Merge branch '207472-api-update-note-conf' into 'master'

Add confidential attr to API for notes update See merge request gitlab-org/gitlab!37932

Merge branch '207472-api-update-note-conf' into 'master'
Add confidential attr to API for notes update See merge request gitlab-org/gitlab!37932
30c3da73 · Stan Hu · b5d674da · 01f52ff3 · 30c3da73 · 30c3da73
Commit 30c3da73 authored Jul 29, 2020 by Stan Hu
5 changed files
--- a/changelogs/unreleased/207472-api-update-note-conf.yml
+++ b/changelogs/unreleased/207472-api-update-note-conf.yml
+---
+title: Add confidential attribute to public API for notes update
+merge_request: 37932
+author:
+type: added
--- a/doc/api/notes.md
+++ b/doc/api/notes.md
@@ -145,10 +145,11 @@ PUT /projects/:id/issues/:issue_iid/notes/:note_id

 Parameters:

- `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding)
- `issue_iid` (required) - The IID of an issue
- `note_id` (required) - The ID of a note
- `body` (required) - The content of a note. Limited to 1,000,000 characters.
+- `id` (required) - The ID or [URL-encoded path of the project](README.md#namespaced-path-encoding).
+- `issue_iid` (required) - The IID of an issue.
+- `note_id` (required) - The ID of a note.
+- `body` (optional) - The content of a note. Limited to 1,000,000 characters.
+- `confidential` (optional) - The confidential flag of a note.

 ```shell
 curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/issues/11/notes?body=note"

--- a/lib/api/helpers/notes_helpers.rb
+++ b/lib/api/helpers/notes_helpers.rb
@@ -17,8 +17,9 @@ module API
        authorize! :admin_note, note

        opts = {
-          note: params[:body]
-        }
+          note: params[:body],
+          confidential: params[:confidential]
+        }.compact
        parent = noteable_parent(noteable)
        project = parent if parent.is_a?(Project)


--- a/lib/api/notes.rb
+++ b/lib/api/notes.rb
@@ -101,7 +101,8 @@ module API
        params do
          requires :noteable_id, type: Integer, desc: 'The ID of the noteable'
          requires :note_id, type: Integer, desc: 'The ID of a note'
-          requires :body, type: String, desc: 'The content of a note'
+          optional :body, type: String, allow_blank: false, desc: 'The content of a note'
+          optional :confidential, type: Boolean, desc: 'Confidentiality note flag'
        end
        put ":id/#{noteables_str}/:noteable_id/notes/:note_id" do
          noteable = find_noteable(noteable_type, params[:noteable_id])

--- a/spec/support/shared_examples/requests/api/notes_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/notes_shared_examples.rb
@@ -277,12 +277,53 @@ RSpec.shared_examples 'noteable API' do |parent_type, noteable_type, id_name|
  end

  describe "PUT /#{parent_type}/:id/#{noteable_type}/:noteable_id/notes/:note_id" do
-    it 'returns modified note' do
-      put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
-                "notes/#{note.id}", user), params: { body: 'Hello!' }
+    let(:params) { { body: 'Hello!', confidential: false } }

-      expect(response).to have_gitlab_http_status(:ok)
-      expect(json_response['body']).to eq('Hello!')
+    subject do
+      put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/notes/#{note.id}", user), params: params
+    end
+
+    context 'when eveything is ok' do
+      before do
+        note.update!(confidential: true)
+      end
+
+      context 'with multiple params present' do
+        before do
+          subject
+        end
+
+        it 'returns modified note' do
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response['body']).to eq('Hello!')
+          expect(json_response['confidential']).to be_falsey
+        end
+
+        it 'updates the note' do
+          expect(note.reload.note).to eq('Hello!')
+          expect(note.confidential).to be_falsey
+        end
+      end
+
+      context 'when only body param is present' do
+        let(:params) { { body: 'Hello!' } }
+
+        it 'updates only the note text' do
+          expect { subject }.not_to change { note.reload.confidential }
+
+          expect(note.note).to eq('Hello!')
+        end
+      end
+
+      context 'when only confidential param is present' do
+        let(:params) { { confidential: false } }
+
+        it 'updates only the note text' do
+          expect { subject }.not_to change { note.reload.note }
+
+          expect(note.confidential).to be_falsey
+        end
+      end
    end

    it 'returns a 404 error when note id not found' do
@@ -292,9 +333,9 @@ RSpec.shared_examples 'noteable API' do |parent_type, noteable_type, id_name|
      expect(response).to have_gitlab_http_status(:not_found)
    end

-    it 'returns a 400 bad request error if body not given' do
+    it 'returns a 400 bad request error if body is empty' do
      put api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/"\
-                "notes/#{note.id}", user)
+                "notes/#{note.id}", user), params: { body: '' }

      expect(response).to have_gitlab_http_status(:bad_request)
    end