Commit 888aa6fd authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch...

Merge branch '27946-merge-request-discussions-api-doesn-t-reject-an-error-input-in-some-case' into 'master'

Resolve "Merge request discussions API doesn't reject an error input in some case"

Closes #27946

See merge request gitlab-org/gitlab!21936
parents 7c154fe7 0812dc35
---
title: Resolve "Merge request discussions API doesn't reject an error input in some
case"
merge_request: 21936
author:
type: fixed
...@@ -5,11 +5,11 @@ require 'spec_helper' ...@@ -5,11 +5,11 @@ require 'spec_helper'
describe DiffNote do describe DiffNote do
include RepoHelpers include RepoHelpers
let!(:merge_request) { create(:merge_request) } let_it_be(:merge_request) { create(:merge_request) }
let(:project) { merge_request.project } let_it_be(:project) { merge_request.project }
let(:commit) { project.commit(sample_commit.id) } let_it_be(:commit) { project.commit(sample_commit.id) }
let(:path) { "files/ruby/popen.rb" } let_it_be(:path) { "files/ruby/popen.rb" }
let(:diff_refs) { merge_request.diff_refs } let(:diff_refs) { merge_request.diff_refs }
let!(:position) do let!(:position) do
......
...@@ -49,6 +49,18 @@ describe API::Discussions do ...@@ -49,6 +49,18 @@ describe API::Discussions do
it_behaves_like 'discussions API', 'projects', 'merge_requests', 'iid', can_reply_to_individual_notes: true it_behaves_like 'discussions API', 'projects', 'merge_requests', 'iid', can_reply_to_individual_notes: true
it_behaves_like 'diff discussions API', 'projects', 'merge_requests', 'iid' it_behaves_like 'diff discussions API', 'projects', 'merge_requests', 'iid'
it_behaves_like 'resolvable discussions API', 'projects', 'merge_requests', 'iid' it_behaves_like 'resolvable discussions API', 'projects', 'merge_requests', 'iid'
context "when position is for a previous commit on the merge request" do
it "returns a 400 bad request error because the line_code is old" do
# SHA taken from an earlier commit listed in spec/factories/merge_requests.rb
position = diff_note.position.to_h.merge(new_line: 'c1acaa58bbcbc3eafe538cb8274ba387047b69f8')
post api("/projects/#{project.id}/merge_requests/#{noteable['iid']}/discussions", user),
params: { body: 'hi!', position: position }
expect(response).to have_gitlab_http_status(400)
end
end
end end
context 'when noteable is a Commit' do context 'when noteable is a Commit' do
......
...@@ -38,7 +38,8 @@ shared_examples 'diff discussions API' do |parent_type, noteable_type, id_name| ...@@ -38,7 +38,8 @@ shared_examples 'diff discussions API' do |parent_type, noteable_type, id_name|
expect(json_response['notes'].first['position']).to eq(position.stringify_keys) expect(json_response['notes'].first['position']).to eq(position.stringify_keys)
end end
it "returns a 400 bad request error when position is invalid" do context "when position is invalid" do
it "returns a 400 bad request error when position is not plausible" do
position = diff_note.position.to_h.merge(new_line: '100000') position = diff_note.position.to_h.merge(new_line: '100000')
post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user), post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user),
...@@ -46,6 +47,16 @@ shared_examples 'diff discussions API' do |parent_type, noteable_type, id_name| ...@@ -46,6 +47,16 @@ shared_examples 'diff discussions API' do |parent_type, noteable_type, id_name|
expect(response).to have_gitlab_http_status(400) expect(response).to have_gitlab_http_status(400)
end end
it "returns a 400 bad request error when the position is not valid for this discussion" do
position = diff_note.position.to_h.merge(new_line: '588440f66559714280628a4f9799f0c4eb880a4a')
post api("/#{parent_type}/#{parent.id}/#{noteable_type}/#{noteable[id_name]}/discussions", user),
params: { body: 'hi!', position: position }
expect(response).to have_gitlab_http_status(400)
end
end
end end
describe "POST /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id/notes" do describe "POST /#{parent_type}/:id/#{noteable_type}/:noteable_id/discussions/:discussion_id/notes" do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment