# frozen_string_literal: true

require 'spec_helper'

RSpec.describe API::Notes do
  let!(:user) { create(:user) }
  let!(:project) { create(:project, :public) }
  let(:private_user) { create(:user) }

  before do
    project.add_reporter(user)
  end

  context 'when there are cross-reference system notes' do
    let(:url) { "/projects/#{project.id}/merge_requests/#{merge_request.iid}/notes" }
    let(:notes_in_response) { json_response }

    it_behaves_like 'with cross-reference system notes'
  end

  context "when noteable is an Issue" do
    let!(:issue) { create(:issue, project: project, author: user) }
    let!(:issue_note) { create(:note, noteable: issue, project: project, author: user) }

    it_behaves_like "noteable API", 'projects', 'issues', 'iid' do
      let(:parent) { project }
      let(:noteable) { issue }
      let(:note) { issue_note }
    end

    context 'when user does not have access to create noteable' do
      let(:private_issue) { create(:issue, project: create(:project, :private)) }

      ##
      # We are posting to project user has access to, but we use issue id
      # from a different project, see #15577
      #
      before do
        post api("/projects/#{private_issue.project.id}/issues/#{private_issue.iid}/notes", user),
             params: { body: 'Hi!' }
      end

      it 'responds with resource not found error' do
        expect(response).to have_gitlab_http_status(:not_found)
      end

      it 'does not create new note' do
        expect(private_issue.notes.reload).to be_empty
      end
    end

    context "when referencing other project" do
      # For testing the cross-reference of a private issue in a public project
      let(:private_project) do
        create(:project, namespace: private_user.namespace)
        .tap { |p| p.add_maintainer(private_user) }
      end

      let(:private_issue) { create(:issue, project: private_project) }

      let(:ext_proj)  { create(:project, :public) }
      let(:ext_issue) { create(:issue, project: ext_proj) }

      let!(:cross_reference_note) do
        create :note,
        noteable: ext_issue, project: ext_proj,
        note: "mentioned in issue #{private_issue.to_reference(ext_proj)}",
        system: true
      end

      describe "GET /projects/:id/noteable/:noteable_id/notes" do
        context "current user cannot view the notes" do
          it "returns an empty array" do
            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes", user)

            expect(response).to have_gitlab_http_status(:ok)
            expect(response).to include_pagination_headers
            expect(json_response).to be_an Array
            expect(json_response).to be_empty
          end

          context "issue is confidential" do
            before do
              ext_issue.update!(confidential: true)
            end

            it "returns 404" do
              get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes", user)

              expect(response).to have_gitlab_http_status(:not_found)
            end
          end
        end

        context "current user can view the note" do
          it "returns a non-empty array" do
            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes", private_user)

            expect(response).to have_gitlab_http_status(:ok)
            expect(response).to include_pagination_headers
            expect(json_response).to be_an Array
            expect(json_response.first['body']).to eq(cross_reference_note.note)
          end
        end

        context "activity filters" do
          let!(:user_reference_note) do
            create :note,
                   noteable: ext_issue, project: ext_proj,
                   note: "Hello there general!",
                   system: false
          end

          let(:test_url) {"/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes"}

          shared_examples 'a notes request' do
            it 'is a note array response' do
              expect(response).to have_gitlab_http_status(:ok)
              expect(response).to include_pagination_headers
              expect(json_response).to be_an Array
            end
          end

          context "when not provided" do
            let(:count) { 2 }

            before do
              get api(test_url, private_user)
            end

            it_behaves_like 'a notes request'

            it 'returns all the notes' do
              expect(json_response.count).to eq(count)
            end
          end

          context "when all_notes provided" do
            let(:count) { 2 }

            before do
              get api(test_url + "?activity_filter=all_notes", private_user)
            end

            it_behaves_like 'a notes request'

            it 'returns all the notes' do
              expect(json_response.count).to eq(count)
            end
          end

          context "when provided" do
            using RSpec::Parameterized::TableSyntax

            where(:filter, :count, :system_notable) do
              "only_comments" | 1  | false
              "only_activity" | 1  | true
            end

            with_them do
              before do
                get api(test_url + "?activity_filter=#{filter}", private_user)
              end

              it_behaves_like 'a notes request'

              it "properly filters the returned notables" do
                expect(json_response.count).to eq(count)
                expect(json_response.first["system"]).to be system_notable
              end
            end
          end
        end
      end

