# frozen_string_literal: true require('spec_helper') RSpec.describe ProjectsController, feature_category: :groups_and_projects do include ExternalAuthorizationServiceHelpers include ProjectForksHelper using RSpec::Parameterized::TableSyntax let_it_be(:project, reload: true) { create(:project, :with_export, service_desk_enabled: false) } let_it_be(:group) { create(:group) } let_it_be(:public_project) { create(:project, :public, namespace: group) } let_it_be(:user) { create(:user) } let(:jpg) { fixture_file_upload('spec/fixtures/rails_sample.jpg', 'image/jpg') } let(:txt) { fixture_file_upload('spec/fixtures/doc_sample.txt', 'text/plain') } describe 'GET new' do context 'with an authenticated user' do let_it_be(:group) { create(:group) } before do sign_in(user) end context 'when namespace_id param is present' do context 'when user has access to the namespace' do it 'renders the template' do group.add_owner(user) get :new, params: { namespace_id: group.id } expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template('new') end end context 'when user does not have access to the namespace' do it 'responds with status 404' do get :new, params: { namespace_id: group.id } expect(response).to have_gitlab_http_status(:not_found) expect(response).not_to render_template('new') end end end context 'with managable group' do context 'when managable_group_count is 1' do before do group.add_owner(user) end it 'renders the template' do get :new expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template('new') end end context 'when managable_group_count is 0' do context 'when create_projects on personal namespace is allowed' do before do allow(user).to receive(:can_create_project?).and_return(true) end it 'renders the template' do get :new expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template('new') end end context 'when create_projects on personal namespace is not allowed' do before do stub_application_setting(allow_project_creation_for_guest_and_below: false) end it 'responds with status 404' do get :new expect(response).to have_gitlab_http_status(:not_found) expect(response).not_to render_template('new') end end end end end end describe 'GET index' do context 'as a user' do it 'redirects to root page' do sign_in(user) get :index expect(response).to redirect_to(root_path) end end context 'as a guest' do it 'redirects to Explore page' do get :index expect(response).to redirect_to(explore_root_path) end end end describe "GET #activity as JSON" do include DesignManagementTestHelpers render_views let_it_be(:project) { create(:project, :public, issues_access_level: ProjectFeature::PRIVATE) } before do enable_design_management create(:event, :created, project: project, target: create(:issue)) sign_in(user) request.cookies[:event_filter] = 'all' end context 'when user has permission to see the event' do before do project.add_developer(user) end def get_activity(project) get :activity, params: { namespace_id: project.namespace, id: project, format: :json } end it 'returns count' do get_activity(project) expect(json_response['count']).to eq(1) end context 'design events are visible' do include DesignManagementTestHelpers let(:other_project) { create(:project, namespace: user.namespace) } before do enable_design_management create(:design_event, project: project) request.cookies[:event_filter] = EventFilter::DESIGNS end it 'returns correct count' do get_activity(project) expect(json_response['count']).to eq(1) end end end context 'when user has no permission to see the event' do it 'filters out invisible event' do get :activity, params: { namespace_id: project.namespace, id: project, format: :json } expect(json_response['html']).to eq("\n") expect(json_response['count']).to eq(0) end end end describe "GET show" do context "user not project member" do before do sign_in(user) end describe "when project repository is disabled" do render_views before do project.add_developer(user) project.project_feature.update_attribute(:repository_access_level, ProjectFeature::DISABLED) end it 'shows wiki homepage' do get :show, params: { namespace_id: project.namespace, id: project } expect(response).to render_template('projects/_wiki') end it 'shows issues list page if wiki is disabled' do project.project_feature.update_attribute(:wiki_access_level, ProjectFeature::DISABLED) create(:issue, project: project) get :show, params: { namespace_id: project.namespace, id: project } expect(response).to render_template('projects/_issues') expect(assigns(:issuable_meta_data)).not_to be_nil end it 'shows activity page if wiki and issues are disabled' do project.project_feature.update_attribute(:wiki_access_level, ProjectFeature::DISABLED) project.project_feature.update_attribute(:issues_access_level, ProjectFeature::DISABLED) get :show, params: { namespace_id: project.namespace, id: project } expect(response).to render_template("projects/_activity") end it 'shows activity if enabled by user' do user.update_attribute(:project_view, 'activity') get :show, params: { namespace_id: project.namespace, id: project } expect(response).to render_template("projects/_activity") end end end context "project with empty repo" do let_it_be(:empty_project) { create(:project_empty_repo, :public) } before do sign_in(user) end User.project_views.keys.each do |project_view| context "with #{project_view} view set" do before do user.update!(project_view: project_view) get :show, params: { namespace_id: empty_project.namespace, id: empty_project } end it "renders the empty project view" do expect(response).to render_template('empty') end end end end context "project with broken repo" do let_it_be(:empty_project) { create(:project, :public) } before do sign_in(user) end User.project_views.keys.each do |project_view| context "with #{project_view} view set" do before do user.update!(project_view: project_view) get :show, params: { namespace_id: empty_project.namespace, id: empty_project } end it "renders the empty project view" do expect(response).to render_template('projects/no_repo') end end end end context 'when project default branch is corrupted' do let_it_be(:corrupted_project) { create(:project, :small_repo, :public) } before do sign_in(user) expect_next_instance_of(Repository) do |repository| expect(repository).to receive(:root_ref).and_raise(Gitlab::Git::CommandError, 'get default branch') end end it 'renders the missing default branch view' do get :show, params: { namespace_id: corrupted_project.namespace, id: corrupted_project } expect(response).to render_template('projects/missing_default_branch') expect(response).to have_gitlab_http_status(:service_unavailable) end end context "rendering default project view" do let_it_be(:public_project) { create(:project, :public, :repository) } render_views def get_show get :show, params: { namespace_id: public_project.namespace, id: public_project } end it "renders the activity view" do allow(controller).to receive(:current_user).and_return(user) allow(user).to receive(:project_view).and_return('activity') get_show expect(response).to render_template('_activity') end it "renders the files view" do allow(controller).to receive(:current_user).and_return(user) allow(user).to receive(:project_view).and_return('files') get_show expect(response).to render_template('_files') end it "renders the readme view" do allow(controller).to receive(:current_user).and_return(user) allow(user).to receive(:project_view).and_return('readme') get_show expect(response).to render_template('_readme') end it 'does not make Gitaly requests', :request_store, :clean_gitlab_redis_cache do # Warm up to populate repository cache get_show RequestStore.clear! expect { get_show }.not_to change { Gitlab::GitalyClient.get_request_count } end it "renders files even with invalid license" do invalid_license = ::Gitlab::Git::DeclaredLicense.new(key: 'woozle', name: 'woozle wuzzle') controller.instance_variable_set(:@project, public_project) expect(public_project.repository).to receive(:license).and_return(invalid_license).at_least(:once) get_show expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template('_files') expect(response.body).to have_content('woozle wuzzle') end describe 'tracking events', :snowplow do before do allow(controller).to receive(:current_user).and_return(user) get_show end it 'tracks page views' do expect_snowplow_event( category: 'project_overview', action: 'render', user: user, project: public_project ) end context 'when the project is importing' do let_it_be(:public_project) { create(:project, :public, :import_scheduled) } it 'does not track page views' do expect_no_snowplow_event( category: 'project_overview', action: 'render', user: user, project: public_project ) end end end describe "PUC highlighting" do render_views before do expect(controller).to receive(:find_routable!).and_return(public_project) end context "option is enabled" do it "adds the highlighting class" do expect(public_project).to receive(:warn_about_potentially_unwanted_characters?).and_return(true) get_show expect(response.body).to have_css(".project-highlight-puc") end end context "option is disabled" do it "doesn't add the highlighting class" do expect(public_project).to receive(:warn_about_potentially_unwanted_characters?).and_return(false) get_show expect(response.body).not_to have_css(".project-highlight-puc") end end end end context "when the url contains .atom" do let(:public_project_with_dot_atom) { build(:project, :public, name: 'my.atom', path: 'my.atom') } it 'expects an error creating the project' do expect(public_project_with_dot_atom).not_to be_valid end end context 'when the project is pending deletions' do it 'renders a 404 error' do project = create(:project, pending_delete: true) sign_in(user) get :show, params: { namespace_id: project.namespace, id: project } expect(response).to have_gitlab_http_status(:not_found) end end context 'redirection from http://someproject.git' do where(:user_type, :project_visibility, :expected_redirect) do :anonymous | :public | :redirect_to_project :anonymous | :internal | :redirect_to_signup :anonymous | :private | :redirect_to_signup :signed_in | :public | :redirect_to_project :signed_in | :internal | :redirect_to_project :signed_in | :private | nil :member | :public | :redirect_to_project :member | :internal | :redirect_to_project :member | :private | :redirect_to_project end with_them do let(:redirect_to_signup) { new_user_session_path } let(:redirect_to_project) { project_path(project) } let(:expected_status) { expected_redirect ? :found : :not_found } before do project.update!(visibility: project_visibility.to_s) project.team.add_member(user, :guest) if user_type == :member sign_in(user) unless user_type == :anonymous end it 'returns the expected status' do get :show, params: { namespace_id: project.namespace, id: project }, format: :git expect(response).to have_gitlab_http_status(expected_status) expect(response).to redirect_to(send(expected_redirect)) if expected_status == :found end end end context 'redirection from http://someproject.git?ref=master' do it 'redirects to project without .git extension' do get :show, params: { namespace_id: public_project.namespace, id: public_project, ref: 'master', path: '/.gitlab-ci.yml' }, format: :git expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(project_path(public_project, ref: 'master', path: '/.gitlab-ci.yml')) end end context 'when project is moved and git format is requested' do let(:old_path) { project.path + 'old' } before do project.redirect_routes.create!(path: "#{project.namespace.full_path}/#{old_path}") project.add_developer(user) sign_in(user) end it 'redirects to new project path' do get :show, params: { namespace_id: project.namespace, id: old_path }, format: :git expect(response).to redirect_to(project_path(project, format: :git)) end end context 'when the project is forked and has a repository', :request_store do let(:public_project) { create(:project, :public, :repository) } let(:other_user) { create(:user) } render_views before do # View the project as a user that does not have any rights sign_in(other_user) fork_project(public_project) end it 'does not increase the number of queries when the project is forked' do expected_query = /#{public_project.fork_network.find_forks_in(other_user.namespace).to_sql}/ expect { get(:show, params: { namespace_id: public_project.namespace, id: public_project }) } .not_to exceed_query_limit(2).for_query(expected_query) end end context 'when marked for deletion' do render_views subject { get :show, params: { namespace_id: public_project.namespace.path, id: public_project.path } } let(:ancestor_notice_regex) do /The parent group of this project is pending deletion, so this project will also be deleted on .*./ end context 'when the parent group has not been scheduled for deletion' do it 'does not show the notice' do subject expect(response.body).not_to match(ancestor_notice_regex) end end context 'when the parent group has been scheduled for deletion' do before do create(:group_deletion_schedule, group: public_project.group, marked_for_deletion_on: Date.current, deleting_user: user ) end it 'shows the notice that the parent group has been scheduled for deletion' do subject expect(response.body).to match(ancestor_notice_regex) end context 'when the project itself has also been scheduled for deletion' do it 'does not show the notice that the parent group has been scheduled for deletion' do public_project.update!(marked_for_deletion_at: Date.current) subject expect(response.body).not_to match(ancestor_notice_regex) # However, shows the notice that the project has been marked for deletion. expect(response.body).to match( /This project is pending deletion, and will be deleted on .*. Repository and other project resources are read-only./ ) end end end end end describe 'POST create' do subject { post :create, params: { project: params } } before do sign_in(user) end context 'on import' do let(:params) do { path: 'foo', description: 'bar', namespace_id: user.namespace.id, import_url: project.http_url_to_repo } end context 'when import by url is disabled' do before do stub_application_setting(import_sources: []) end it 'does not create project and reports an error' do expect { subject }.not_to change { Project.count } expect(response).to have_gitlab_http_status(:not_found) end end context 'when import by url is enabled' do before do stub_application_setting(import_sources: ['git']) end it 'creates project' do expect { subject }.to change { Project.count } expect(response).to have_gitlab_http_status(:redirect) end end end end describe 'GET edit' do it 'allows an admin user to access the page', :enable_admin_mode do sign_in(create(:user, :admin)) get :edit, params: { namespace_id: project.namespace.path, id: project.path } expect(response).to have_gitlab_http_status(:ok) end it 'sets the badge API endpoint' do sign_in(user) project.add_maintainer(user) get :edit, params: { namespace_id: project.namespace.path, id: project.path } expect(assigns(:badge_api_endpoint)).not_to be_nil end end describe 'POST #archive' do let_it_be(:group) { create(:group) } let_it_be(:project) { create(:project, group: group) } before do sign_in(user) end context 'for a user with the ability to archive a project' do before do group.add_owner(user) post :archive, params: { namespace_id: project.namespace.path, id: project.path } end it 'archives the project' do expect(project.reload.archived?).to be_truthy end it 'redirects to projects path' do expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(project_path(project)) end end context 'for a user that does not have the ability to archive a project' do before do project.add_maintainer(user) post :archive, params: { namespace_id: project.namespace.path, id: project.path } end it 'does not archive the project' do expect(project.reload.archived?).to be_falsey end it 'returns 404' do expect(response).to have_gitlab_http_status(:not_found) end end end describe 'POST #unarchive' do let_it_be(:group) { create(:group) } let_it_be(:project) { create(:project, :archived, group: group) } before do sign_in(user) end context 'for a user with the ability to unarchive a project' do before do group.add_owner(user) post :unarchive, params: { namespace_id: project.namespace.path, id: project.path } end it 'unarchives the project' do expect(project.reload.archived?).to be_falsey end it 'redirects to projects path' do expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(project_path(project)) end end context 'for a user that does not have the ability to unarchive a project' do before do project.add_maintainer(user) post :unarchive, params: { namespace_id: project.namespace.path, id: project.path } end it 'does not unarchive the project' do expect(project.reload.archived?).to be_truthy end it 'returns 404' do expect(response).to have_gitlab_http_status(:not_found) end end end describe '#housekeeping' do let_it_be(:group) { create(:group) } let(:housekeeping_service_dbl) { instance_double(::Repositories::HousekeepingService) } let(:params) do { namespace_id: project.namespace.path, id: project.path, prune: prune } end let(:prune) { nil } let_it_be(:project) { create(:project, group: group) } let(:housekeeping) { ::Repositories::HousekeepingService.new(project) } subject { post :housekeeping, params: params } context 'when authenticated as owner' do before do group.add_owner(user) sign_in(user) allow(::Repositories::HousekeepingService).to receive(:new).with(project, :eager).and_return(housekeeping) end it 'forces a full garbage collection' do expect(housekeeping).to receive(:execute).once post :housekeeping, params: { namespace_id: project.namespace.path, id: project.path } expect(response).to have_gitlab_http_status(:found) end it 'logs an audit event' do expect(housekeeping).to receive(:execute).once.and_yield expect(::Gitlab::Audit::Auditor).to receive(:audit).with(a_hash_including( name: 'manually_trigger_housekeeping', author: user, scope: project, target: project, message: "Housekeeping task: eager" )) subject end context 'and requesting prune' do let(:prune) { true } it 'enqueues pruning' do allow(::Repositories::HousekeepingService).to receive(:new).with(project, :prune).and_return(housekeeping_service_dbl) expect(housekeeping_service_dbl).to receive(:execute) subject expect(response).to have_gitlab_http_status(:found) end end end context 'when authenticated as developer' do let(:developer) { create(:user) } before do group.add_developer(developer) end it 'does not execute housekeeping' do expect(housekeeping).not_to receive(:execute) post :housekeeping, params: { namespace_id: project.namespace.path, id: project.path } expect(response).to have_gitlab_http_status(:found) end end end describe "#update", :enable_admin_mode do render_views let(:admin) { create(:admin) } before do sign_in(admin) end shared_examples_for 'updating a project' do context 'when there is a conflicting project path' do let(:random_name) { "project-#{SecureRandom.hex(8)}" } let!(:conflict_project) { create(:project, name: random_name, path: random_name, namespace: project.namespace) } it 'does not show any references to the conflicting path' do expect { update_project(path: random_name) }.not_to change { project.reload.path } expect(response).to have_gitlab_http_status(:ok) expect(response.body).not_to include(random_name) end end context 'when only renaming a project path' do it "doesnt change the disk_path when using hashed storage" do skip unless project.hashed_storage?(:repository) hashed_storage_path = ::Storage::Hashed.new(project).disk_path original_repository_path = project.repository.relative_path expect { update_project path: 'renamed_path' }.to change { project.reload.path } expect(project.path).to include 'renamed_path' assign_repository_path = assigns(:repository).relative_path expect(original_repository_path).to include(hashed_storage_path) expect(assign_repository_path).to include(hashed_storage_path) end it "upgrades and move project to hashed storage when project was originally legacy" do skip if project.hashed_storage?(:repository) hashed_storage_path = Storage::Hashed.new(project).disk_path original_repository_path = project.repository.relative_path expect { update_project path: 'renamed_path' }.to change { project.reload.path } expect(project.path).to include 'renamed_path' assign_repository_path = assigns(:repository).relative_path expect(original_repository_path).not_to include(hashed_storage_path) expect(assign_repository_path).to include(hashed_storage_path) expect(response).to have_gitlab_http_status(:found) end end context 'when project has container repositories with tags' do before do stub_container_registry_config(enabled: true) stub_container_registry_tags(repository: /image/, tags: %w[rc1]) create(:container_repository, project: project, name: :image) end let(:message) { 'UpdateProject|Cannot rename project because it contains container registry tags!' } shared_examples 'not allowing the rename of the project' do it 'does not allow to rename the project' do expect { update_project path: 'renamed_path' } .not_to change { project.reload.path } expect(controller).to set_flash[:alert].to(s_(message)) expect(response).to have_gitlab_http_status(:ok) end end context 'when Gitlab API is not supported' do before do allow(ContainerRegistry::GitlabApiClient).to receive(:supports_gitlab_api?).and_return(false) end it_behaves_like 'not allowing the rename of the project' end context 'when Gitlab API is supported' do before do allow(ContainerRegistry::GitlabApiClient).to receive(:supports_gitlab_api?).and_return(true) end it 'allows the rename of the project' do allow(ContainerRegistry::GitlabApiClient).to receive(:rename_base_repository_path).and_return(:accepted, :ok) expect { update_project path: 'renamed_path' } .to change { project.reload.path } expect(project.path).to eq('renamed_path') expect(response).to have_gitlab_http_status(:found) end context 'when rename base repository dry run in the registry fails' do let(:message) { 'UpdateProject|UpdateProject|Cannot rename project, the container registry path rename validation failed: Bad Request' } before do allow(ContainerRegistry::GitlabApiClient).to receive(:rename_base_repository_path).and_return(:bad_request) end it_behaves_like 'not allowing the rename of the project' end end end it 'updates Fast Forward Merge attributes' do controller.instance_variable_set(:@project, project) params = { merge_method: :ff } put :update, params: { namespace_id: project.namespace, id: project.id, project: params } expect(response).to have_gitlab_http_status(:found) params.each do |param, value| expect(project.public_send(param)).to eq(value) end end it 'does not update namespace' do controller.instance_variable_set(:@project, project) params = { namespace_id: 'test' } expect do put :update, params: { namespace_id: project.namespace, id: project.id, project: params } end.not_to change { project.namespace.reload } end def update_project(**parameters) put :update, params: { namespace_id: project.namespace.path, id: project.path, project: parameters } end end context 'hashed storage' do let_it_be(:project) { create(:project, :repository) } it_behaves_like 'updating a project' end context 'legacy storage' do let_it_be(:project) { create(:project, :repository, :legacy_storage) } it_behaves_like 'updating a project' end context 'as maintainer' do before do project.add_maintainer(user) sign_in(user) end it_behaves_like 'unauthorized when external service denies access' do subject do put :update, params: { namespace_id: project.namespace, id: project, project: { description: 'Hello world' } } project.reload end it 'updates when the service allows access' do external_service_allow_access(user, project) expect { subject }.to change(project, :description) end it 'does not update when the service rejects access' do external_service_deny_access(user, project) expect { subject }.not_to change(project, :description) end end end context 'when updating non boolean values on project setting' do it 'updates project settings attributes accordingly' do put :update, params: { namespace_id: project.namespace, id: project.path, project: { project_setting_attributes: { merge_request_title_regex: 'aaa' } } } project.reload expect(project.merge_request_title_regex).to eq('aaa') end end context 'when updating boolean values on project_settings' do using RSpec::Parameterized::TableSyntax where(:boolean_value, :result) do '1' | true '0' | false 1 | true 0 | false true | true false | false end with_them do it 'updates project settings attributes accordingly' do put :update, params: { namespace_id: project.namespace, id: project.path, project: { project_setting_attributes: { show_default_award_emojis: boolean_value, enforce_auth_checks_on_uploads: boolean_value, emails_enabled: boolean_value, extended_prat_expiry_webhooks_execute: boolean_value } } } project.reload expect(project.show_default_award_emojis?).to eq(result) expect(project.enforce_auth_checks_on_uploads?).to eq(result) expect(project.emails_enabled?).to eq(result) expect(project.emails_disabled?).to eq(!result) expect(project.extended_prat_expiry_webhooks_execute?).to eq(result) end end end context 'with project feature attributes' do let(:initial_value) { ProjectFeature::PRIVATE } let(:update_to) { ProjectFeature::ENABLED } before do project.project_feature.update!(feature_access_level => initial_value) end def update_project_feature put :update, params: { namespace_id: project.namespace, id: project.path, project: { project_feature_attributes: { feature_access_level.to_s => update_to } } } end shared_examples 'feature update success' do it 'updates access level successfully' do expect { update_project_feature }.to change { project.reload.project_feature.public_send(feature_access_level) }.from(initial_value).to(update_to) end end shared_examples 'feature update failure' do it 'cannot update access level' do expect { update_project_feature }.not_to change { project.reload.project_feature.public_send(feature_access_level) } end end where(:feature_access_level) do %i[ metrics_dashboard_access_level container_registry_access_level environments_access_level feature_flags_access_level releases_access_level monitor_access_level infrastructure_access_level model_experiments_access_level model_registry_access_level ] end with_them do it_behaves_like 'feature update success' end end context 'project topics' do context 'on updates with topics of the same name (case insensitive)' do it 'returns 200, with alert about update failing' do put :update, params: { namespace_id: project.namespace, id: project.path, project: { topics: 'smoketest, SMOKETEST' } } expect(response).to be_successful expect(flash[:alert]).to eq('Project could not be updated!') end end end end describe '#transfer', :enable_admin_mode do render_views let(:project) { create(:project) } let_it_be(:admin) { create(:admin) } let_it_be(:new_namespace) { create(:namespace) } shared_examples 'project namespace is not changed' do |flash_message| it 'project namespace is not changed' do controller.instance_variable_set(:@project, project) sign_in(admin) old_namespace = project.namespace put :transfer, params: { namespace_id: old_namespace.path, new_namespace_id: new_namespace_id, id: project.path }, format: :js project.reload expect(project.namespace).to eq(old_namespace) expect(response).to redirect_to(edit_project_path(project)) expect(flash[:alert]).to eq flash_message end end it 'updates namespace' do sign_in(admin) put :transfer, params: { namespace_id: project.namespace.path, new_namespace_id: new_namespace.id, id: project.path }, format: :js project.reload expect(project.namespace).to eq(new_namespace) expect(response).to redirect_to(edit_project_path(project)) end context 'when new