Commit 50a78448 authored by Douwe Maan's avatar Douwe Maan

Merge branch 'public-tags-api' into 'master'

Allow public access to some Tag API endpoints

Continuation of #4269.

See merge request !7896
parents cf2206eb 9e307b93
---
title: Allow public access to some Tag API endpoints
merge_request:
author:
...@@ -2,7 +2,9 @@ ...@@ -2,7 +2,9 @@
## List project repository tags ## List project repository tags
Get a list of repository tags from a project, sorted by name in reverse alphabetical order. Get a list of repository tags from a project, sorted by name in reverse
alphabetical order. This endpoint can be accessed without authentication if the
repository is publicly accessible.
``` ```
GET /projects/:id/repository/tags GET /projects/:id/repository/tags
...@@ -40,7 +42,8 @@ Parameters: ...@@ -40,7 +42,8 @@ Parameters:
## Get a single repository tag ## Get a single repository tag
Get a specific repository tag determined by its name. Get a specific repository tag determined by its name. This endpoint can be
accessed without authentication if the repository is publicly accessible.
``` ```
GET /projects/:id/repository/tags/:tag_name GET /projects/:id/repository/tags/:tag_name
......
module API module API
# Git Tags API # Git Tags API
class Tags < Grape::API class Tags < Grape::API
before { authenticate! }
before { authorize! :download_code, user_project } before { authorize! :download_code, user_project }
params do params do
......
...@@ -15,6 +15,31 @@ describe API::Tags, api: true do ...@@ -15,6 +15,31 @@ describe API::Tags, api: true do
let(:tag_name) { project.repository.tag_names.sort.reverse.first } let(:tag_name) { project.repository.tag_names.sort.reverse.first }
let(:description) { 'Awesome release!' } let(:description) { 'Awesome release!' }
shared_examples_for 'repository tags' do
it 'returns the repository tags' do
get api("/projects/#{project.id}/repository/tags", current_user)
expect(response).to have_http_status(200)
first_tag = json_response.first
expect(first_tag['name']).to eq(tag_name)
end
end
context 'when unauthenticated' do
it_behaves_like 'repository tags' do
let(:project) { create(:project, :public) }
let(:current_user) { nil }
end
end
context 'when authenticated' do
it_behaves_like 'repository tags' do
let(:current_user) { user }
end
end
context 'without releases' do context 'without releases' do
it "returns an array of project tags" do it "returns an array of project tags" do
get api("/projects/#{project.id}/repository/tags", user) get api("/projects/#{project.id}/repository/tags", user)
...@@ -45,17 +70,33 @@ describe API::Tags, api: true do ...@@ -45,17 +70,33 @@ describe API::Tags, api: true do
describe 'GET /projects/:id/repository/tags/:tag_name' do describe 'GET /projects/:id/repository/tags/:tag_name' do
let(:tag_name) { project.repository.tag_names.sort.reverse.first } let(:tag_name) { project.repository.tag_names.sort.reverse.first }
it 'returns a specific tag' do shared_examples_for 'repository tag' do
get api("/projects/#{project.id}/repository/tags/#{tag_name}", user) it 'returns the repository tag' do
get api("/projects/#{project.id}/repository/tags/#{tag_name}", current_user)
expect(response).to have_http_status(200)
expect(json_response['name']).to eq(tag_name)
end
it 'returns 404 for an invalid tag name' do
get api("/projects/#{project.id}/repository/tags/foobar", current_user)
expect(response).to have_http_status(200) expect(response).to have_http_status(404)
expect(json_response['name']).to eq(tag_name) end
end end
it 'returns 404 for an invalid tag name' do context 'when unauthenticated' do
get api("/projects/#{project.id}/repository/tags/foobar", user) it_behaves_like 'repository tag' do
let(:project) { create(:project, :public) }
let(:current_user) { nil }
end
end
expect(response).to have_http_status(404) context 'when authenticated' do
it_behaves_like 'repository tag' do
let(:current_user) { user }
end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment