returned instead of `404`. Fixes return codes of functions, e.g. deletion of a ssh key is an idempotent function now. The API documentation is updated to reflect the current status of the API. Descriptions are more detailed and complete, infos to return values are added to all functions. --- lib/api/users.rb | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) (limited to 'lib') diff --git a/lib/api/users.rb b/lib/api/users.rb index 7ea90c75e9e..b9dce58a13d 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -41,6 +41,12 @@ module Gitlab # POST /users post do authenticated_as_admin! + + bad_request!(:email) if !params.has_key? :email + bad_request!(:password) if !params.has_key? :password + bad_request!(:name) if !params.has_key? :name + bad_request!(:username) if !params.has_key? :username + attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] user = User.new attrs, as: :admin if user.save @@ -67,10 +73,12 @@ module Gitlab # PUT /users/:id put ":id" do authenticated_as_admin! + attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] - user = User.find_by_id(params[:id]) + user = User.find(params[:id]) + not_found!("User not found") unless user - if user && user.update_attributes(attrs) + if user.update_attributes(attrs) present user, with: Entities::User else not_found! @@ -127,6 +135,9 @@ module Gitlab # Example Request: # POST /user/keys post "keys" do + bad_request!(:title) unless params[:title].present? + bad_request!(:key) unless params[:key].present? + attrs = attributes_for_keys [:title, :key] key = current_user.keys.new attrs if key.save @@ -136,15 +147,18 @@ module Gitlab end end - # Delete existed ssh key of currently authenticated user + # Delete existing ssh key of currently authenticated user # # Parameters: # id (required) - SSH Key ID # Example Request: # DELETE /user/keys/:id delete "keys/:id" do - key = current_user.keys.find params[:id] - key.delete + begin + key = current_user.keys.find params[:id] + key.delete + rescue + end end end end -- cgit v1.2.1 From 33c1463645b51bcb26932e4825df0ce8fee6c729 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 20 Feb 2013 22:17:05 +0100 Subject: API: fixes return codes for notes, documentation updated The notes API documentation updated with return codes. API now returns `400 Bad Request` if required attributes are not present. Return codes are documented now, also tested in added tests. The documentation now reflects the current state of the API. --- lib/api/notes.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lib') diff --git a/lib/api/notes.rb b/lib/api/notes.rb index 56de6e090e5..953514b6f04 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -37,6 +37,8 @@ module Gitlab # Example Request: # POST /projects/:id/notes post ":id/notes" do + bad_request!(:body) unless params[:body].present? + @note = user_project.notes.new(note: params[:body]) @note.author = current_user @@ -91,6 +93,9 @@ module Gitlab # POST /projects/:id/issues/:noteable_id/notes # POST /projects/:id/snippets/:noteable_id/notes post ":id/#{noteables_str}/:#{noteable_id_str}/notes" do + bad_request!(:"#{noteable_id_str}") unless params[:"#{noteable_id_str}"].present? + bad_request!(:body) unless params[:body].present? + @noteable = user_project.send(:"#{noteables_str}").find(params[:"#{noteable_id_str}"]) @note = @noteable.notes.new(note: params[:body]) @note.author = current_user -- cgit v1.2.1 From 4a60c377b8cd531800757894e26cec1ac649046f Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 20 Feb 2013 22:51:59 +0100 Subject: API documentation update for milestones Updated the milestones API documentation and added return codes descriptions. --- lib/api/milestones.rb | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) (limited to 'lib') diff --git a/lib/api/milestones.rb b/lib/api/milestones.rb index 7f8fe053ba1..ff98f005180 100644 --- a/lib/api/milestones.rb +++ b/lib/api/milestones.rb @@ -4,20 +4,6 @@ module Gitlab before { authenticate! } resource :projects do - - helpers do - # If an error occurs this helper method handles error codes for a given milestone - # - # Parameters: - # milestone_errors (required) - The erros collection of a milestone - # - def handle_milestone_errors(milestone_errors) - if milestone_errors[:title].any? - bad_request!(:title) - end - end - end - # Get a list of project milestones # # Parameters: @@ -56,12 +42,13 @@ module Gitlab post ":id/milestones" do authorize! :admin_milestone, user_project + bad_request!(:title) unless params[:title].present? + attrs = attributes_for_keys [:title, :description, :due_date] @milestone = user_project.milestones.new attrs if @milestone.save present @milestone, with: Entities::Milestone else - handle_milestone_errors(@milestone.errors) not_found! end end @@ -85,7 +72,6 @@ module Gitlab if @milestone.update_attributes attrs present @milestone, with: Entities::Milestone else - handle_milestone_errors(@milestone.errors) not_found! end end -- cgit v1.2.1 From e119b0a0cb33b1b7f2dafcf17c2a94af40aed833 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 27 Feb 2013 11:24:12 +0100 Subject: API repository documentation updated, includes infos to return codes The API documentation of repository is updated and now contains infos to status codes. Code documentation is also adjusted for `GET /projects/:id/repository/commits` and includes infos to pagination attributes. Tests are updated. --- lib/api/projects.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 65381dac6ac..c749c24f228 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -331,7 +331,9 @@ module Gitlab # # Parameters: # id (required) - The ID of a project - # ref_name (optional) - The name of a repository branch or tag + # ref_name (optional) - The name of a repository branch or tag, if not given the default branch is used + # page (optional) - The page number of the commit pagination + # per_page (optional) - The number of elements per page used in pagination # Example Request: # GET /projects/:id/repository/commits get ":id/repository/commits" do -- cgit v1.2.1 From 873db06255eae1f69644c2a0815b88c923021c8f Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 27 Feb 2013 12:34:45 +0100 Subject: API: groups documentation updated, functions return different status codes Updates the API documentation of groups with infos to return codes. The function calls in the groups API have updated documentation and return `400 Bad Request` status code if a required attribute is missing. --- lib/api/groups.rb | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/api/groups.rb b/lib/api/groups.rb index a67caef0bc5..3f213073f80 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -6,6 +6,9 @@ module Gitlab resource :groups do # Get a groups list # + # Parameters + # page (optional) - The page number of the groups list + # per_page (optional) - The number of elements per page # Example Request: # GET /groups get do @@ -20,12 +23,16 @@ module Gitlab # Create group. Available only for admin # # Parameters: - # name (required) - Name - # path (required) - Path + # name (required) - The name of the group + # path (required) - The path of the group # Example Request: # POST /groups post do authenticated_as_admin! + + bad_request!(:name) unless params[:name].present? + bad_request!(:path) unless params[:path].present? + attrs = attributes_for_keys [:name, :path] @group = Group.new(attrs) @group.owner = current_user -- cgit v1.2.1 From e96d77d3dbd789981b8e85e7afba9a5908d79483 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 27 Feb 2013 14:36:20 +0100 Subject: API: issues documentation and API functions updated The issues documentation is updated with infos to status codes and the deprecated `DELETE` function and how to close an issue. A few more tests added to check status codes of API functions. --- lib/api/issues.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'lib') diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 70bbf47e72c..da966fc0399 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -48,6 +48,7 @@ module Gitlab # Example Request: # POST /projects/:id/issues post ":id/issues" do + bad_request!(:title) unless params[:title].present? attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id] attrs[:label_list] = params[:labels] if params[:labels].present? @issue = user_project.issues.new attrs -- cgit v1.2.1 From 3b3add35fb88578df96fe9b728ddac896ea9c944 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 27 Feb 2013 15:07:42 +0100 Subject: API: merge request documentation updated, added return codes to functions The API documentation of merge requests contains info to status codes for all functions. Required arguments are now checked in the merge requests API functions and a `400 Bad Request` error is returned if they are not given. --- lib/api/merge_requests.rb | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 4b28094f1a4..76cf8154bf8 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -69,6 +69,10 @@ module Gitlab post ":id/merge_requests" do authorize! :write_merge_request, user_project + bad_request!(:source_branch) unless params[:source_branch].present? + bad_request!(:target_branch) unless params[:target_branch].present? + bad_request!(:title) unless params[:title].present? + attrs = attributes_for_keys [:source_branch, :target_branch, :assignee_id, :title] merge_request = user_project.merge_requests.new(attrs) merge_request.author = current_user @@ -121,6 +125,8 @@ module Gitlab # POST /projects/:id/merge_request/:merge_request_id/comments # post ":id/merge_request/:merge_request_id/comments" do + bad_request!(:note) unless params[:note].present? + merge_request = user_project.merge_requests.find(params[:merge_request_id]) note = merge_request.notes.new(note: params[:note], project_id: user_project.id) note.author = current_user @@ -128,9 +134,6 @@ module Gitlab if note.save present note, with: Entities::MRNote else - if note.errors[:note].any? - bad_request!(:note) - end not_found! end end -- cgit v1.2.1 From 7499f65014257989510da50505fa7c0f5a4fae88 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 27 Feb 2013 17:50:30 +0100 Subject: API: extracted helper method to validate required parameters, code clean up Added a helper method to check if required parameters are given in an API call. Can be used to return a `400 Bad Request` return code if a required attribute is missing. Code clean up and fixed tests. --- lib/api/groups.rb | 4 +--- lib/api/helpers.rb | 11 +++++++++++ lib/api/issues.rb | 2 +- lib/api/merge_requests.rb | 7 ++----- lib/api/milestones.rb | 3 +-- lib/api/notes.rb | 5 ++--- lib/api/projects.rb | 26 +++++++++----------------- lib/api/users.rb | 9 ++------- 8 files changed, 29 insertions(+), 38 deletions(-) (limited to 'lib') diff --git a/lib/api/groups.rb b/lib/api/groups.rb index 3f213073f80..5aaa5eb4f54 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -29,9 +29,7 @@ module Gitlab # POST /groups post do authenticated_as_admin! - - bad_request!(:name) unless params[:name].present? - bad_request!(:path) unless params[:path].present? + required_attributes! [:name, :path] attrs = attributes_for_keys [:name, :path] @group = Group.new(attrs) diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index becb3bce5b0..f12fb5fdbd0 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -41,6 +41,17 @@ module Gitlab abilities.allowed?(object, action, subject) end + # Checks the occurrences of required attributes, each attribute must be present in the params hash + # or a Bad Request error is invoked. + # + # Parameters: + # keys (required) - A hash consisting of keys that must be present + def required_attributes!(keys) + keys.each do |key| + bad_request!(key) unless params[key].present? + end + end + def attributes_for_keys(keys) attrs = {} keys.each do |key| diff --git a/lib/api/issues.rb b/lib/api/issues.rb index da966fc0399..500a8551f35 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -48,7 +48,7 @@ module Gitlab # Example Request: # POST /projects/:id/issues post ":id/issues" do - bad_request!