rosa-build/spec/controllers/platforms/repositories_controller_spec.rb

require 'spec_helper'

shared_examples_for 'user with change projects in repository rights' do

  it 'should be able to see add_project page' do
    get :add_project, id: @repository.id, platform_id: @platform.id
    response.should render_template(:projects_list)
  end

  it 'should be able to add project to repository' do
    get :add_project, id: @repository.id, platform_id: @platform.id, project_id: @project.id
    response.should redirect_to(platform_repository_path(@repository.platform, @repository))
    @repository.projects.should include(@project)
  end

  it 'should be able to remove project from repository' do
    get :remove_project, id: @repository.id, platform_id: @platform.id, project_id: @project.id
    response.should redirect_to(platform_repository_path(@repository.platform, @repository))
    @repository.projects.should_not include(@project)
  end

end

shared_examples_for 'user with rights of add/remove sync_lock_file to repository' do
  it 'should be able to perform sync_lock_file action' do
    put :sync_lock_file, id: @repository.id, platform_id: @platform.id
    response.should redirect_to(edit_platform_repository_path(@platform, @repository))
  end
end

shared_examples_for 'user without rights of add/remove sync_lock_file to repository' do
  it 'should not be able to perform #{action} action' do
    put :sync_lock_file, id: @repository.id, platform_id: @platform.id
    response.should redirect_to(redirect_path)
  end
end

shared_examples_for 'user without change projects in repository rights' do
  it 'should not be able to add project to repository' do
    get :add_project, id: @repository.id, platform_id: @platform.id, project_id: @project.id
    response.should redirect_to(redirect_path)
    @repository.projects.should_not include(@project)
  end

  it 'should not be able to perform regenerate_metadata action' do
    put :regenerate_metadata, id: @repository.id, platform_id: @platform.id
    response.should redirect_to(redirect_path)
    @repository.repository_statuses.should have(:no).items
  end

  it 'should not be able to remove project from repository' do
    delete :remove_project, id: @repository.id, platform_id: @platform.id, project_id: @project.id
    response.should redirect_to(redirect_path)
    @repository.projects.should_not include(@project)
  end
end

shared_examples_for 'registered user or guest' do
  it 'should not be able to perform new action' do
    get :new, platform_id: @platform.id
    response.should redirect_to(redirect_path)
  end

  it 'should not be able to perform regenerate_metadata action' do
    put :regenerate_metadata, id: @repository.id, platform_id: @platform.id
    response.should redirect_to(redirect_path)
    @repository.repository_statuses.should have(:no).items
  end

  it 'should not be able to perform regenerate_metadata action of personal repository' do
    put :regenerate_metadata, id: @personal_repository.id, platform_id: @personal_repository.platform.id
    response.should redirect_to(redirect_path)
    @personal_repository.repository_statuses.should have(:no).items
  end

  it 'should not be able to perform create action' do
    post :create, @create_params
    lambda { post :create, @create_params }.should change{ Repository.count }.by(0)
    response.should redirect_to(redirect_path)
  end

  it 'should not be able to perform edit action' do
    get :edit, id: @repository.id, platform_id: @platform.id
    response.should redirect_to(redirect_path)
  end

  it 'should not be able to perform update action' do
    put :update, id: @repository.id, platform_id: @platform.id
    response.should redirect_to(redirect_path)
  end

  it 'should not be able to add new member to repository' do
    post :add_member, id: @repository.id, platform_id: @platform.id, member_id: @another_user.id
    response.should redirect_to(redirect_path)
    @repository.members.should_not include(@another_user)
  end

  it 'should not be able to remove member from repository' do
    @repository.relations.create(role: 'admin', actor: @another_user)
    delete :remove_member, id: @repository.id, platform_id: @platform.id, member_id: @another_user.id
    response.should redirect_to(redirect_path)
    @repository.members.should include(@another_user)
  end

  it 'should not be able to remove members from repository' do
    another_user2 = FactoryGirl.create(:user)
    @repository.relations.create(role: 'admin', actor: @another_user)
    @repository.relations.create(role: 'admin', actor: another_user2)
    post :remove_members, id: @repository.id, platform_id: @platform.id,
      user_remove: {@another_user.id => [1], another_user2.id => [1]}
    response.should redirect_to(redirect_path)
    @repository.members.should include(@another_user, another_user2)
  end

