2012-08-21 18:15:28 +01:00
|
|
|
require 'spec_helper'
|
|
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
shared_examples_for 'api repository user with reader rights' do
|
2012-08-28 17:57:12 +01:00
|
|
|
it_should_behave_like 'api repository user with show rights'
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
shared_examples_for 'api repository user with reader rights for hidden platform' do
|
|
|
|
|
before(:each) do
|
|
|
|
|
@platform.update_column(:visibility, 'hidden')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it_should_behave_like 'api repository user with show rights'
|
|
|
|
|
end
|
|
|
|
|
|
2014-01-20 22:07:12 +00:00
|
|
|
shared_examples_for 'api repository user without packages rights' do
|
|
|
|
|
it 'should not be able to perform packages action' do
|
2014-01-21 04:51:49 +00:00
|
|
|
get :packages, id: @repository.id, format: :csv
|
2014-01-20 22:07:12 +00:00
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
shared_examples_for 'api repository user with packages rights' do
|
|
|
|
|
it 'should be able to perform packages action' do
|
2014-01-21 04:51:49 +00:00
|
|
|
get :packages, id: @repository.id, format: :csv
|
2014-01-20 22:07:12 +00:00
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
shared_examples_for 'api repository user without reader rights for hidden platform' do
|
|
|
|
|
before(:each) do
|
|
|
|
|
@platform.update_column(:visibility, 'hidden')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it_should_behave_like 'api repository user without show rights'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
shared_examples_for "api repository user with show rights" do
|
|
|
|
|
it 'should be able to perform show action' do
|
2014-01-21 04:51:49 +00:00
|
|
|
get :show, id: @repository.id, format: :json
|
2012-08-22 14:44:01 +01:00
|
|
|
response.should render_template(:show)
|
|
|
|
|
end
|
2012-10-19 15:49:01 +01:00
|
|
|
it 'should be able to perform projects action' do
|
2014-01-21 04:51:49 +00:00
|
|
|
get :projects, id: @repository.id, format: :json
|
2012-10-19 15:49:01 +01:00
|
|
|
response.should render_template(:projects)
|
|
|
|
|
end
|
2012-08-22 14:44:01 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
shared_examples_for "api repository user without show rights" do
|
|
|
|
|
it 'should not be able to perform show action' do
|
2014-01-21 04:51:49 +00:00
|
|
|
get :show, id: @repository.id, format: :json
|
2012-08-22 14:44:01 +01:00
|
|
|
response.body.should == {"message" => "Access violation to this page!"}.to_json
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2012-12-20 19:46:16 +00:00
|
|
|
shared_examples_for "api repository user without key_pair rights" do
|
|
|
|
|
it 'should not be able to perform key_pair action' do
|
2014-01-21 04:51:49 +00:00
|
|
|
get :key_pair, id: @repository.id, format: :json
|
2012-12-20 19:46:16 +00:00
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2012-10-14 13:00:49 +01:00
|
|
|
shared_examples_for 'api repository user with writer rights' do
|
|
|
|
|
|
|
|
|
|
context 'api repository user with update rights' do
|
|
|
|
|
before do
|
2014-01-21 04:51:49 +00:00
|
|
|
put :update, {repository: {description: 'new description'}, id: @repository.id}, format: :json
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'should be able to perform update action' do
|
|
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that repository has been updated' do
|
|
|
|
|
@repository.reload
|
|
|
|
|
@repository.description.should == 'new description'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2013-07-29 13:24:41 +01:00
|
|
|
context 'api repository user with add/remove repo_lock_file rights' do
|
|
|
|
|
[:add_repo_lock_file, :remove_repo_lock_file].each do |action|
|
2013-07-29 11:13:15 +01:00
|
|
|
it "should be able to perform #{action} action" do
|
2014-01-21 04:51:49 +00:00
|
|
|
put action, id: @repository.id, format: :json
|
2013-07-29 11:13:15 +01:00
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2012-10-14 13:00:49 +01:00
|
|
|
context 'api repository user with add_member rights' do
|
|
|
|
|
let(:member) { FactoryGirl.create(:user) }
|
|
|
|
|
before do
|
2014-01-21 04:51:49 +00:00
|
|
|
put :add_member, {member_id: member.id, type: 'User', id: @repository.id}, format: :json
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'should be able to perform add_member action' do
|
|
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that new member has been added to repository' do
|
|
|
|
|
@repository.members.should include(member)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'api repository user with remove_member rights' do
|
|
|
|
|
let(:member) { FactoryGirl.create(:user) }
|
|
|
|
|
before do
|
|
|
|
|
@repository.add_member(member)
|
2014-01-21 04:51:49 +00:00
|
|
|
delete :remove_member, {member_id: member.id, type: 'User', id: @repository.id}, format: :json
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'should be able to perform remove_member action' do
|
|
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that member has been removed from repository' do
|
|
|
|
|
@repository.members.should_not include(member)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'api repository user with destroy rights' do
|
|
|
|
|