      describe "GET /projects/:id/noteable/:noteable_id/notes/:note_id" do
        context "current user cannot view the notes" do
          it "returns a 404 error" do
            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes/#{cross_reference_note.id}", user)

            expect(response).to have_gitlab_http_status(:not_found)
          end

          context "when issue is confidential" do
            before do
              issue.update!(confidential: true)
            end

            it "returns 404" do
              get api("/projects/#{project.id}/issues/#{issue.iid}/notes/#{issue_note.id}", private_user)

              expect(response).to have_gitlab_http_status(:not_found)
            end
          end
        end

        context "current user can view the note" do
          it "returns an issue note by id" do
            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.iid}/notes/#{cross_reference_note.id}", private_user)

            expect(response).to have_gitlab_http_status(:ok)
            expect(json_response['body']).to eq(cross_reference_note.note)
          end
        end
      end
    end
  end

  context "when noteable is a Snippet" do
    let!(:snippet) { create(:project_snippet, project: project, author: user) }
    let!(:snippet_note) { create(:note, noteable: snippet, project: project, author: user) }

    it_behaves_like "noteable API", 'projects', 'snippets', 'id' do
      let(:parent) { project }
      let(:noteable) { snippet }
      let(:note) { snippet_note }
    end
  end

  context "when noteable is a Merge Request" do
    let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) }
    let!(:merge_request_note) { create(:note, noteable: merge_request, project: project, author: user) }

    it_behaves_like "noteable API", 'projects', 'merge_requests', 'iid' do
      let(:parent) { project }
      let(:noteable) { merge_request }
      let(:note) { merge_request_note }
    end

    let(:request_body) { 'Hi!' }
    let(:params) { { body: request_body } }
    let(:request_path) { "/projects/#{project.id}/merge_requests/#{merge_request.iid}/notes" }

    subject { post api(request_path, user), params: params }

    context 'a command only note' do
      context '/spend' do
        let(:request_body) { "/spend 1h" }

        before do
          project.add_developer(user)
        end

        it 'returns 202 Accepted status' do
          subject

          expect(response).to have_gitlab_http_status(:accepted)
        end

        it 'does not actually create a new note' do
          expect { subject }.not_to change { Note.where(system: false).count }
        end

        it 'does however create a system note about the change', :sidekiq_inline do
          expect { subject }.to change { Note.system.count }.by(1)
        end

        it 'applies the commands' do
          expect { subject }.to change { merge_request.reset.total_time_spent }
        end

        it 'reports the changes' do
          subject

          expect(json_response).to include(
            'commands_changes' => include(
              'spend_time' => include('duration' => 3600)
            ),
            'summary' => include('Added 1h spent time.')
          )
        end
      end

      context '/merge' do
        let(:request_body) { "/merge" }
        let(:project) { create(:project, :public, :repository) }
        let(:merge_request) { create(:merge_request_with_multiple_diffs, source_project: project, target_project: project, author: user) }
        let(:params) { { body: request_body, merge_request_diff_head_sha: merge_request.diff_head_sha } }

        before do
          project.add_developer(user)
        end

        it 'returns 202 Accepted status' do
          subject

          expect(response).to have_gitlab_http_status(:accepted)
        end

        it 'does not actually create a new note' do
          expect { subject }.not_to change { Note.where(system: false).count }
        end

        it 'applies the commands' do
          expect { subject }.to change { merge_request.reload.merge_jid.present? }.from(false).to(true)
        end

        it 'reports the changes' do
          subject

          expect(json_response).to include(
            'commands_changes' => include(
              'merge' => merge_request.diff_head_sha
            ),
            'summary' => ['Merged this merge request.']
          )
        end
      end
    end

    context 'when the merge request discussion is locked' do
      before do
        merge_request.update_attribute(:discussion_locked, true)
      end

      context 'when a user is a team member' do
        it 'returns 200 status' do
          subject

          expect(response).to have_gitlab_http_status(:created)
        end

        it 'creates a new note' do
          expect { subject }.to change { Note.count }.by(1)
        end
      end

      context 'when a user is not a team member' do
        subject { post api("/projects/#{project.id}/merge_requests/#{merge_request.iid}/notes", private_user), params: { body: 'Hi!' } }

        it 'returns 403 status' do
          subject

          expect(response).to have_gitlab_http_status(:forbidden)
        end

        it 'does not create a new note' do
          expect { subject }.not_to change { Note.count }
        end
      end
    end
  end
end