rosa-build/spec/controllers/platforms/repositories_controller_spec.rb

# -*- encoding : utf-8 -*-
require 'spec_helper'

shared_examples_for 'user with change projects in repository rights' do

  it 'should be able to see add_project page' do
    get :add_project, :id => @repository.id, :platform_id => @platform.id
    response.should render_template(:projects_list)
  end

  it 'should be able to add project to repository' do
    get :add_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id
    response.should redirect_to(platform_repository_path(@repository.platform, @repository))
    @repository.projects.should include(@project)
  end

  it 'should be able to remove project from repository' do
    get :remove_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id
    response.should redirect_to(platform_repository_path(@repository.platform, @repository))
    @repository.projects.should_not include(@project)
  end

end

shared_examples_for 'user with rights of lock/unlock sync of repository' do
  [:lock_sync, :unlock_sync].each do |action|
    it "should be able to perform #{action} action" do
      put action, :id => @repository.id, :platform_id => @platform.id
      response.should redirect_to(edit_platform_repository_path(@platform, @repository))
    end
  end
end

shared_examples_for 'user without rights of lock/unlock sync of repository' do
  [:lock_sync, :unlock_sync].each do |action|
    it "should not be able to perform #{action} action" do
      put action, :id => @repository.id, :platform_id => @platform.id
      response.should redirect_to(redirect_path)
    end
  end
end

shared_examples_for 'user without change projects in repository rights' do
  it 'should not be able to add project to repository' do
    get :add_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id
    response.should redirect_to(redirect_path)
    @repository.projects.should_not include(@project)
  end

  it 'should not be able to perform regenerate_metadata action' do
    put :regenerate_metadata, :id => @repository.id, :platform_id => @platform.id
    response.should redirect_to(redirect_path)
    regenerate_metadata_queue.should be_empty
  end

  it 'should not be able to remove project from repository' do
    delete :remove_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id
    response.should redirect_to(redirect_path)
    @repository.projects.should_not include(@project)
  end
end

shared_examples_for 'registered user or guest' do
  it 'should not be able to perform new action' do
    get :new, :platform_id => @platform.id
    response.should redirect_to(redirect_path)
  end

  it 'should not be able to perform regenerate_metadata action' do
    put :regenerate_metadata, :id => @repository.id, :platform_id => @platform.id
    response.should redirect_to(redirect_path)
    regenerate_metadata_queue.should be_empty
  end

  it 'should not be able to perform regenerate_metadata action of personal repository' do
    put :regenerate_metadata, :id => @personal_repository.id, :platform_id => @personal_repository.platform.id
    response.should redirect_to(redirect_path)
    regenerate_metadata_queue.should be_empty
  end

  it 'should not be able to perform create action' do
    post :create, @create_params
    lambda { post :create, @create_params }.should change{ Repository.count }.by(0)
    response.should redirect_to(redirect_path)
  end

  it 'should not be able to perform edit action' do
    get :edit, :id => @repository.id, :platform_id => @platform.id
    response.should redirect_to(redirect_path)
  end

  it 'should not be able to perform update action' do
    put :update, :id => @repository.id, :platform_id => @platform.id
    response.should redirect_to(redirect_path)
  end

  it 'should not be able to add new member to repository' do
    post :add_member, :id => @repository.id, :platform_id => @platform.id, :member_id => @another_user.id
    response.should redirect_to(redirect_path)
    @repository.members.should_not include(@another_user)
  end

  it 'should not be able to remove member from repository' do
    @repository.relations.create(:role => 'admin', :actor => @another_user)
    delete :remove_member, :id => @repository.id, :platform_id => @platform.id, :member_id => @another_user.id
    response.should redirect_to(redirect_path)
    @repository.members.should include(@another_user)
  end

  it 'should not be able to remove members from repository' do
    another_user2 = FactoryGirl.create(:user)
    @repository.relations.create(:role => 'admin', :actor => @another_user)
    @repository.relations.create(:role => 'admin', :actor => another_user2)
    post :remove_members, :id => @repository.id, :platform_id => @platform.id,
      :user_remove => {@another_user.id => [1], another_user2.id => [1]}
    response.should redirect_to(redirect_path)
    @repository.members.should include(@another_user, another_user2)
  end

  it 'should not be able to destroy repository in main platform' do
    delete :destroy, :id => @repository.id, :platform_id => @platform.id
    response.should redirect_to(redirect_path)
    lambda { delete :destroy, :id => @repository.id }.should_not change{ Repository.count }.by(-1)
  end

  it 'should not be able to destroy personal repository' do
    lambda { delete :destroy, :id => @personal_repository.id, :platform_id => @personal_repository.platform.id}
      .should change{ Repository.count }.by(0)
    response.should redirect_to(redirect_path)
  end
end

shared_examples_for 'registered user' do
  it 'should be able to perform index action' do
    get :index, :platform_id => @platform.id
    response.should render_template(:index)
  end

  it 'should be able to perform show action' do
    get :show, :id => @repository.id
    response.should render_template(:show)
  end

  it 'should be able to perform projects_list action' do
    get :projects_list, :id => @repository.id, :platform_id => @platform.id, :format => :json
    response.should be_success
  end

end

shared_examples_for 'platform admin user' do
  
  it_should_behave_like 'registered user'
  it_should_behave_like 'user with rights of lock/unlock sync of repository'

  it 'should be able to perform new action' do
    get :new, :platform_id => @platform.id
    response.should render_template(:new)
  end

  it 'should be able to perform regenerate_metadata action' do
    put :regenerate_metadata, :id => @repository.id, :platform_id => @platform.id
    response.should redirect_to(platform_repository_path(@platform, @repository))
    regenerate_metadata_queue.should == ["#{@repository.id}-#{@platform.id}"]
  end

  it 'should be able to perform regenerate_metadata action of personal repository' do
    put :regenerate_metadata, :id => @personal_repository.id, :platform_id => @personal_repository.platform.id, :build_for_platform_id => @platform.id
    response.should redirect_to(platform_repository_path(@personal_repository.platform, @personal_repository))
    regenerate_metadata_queue.should == ["#{@personal_repository.id}-#{@platform.id}"]
  end

  it 'should not be able to perform regenerate_metadata action of personal repository when build_for_platform does not exist' do
    put :regenerate_metadata, :id => @personal_repository.id, :platform_id => @personal_repository.platform.id
    response.should render_template(:file => "#{Rails.root}/public/404.html")
    regenerate_metadata_queue.should be_empty
  end

  it 'should be able to create repository' do
    lambda { post :create, @create_params }.should change{ Repository.count }.by(1)
    response.should redirect_to(platform_repository_path(@platform, Repository.last))
  end
  
  it 'should be able to destroy repository in main platform' do
    lambda { delete :destroy, :id => @repository.id, :platform_id => @platform.id }.should change{ Repository.count }.by(-1)
    response.should redirect_to(platform_repositories_path(@repository.platform))
  end

  it 'should be able to perform edit action' do
    get :edit, :id => @repository.id, :platform_id => @platform.id
    response.should render_template(:edit)
  end

  it 'should be able to add new member to repository' do
    post :add_member, :id => @repository.id, :platform_id => @platform.id, :member_id => @another_user.id
    response.should redirect_to(edit_platform_repository_path(@repository.platform, @repository))
    @repository.members.should include(@another_user)
  end

  it 'should be able to remove member from repository' do
    @repository.relations.create(:role => 'admin', :actor => @another_user)
    delete :remove_member, :id => @repository.id, :platform_id => @platform.id, :member_id => @another_user.id
    response.should redirect_to(edit_platform_repository_path(@repository.platform, @repository))
    @repository.members.should_not include(@another_user)
  end

  it 'should be able to remove members from repository' do
    another_user2 = FactoryGirl.create(:user)
    @repository.relations.create(:role => 'admin', :actor => @another_user)
    @repository.relations.create(:role => 'admin', :actor => another_user2)
    post :remove_members, :id => @repository.id, :platform_id => @platform.id,
      :user_remove => {@another_user.id => [1], another_user2.id => [1]}
    response.should redirect_to(edit_platform_repository_path(@repository.platform, @repository))
    @repository.members.should_not include(@another_user, another_user2)
  end

  it 'should not be able to destroy personal repository with name "main"' do
    # hook for "ActiveRecord::ActiveRecordError: name is marked as readonly"
    Repository.where(:id => @personal_repository.id).update_all("name = 'main'")
    lambda { delete :destroy, :id => @personal_repository.id, :platform_id => @personal_repository.platform.id}
      .should change{ Repository.count }.by(0)
    response.should redirect_to(forbidden_path)
  end

  it 'should be able to destroy personal repository with name not "main"' do
    lambda { delete :destroy, :id => @personal_repository.id, :platform_id => @personal_repository.platform.id}
      .should change{ Repository.count }.by(-1)
    response.should redirect_to(platform_repositories_path(@personal_repository.platform))
  end

  it_should_behave_like 'user with change projects in repository rights'
end

describe Platforms::RepositoriesController do
  let(:regenerate_metadata_queue) { @redis_instance.lrange(AbfWorker::BuildListsPublishTaskManager::REGENERATE_METADATA, 0, -1) }
  before(:each) do
    stub_symlink_methods
    stub_redis

    @platform = FactoryGirl.create(:platform)
    @repository = FactoryGirl.create(:repository, :platform =>  @platform)
    @personal_repository = FactoryGirl.create(:personal_repository)
    @project = FactoryGirl.create(:project)
    @another_user = FactoryGirl.create(:user)
    @create_params = {:repository => {:name => 'pro', :description => 'pro2'}, :platform_id => @platform.id}

    @user = FactoryGirl.create(:user)
    set_session_for(@user)
  end

  context 'for guest' do

    before(:each) do
      set_session_for(User.new)
    end

    it_should_behave_like 'registered user' if APP_CONFIG['anonymous_access']

    let(:redirect_path) { new_user_session_path }
    it_should_behave_like 'registered user or guest'
    it_should_behave_like 'user without change projects in repository rights'
    it_should_behave_like 'user without rights of lock/unlock sync of repository'
    
    it "should not be able to perform show action", :anonymous_access => false do
      get :show, :id => @repository
      response.should redirect_to(new_user_session_path)
    end

    it "should not be able to perform index action", :anonymous_access => false do
      get :index, :platform_id => @platform
      response.should redirect_to(new_user_session_path)
    end

    it 'should not be able to perform projects_list action', :anonymous_access => false do
      get :projects_list, :id => @repository.id, :platform_id => @platform.id, :format => :json
      response.response_code.should == 401
    end
    
  end

  context 'for user' do
    it_should_behave_like 'registered user'

    let(:redirect_path) { forbidden_path }
    it_should_behave_like 'registered user or guest'
    it_should_behave_like 'user without change projects in repository rights'
    it_should_behave_like 'user without rights of lock/unlock sync of repository'
  end

  context 'for admin' do
    before(:each) do
      @user.role = "admin"
      @user.save
    end

    it_should_behave_like 'platform admin user'
    
  end

  context 'for platform owner user' do
    before(:each) do
      @user = @repository.platform.owner
      platform = @personal_repository.platform
      platform.owner = @user
      # Owner of personal platform can't be changed
      platform.save(:validate => false)
      set_session_for(@user)
    end

    it_should_behave_like 'platform admin user'
  end

  context 'for platform member user' do
    before(:each) do
      [@repository, @personal_repository].each do |repo|
        repo.platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
      end
    end

    it_should_behave_like 'platform admin user'
  end

  context 'for repository member user' do
    before(:each) do
      [@repository, @personal_repository].each do |repo|
        repo.add_member @user
      end
    end

    it_should_behave_like 'registered user'

    let(:redirect_path) { forbidden_path }
    it_should_behave_like 'registered user or guest'
    it_should_behave_like 'user with change projects in repository rights'
    it_should_behave_like 'user without rights of lock/unlock sync of repository'

    context 'for hidden platform' do
      before do
        @platform.update_column(:visibility, 'hidden')
        @personal_repository.platform.update_column(:visibility, 'hidden')
      end
      it_should_behave_like 'registered user'

      let(:redirect_path) { forbidden_path }
      it_should_behave_like 'registered user or guest'
      it_should_behave_like 'user with change projects in repository rights'
      it_should_behave_like 'user without rights of lock/unlock sync of repository'
    end

  end

end