  it 'should not be able to destroy repository in main platform' do
    delete :destroy, id: @repository.id, platform_id: @platform.id
    response.should redirect_to(redirect_path)
    lambda { delete :destroy, id: @repository.id }.should_not change{ Repository.count }.by(-1)
  end

  it 'should not be able to destroy personal repository' do
    lambda { delete :destroy, id: @personal_repository.id, platform_id: @personal_repository.platform.id}
      .should change{ Repository.count }.by(0)
    response.should redirect_to(redirect_path)
  end
end

shared_examples_for 'registered user' do
  it 'should be able to perform index action' do
    get :index, platform_id: @platform.id
    response.should render_template(:index)
  end

  it 'should be able to perform show action' do
    get :show, id: @repository.id
    response.should render_template(:show)
  end

  it 'should be able to perform projects_list action' do
    get :projects_list, id: @repository.id, platform_id: @platform.id, format: :json
    response.should be_success
  end

end

shared_examples_for 'platform admin user' do

  it_should_behave_like 'registered user'
  it_should_behave_like 'user with rights of add/remove sync_lock_file to repository'

  it 'should be able to perform new action' do
    get :new, platform_id: @platform.id
    response.should render_template(:new)
  end

  it 'should be able to perform regenerate_metadata action' do
    put :regenerate_metadata, id: @repository.id, platform_id: @platform.id
    response.should redirect_to(platform_repository_path(@platform, @repository))
    @repository.repository_statuses.find_by_platform_id(@platform.id).
      waiting_for_regeneration?.should be_true
  end

  it 'should be able to perform regenerate_metadata action of personal repository' do
    put :regenerate_metadata, id: @personal_repository.id, platform_id: @personal_repository.platform.id, build_for_platform_id: @platform.id
    response.should redirect_to(platform_repository_path(@personal_repository.platform, @personal_repository))
    @personal_repository.repository_statuses.find_by_platform_id(@platform.id).
      waiting_for_regeneration?.should be_true
  end

  it 'should not be able to perform regenerate_metadata action of personal repository when build_for_platform does not exist' do
    put :regenerate_metadata, id: @personal_repository.id, platform_id: @personal_repository.platform.id
    response.should render_template(file: "#{Rails.root}/public/404.html")
    @personal_repository.repository_statuses.should have(:no).items
  end

  it 'should be able to create repository' do
    lambda { post :create, @create_params }.should change{ Repository.count }.by(1)
    response.should redirect_to(platform_repository_path(@platform, Repository.last))
  end

  it 'should be able to destroy repository in main platform' do
    lambda { delete :destroy, id: @repository.id, platform_id: @platform.id }.should change{ Repository.count }.by(-1)
    response.should redirect_to(platform_repositories_path(@repository.platform))
  end

  it 'should be able to perform edit action' do
    get :edit, id: @repository.id, platform_id: @platform.id
    response.should render_template(:edit)
  end

  it 'should be able to add new member to repository' do
    post :add_member, id: @repository.id, platform_id: @platform.id, member_id: @another_user.id
    response.should redirect_to(edit_platform_repository_path(@repository.platform, @repository))
    @repository.members.should include(@another_user)
  end

  it 'should be able to remove member from repository' do
    @repository.relations.create(role: 'admin', actor: @another_user)
    delete :remove_member, id: @repository.id, platform_id: @platform.id, member_id: @another_user.id
    response.should redirect_to(edit_platform_repository_path(@repository.platform, @repository))
    @repository.members.should_not include(@another_user)
  end

  it 'should be able to remove members from repository' do
    another_user2 = FactoryGirl.create(:user)
    @repository.relations.create(role: 'admin', actor: @another_user)
    @repository.relations.create(role: 'admin', actor: another_user2)
    post :remove_members, id: @repository.id, platform_id: @platform.id,
      user_remove: {@another_user.id => [1], another_user2.id => [1]}
    response.should redirect_to(edit_platform_repository_path(@repository.platform, @repository))
    @repository.members.should_not include(@another_user, another_user2)
  end

  it 'should not be able to destroy personal repository with name "main"' do
    # hook for "ActiveRecord::ActiveRecordError: name is marked as readonly"
    Repository.where(id: @personal_repository.id).update_all("name = 'main'")
    lambda { delete :destroy, id: @personal_repository.id, platform_id: @personal_repository.platform.id}
      .should change{ Repository.count }.by(0)
    response.should redirect_to(forbidden_path)
  end

  it 'should be able to destroy personal repository with name not "main"' do
    lambda { delete :destroy, id: @personal_repository.id, platform_id: @personal_repository.platform.id}
      .should change{ Repository.count }.by(-1)
    response.should redirect_to(platform_repositories_path(@personal_repository.platform))
  end

  it_should_behave_like 'user with change projects in repository rights'
end

describe Platforms::RepositoriesController do
  before(:each) do
    stub_symlink_methods
    stub_redis

    @platform = FactoryGirl.create(:platform)
    @repository = FactoryGirl.create(:repository, platform:  @platform)
    @personal_repository = FactoryGirl.create(:personal_repository)
    @project = FactoryGirl.create(:project)
    @another_user = FactoryGirl.create(:user)
    @create_params = {repository: {name: 'pro', description: 'pro2'}, platform_id: @platform.id}

    @user = FactoryGirl.create(:user)
    set_session_for(@user)
  end

  context 'for guest' do

    before(:each) do
      set_session_for(User.new)
    end

    it_should_behave_like 'registered user' if APP_CONFIG['anonymous_access']

    let(:redirect_path) { new_user_session_path }
    it_should_behave_like 'registered user or guest'
    it_should_behave_like 'user without change projects in repository rights'
    it_should_behave_like 'user without rights of add/remove sync_lock_file to repository'

    it "should not be able to perform show action", anonymous_access: false do
      get :show, id: @repository
      response.should redirect_to(new_user_session_path)
    end

    it "should not be able to perform index action", anonymous_access: false do
      get :index, platform_id: @platform
      response.should redirect_to(new_user_session_path)
    end

    it 'should not be able to perform projects_list action', anonymous_access: false do
      get :projects_list, id: @repository.id, platform_id: @platform.id, format: :json
      response.response_code.should == 401
    end

  end

  context 'for user' do
    it_should_behave_like 'registered user'

    let(:redirect_path) { forbidden_path }
    it_should_behave_like 'registered user or guest'
    it_should_behave_like 'user without change projects in repository rights'
    it_should_behave_like 'user without rights of add/remove sync_lock_file to repository'
  end

  context 'for admin' do
    before(:each) do
      @user.role = "admin"
      @user.save
    end

    it_should_behave_like 'platform admin user'

  end

  context 'for platform owner user' do
    before(:each) do
      @user = @repository.platform.owner
      platform = @personal_repository.platform
      platform.owner = @user
      # Owner of personal platform can't be changed
      platform.save(validate: false)
      set_session_for(@user)
    end

    it_should_behave_like 'platform admin user'
  end

  context 'for platform member user' do
    before(:each) do
      [@repository, @personal_repository].each do |repo|
        repo.platform.relations.create!(actor_type: 'User', actor_id: @user.id, role: 'admin')
      end
    end

    it_should_behave_like 'platform admin user'
  end

  context 'for repository member user' do
    before(:each) do
      [@repository, @personal_repository].each do |repo|
        repo.add_member @user
      end
    end

    it_should_behave_like 'registered user'

    let(:redirect_path) { forbidden_path }
    it_should_behave_like 'registered user or guest'
    it_should_behave_like 'user with change projects in repository rights'
    it_should_behave_like 'user without rights of add/remove sync_lock_file to repository'

    context 'for hidden platform' do
      before do
        @platform.update_column(:visibility, 'hidden')
        @personal_repository.platform.update_column(:visibility, 'hidden')
      end
      it_should_behave_like 'registered user'

      let(:redirect_path) { forbidden_path }
      it_should_behave_like 'registered user or guest'
      it_should_behave_like 'user with change projects in repository rights'
      it_should_behave_like 'user without rights of add/remove sync_lock_file to repository'
    end

  end

end