rosa-build/spec/controllers/api/v1/groups_controller_spec.rb

268 lines
8.0 KiB
Ruby
Raw Permalink Normal View History

2012-10-16 15:44:21 +01:00
require 'spec_helper'
shared_examples_for 'api group user with reader rights' do
it 'should be able to perform members action' do
2014-01-21 04:51:49 +00:00
get :members, id: @group.id, format: :json
2015-03-26 00:26:24 +00:00
expect(response).to be_success
2012-10-16 15:44:21 +01:00
end
it_should_behave_like 'api group user with show rights'
end
shared_examples_for 'api group user with show rights' do
it 'should be able to perform show action' do
2014-01-21 04:51:49 +00:00
get :show, id: @group.id, format: :json
2015-03-26 00:26:24 +00:00
expect(response).to be_success
2012-10-16 15:44:21 +01:00
end
it 'should be able to perform index action' do
2014-01-21 04:51:49 +00:00
get :index, format: :json
2015-03-26 00:26:24 +00:00
expect(response).to be_success
2012-10-16 15:44:21 +01:00
end
end
shared_examples_for 'api group user without reader rights' do
it 'should not be able to perform members action' do
2014-01-21 04:51:49 +00:00
get :members, id: @group.id, format: :json
2015-03-26 00:26:24 +00:00
expect(response).to_not be_success
2012-10-16 15:44:21 +01:00
end
end
shared_examples_for 'api group user with admin rights' do
context 'api group user with update rights' do
before do
2014-03-19 11:01:08 +00:00
put :update, group: { description: 'new description' }, id: @group.id, format: :json
2012-10-16 15:44:21 +01:00
end
it 'should be able to perform update action' do
2015-03-26 00:26:24 +00:00
expect(response).to be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that group has been updated' do
@group.reload
2015-03-26 00:26:24 +00:00
expect(@group.description).to eq 'new description'
2012-10-16 15:44:21 +01:00
end
end
context 'api group user with add_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
2014-03-19 10:34:30 +00:00
put :add_member, member_id: member.id, id: @group.id, format: :json
2012-10-16 15:44:21 +01:00
end
it 'should be able to perform add_member action' do
2015-03-26 00:26:24 +00:00
expect(response).to be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that new member has been added to group' do
2015-03-26 00:26:24 +00:00
expect(@group.members).to include(member)
2012-10-16 15:44:21 +01:00
end
end
context 'api group user with remove_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
@group.add_member(member)
2014-03-19 10:34:30 +00:00
delete :remove_member, member_id: member.id, id: @group.id, format: :json
2012-10-16 15:44:21 +01:00
end
it 'should be able to perform remove_member action' do
2015-03-26 00:26:24 +00:00
expect(response).to be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that member has been removed from group' do
2015-03-26 00:26:24 +00:00
expect(@group.members).to_not include(member)
2012-10-16 15:44:21 +01:00
end
end
context 'api group user with update_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
@group.add_member(member)
2014-03-19 10:34:30 +00:00
put :update_member, member_id: member.id, role: 'reader', id: @group.id, format: :json
2012-10-16 15:44:21 +01:00
end
it 'should be able to perform update_member action' do
2015-03-26 00:26:24 +00:00
expect(response).to be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that member role has been updated in group' do
2015-03-26 00:26:24 +00:00
role = @group.actors.where(actor_id: member, actor_type: 'User').first.role
expect(role).to eq 'reader'
2012-10-16 15:44:21 +01:00
end
end
end
shared_examples_for 'api group user with owner rights' do
context 'api group user with destroy rights' do
it 'should be able to perform destroy action' do
2014-01-21 04:51:49 +00:00
delete :destroy, id: @group.id, format: :json
2015-03-26 00:26:24 +00:00
expect(response).to be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that group has been destroyed' do
2015-03-26 00:26:24 +00:00
expect do
delete :destroy, id: @group.id, format: :json
end.to change(Group, :count).by(-1)
2012-10-16 15:44:21 +01:00
end
end
end
shared_examples_for 'api group user without admin rights' do
context 'api group user without update_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
@group.add_member(member)
2014-03-19 10:34:30 +00:00
put :update_member, member_id: member.id, role: 'reader', id: @group.id, format: :json
2012-10-16 15:44:21 +01:00
end
it 'should not be able to perform update_member action' do
2015-03-26 00:26:24 +00:00
expect(response).to_not be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that member role has not been updated in group' do
2015-03-26 00:26:24 +00:00
role = @group.actors.where(actor_id: member, actor_type: 'User').first.role
expect(role).to_not eq 'reader'
2012-10-16 15:44:21 +01:00
end
end
context 'api group user without update rights' do
before do
2014-03-19 11:01:08 +00:00
put :update, group: { description: 'new description' }, id: @group.id, format: :json
2012-10-16 15:44:21 +01:00
end
it 'should not be able to perform update action' do
2015-03-26 00:26:24 +00:00
expect(response).to_not be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that platform has not been updated' do
2015-03-26 00:26:24 +00:00
expect(@group.reload.description).to_not eq 'new description'
2012-10-16 15:44:21 +01:00
end
end
context 'api group user without add_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
2014-03-19 10:34:30 +00:00
put :add_member, member_id: member.id, id: @group.id, format: :json
2012-10-16 15:44:21 +01:00
end
it 'should not be able to perform add_member action' do
2015-03-26 00:26:24 +00:00
expect(response).to_not be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that new member has not been added to group' do
2015-03-26 00:26:24 +00:00
expect(@group.members).to_not include(member)
2012-10-16 15:44:21 +01:00
end
end
context 'api group user without remove_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
@group.add_member(member)
2014-03-19 10:34:30 +00:00
delete :remove_member, member_id: member.id, id: @group.id, format: :json
2012-10-16 15:44:21 +01:00
end
it 'should be able to perform update action' do
2015-03-26 00:26:24 +00:00
expect(response).to_not be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that member has not been removed from group' do
2015-03-26 00:26:24 +00:00
expect(@group.members).to include(member)
2012-10-16 15:44:21 +01:00
end
end
end
shared_examples_for 'api group user without owner rights' do
context 'api group user without destroy rights' do
it 'should not be able to perform destroy action' do
2014-01-21 04:51:49 +00:00
delete :destroy, id: @group.id, format: :json
2015-03-26 00:26:24 +00:00
expect(response).to_not be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that group has not been destroyed' do
2015-03-26 00:26:24 +00:00
expect do
delete :destroy, id: @group.id, format: :json
end.to_not change(Group, :count)
2012-10-16 15:44:21 +01:00
end
end
end
2015-02-19 01:12:08 +00:00
describe Api::V1::GroupsController, type: :controller do
2012-10-16 15:44:21 +01:00
before do
stub_symlink_methods
@group = FactoryGirl.create(:group)
@user = FactoryGirl.create(:user)
end
context 'for guest' do
2014-01-21 04:51:49 +00:00
2012-10-16 15:44:21 +01:00
it "should not be able to perform index action" do
2014-01-21 04:51:49 +00:00
get :index, format: :json
2015-03-26 00:26:24 +00:00
expect(response.status).to eq 401
2012-10-16 15:44:21 +01:00
end
it "should not be able to perform show action", :anonymous_access => false do
2014-01-21 04:51:49 +00:00
get :show, id: @group.id, format: :json
2015-03-26 00:26:24 +00:00
expect(response.status).to eq 401
2012-10-16 15:44:21 +01:00
end
it "should be able to perform show action", :anonymous_access => true do
2014-01-21 04:51:49 +00:00
get :show, id: @group.id, format: :json
2015-03-26 00:26:24 +00:00
expect(response).to be_success
2012-10-16 15:44:21 +01:00
end
context 'api group user without create rights' do
2014-01-21 04:51:49 +00:00
let(:params) { {group: {uname: 'test_uname'}} }
2012-10-16 15:44:21 +01:00
it 'should not be able to perform create action' do
2014-01-21 04:51:49 +00:00
post :create, params, format: :json
2015-03-26 00:26:24 +00:00
expect(response).to_not be_success
2012-10-16 15:44:21 +01:00
end
it 'ensures that group has not been created' do
2015-03-26 00:26:24 +00:00
expect do
post :create, params, format: :json
end.to_not change(Group, :count)
2012-10-16 15:44:21 +01:00
end
end
it_should_behave_like 'api group user without reader rights'
it_should_behave_like 'api group user without admin rights'
it_should_behave_like 'api group user without owner rights'
end
context 'for global admin' do
before do
@admin = FactoryGirl.create(:admin)
http_login(@admin)
end
it_should_behave_like 'api group user with reader rights'
it_should_behave_like 'api group user with admin rights'
it_should_behave_like 'api group user with owner rights'
end
2012-10-16 15:44:21 +01:00
context 'for owner user' do
before do
2014-01-21 04:51:49 +00:00
@group = FactoryGirl.create(:group, owner: @user)
2012-10-16 15:44:21 +01:00
http_login(@user)
end
it_should_behave_like 'api group user with reader rights'
it_should_behave_like 'api group user with admin rights'
it_should_behave_like 'api group user with owner rights'
end
context 'for admin user' do
before do
@group.add_member(@user)
http_login(@user)
end
it_should_behave_like 'api group user with reader rights'
it_should_behave_like 'api group user with admin rights'
it_should_behave_like 'api group user without owner rights'
end
context 'for simple user' do
before do
http_login(@user)
end
it_should_behave_like 'api group user with show rights'
it_should_behave_like 'api group user without reader rights'
it_should_behave_like 'api group user without admin rights'
it_should_behave_like 'api group user without owner rights'
end
end