Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
ff4e81e0
Commit
ff4e81e0
authored
Sep 18, 2017
by
haseeb
Committed by
Rémy Coutable
Sep 18, 2017
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
fix #35290 Make read-only API for public merge requests available without authentication
parent
8d568fe3
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
40 additions
and
6 deletions
+40
-6
app/finders/issuable_finder.rb
app/finders/issuable_finder.rb
+2
-0
changelogs/unreleased/35290_allow_public_project_apis.yml
changelogs/unreleased/35290_allow_public_project_apis.yml
+4
-0
lib/api/merge_requests.rb
lib/api/merge_requests.rb
+2
-1
spec/requests/api/merge_requests_spec.rb
spec/requests/api/merge_requests_spec.rb
+32
-5
No files found.
app/finders/issuable_finder.rb
View file @
ff4e81e0
...
@@ -244,6 +244,8 @@ class IssuableFinder
...
@@ -244,6 +244,8 @@ class IssuableFinder
end
end
def
by_scope
(
items
)
def
by_scope
(
items
)
return
items
.
none
if
current_user_related?
&&
!
current_user
case
params
[
:scope
]
case
params
[
:scope
]
when
'created-by-me'
,
'authored'
when
'created-by-me'
,
'authored'
items
.
where
(
author_id:
current_user
.
id
)
items
.
where
(
author_id:
current_user
.
id
)
...
...
changelogs/unreleased/35290_allow_public_project_apis.yml
0 → 100644
View file @
ff4e81e0
---
title
:
made read-only APIs for public merge requests available without authentication
merge_request
:
13291
author
:
haseebeqx
lib/api/merge_requests.rb
View file @
ff4e81e0
...
@@ -2,7 +2,7 @@ module API
...
@@ -2,7 +2,7 @@ module API
class
MergeRequests
<
Grape
::
API
class
MergeRequests
<
Grape
::
API
include
PaginationParams
include
PaginationParams
before
{
authenticate!
}
before
{
authenticate
_non_get
!
}
helpers
::
Gitlab
::
IssuableMetadata
helpers
::
Gitlab
::
IssuableMetadata
...
@@ -55,6 +55,7 @@ module API
...
@@ -55,6 +55,7 @@ module API
desc:
'Return merge requests for the given scope: `created-by-me`, `assigned-to-me` or `all`'
desc:
'Return merge requests for the given scope: `created-by-me`, `assigned-to-me` or `all`'
end
end
get
do
get
do
authenticate!
unless
params
[
:scope
]
==
'all'
merge_requests
=
find_merge_requests
merge_requests
=
find_merge_requests
options
=
{
with:
Entities
::
MergeRequestBasic
,
options
=
{
with:
Entities
::
MergeRequestBasic
,
...
...
spec/requests/api/merge_requests_spec.rb
View file @
ff4e81e0
...
@@ -28,10 +28,29 @@ describe API::MergeRequests do
...
@@ -28,10 +28,29 @@ describe API::MergeRequests do
describe
'GET /merge_requests'
do
describe
'GET /merge_requests'
do
context
'when unauthenticated'
do
context
'when unauthenticated'
do
it
'returns authentication error'
do
it
'returns an array of all merge requests'
do
get
api
(
'/merge_requests'
)
get
api
(
'/merge_requests'
,
user
),
scope:
'all'
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
).
to
be_an
Array
end
it
"returns authentication error without any scope"
do
get
api
(
"/merge_requests"
)
expect
(
response
).
to
have_http_status
(
401
)
end
it
"returns authentication error when scope is assigned-to-me"
do
get
api
(
"/merge_requests"
),
scope:
'assigned-to-me'
expect
(
response
).
to
have_gitlab_http_status
(
401
)
expect
(
response
).
to
have_http_status
(
401
)
end
it
"returns authentication error when scope is created-by-me"
do
get
api
(
"/merge_requests"
),
scope:
'created-by-me'
expect
(
response
).
to
have_http_status
(
401
)
end
end
end
end
...
@@ -134,10 +153,18 @@ describe API::MergeRequests do
...
@@ -134,10 +153,18 @@ describe API::MergeRequests do
describe
"GET /projects/:id/merge_requests"
do
describe
"GET /projects/:id/merge_requests"
do
context
"when unauthenticated"
do
context
"when unauthenticated"
do
it
"returns authentication error"
do
it
'returns merge requests for public projects'
do
get
api
(
"/projects/
#{
project
.
id
}
/merge_requests"
)
expect
(
response
).
to
have_http_status
(
200
)
expect
(
json_response
).
to
be_an
Array
end
it
"returns 404 for non public projects"
do
project
=
create
(
:project
,
:private
)
get
api
(
"/projects/
#{
project
.
id
}
/merge_requests"
)
get
api
(
"/projects/
#{
project
.
id
}
/merge_requests"
)
expect
(
response
).
to
have_
gitlab_http_status
(
401
)
expect
(
response
).
to
have_
http_status
(
404
)
end
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment