rosa-build/spec/controllers/api/v1/platforms_controller_spec.rb

# -*- encoding : utf-8 -*-
require 'spec_helper'

shared_examples_for 'api platform user with reader rights' do
  include_examples "api platform user with show rights"

  it 'should be able to perform index action' do
    get :index, :format => :json
    response.should render_template(:index)
  end
end

shared_examples_for 'api platform user with update rights' do
  before do
    put :update, {:platform => {:description => 'new description'}, :id => @platform.id}, :format => :json
  end

  it 'should be able to perform update action' do
    response.should be_success
  end
  it 'ensures that platform has been updated' do
    @platform.reload
    @platform.description.should == 'new description'
  end
end

shared_examples_for 'api platform user without update rights' do
  before do
    put :update, {:platform => {:description => 'new description'}, :id => @platform.id}, :format => :json
  end

  it 'should not be able to perform update action' do
    response.should_not be_success
  end
  it 'ensures that platform has not been updated' do
    @platform.reload
    @platform.description.should_not == 'new description'
  end
end

shared_examples_for 'api platform user with reader rights for hidden platform' do
  before(:each) do
    @platform.update_column(:visibility, 'hidden')
  end

  it_should_behave_like 'api platform user with show rights'
end

shared_examples_for 'api platform user without reader rights for hidden platform' do
  before(:each) do
    @platform.update_column(:visibility, 'hidden')
  end

  it_should_behave_like 'api platform user without show rights'
end

shared_examples_for "api platform user with show rights" do
  it 'should be able to perform show action' do
    get :show, :id => @platform.id, :format => :json
    response.should render_template(:show)
  end

  it 'should be able to perform platforms_for_build action' do
    get :platforms_for_build, :format => :json
    response.should render_template(:index)
  end
end

shared_examples_for "api platform user without show rights" do
  [:show, :members].each do |action|
    it "should not be able to perform #{ action } action" do
      get action, :id => @platform.id, :format => :json
      response.body.should == {"message" => "Access violation to this page!"}.to_json
    end
  end
end

describe Api::V1::PlatformsController do
  before do
    stub_symlink_methods

    @platform = FactoryGirl.create(:platform, :visibility => 'open')
    @personal_platform = FactoryGirl.create(:platform, :platform_type => 'personal')
    @user = FactoryGirl.create(:user)
  end

  context 'for guest' do
    
    it "should not be able to perform index action" do
      get :index, :format => :json
      response.status.should == 401
    end

    [:show, :platforms_for_build].each do |action|
      it "should not be able to perform #{ action } action", :anonymous_access  => false do
        get action, :format => :json
        response.status.should == 401
      end
    end

    it 'should be able to perform members action', :anonymous_access  => true do
      get :members, :id => @platform.id, :format => :json
      response.should render_template(:members)
    end

    it_should_behave_like 'api platform user with show rights' if APP_CONFIG['anonymous_access']
    it_should_behave_like 'api platform user without reader rights for hidden platform' if APP_CONFIG['anonymous_access']
    it_should_behave_like 'api platform user without update rights'
  end

  context 'for global admin' do
    before do
      @admin = FactoryGirl.create(:admin)
      @user = FactoryGirl.create(:user)
      http_login(@admin)
    end

    it_should_behave_like 'api platform user with reader rights'
    it_should_behave_like 'api platform user with reader rights for hidden platform'
    it_should_behave_like 'api platform user with update rights'
  end

  context 'for owner user' do
    before do
      @user = FactoryGirl.create(:user)
      http_login(@user)
      @platform.owner = @user; @platform.save
      @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
    end

    it_should_behave_like 'api platform user with reader rights'
    it_should_behave_like 'api platform user with reader rights for hidden platform'
    it_should_behave_like 'api platform user with update rights'
  end

  context 'for reader user' do
    before do
      @user = FactoryGirl.create(:user)
      http_login(@user)
      @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader')
      @personal_platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader')
    end

    context 'perform index action with type param' do
      render_views
      %w(main personal).each do |type|
        it "ensures that filter by type = #{type} returns true result" do
          get :index, :format => :json, :type => "#{type}"
          JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.
            uniq.should == ["#{type}"]
        end
      end
    end

    it_should_behave_like 'api platform user with reader rights'
    it_should_behave_like 'api platform user with reader rights for hidden platform'
    it_should_behave_like 'api platform user without update rights'
  end

  context 'for simple user' do
    before do
      @user = FactoryGirl.create(:user)
      http_login(@user)
    end

    it_should_behave_like 'api platform user with reader rights'
    it_should_behave_like 'api platform user without reader rights for hidden platform'
    it_should_behave_like 'api platform user without update rights'
  end
end