API: status code 403 returned if new project would exceed limit

When the project limit is reached the user is not allowed to create new ones. Instead of error code 404 the status code 403 (Forbidden) is returned with error message via API.

API: status code 403 returned if new project would exceed limit
When the project limit is reached the user is not allowed to create new ones. Instead of error code 404 the status code 403 (Forbidden) is returned with error message via API.
Sebastian Ziebell
1 parent 6fc3263e
Showing 3 changed files with 17 additions and 1 deletions Show diff stats
app/models/project.rb
lib/api/projects.rb
spec/requests/api/projects_spec.rb
@@ -155,7 +155,7 @@ class Project &lt; ActiveRecord::Base
  
   def check_limit
     unless creator.can_create_project?
-      errors[:base] << ("Your own projects limit is #{creator.projects_limit}! Please contact administrator to increase it")
+      errors[:limit_reached] << ("Your own projects limit is #{creator.projects_limit}! Please contact administrator to increase it")
     end
   rescue
     errors[:base] << ("Can't check your ability to create project")
@@ -58,6 +58,9 @@ module Gitlab
         if @project.saved?
           present @project, with: Entities::Project
         else
+          if @project.errors[:limit_reached].present?
+            error!(@project.errors[:limit_reached], 403)
+          end
           not_found!
         end
       end
@@ -41,6 +41,11 @@ describe Gitlab::API do
       expect { post api("/projects", user) }.to_not change {Project.count}
     end
  
+    it "should return a 400 error if name not given" do
+      post api("/projects", user)
+      response.status.should == 400
+    end
+
     it "should respond with 201 on success" do
       post api("/projects", user), name: 'foo'
       response.status.should == 201
@@ -51,6 +56,14 @@ describe Gitlab::API do
       response.status.should == 400
     end
  
+    it "should return a 403 error if project limit reached" do
+      (1..user.projects_limit).each do |p|
+        post api("/projects", user), name: "foo#{p}"
+      end
+      post api("/projects", user), name: 'bar'
+      response.status.should == 403
+    end
+
     it "should assign attributes to project" do
       project = attributes_for(:project, {
         description: Faker::Lorem.sentence,
...	...	@@ -155,7 +155,7 @@ class Project < ActiveRecord::Base
155	155
156	156	def check_limit
157	157	unless creator.can_create_project?
158		- errors[:base] << ("Your own projects limit is #{creator.projects_limit}! Please contact administrator to increase it")
	158	+ errors[:limit_reached] << ("Your own projects limit is #{creator.projects_limit}! Please contact administrator to increase it")
159	159	end
160	160	rescue
161	161	errors[:base] << ("Can't check your ability to create project")
...	...
...	...	@@ -58,6 +58,9 @@ module Gitlab
58	58	if @project.saved?
59	59	present @project, with: Entities::Project
60	60	else
	61	+ if @project.errors[:limit_reached].present?
	62	+ error!(@project.errors[:limit_reached], 403)
	63	+ end
61	64	not_found!
62	65	end
63	66	end
...	...
...	...	@@ -41,6 +41,11 @@ describe Gitlab::API do
41	41	expect { post api("/projects", user) }.to_not change {Project.count}
42	42	end
43	43
	44	+ it "should return a 400 error if name not given" do
	45	+ post api("/projects", user)
	46	+ response.status.should == 400
	47	+ end
	48	+
44	49	it "should respond with 201 on success" do
45	50	post api("/projects", user), name: 'foo'
46	51	response.status.should == 201
...	...	@@ -51,6 +56,14 @@ describe Gitlab::API do
51	56	response.status.should == 400
52	57	end
53	58
	59	+ it "should return a 403 error if project limit reached" do
	60	+ (1..user.projects_limit).each do \|p\|
	61	+ post api("/projects", user), name: "foo#{p}"
	62	+ end
	63	+ post api("/projects", user), name: 'bar'
	64	+ response.status.should == 403
	65	+ end
	66	+
54	67	it "should assign attributes to project" do
55	68	project = attributes_for(:project, {
56	69	description: Faker::Lorem.sentence,
...	...