it 'should be able to perform destroy action for main platform' do
|
2014-01-21 04:51:49 +00:00
|
|
|
delete :destroy, id: @repository.id, format: :json
|
2012-10-14 13:00:49 +01:00
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that repository of main platform has been destroyed' do
|
2014-01-21 04:51:49 +00:00
|
|
|
lambda { delete :destroy, id: @repository.id, format: :json }.should change{ Repository.count }.by(-1)
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
2013-04-08 22:50:53 +01:00
|
|
|
|
|
|
|
|
context 'repository with name "main" of personal platform' do
|
|
|
|
|
# hook for "ActiveRecord::ActiveRecordError: name is marked as readonly"
|
2014-01-21 04:51:49 +00:00
|
|
|
before { Repository.where(id: @personal_repository.id).update_all("name = 'main'") }
|
2013-04-08 22:50:53 +01:00
|
|
|
it 'should not be able to perform destroy action' do
|
2014-01-21 04:51:49 +00:00
|
|
|
delete :destroy, id: @personal_repository.id, format: :json
|
2013-04-08 22:50:53 +01:00
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that repository has not been destroyed' do
|
2014-01-21 04:51:49 +00:00
|
|
|
lambda { delete :destroy, id: @personal_repository.id, format: :json }.should_not change{ Repository.count }
|
2013-04-08 22:50:53 +01:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
it 'should be able to perform destroy action for repository with name not "main" of personal platform' do
|
2014-01-21 04:51:49 +00:00
|
|
|
delete :destroy, id: @personal_repository.id, format: :json
|
2013-04-08 22:50:53 +01:00
|
|
|
response.should be_success
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
2013-04-08 22:50:53 +01:00
|
|
|
it 'ensures that repository with name not "main" of personal platform has been destroyed' do
|
2014-01-21 04:51:49 +00:00
|
|
|
lambda { delete :destroy, id: @personal_repository.id, format: :json }.should change{ Repository.count }.by(-1)
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
end
|
2012-10-14 14:38:06 +01:00
|
|
|
|
2013-07-17 15:57:46 +01:00
|
|
|
context 'api repository user with update signatures rights' do
|
|
|
|
|
before do
|
|
|
|
|
kp = FactoryGirl.build(:key_pair)
|
2014-01-21 04:51:49 +00:00
|
|
|
put :signatures, id: @repository.id, repository: {public: kp.public, secret: kp.secret}, format: :json
|
2013-07-17 15:57:46 +01:00
|
|
|
end
|
|
|
|
|
it 'should be able to perform signatures action' do
|
|
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that signatures has been updated' do
|
|
|
|
|
@repository.key_pair.should_not be_nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
shared_examples_for 'api repository user with project manage rights' do
|
|
|
|
|
|
2012-10-14 14:38:06 +01:00
|
|
|
context 'api repository user with add_project rights' do
|
2014-01-21 04:51:49 +00:00
|
|
|
before { put :add_project, id: @repository.id, project_id: @project.id, format: :json }
|
2012-10-14 14:38:06 +01:00
|
|
|
it 'should be able to perform add_project action' do
|
|
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that project has been added to repository' do
|
|
|
|
|
@repository.projects.should include(@project)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'api repository user with remove_project rights' do
|
|
|
|
|
before do
|
|
|
|
|
@repository.projects << @project
|
2014-01-21 04:51:49 +00:00
|
|
|
delete :remove_project, id: @repository.id, project_id: @project.id, format: :json
|
2012-10-14 14:38:06 +01:00
|
|
|
end
|
|
|
|
|
it 'should be able to perform remove_project action' do
|
|
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that project has been removed from repository' do
|
|
|
|
|
@repository.reload
|
|
|
|
|
@repository.projects.should_not include(@project)
|
|
|
|
|
end
|
|
|
|
|
end
|
2012-10-14 15:44:10 +01:00
|
|
|
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
shared_examples_for 'api repository user without writer rights' do
|
|
|
|
|
|
|
|
|
|
context 'api repository user without update rights' do
|
|
|
|
|
before do
|
2014-01-21 04:51:49 +00:00
|
|
|
put :update, {repository: {description: 'new description'}, id: @repository.id}, format: :json
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'should not be able to perform update action' do
|
|
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that repository has not been updated' do
|
|
|
|
|
@repository.reload
|
|
|
|
|
@repository.description.should_not == 'new description'
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2013-07-29 13:24:41 +01:00
|
|
|
context 'api repository user without add/remove repo_lock_file rights' do
|
|
|
|
|
[:add_repo_lock_file, :remove_repo_lock_file].each do |action|
|
2013-07-29 11:13:15 +01:00
|
|
|
it "should not be able to perform #{action} action" do
|
2014-01-21 04:51:49 +00:00
|
|
|
put action, id: @repository.id, format: :json
|
2013-07-29 11:13:15 +01:00
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2012-10-14 13:00:49 +01:00
|
|
|
context 'api repository user without add_member rights' do
|
|
|
|
|
let(:member) { FactoryGirl.create(:user) }
|
|
|
|
|
before do
|
2014-01-21 04:51:49 +00:00
|
|
|
put :add_member, {member_id: member.id, type: 'User', id: @repository.id}, format: :json
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'should not be able to perform add_member action' do