(:title) unless params[:title].present? + required_attributes! [:title] attrs = attributes_for_keys [:title, :description, :assignee_id, :milestone_id] attrs[:label_list] = params[:labels] if params[:labels].present? @issue = user_project.issues.new attrs diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 76cf8154bf8..7e4ec7e803c 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -68,10 +68,7 @@ module Gitlab # post ":id/merge_requests" do authorize! :write_merge_request, user_project - - bad_request!(:source_branch) unless params[:source_branch].present? - bad_request!(:target_branch) unless params[:target_branch].present? - bad_request!(:title) unless params[:title].present? + required_attributes! [:source_branch, :target_branch, :title] attrs = attributes_for_keys [:source_branch, :target_branch, :assignee_id, :title] merge_request = user_project.merge_requests.new(attrs) @@ -125,7 +122,7 @@ module Gitlab # POST /projects/:id/merge_request/:merge_request_id/comments # post ":id/merge_request/:merge_request_id/comments" do - bad_request!(:note) unless params[:note].present? + required_attributes! [:note] merge_request = user_project.merge_requests.find(params[:merge_request_id]) note = merge_request.notes.new(note: params[:note], project_id: user_project.id) diff --git a/lib/api/milestones.rb b/lib/api/milestones.rb index ff98f005180..1adeefece1f 100644 --- a/lib/api/milestones.rb +++ b/lib/api/milestones.rb @@ -41,8 +41,7 @@ module Gitlab # POST /projects/:id/milestones post ":id/milestones" do authorize! :admin_milestone, user_project - - bad_request!(:title) unless params[:title].present? + required_attributes! [:title] attrs = attributes_for_keys [:title, :description, :due_date] @milestone = user_project.milestones.new attrs diff --git a/lib/api/notes.rb b/lib/api/notes.rb index 953514b6f04..759fd3a9819 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -37,7 +37,7 @@ module Gitlab # Example Request: # POST /projects/:id/notes post ":id/notes" do - bad_request!(:body) unless params[:body].present? + required_attributes! [:body] @note = user_project.notes.new(note: params[:body]) @note.author = current_user @@ -93,8 +93,7 @@ module Gitlab # POST /projects/:id/issues/:noteable_id/notes # POST /projects/:id/snippets/:noteable_id/notes post ":id/#{noteables_str}/:#{noteable_id_str}/notes" do - bad_request!(:"#{noteable_id_str}") unless params[:"#{noteable_id_str}"].present? - bad_request!(:body) unless params[:body].present? + required_attributes! [:"#{noteable_id_str}"] @noteable = user_project.send(:"#{noteables_str}").find(params[:"#{noteable_id_str}"]) @note = @noteable.notes.new(note: params[:body]) diff --git a/lib/api/projects.rb b/lib/api/projects.rb index a1a7cee4032..a65d65840b0 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -45,7 +45,7 @@ module Gitlab # Example Request # POST /projects post do - bad_request!(:name) if !params.has_key? :name + required_attributes! [:name] attrs = attributes_for_keys [:name, :description, :default_branch, @@ -103,9 +103,7 @@ module Gitlab # POST /projects/:id/members post ":id/members" do authorize! :admin_project, user_project - - bad_request!(:user_id) if !params.has_key? :user_id - bad_request!(:access_level) if !params.has_key? :access_level + required_attributes! [:user_id, :access_level] # either the user is already a team member or a new one team_member = user_project.team_member_by_id(params[:user_id]) @@ -134,9 +132,9 @@ module Gitlab # PUT /projects/:id/members/:user_id put ":id/members/:user_id" do authorize! :admin_project, user_project + required_attributes! [:access_level] team_member = user_project.users_projects.find_by_user_id(params[:user_id]) - bad_request!(:access_level) if !params.has_key? :access_level not_found!("User can not be found") if team_member.nil? if team_member.update_attributes(project_access: params[:access_level]) @@ -199,8 +197,7 @@ module Gitlab # POST /projects/:id/hooks post ":id/hooks" do authorize! :admin_project, user_project - - bad_request!(:url) unless params.has_key? :url + required_attributes! [:url] @hook = user_project.hooks.new({"url" => params[:url]}) if @hook.save @@ -224,8 +221,7 @@ module Gitlab put ":id/hooks/:hook_id" do @hook = user_project.hooks.find(params[:hook_id]) authorize! :admin_project, user_project - - bad_request!(:url) unless params.has_key? :url + required_attributes! [:url] attrs = attributes_for_keys [:url] if @hook.update_attributes attrs @@ -245,9 +241,9 @@ module Gitlab # hook_id (required) - The ID of hook to delete # Example Request: # DELETE /projects/:id/hooks/:hook_id - delete ":id/hooks/:hook_id" do + delete ":id/hooks" do authorize! :admin_project, user_project - bad_request!(:hook_id) unless params.has_key? :hook_id + required_attributes! [:hook_id] begin @hook = ProjectHook.find(params[:hook_id]) @@ -381,10 +377,7 @@ module Gitlab # POST /projects/:id/snippets post ":id/snippets" do authorize! :write_snippet, user_project - - bad_request!(:title) if !params[:title].present? - bad_request!(:file_name) if !params[:file_name].present? - bad_request!(:code) if !params[:code].present? + required_attributes! [:title, :file_name, :code] attrs = attributes_for_keys [:title, :file_name] attrs[:expires_at] = params[:lifetime] if params[:lifetime].present? @@ -464,8 +457,7 @@ module Gitlab # GET /projects/:id/repository/commits/:sha/blob get ":id/repository/commits/:sha/blob" do authorize! :download_code, user_project - - bad_request!(:filepath) if !params.has_key? :filepath + required_attributes! [:filepath] ref = params[:sha] diff --git a/lib/api/users.rb b/lib/api/users.rb index b9dce58a13d..5e0680de71a 100644 --- a/lib/api/users.rb +++ b/lib/api/users.rb @@ -41,11 +41,7 @@ module Gitlab # POST /users post do authenticated_as_admin! - - bad_request!(:email) if !params.has_key? :email - bad_request!(:password) if !params.has_key? :password - bad_request!(:name) if !params.has_key? :name - bad_request!(:username) if !params.has_key? :username + required_attributes! [:email, :password, :name, :username] attrs = attributes_for_keys [:email, :name, :password, :skype, :linkedin, :twitter, :projects_limit, :username, :extern_uid, :provider, :bio] user = User.new attrs, as: :admin @@ -135,8 +131,7 @@ module Gitlab # Example Request: # POST /user/keys post "keys" do - bad_request!(:title) unless params[:title].present? - bad_request!(:key) unless params[:key].present? + required_attributes! [:title, :key] attrs = attributes_for_keys [:title, :key] key = current_user.keys.new attrs -- cgit v1.2.1 From d269d107d86c600ab2add651f47cced8f601ae84 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Wed, 27 Feb 2013 18:12:02 +0100 Subject: API: fixed adding a note Now the correct attribute is checked if it's available or not. Also fixed a test. --- lib/api/notes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/api/notes.rb b/lib/api/notes.rb index 759fd3a9819..097cc7ea475 100644 --- a/lib/api/notes.rb +++ b/lib/api/notes.rb @@ -93,7 +93,7 @@ module Gitlab # POST /projects/:id/issues/:noteable_id/notes # POST /projects/:id/snippets/:noteable_id/notes post ":id/#{noteables_str}/:#{noteable_id_str}/notes" do - required_attributes! [:"#{noteable_id_str}"] + required_attributes! [:body] @noteable = user_project.send(:"#{noteables_str}").find(params[:"#{noteable_id_str}"]) @note = @noteable.notes.new(note: params[:body]) -- cgit v1.2.1 From cce35b6d057611d792bdc70022bd7264798527a7 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Tue, 5 Mar 2013 22:33:45 +0100 Subject: Fixes api --- lib/api/projects.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/api/projects.rb b/lib/api/projects.rb index 6df00db70a0..cf48f88bec9 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -52,8 +52,7 @@ module Gitlab :issues_enabled, :wall_enabled, :merge_requests_enabled, - :wiki_enabled, - :namespace_id] + :wiki_enabled] @project = ::Projects::CreateContext.new(current_user, attrs).execute if @project.saved? present @project, with: Entities::Project -- cgit v1.2.1 From b5ef6d226864d3ea132d2c6e97b74b51f2b64a6f Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Tue, 5 Mar 2013 23:43:05 +0100 Subject: API: refactored and simplified error handling in merge requests API --- lib/api/merge_requests.rb | 23 ++++++----------------- lib/api/projects.rb | 3 ++- 2 files changed, 8 insertions(+), 18 deletions(-) (limited to 'lib') diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb index 7e4ec7e803c..5adf57b36c5 100644 --- a/lib/api/merge_requests.rb +++ b/lib/api/merge_requests.rb @@ -4,21 +4,12 @@ module Gitlab before { authenticate! } resource :projects do - helpers do - # If an error occurred this helper method provides an appropriate status code - # - # Parameters: - # merge_request_errors (required) - The errors collection of MR - # - def handle_merge_request_error(merge_request_errors) - if merge_request_errors[:target_branch].any? - bad_request!(:target_branch) - elsif merge_request_errors[:source_branch].any? - bad_request!(:source_branch) - elsif merge_request_errors[:base].any? - error!(merge_request_errors[:base], 422) + def handle_merge_request_errors!(errors) + if errors[:project_access].any? + error!(errors[:project_access], 422) end + not_found! end end @@ -78,8 +69,7 @@ module Gitlab merge_request.reload_code present merge_request, with: Entities::MergeRequest else - handle_merge_request_error(merge_request.errors) - not_found! + handle_merge_request_errors! merge_request.errors end end @@ -107,8 +97,7 @@ module Gitlab merge_request.mark_as_unchecked present merge_request, with: Entities::MergeRequest else - handle_merge_request_error(merge_request.errors) - not_found! + handle_merge_request_errors! merge_request.errors end end diff --git a/lib/api/projects.rb b/lib/api/projects.rb index cf48f88bec9..b8efef318d3 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -233,7 +233,7 @@ module Gitlab end end - # Delete project hook + # Deletes project hook. This is an idempotent function. # # Parameters: # id (required) - The ID of a project @@ -248,6 +248,7 @@ module Gitlab @hook = ProjectHook.find(params[:hook_id]) @hook.destroy rescue + # ProjectHook can raise Error if hook_id not found end end -- cgit v1.2.1 From ecf53bb9e616b724bafc939d5e74744e774e3fd2 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Thu, 7 Mar 2013 15:11:33 +0100 Subject: API: fixes project creation and removed redundant info --- lib/api/groups.rb | 3 --- lib/api/projects.rb | 6 +++--- 2 files changed, 3 insertions(+), 6 deletions(-) (limited to 'lib') diff --git a/lib/api/groups.rb b/lib/api/groups.rb index beb615195a8..52fa8eff33c 100644 --- a/lib/api/groups.rb +++ b/lib/api/groups.rb @@ -6,9 +6,6 @@ module Gitlab resource :groups do # Get a groups list # - # Parameters - # page (optional) - The page number of the groups list - # per_page (optional) - The number of elements per page # Example Request: # GET /groups get do diff --git a/lib/api/projects.rb b/lib/api/projects.rb index b1d6357fbbb..e82cfeca45d 100644 --- a/lib/api/projects.rb +++ b/lib/api/projects.rb @@ -42,6 +42,7 @@ module Gitlab # wall_enabled (optional) - enabled by default # merge_requests_enabled (optional) - enabled by default # wiki_enabled (optional) - enabled by default + # namespace_id (optional) - defaults to user namespace # Example Request # POST /projects post do @@ -52,7 +53,8 @@ module Gitlab :issues_enabled, :wall_enabled, :merge_requests_enabled, - :wiki_enabled] + :wiki_enabled, + :namespace_id] @project = ::Projects::CreateContext.new(current_user, attrs).execute if @project.saved? present @project, with: Entities::Project @@ -360,8 +362,6 @@ module Gitlab # Parameters: # id (required) - The ID of a project # ref_name (optional) - The name of a repository branch or tag, if not given the default branch is used - # page (optional) - The page number of the commit pagination - # per_page (optional) - The number of elements per page used in pagination # Example Request: # GET /projects/:id/repository/commits get ":id/repository/commits" do -- cgit v1.2.1