Add requirements: { id: %r{[^/]+} } for all projects and groups namespaced API routes

Signed-off-by: Rémy Coutable <[email protected]>

Author: rymai

changelogs/unreleased/27988-fix-transient-failure-in-commits-api.yml

@@ -0,0 +1,5 @@
+---
+title: 'Add `requirements: { id: /.+/ }` for all projects and groups namespaced API
+  routes'
+merge_request: 9944
+author:

lib/api/access_requests.rb

@@ -10,7 +10,7 @@ class AccessRequests < Grape::API
       params do
         requires :id, type: String, desc: "The #{source_type} ID"
       end
-      resource source_type.pluralize do
+      resource source_type.pluralize, requirements: { id: %r{[^/]+} } do
         desc "Gets a list of access requests for a #{source_type}." do
           detail 'This feature was introduced in GitLab 8.11.'
           success Entities::AccessRequester

lib/api/award_emoji.rb

@@ -9,13 +9,15 @@ class AwardEmoji < Grape::API
       { type: 'snippet', find_by: :id }
     ].freeze
 
-    resource :projects do
+    params do
+      requires :id, type: String, desc: 'The ID of a project'
+    end
+    resource :projects, requirements: { id: %r{[^/]+} } do
       AWARDABLES.each do |awardable_params|
         awardable_string = awardable_params[:type].pluralize
         awardable_id_string = "#{awardable_params[:type]}_#{awardable_params[:find_by]}"
 
         params do
-          requires :id, type: String, desc: 'The ID of a project'
           requires :"#{awardable_id_string}", type: Integer, desc: "The ID of an Issue, Merge Request or Snippet"
         end
 

lib/api/boards.rb

@@ -7,7 +7,7 @@ class Boards < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get all project boards' do
         detail 'This feature was introduced in 8.13'
         success Entities::Board

lib/api/branches.rb

@@ -10,7 +10,7 @@ class Branches < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get a project repository branches' do
         success Entities::RepoBranch
       end

lib/api/commit_statuses.rb

@@ -2,7 +2,10 @@
 
 module API
   class CommitStatuses < Grape::API
-    resource :projects do
+    params do
+      requires :id, type: String, desc: 'The ID of a project'
+    end
+    resource :projects, requirements: { id: %r{[^/]+} } do
       include PaginationParams
 
       before { authenticate! }
@@ -11,7 +14,6 @@ class CommitStatuses < Grape::API
         success Entities::CommitStatus
       end
       params do
-        requires :id,    type: String, desc: 'The ID of a project'
         requires :sha,   type: String, desc: 'The commit hash'
         optional :ref,   type: String, desc: 'The ref'
         optional :stage, type: String, desc: 'The stage'
@@ -37,7 +39,6 @@ class CommitStatuses < Grape::API
         success Entities::CommitStatus
       end
       params do
-        requires :id,          type: String,  desc: 'The ID of a project'
         requires :sha,         type: String,  desc: 'The commit hash'
         requires :state,       type: String,  desc: 'The state of the status',
                                values: %w(pending running success failed canceled)

lib/api/commits.rb

@@ -10,7 +10,7 @@ class Commits < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects, requirements: { id: /.+/ } do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get a project repository commits' do
         success Entities::RepoCommit
       end

lib/api/deploy_keys.rb

@@ -17,7 +17,7 @@ class DeployKeys < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of the project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       before { authorize_admin_project }
 
       desc "Get a specific project's deploy keys" do

lib/api/deployments.rb

@@ -8,7 +8,7 @@ class Deployments < Grape::API
     params do
       requires :id, type: String, desc: 'The project ID'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get all deployments of the project' do
         detail 'This feature was introduced in GitLab 8.11.'
         success Entities::Deployment

lib/api/environments.rb

@@ -9,7 +9,7 @@ class Environments < Grape::API
     params do
       requires :id, type: String, desc: 'The project ID'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get all environments of the project' do
         detail 'This feature was introduced in GitLab 8.11.'
         success Entities::Environment

lib/api/files.rb

@@ -52,7 +52,7 @@ def commit_response(attrs)
     params do
       requires :id, type: String, desc: 'The project ID'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get raw file contents from the repository'
       params do
         requires :file_path, type: String, desc: 'The url encoded path to the file. Ex. lib%2Fclass%2Erb'

lib/api/groups.rb

@@ -84,7 +84,7 @@ def present_groups(groups, options = {})
     params do
       requires :id, type: String, desc: 'The ID of a group'
     end
-    resource :groups do
+    resource :groups, requirements: { id: %r{[^/]+} } do
       desc 'Update a group. Available only for users who can administrate groups.' do
         success Entities::Group
       end
@@ -154,7 +154,7 @@ def present_groups(groups, options = {})
       params do
         requires :project_id, type: String, desc: 'The ID or path of the project'
       end
-      post ":id/projects/:project_id" do
+      post ":id/projects/:project_id", requirements: { project_id: /.+/ } do
         authenticated_as_admin!
         group = find_group!(params[:id])
         project = find_project!(params[:project_id])

lib/api/issues.rb

@@ -58,7 +58,7 @@ def find_issues(args = {})
     params do
       requires :id, type: String, desc: 'The ID of a group'
     end
-    resource :groups do
+    resource :groups, requirements: { id: %r{[^/]+} } do
       desc 'Get a list of group issues' do
         success Entities::IssueBasic
       end
@@ -79,7 +79,7 @@ def find_issues(args = {})
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       include TimeTrackingEndpoints
 
       desc 'Get a list of project issues' do

lib/api/jobs.rb

@@ -7,7 +7,7 @@ class Jobs < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       helpers do
         params :optional_scope do
           optional :scope, types: [String, Array[String]], desc: 'The scope of builds to show',

lib/api/labels.rb

@@ -7,7 +7,7 @@ class Labels < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get all labels of the project' do
         success Entities::Label
       end

lib/api/members.rb

@@ -10,7 +10,7 @@ class Members < Grape::API
       params do
         requires :id, type: String, desc: "The #{source_type} ID"
       end
-      resource source_type.pluralize do
+      resource source_type.pluralize, requirements: { id: %r{[^/]+} } do
         desc 'Gets a list of group or project members viewable by the authenticated user.' do
           success Entities::Member
         end

lib/api/merge_request_diffs.rb

@@ -5,14 +5,16 @@ class MergeRequestDiffs < Grape::API
 
     before { authenticate! }
 
-    resource :projects do
+    params do
+      requires :id, type: String, desc: 'The ID of a project'
+    end
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get a list of merge request diff versions' do
         detail 'This feature was introduced in GitLab 8.12.'
         success Entities::MergeRequestDiff
       end
 
       params do
-        requires :id, type: String, desc: 'The ID of a project'
         requires :merge_request_iid, type: Integer, desc: 'The IID of a merge request'
         use :pagination
       end
@@ -28,7 +30,6 @@ class MergeRequestDiffs < Grape::API
       end
 
       params do
-        requires :id, type: String, desc: 'The ID of a project'
         requires :merge_request_iid, type: Integer, desc: 'The IID of a merge request'
         requires :version_id, type: Integer, desc: 'The ID of a merge request diff version'
       end

lib/api/merge_requests.rb

@@ -7,7 +7,7 @@ class MergeRequests < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       include TimeTrackingEndpoints
 
       helpers do

lib/api/milestones.rb

@@ -23,7 +23,7 @@ def filter_milestones_state(milestones, state)
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get a list of project milestones' do
         success Entities::Milestone
       end

lib/api/notes.rb

@@ -9,7 +9,7 @@ class Notes < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       NOTEABLE_TYPES.each do |noteable_type|
         noteables_str = noteable_type.to_s.underscore.pluralize
 

lib/api/notification_settings.rb

@@ -48,14 +48,14 @@ class NotificationSettings < Grape::API
     end
 
     %w[group project].each do |source_type|
-      resource source_type.pluralize do
+      params do
+        requires :id, type: String, desc: "The #{source_type} ID"
+      end
+      resource source_type.pluralize, requirements: { id: %r{[^/]+} } do
         desc "Get #{source_type} level notification level settings, defaults to Global" do
           detail 'This feature was introduced in GitLab 8.12'
           success Entities::NotificationSetting
         end
-        params do
-          requires :id, type: String, desc: 'The group ID or project ID or project NAMESPACE/PROJECT_NAME'
-        end
         get ":id/notification_settings" do
           source = find_source(source_type, params[:id])
 
@@ -69,7 +69,6 @@ class NotificationSettings < Grape::API
           success Entities::NotificationSetting
         end
         params do
-          requires :id, type: String, desc: 'The group ID or project ID or project NAMESPACE/PROJECT_NAME'
           optional :level, type: String, desc: "The #{source_type} notification level"
           NotificationSetting::EMAIL_EVENTS.each do |event|
             optional event, type: Boolean, desc: 'Enable/disable this notification'

lib/api/pipelines.rb

@@ -7,7 +7,7 @@ class Pipelines < Grape::API
     params do
       requires :id, type: String, desc: 'The project ID'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get all Pipelines of the project' do
         detail 'This feature was introduced in GitLab 8.11.'
         success Entities::PipelineBasic

lib/api/project_hooks.rb

@@ -24,7 +24,7 @@ class ProjectHooks < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get project hooks' do
         success Entities::ProjectHook
       end

lib/api/project_snippets.rb

@@ -7,7 +7,7 @@ class ProjectSnippets < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       helpers do
         def handle_project_member_errors(errors)
           if errors[:project_access].any?

lib/api/projects.rb

@@ -142,7 +142,7 @@ def present_projects(projects, options = {})
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects, requirements: { id: /[^\/]+/ } do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get a single project' do
         success Entities::ProjectWithAccess
       end

lib/api/repositories.rb

@@ -9,7 +9,7 @@ class Repositories < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       helpers do
         def handle_project_member_errors(errors)
           if errors[:project_access].any?

lib/api/runners.rb

@@ -86,7 +86,7 @@ class Runners < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       before { authorize_admin_project }
 
       desc 'Get runners available for project' do

lib/api/services.rb

@@ -604,7 +604,10 @@ class Services < Grape::API
       ]
     }.freeze
 
-    resource :projects do
+    params do
+      requires :id, type: String, desc: 'The ID of a project'
+    end
+    resource :projects, requirements: { id: %r{[^/]+} } do
       before { authenticate! }
       before { authorize_admin_project }
 
@@ -692,7 +695,7 @@ def chat_command_service(project, service_slug, params)
       params do
         requires :id, type: String, desc: 'The ID of a project'
       end
-      resource :projects do
+      resource :projects, requirements: { id: %r{[^/]+} } do
         desc "Trigger a slash command for #{service_slug}" do
           detail 'Added in GitLab 8.13'
         end

lib/api/subscriptions.rb

@@ -12,7 +12,7 @@ class Subscriptions < Grape::API
       requires :id, type: String, desc: 'The ID of a project'
       requires :subscribable_id, type: String, desc: 'The ID of a resource'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       subscribable_types.each do |type, finder|
         type_singularized = type.singularize
         entity_class = Entities.const_get(type_singularized.camelcase)

lib/api/tags.rb

@@ -7,7 +7,7 @@ class Tags < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Get a project repository tags' do
         success Entities::RepoTag
       end

lib/api/todos.rb

@@ -12,7 +12,7 @@ class Todos < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       ISSUABLE_TYPES.each do |type, finder|
         type_id_str = "#{type.singularize}_iid".to_sym
 

lib/api/triggers.rb

@@ -5,7 +5,7 @@ class Triggers < Grape::API
     params do
       requires :id, type: String, desc: 'The ID of a project'
     end
-    resource :projects do
+    resource :projects, requirements: { id: %r{[^/]+} } do
       desc 'Trigger a GitLab project pipeline' do
         success Entities::Pipeline
       end

lib/api/v3/award_emoji.rb

@@ -6,7 +6,7 @@ class AwardEmoji < Grape::API
       before { authenticate! }
       AWARDABLES = %w[issue merge_request snippet].freeze
 
-      resource :projects do
+      resource :projects, requirements: { id: %r{[^/]+} } do
         AWARDABLES.each do |awardable_type|
           awardable_string = awardable_type.pluralize
           awardable_id_string = "#{awardable_type}_id"

lib/api/v3/boards.rb

@@ -6,7 +6,7 @@ class Boards < Grape::API
       params do
         requires :id, type: String, desc: 'The ID of a project'
       end
-      resource :projects do
+      resource :projects, requirements: { id: %r{[^/]+} } do
         desc 'Get all project boards' do
           detail 'This feature was introduced in 8.13'
           success ::API::Entities::Board