namespace is empty' do let(:new_namespace_id) { nil } it_behaves_like 'project namespace is not changed', s_('TransferProject|Please select a new namespace for your project.') end context 'when new namespace is the same as the current namespace' do let(:new_namespace_id) { project.namespace.id } it_behaves_like 'project namespace is not changed', s_('TransferProject|Project is already in this namespace.') end end describe "#destroy", :enable_admin_mode do let_it_be(:admin) { create(:admin) } let_it_be(:group) { create(:group, owners: user) } let_it_be_with_reload(:project) { create(:project, group: group) } before do sign_in(user) end shared_examples 'deletes project right away' do specify :aggregate_failures do delete :destroy, params: { namespace_id: project.namespace, id: project } expect(project.marked_for_deletion?).to be_falsey expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(dashboard_projects_path) end end shared_examples 'marks project for deletion' do specify :aggregate_failures do delete :destroy, params: { namespace_id: project.namespace, id: project } expect(project.reload.marked_for_deletion?).to be_truthy expect(project.reload.hidden?).to be_falsey expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(project_path(project)) expect(flash[:toast]).to be_nil end end it_behaves_like 'marks project for deletion' it 'does not mark project for deletion because of error' do message = 'Error' expect(::Projects::MarkForDeletionService).to receive_message_chain(:new, :execute).and_return({ status: :error, message: message }) delete :destroy, params: { namespace_id: project.namespace, id: project } expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template(:edit) expect(flash[:alert]).to include(message) end context 'when instance setting is set to 0 days' do it 'deletes project right away' do stub_application_setting(deletion_adjourned_period: 0) delete :destroy, params: { namespace_id: project.namespace, id: project } expect(project.marked_for_deletion?).to be_falsey expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(dashboard_projects_path) end end context 'when project is already marked for deletion' do let_it_be(:project) { create(:project, group: group, marked_for_deletion_at: Date.current) } context 'when permanently_delete param is set' do it 'deletes project right away' do expect(ProjectDestroyWorker).to receive(:perform_async) delete :destroy, params: { namespace_id: project.namespace, id: project, permanently_delete: true } expect(project.reload.pending_delete).to eq(true) expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(dashboard_projects_path) end end context 'when permanently_delete param is not set' do it 'does nothing' do expect(ProjectDestroyWorker).not_to receive(:perform_async) delete :destroy, params: { namespace_id: project.namespace, id: project } expect(project.reload.pending_delete).to eq(false) expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(project_path(project)) end end end context 'for projects in user namespace' do let_it_be_with_reload(:project) { create(:project, namespace: user.namespace) } before do sign_in(user) end shared_examples 'deletes project right away' do specify :aggregate_failures do delete :destroy, params: { namespace_id: project.namespace, id: project } expect(project.marked_for_deletion?).to be_falsey expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(dashboard_projects_path) end end shared_examples 'marks project for deletion' do specify :aggregate_failures do delete :destroy, params: { namespace_id: project.namespace, id: project } expect(project.reload.marked_for_deletion?).to be_truthy expect(project.reload.hidden?).to be_falsey expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(project_path(project)) expect(flash[:toast]).to be_nil end end it_behaves_like 'marks project for deletion' it 'does not mark project for deletion because of error' do message = 'Error' expect(::Projects::MarkForDeletionService).to receive_message_chain(:new, :execute).and_return({ status: :error, message: message }) delete :destroy, params: { namespace_id: project.namespace, id: project } expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template(:edit) expect(flash[:alert]).to include(message) end context 'when instance setting is set to 0 days' do it 'deletes project right away' do stub_application_setting(deletion_adjourned_period: 0) delete :destroy, params: { namespace_id: project.namespace, id: project } expect(project.marked_for_deletion?).to be_falsey expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(dashboard_projects_path) end end context 'when project is already marked for deletion' do let_it_be(:project) { create(:project, group: group, marked_for_deletion_at: Date.current) } context 'when permanently_delete param is set' do it 'deletes project right away' do expect(ProjectDestroyWorker).to receive(:perform_async) delete :destroy, params: { namespace_id: project.namespace, id: project, permanently_delete: true } expect(project.reload.pending_delete).to eq(true) expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(dashboard_projects_path) end end context 'when permanently_delete param is not set' do it 'does nothing' do expect(ProjectDestroyWorker).not_to receive(:perform_async) delete :destroy, params: { namespace_id: project.namespace, id: project } expect(project.reload.pending_delete).to eq(false) expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(project_path(project)) end end end context 'for projects in user namespace' do let(:project) { create(:project, namespace: user.namespace) } it_behaves_like 'marks project for deletion' end end end describe 'POST #restore', feature_category: :groups_and_projects do let_it_be(:project) { create(:project, namespace: user.namespace) } before do sign_in(user) end it 'restores project deletion' do post :restore, params: { namespace_id: project.namespace, project_id: project } expect(project.reload.marked_for_deletion_at).to be_nil expect(project.reload.archived).to be_falsey expect(response).to have_gitlab_http_status(:found) expect(response).to redirect_to(edit_project_path(project)) end it 'does not restore project because of error' do message = 'Error' expect(::Projects::RestoreService).to receive_message_chain(:new, :execute).and_return({ status: :error, message: message }) post :restore, params: { namespace_id: project.namespace, project_id: project } expect(response).to have_gitlab_http_status(:ok) expect(response).to render_template(:edit) expect(flash[:alert]).to include(message) end end describe 'PUT #new_issuable_address for issue' do subject do put :new_issuable_address, params: { namespace_id: project.namespace, id: project, issuable_type: 'issue' } user.reload end before do sign_in(user) project.add_developer(user) allow(Gitlab.config.incoming_email).to receive(:enabled).and_return(true) end it 'has http status 200' do expect(response).to have_gitlab_http_status(:ok) end it 'changes the user incoming email token' do expect { subject }.to change { user.incoming_email_token } end it 'changes projects new issue address' do expect { subject }.to change { project.new_issuable_address(user, 'issue') } end end describe 'PUT #new_issuable_address for merge request' do subject do put :new_issuable_address, params: { namespace_id: project.namespace, id: project, issuable_type: 'merge_request' } user.reload end before do sign_in(user) project.add_developer(user) allow(Gitlab.config.incoming_email).to receive(:enabled).and_return(true) end it 'has http status 200' do expect(response).to have_gitlab_http_status(:ok) end it 'changes the user incoming email token' do expect { subject }.to change { user.incoming_email_token } end it 'changes projects new merge request address' do expect { subject }.to change { project.new_issuable_address(user, 'merge_request') } end end describe "POST #toggle_star" do it "toggles star if user is signed in" do sign_in(user) expect(user.starred?(public_project)).to be_falsey post :toggle_star, params: { namespace_id: public_project.namespace, id: public_project } expect(user.starred?(public_project)).to be_truthy post :toggle_star, params: { namespace_id: public_project.namespace, id: public_project } expect(user.starred?(public_project)).to be_falsey end it "does nothing if user is not signed in" do post :toggle_star, params: { namespace_id: project.namespace, id: public_project } expect(user.starred?(public_project)).to be_falsey post :toggle_star, params: { namespace_id: project.namespace, id: public_project } expect(user.starred?(public_project)).to be_falsey end end describe "DELETE remove_fork" do context 'when signed in' do before do sign_in(user) end context 'with forked project' do let(:forked_project) { fork_project(create(:project, :public), user) } it 'removes fork from project' do delete :remove_fork, params: { namespace_id: forked_project.namespace.to_param, id: forked_project.to_param }, format: :js expect(forked_project.reload.forked?).to be_falsey expect(flash[:notice]).to eq(s_('The fork relationship has been removed.')) expect(response).to redirect_to(edit_project_path(forked_project)) end end context 'when project not forked' do let(:unforked_project) { create(:project, namespace: user.namespace) } it 'does nothing if project was not forked' do delete :remove_fork, params: { namespace_id: unforked_project.namespace, id: unforked_project }, format: :js expect(flash[:notice]).to be_nil expect(response).to redirect_to(edit_project_path(unforked_project)) end end end it "does nothing if user is not signed in" do delete :remove_fork, params: { namespace_id: project.namespace, id: project }, format: :js expect(response).to have_gitlab_http_status(:unauthorized) end end describe "GET refs" do let_it_be(:project) { create(:project, :public, :repository) } it 'gets a list of branches and tags' do get :refs, params: { namespace_id: project.namespace, id: project, sort: 'updated_desc' } expect(json_response['Branches']).to include('master') expect(json_response['Tags']).to include('v1.0.0') expect(json_response['Commits']).to be_nil end it "gets a list of branches, tags and commits" do get :refs, params: { namespace_id: project.namespace, id: project, ref: "123456" } expect(json_response["Branches"]).to include("master") expect(json_response["Tags"]).to include("v1.0.0") expect(json_response["Commits"]).to include("123456") end it 'uses gitaly pagination' do expected_params = ActionController::Parameters.new(ref: '123456', per_page: 100).permit! expect_next_instance_of(BranchesFinder, project.repository, expected_params) do |finder| expect(finder).to receive(:execute).with(gitaly_pagination: true).and_call_original end expect_next_instance_of(TagsFinder, project.repository, expected_params) do |finder| expect(finder).to receive(:execute).with(gitaly_pagination: true).and_call_original end get :refs, params: { namespace_id: project.namespace, id: project, ref: "123456" } end context 'when gitaly is unavailable' do before do expect_next_instance_of(TagsFinder) do |finder| allow(finder).to receive(:execute).and_raise(Gitlab::Git::CommandError, 'something went wrong') end end it 'responds with 503 error' do get :refs, params: { namespace_id: project.namespace, id: project, ref: "123456" } expect(response).to have_gitlab_http_status(:service_unavailable) expect(json_response['error']).to eq 'Unable to load refs' end end context "when preferred language is Japanese" do before do user.update!(preferred_language: 'ja') sign_in(user) end it "gets a list of branches, tags and commits" do get :refs, params: { namespace_id: project.namespace, id: project, ref: "123456" } expect(json_response["Branches"]).to include("master") expect(json_response["Tags"]).to include("v1.0.0") expect(json_response["Commits"]).to include("123456") end end context 'when private project' do let(:project) { create(:project, :repository) } context 'as a guest' do it 'renders forbidden' do user = create(:user) project.add_guest(user) sign_in(user) get :refs, params: { namespace_id: project.namespace, id: project } expect(response).to have_gitlab_http_status(:not_found) end end end context 'when input params are invalid' do let(:request) { get :refs, params: { namespace_id: project.namespace, id: project, ref: { invalid: :format } } } it 'does not break' do request expect(response).to have_gitlab_http_status(:success) end end context 'when sort param is invalid' do let(:request) { get :refs, params: { namespace_id: project.namespace, id: project, sort: 'invalid' } } it 'uses default sort by name' do request expect(response).to have_gitlab_http_status(:success) expect(json_response['Branches']).to include('master') expect(json_response['Tags']).to include('v1.0.0') expect(json_response['Commits']).to be_nil end end end describe 'POST #preview_markdown' do before do sign_in(user) end it 'renders json in a correct format' do expect(Banzai::Renderer).to receive(:render).once.and_call_original post :preview_markdown, params: { namespace_id: public_project.namespace, project_id: public_project, text: '*Markdown* text' } expect(json_response.keys).to match_array(%w[body references]) end context 'when not authorized' do let(:private_project) { create(:project, :private) } it 'returns 404' do post :preview_markdown, params: { namespace_id: private_project.namespace, project_id: private_project, text: '*Markdown* text' } expect(response).to have_gitlab_http_status(:not_found) end end context 'state filter on references' do let_it_be(:issue) { create(:issue, :closed, project: public_project) } let(:merge_request) { create(:merge_request, :closed, target_project: public_project) } it 'renders JSON body with state filter for issues' do post :preview_markdown, params: { namespace_id: public_project.namespace, project_id: public_project, text: issue.to_reference } expect(json_response['body']).to match(/\##{issue.iid} \(closed\)/) end it 'renders JSON body with state filter for MRs' do post :preview_markdown, params: { namespace_id: public_project.namespace, project_id: public_project, text: merge_request.to_reference } expect(json_response['body']).to match(/!#{merge_request.iid} \(closed\)/) end end context 'when path parameter is provided' do let(:project_with_repo) { create(:project, :repository) } let(:preview_markdown_params) do { namespace_id: project_with_repo.namespace.full_path, project_id: project_with_repo.path, text: "![](./logo-white.png)\n", path: 'files/images/README.md' } end before do project_with_repo.add_maintainer(user) end it 'renders JSON body with image links expanded' do expanded_path = "/#{project_with_repo.full_path}/-/raw/master/files/images/logo-white.png" post :preview_markdown, params: preview_markdown_params expect(json_response['body']).to include(expanded_path) end end context 'when path and ref parameters are provided' do let(:project_with_repo) { create(:project, :repository) } let(:preview_markdown_params) do { namespace_id: project_with_repo.namespace.full_path, project_id: project_with_repo.path, text: "![](./logo-white.png)\n", ref: 'other_branch', path: 'files/images/README.md' } end before do project_with_repo.add_maintainer(user) project_with_repo.repository.create_branch('other_branch') end it 'renders JSON body with image links expanded' do expanded_path = "/#{project_with_repo.full_path}/-/raw/other_branch/files/images/logo-white.png" post :preview_markdown, params: preview_markdown_params expect(json_response['body']).to include(expanded_path) end end end describe '#ensure_canonical_path' do before do sign_in(user) end context 'for a GET request' do context 'when requesting the canonical path' do context "with exactly matching casing" do it "loads the project" do get :show, params: { namespace_id: public_project.namespace, id: public_project } expect(assigns(:project)).to eq(public_project) expect(response).to have_gitlab_http_status(:ok) end end context "with different casing" do it "redirects to the normalized path" do get :show, params: { namespace_id: public_project.namespace, id: public_project.path.upcase } expect(assigns(:project)).to eq(public_project) expect(response).to redirect_to("/#{public_project.full_path}") expect(controller).not_to set_flash[:notice] end end end context 'when requesting a redirected path' do let!(:redirect_route) { public_project.redirect_routes.create!(path: "foo/bar") } it 'redirects to the canonical path' do get :show, params: { namespace_id: 'foo', id: 'bar' } expect(response).to redirect_to(public_project) expect(controller).to set_flash[:notice].to(project_moved_message(redirect_route, public_project)) end it 'redirects to the canonical path (testing non-show action)' do get :refs, params: { namespace_id: 'foo', id: 'bar' } expect(response).to redirect_to(refs_project_path(public_project)) expect(controller).to set_flash[:notice].to(project_moved_message(redirect_route, public_project)) end end end context 'for a POST request' do context 'when requesting the canonical path with different casing' do it 'does not 404' do post :toggle_star, params: { namespace_id: public_project.namespace, id: public_project.path.upcase } expect(response).not_to have_gitlab_http_status(:not_found) end it 'does not redirect to the correct casing' do post :toggle_star, params: { namespace_id: public_project.namespace, id: public_project.path.upcase } expect(response).not_to have_gitlab_http_status(:moved_permanently) end end context 'when requesting a redirected path' do let!(:redirect_route) { public_project.redirect_routes.create!(path: "foo/bar") } it 'returns not found' do post :toggle_star, params: { namespace_id: 'foo', id: 'bar' } expect(response).to have_gitlab_http_status(:not_found) end end end context 'for a DELETE request', :enable_admin_mode do before do sign_in(create(:admin)) end context 'when requesting the canonical path with different casing' do it 'does not 404' do delete :destroy, params: { namespace_id: project.namespace, id: project.path.upcase } expect(response).not_to have_gitlab_http_status(:not_found) end it 'does not redirect to the correct casing' do delete :destroy, params: { namespace_id: project.namespace, id: project.path.upcase } expect(response).not_to have_gitlab_http_status(:moved_permanently) end end context 'when requesting a redirected path' do let!(:redirect_route) { project.redirect_routes.create!(path: "foo/bar") } it 'returns not found' do delete :destroy, params: { namespace_id: 'foo', id: 'bar' } expect(response).to have_gitlab_http_status(:not_found) end end end end describe 'project export' do before do sign_in(user) project.add_maintainer(user) end shared_examples 'rate limits project export endpoint' do before do allow_next_instance_of(Gitlab::ApplicationRateLimiter::BaseStrategy) do |strategy| allow(strategy) .to receive(:increment) .and_return(Gitlab::ApplicationRateLimiter.rate_limits["project_#{action}".to_sym][:threshold].call + 1) end end it 'prevents requesting project export' do post action, params: { namespace_id: project.namespace, id: project } expect(response.body).to eq('This endpoint has been requested too many times. Try again later.') expect(response).to have_gitlab_http_status(:too_many_requests) end end describe '#export' do let(:action) { :export } context 'when project export is enabled' do it 'returns 302' do post action, params: { namespace_id: project.namespace, id: project } expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) end context 'when the project storage_size exceeds the application setting max_export_size' do it 'returns 302 with alert' do stub_application_setting(max_export_size: 1) project.statistics.update!(lfs_objects_size: 2.megabytes, repository_size: 2.megabytes) post action, params: { namespace_id: project.namespace, id: project } expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) expect(flash[:alert]).to include('The project size exceeds the export limit.') end end context 'when the project storage_size does not exceed the application setting max_export_size' do it 'returns 302 without alert' do stub_application_setting(max_export_size: 1) project.statistics.update!(lfs_objects_size: 0.megabytes, repository_size: 0.megabytes) post action, params: { namespace_id: project.namespace, id: project } expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) expect(flash[:alert]).to be_nil end end context 'when application setting max_export_size is not set' do it 'returns 302 without alert' do project.statistics.update!(lfs_objects_size: 2.megabytes, repository_size: 2.megabytes) post action, params: { namespace_id: project.namespace, id: project } expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) expect(flash[:alert]).to be_nil end end end context 'when project export is disabled' do before do stub_application_setting(project_export_enabled?: false) end it 'returns 404' do post action, params: { namespace_id: project.namespace, id: project } expect(response).to have_gitlab_http_status(:not_found) end end context 'when the endpoint receives requests above the limit', :clean_gitlab_redis_rate_limiting do include_examples 'rate limits project export endpoint' end end describe '#download_export', :clean_gitlab_redis_rate_limiting do let(:project) { create(:project, service_desk_enabled: false, creator: user) } let!(:export) { create(:import_export_upload, project: project, user: user) } let(:action) { :download_export } context 'object storage enabled' do context 'when project export is enabled' do it 'returns 200' do get action, params: { namespace_id: project.namespace, id: project } expect(response).to have_gitlab_http_status(:ok) end end context 'when project export file is absent' do it 'alerts the user and returns 302' do project.export_file(user).file.delete get action, params: { namespace_id: project.namespace, id: project } expect(flash[:alert]).to include('file containing the export is not available yet') expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) end end context 'when project export is disabled' do before do stub_application_setting(project_export_enabled?: false) end it 'returns 404' do get action, params: { namespace_id: project.namespace, id: project } expect(response).to have_gitlab_http_status(:not_found) end end context 'when the endpoint receives requests above the limit', :clean_gitlab_redis_rate_limiting do before do allow_next_instance_of(Gitlab::ApplicationRateLimiter::BaseStrategy) do |strategy| allow(strategy) .to receive(:increment) .and_return(Gitlab::ApplicationRateLimiter.rate_limits[:project_download_export][:threshold].call + 1) end end it 'prevents requesting project export' do get action, params: { namespace_id: project.namespace, id: project } expect(response.body).to eq('This endpoint has been requested too many times. Try again later.') expect(response).to have_gitlab_http_status(:too_many_requests) end end context 'applies correct scope when throttling', :clean_gitlab_redis_rate_limiting do it 'applies throttle per project' do expect(Gitlab::ApplicationRateLimiter) .to receive(:throttled?) .with(:project_download_export, scope: [user, project]) get action, params: { namespace_id: project.namespace, id: project } end end end end describe '#remove_export' do let(:action) { :remove_export } context 'when project export is enabled' do it 'returns 302' do post action, params: { namespace_id: project.namespace, id: project } expect(response).to redirect_to(edit_project_path(project, anchor: 'js-project-advanced-settings')) end end context 'when project export is disabled' do before do stub_application_setting(project_export_enabled?: false) end it 'returns 404' do post action, params: { namespace_id: project.namespace, id: project } expect(response).to have_gitlab_http_status(:not_found) end end end describe '#generate_new_export' do let(:action) { :generate_new_export } context 'when project export is enabled' do it 'returns 302' do post action, params: { namespace_id: project.namespace, id: project } expect(response).to have_gitlab_http_status(:found) end end context 'when project export is disabled' do before do stub_application_setting(project_export_enabled?: false) end it 'returns 404' do post action, params: { namespace_id: project.namespace, id: project } expect(response).to have_gitlab_http_status(:not_found) end end context 'when the endpoint receives requests above the limit', :clean_gitlab_redis_rate_limiting do include_examples 'rate limits project export endpoint' end end end context 'GET show.atom' do let_it_be(:public_project) { create(:project, :public) } let_it_be(:event) { create(:event, :commented, project: public_project, target: create(:note, project: public_project)) } let_it_be(:invisible_event) { create(:event, :commented, project: public_project, target: create(:note, :confidential, project: public_project)) } it 'filters by calling event.visible_to_user?' do expect(EventCollection).to receive_message_chain(:new, :to_a).and_return([event, invisible_event]) expect(event).to receive(:visible_to_user?).and_return(true) expect(invisible_event).to receive(:visible_to_user?).and_return(false) get :show, format: :atom, params: { id: public_project, namespace_id: public_project.namespace } expect(response).to have_gitlab_http_status(:success) expect(response).to render_template(:show) expect(response).to render_template(layout: :xml) expect(assigns(:events)).to eq([event]) end it 'filters by calling event.visible_to_user?' do get :show, format: :atom, params: { id: public_project, namespace_id: public_project.namespace } expect(response).to have_gitlab_http_status(:success) expect(response).to render_template(:show) expect(response).to render_template(layout: :xml) expect(assigns(:events)).to eq([event]) end end it 'updates Service Desk attributes' do project.add_maintainer(user) sign_in(user) allow(Gitlab::Email::IncomingEmail).to receive(:enabled?) { true } allow(Gitlab::Email::IncomingEmail).to receive(:supports_wildcard?) { true } params = { service_desk_enabled: true } put :update, params: { namespace_id: project.namespace, id: project, project: params } project.reload expect(response).to have_gitlab_http_status(:found) expect(project.service_desk_enabled).to eq(true) end def project_moved_message(redirect_route, project) "Project '#{redirect_route.path}' was moved to '#{project.full_path}'. Please update any links and bookmarks that may still have the old path." end describe 'GET #unfoldered_environment_names' do it 'shows the environment names of a public project to an anonymous user' do create(:environment, project: public_project, name: 'foo') get( :unfoldered_environment_names, params: { namespace_id: public_project.namespace, id: public_project, format: :json } ) expect(response).to have_gitlab_http_status(:ok) expect(json_response).to eq(%w[foo]) end it 'does not show environment names of a private project to anonymous users' do create(:environment, project: project, name: 'foo') get( :unfoldered_environment_names, params: { namespace_id: project.namespace, id: project, format: :json } ) expect(response).to redirect_to(new_user_session_path) end it 'shows environment names of a private project to a project member' do create(:environment, project: project, name: 'foo') project.add_developer(user) sign_in(user) get( :unfoldered_environment_names, params: { namespace_id: project.namespace, id: project, format: :json } ) expect(response).to have_gitlab_http_status(:ok) expect(json_response).to eq(%w[foo]) end it 'does not show environment names of a private project to a logged-in non-member' do create(:environment, project: project, name: 'foo') sign_in(user) get( :unfoldered_environment_names, params: { namespace_id: project.namespace, id: project, format: :json } ) expect(response).to have_gitlab_http_status(:not_found) end end end