Merge branch 'dz-single-package-api' into 'master'

Add single package API endpoint Closes #9924 See merge request gitlab-org/gitlab-ee!9667

Merge branch 'dz-single-package-api' into 'master'
Add single package API endpoint Closes #9924 See merge request gitlab-org/gitlab-ee!9667
fc367078 · Stan Hu · a26370e0 · a3125d8d · fc367078 · fc367078
Commit fc367078 authored Feb 28, 2019 by Stan Hu
4 changed files
--- a/doc/api/packages.md
+++ b/doc/api/packages.md
@@ -42,6 +42,36 @@ Example response:

 By default, the `GET` request will return 20 results, since the API is [paginated](README.md#pagination).

+## Get a project package
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9667) in GitLab 11.9.
+
+Get a single project package.
+
+```
+GET /projects/:id/packages/:package_id
+```
+
+| Attribute | Type | Required | Description |
+| --------- | ---- | -------- | ----------- |
+| `id`      | integer/string | yes | ID or [URL-encoded path of the project](README.md#namespaced-path-encoding). |
+| `package_id`      | integer | yes | ID of a package. |
+
+```bash
+curl --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/projects/:id/packages/:package_id
+```
+
+Example response:
+
+```json
+{
+  "id": 1,
+  "name": "com/mycompany/my-app",
+  "version": "1.0-SNAPSHOT",
+  "package_type": "maven"
+}
+```
+
 ## List package files

 > [Introduced](https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9305) in GitLab 11.8.

--- a/ee/changelogs/unreleased/dz-single-package-api.yml
+++ b/ee/changelogs/unreleased/dz-single-package-api.yml
+---
+title: Add single package API endpoint
+merge_request: 9667
+author:
+type: added
--- a/ee/lib/api/packages.rb
+++ b/ee/lib/api/packages.rb
@@ -29,6 +29,20 @@ module API
        present paginate(packages), with: EE::API::Entities::Package
      end

+      desc 'Get a single project package' do
+        detail 'This feature was introduced in GitLab 11.9'
+        success EE::API::Entities::Package
+      end
+      params do
+        requires :package_id, type: Integer, desc: 'The ID of a package'
+      end
+      get ':id/packages/:package_id' do
+        package = ::Packages::PackageFinder
+          .new(user_project, params[:package_id]).execute
+
+        present package, with: EE::API::Entities::Package
+      end
+
      desc 'Remove a package' do
        detail 'This feature was introduced in GitLab 11.9'
      end

--- a/ee/spec/requests/api/packages_spec.rb
+++ b/ee/spec/requests/api/packages_spec.rb
@@ -6,6 +6,10 @@ describe API::Packages do
  let(:user) { create(:user) }
  let(:project) { create(:project, :public) }
  let(:package) { create(:npm_package, project: project) }
+  let(:package_url) { "/projects/#{project.id}/packages/#{package.id}" }
+  let(:another_package) { create(:npm_package) }
+  let(:no_package_url) { "/projects/#{project.id}/packages/0" }
+  let(:wrong_package_url) { "/projects/#{project.id}/packages/#{another_package.id}" }

  describe 'GET /projects/:id/packages' do
    let(:url) { "/projects/#{project.id}/packages" }
@@ -33,7 +37,7 @@ describe API::Packages do
        end

        it 'returns 404 for a user without access to the project' do
-          get api(url, user)
+          get api(no_package_url, user)

          expect(response).to have_gitlab_http_status(404)
        end
@@ -90,9 +94,73 @@ describe API::Packages do
    end
  end

-  describe 'DELETE /projects/:id/packages/:package_id' do
-    let(:url) { "/projects/#{project.id}/packages/#{package.id}" }
+  describe 'GET /projects/:id/packages/:package_id' do
+    context 'packages feature enabled' do
+      before do
+        stub_licensed_features(packages: true)
+      end
+
+      context 'project is public' do
+        it 'returns 200 and the package information' do
+          get api(package_url, user)
+
+          expect(response).to have_gitlab_http_status(200)
+          expect(response).to match_response_schema('public_api/v4/packages/package', dir: 'ee')
+        end
+
+        it 'returns 404 when the package does not exist' do
+          get api(no_package_url, user)
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+
+        it 'returns 404 for the package from a different project' do
+          get api(wrong_package_url, user)
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+      end
+
+      context 'project is private' do
+        let(:project) { create(:project, :private) }
+
+        it 'returns 404 for non authenticated user' do
+          get api(package_url)
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+
+        it 'returns 404 for a user without access to the project' do
+          get api(package_url, user)
+
+          expect(response).to have_gitlab_http_status(404)
+        end

+        it 'returns 200 and the package information' do
+          project.add_developer(user)
+
+          get api(package_url, user)
+
+          expect(response).to have_gitlab_http_status(200)
+          expect(response).to match_response_schema('public_api/v4/packages/package', dir: 'ee')
+        end
+      end
+    end
+
+    context 'packages feature disabled' do
+      before do
+        stub_licensed_features(packages: false)
+      end
+
+      it 'returns 403' do
+        get api(package_url, user)
+
+        expect(response).to have_gitlab_http_status(403)
+      end
+    end
+  end
+
+  describe 'DELETE /projects/:id/packages/:package_id' do
    context 'packages feature enabled' do
      before do
        stub_licensed_features(packages: true)
@@ -100,13 +168,13 @@ describe API::Packages do

      context 'project is public' do
        it 'returns 403 for non authenticated user' do
-          delete api(url)
+          delete api(package_url)

          expect(response).to have_gitlab_http_status(403)
        end

        it 'returns 403 for a user without access to the project' do
-          delete api(url, user)
+          delete api(package_url, user)

          expect(response).to have_gitlab_http_status(403)
        end
@@ -116,13 +184,29 @@ describe API::Packages do
        let(:project) { create(:project, :private) }

        it 'returns 404 for non authenticated user' do
-          delete api(url)
+          delete api(package_url)

          expect(response).to have_gitlab_http_status(404)
        end

        it 'returns 404 for a user without access to the project' do
-          delete api(url, user)
+          delete api(package_url, user)
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+
+        it 'returns 404 when the package does not exist' do
+          project.add_maintainer(user)
+
+          delete api(no_package_url, user)
+
+          expect(response).to have_gitlab_http_status(404)
+        end
+
+        it 'returns 404 for the package from a different project' do
+          project.add_maintainer(user)
+
+          delete api(wrong_package_url, user)

          expect(response).to have_gitlab_http_status(404)
        end
@@ -130,7 +214,7 @@ describe API::Packages do
        it 'returns 403 for a user without enough permissions' do
          project.add_developer(user)

-          delete api(url, user)
+          delete api(package_url, user)

          expect(response).to have_gitlab_http_status(403)
        end
@@ -138,7 +222,7 @@ describe API::Packages do
        it 'returns 204' do
          project.add_maintainer(user)

-          delete api(url, user)
+          delete api(package_url, user)

          expect(response).to have_gitlab_http_status(204)
        end
@@ -151,7 +235,7 @@ describe API::Packages do
      end

      it 'returns 403' do
-        delete api(url, user)
+        delete api(package_url, user)

        expect(response).to have_gitlab_http_status(403)
      end