Commit 30c3da73 authored by Stan Hu's avatar Stan Hu

Merge branch '207472-api-update-note-conf' into 'master'

Add confidential attr to API for notes update

See merge request gitlab-org/gitlab!37932
parents b5d674da 01f52ff3
---
title: Add confidential attribute to public API for notes update
merge_request: 37932
author:
type: added
......@@ -145,10 +145,11 @@ PUT /projects/:id/issues/:issue_iid/notes/:note_id
Parameters:
- `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding)
- `issue_iid` (required) - The IID of an issue
- `note_id` (required) - The ID of a note
- `body` (required) - The content of a note. Limited to 1,000,000 characters.
- `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding).
- `issue_iid` (required) - The IID of an issue.
- `note_id` (required) - The ID of a note.
- `body` (optional) - The content of a note. Limited to 1,000,000 characters.
- `confidential` (optional) - The confidential flag of a note.
```shell
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/issues/11/notes?body=note"
......
......@@ -17,8 +17,9 @@ module API
authorize! :admin_note, note
opts = {
note: params[:body]
}
note: params[:body],
confidential: params[:confidential]
}.compact
parent = noteable_parent(noteable)
project = parent if parent.is_a?(Project)
......
......@@ -101,7 +101,8 @@ module API
params do
requires :noteable_id, type: Integer, desc: 'The ID of the noteable'
requires :note_id, type: Integer, desc: 'The ID of a note'
requires :body, type: String, desc: 'The content of a note'
optional :body, type: String, allow_blank: false, desc: 'The content of a note'
optional :confidential, type: Boolean, desc: 'Confidentiality note flag'
end
put ":id/#{noteables_str}/:noteable_id/notes/:note_id" do
noteable = find_noteable(noteable_type, params[:noteable_id])
......
......@@ -277,12 +277,53 @@ RSpec.shared_examples 'noteable API' do |parent_type, noteable_type, id_name|
end
describe "PUT /#{parent_type}/:id/#{noteable_type}/:noteable_id/notes/:note_id" do
it 'returns modified note' do
put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
"notes/#{note.id}", user), params: { body: 'Hello!' }
let(:params) { { body: 'Hello!', confidential: false } }
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['body']).to eq('Hello!')
subject do
put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes/#{note.id}", user), params: params
end
context 'when eveything is ok' do
before do
note.update!(confidential: true)
end
context 'with multiple params present' do
before do
subject
end
it 'returns modified note' do
expect(response).to have_gitlab_http_status(:ok)
expect(json_response['body']).to eq('Hello!')
expect(json_response['confidential']).to be_falsey
end
it 'updates the note' do
expect(note.reload.note).to eq('Hello!')
expect(note.confidential).to be_falsey
end
end
context 'when only body param is present' do
let(:params) { { body: 'Hello!' } }
it 'updates only the note text' do
expect { subject }.not_to change { note.reload.confidential }
expect(note.note).to eq('Hello!')
end
end
context 'when only confidential param is present' do
let(:params) { { confidential: false } }
it 'updates only the note text' do
expect { subject }.not_to change { note.reload.note }
expect(note.confidential).to be_falsey
end
end
end
it 'returns a 404 error when note id not found' do
......@@ -292,9 +333,9 @@ RSpec.shared_examples 'noteable API' do |parent_type, noteable_type, id_name|
expect(response).to have_gitlab_http_status(:not_found)
end
it 'returns a 400 bad request error if body not given' do
it 'returns a 400 bad request error if body is empty' do
put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
"notes/#{note.id}", user)
"notes/#{note.id}", user), params: { body: '' }
expect(response).to have_gitlab_http_status(:bad_request)
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment