Skip to content

Do not display details page if package's status is not default

Dzmitry (Dima) Meshcharakou requested to merge 344257-don-t-display-package-details-page-for-packages-not-in-the-default-status into master

Context

A package might have one of the following statuses: default, hidden, processing, error and pending_destruction.

Currently not all the statuses allow the package to be displayed in the details page.

What does this MR do and why?

  • This MR restricts the package details requests REST API and GraphQL only to the packages with status default.
  • Add the _links object with underlying web_path property to the Package type (GraphQL API).
  • Additionally, we want to prevent displaying links which will lead to 404 page and therefore to add a status check for web_path in the _links field.

How to set up and validate locally

Preparation

  1. Prepare a package

    def fixture_file_upload(*args, **kwargs)
  Rack::Test::UploadedFile.new(*args, **kwargs)
end

FactoryBot.create(:npm_package, project: Project.first)

  2. Verify package status

    Packages::Package.last.status

    When everything went fine 🤞 , a package status should be default.

  3. Grab required information

    Packages::Package.last.id

    Write it down somewhere or remember - it will be required at the later step.

    Packages::Package.last.project_id

    Write it down somewhere or remember - it will be required at the later step.

REST API

  1. Create an API call to get a project package using REST API

    curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/:id/packages/:package_id"

  2. Verify that response status is 200 and body contains package details.

  3. Create another API call to list packages within a project

    curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/:id/packages"

  4. Verify that response status is 200 and body contains a package with a known id.
    Pay attention to the _links object of the corresponding package.
    It should contain web_path property with the link to the package details page like /foo/bar/-/packages/3

  5. Change package's status, for instance to error

    Packages::Package.last.update!(status: "error")

  6. Create an API call to get a project package using REST API

    curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/:id/packages/:package_id"

  7. This time response status should be 404.

  8. Create one more API call to list packages within a project

    curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/:id/packages"

  9. Verify that response status is 200 and body contains a package with a known id.
    Pay attention to the _links object of the corresponding package.
    It should not contain web_path property with the link to the package details page.

GraphQL API

  1. Change package's status back to default

    Packages::Package.last.update!(status: "default")

  2. Browse http://gdk.test:3000/-/graphql-explorer and query a package

    {
  package(id: "gid://gitlab/Packages::Package/:package_id") {
    id
  }
}

  3. Verify response

    {
  "data": {
    "package": {
      "id": "gid://gitlab/Packages::Package/:package_id"
    }
  }
}

  4. Browse http://gdk.test:3000/-/graphql-explorer and query a a project packages

    {
  project(fullPath: "gitlab-org/gitlab-test") {
    id
    packages {
      edges {
        node {
          id
          _links {
            webPath
          }
        }
      }
    }
  }
}

  5. Verify response

    {
  "data": {
    "project": {
      "id": "gid://gitlab/Project/:project_id",
      "packages": {
        "edges": [
          {
            "node": {
              "id": "gid://gitlab/Packages::Package/:package_id",
              "_links": {
                "webPath": "/gitlab-org/gitlab-test/-/packages/:package_id"
              }
            }
          }
        ]
      }
    }
  }
}

  6. Now change package's status again to error

    Packages::Package.last.update!(status: "error")

  7. Browse http://gdk.test:3000/-/graphql-explorer and query a package

    {
  package(id: "gid://gitlab/Packages::Package/:package_id") {
    id
  }
}

  8. Verify response

    {
  "data": {
    "package": null
  }
}

  9. Browse http://gdk.test:3000/-/graphql-explorer and query a a project packages

    {
  project(fullPath: "gitlab-org/gitlab-test") {
    id
    packages {
      edges {
        node {
          id
          _links {
            webPath
          }
        }
      }
    }
  }
}

  10. Verify response

    {
  "data": {
    "project": {
      "id": "gid://gitlab/Project/:project_id",
      "packages": {
        "edges": [
          {
            "node": {
              "id": "gid://gitlab/Packages::Package/:package_id",
              "_links": {
                "webPath": null
              }
            }
          }
        ]
      }
    }
  }
}

Screenshots

Query project with a package in status default

graphql-project-1

Query project with a package in status error

graphql-project-2

Query package with a status default

graphql-package-1

Query package with a status error

graphql-package-2

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #344257 (closed)

Edited by Dzmitry (Dima) Meshcharakou

Merge request reports