|
|
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that new member has not been added to repository' do
|
|
|
|
|
@repository.members.should_not include(member)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'api repository user without remove_member rights' do
|
|
|
|
|
let(:member) { FactoryGirl.create(:user) }
|
|
|
|
|
before do
|
|
|
|
|
@repository.add_member(member)
|
2014-01-21 04:51:49 +00:00
|
|
|
delete :remove_member, {member_id: member.id, type: 'User', id: @repository.id}, format: :json
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'should be able to perform update action' do
|
|
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that member has not been removed from repository' do
|
|
|
|
|
@repository.members.should include(member)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'api repository user without destroy rights' do
|
|
|
|
|
it 'should not be able to perform destroy action for repository of main platform' do
|
2014-01-21 04:51:49 +00:00
|
|
|
delete :destroy, id: @repository.id, format: :json
|
2012-10-14 13:00:49 +01:00
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that repository of main platform has not been destroyed' do
|
2014-01-21 04:51:49 +00:00
|
|
|
lambda { delete :destroy, id: @repository.id, format: :json }.should_not change{ Repository.count }
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
it 'should not be able to perform destroy action for repository of personal platform' do
|
2014-01-21 04:51:49 +00:00
|
|
|
delete :destroy, id: @personal_repository.id, format: :json
|
2012-10-14 13:00:49 +01:00
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that repository of personal platform has not been destroyed' do
|
2014-01-21 04:51:49 +00:00
|
|
|
lambda { delete :destroy, id: @personal_repository.id, format: :json }.should_not change{ Repository.count }
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
end
|
2012-10-14 14:38:06 +01:00
|
|
|
|
2013-07-17 15:57:46 +01:00
|
|
|
context 'api repository user without update signatures rights' do
|
|
|
|
|
before do
|
|
|
|
|
kp = FactoryGirl.build(:key_pair)
|
2014-01-21 04:51:49 +00:00
|
|
|
put :signatures, id: @repository.id, repository: {public: kp.public, secret: kp.secret}, format: :json
|
2013-07-17 15:57:46 +01:00
|
|
|
end
|
|
|
|
|
it 'should not be able to perform signatures action' do
|
|
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that signatures has not been updated' do
|
|
|
|
|
@repository.key_pair.should be_nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
shared_examples_for 'api repository user without project manage rights' do
|
2012-10-14 14:38:06 +01:00
|
|
|
context 'api repository user without add_project rights' do
|
2014-01-21 04:51:49 +00:00
|
|
|
before { put :add_project, id: @repository.id, project_id: @project.id, format: :json }
|
2012-10-14 14:38:06 +01:00
|
|
|
it 'should not be able to perform add_project action' do
|
|
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that project has not been added to repository' do
|
|
|
|
|
@repository.projects.should_not include(@project)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'api repository user without remove_project rights' do
|
|
|
|
|
before do
|
|
|
|
|
@repository.projects << @project
|
2014-01-21 04:51:49 +00:00
|
|
|
delete :remove_project, id: @repository.id, project_id: @project.id, format: :json
|
2012-10-14 14:38:06 +01:00
|
|
|
end
|
|
|
|
|
it 'should not be able to perform remove_project action' do
|
|
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
|
|
|
|
it 'ensures that project has not been removed from repository' do
|
|
|
|
|
@repository.reload
|
|
|
|
|
@repository.projects.should include(@project)
|
|
|
|
|
end
|
|
|
|
|
end
|
2012-10-14 13:00:49 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
2012-08-21 18:15:28 +01:00
|
|
|
describe Api::V1::RepositoriesController do
|
|
|
|
|
before(:each) do
|
|
|
|
|
stub_symlink_methods
|
2012-12-24 10:53:20 +00:00
|
|
|
stub_redis
|
2012-08-21 18:15:28 +01:00
|
|
|
|
|
|
|
|
@platform = FactoryGirl.create(:platform)
|
2014-01-21 04:51:49 +00:00
|
|
|
@repository = FactoryGirl.create(:repository, platform: @platform)
|
2012-08-21 18:15:28 +01:00
|
|
|
@personal_repository = FactoryGirl.create(:personal_repository)
|
|
|
|
|
@project = FactoryGirl.create(:project)
|
|
|
|
|
@another_user = FactoryGirl.create(:user)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'for guest' do
|
2012-09-26 18:15:11 +01:00
|
|
|
it "should not be able to perform show action", :anonymous_access => false do
|
2014-01-21 04:51:49 +00:00
|
|
|
get :show, id: @repository.id, format: :json
|
2012-08-22 14:44:01 +01:00
|
|
|
response.status.should == 401
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
2012-09-26 18:15:11 +01:00
|
|
|
|
2012-10-14 13:00:49 +01:00
|
|
|
if APP_CONFIG['anonymous_access']
|
|
|
|
|
it_should_behave_like 'api repository user without reader rights for hidden platform'
|
|
|
|
|
it_should_behave_like 'api repository user with show rights'
|
|
|
|
|
end
|
|
|
|
|
it_should_behave_like 'api repository user without writer rights'
|
2013-07-17 15:57:46 +01:00
|
|
|
it_should_behave_like 'api repository user without project manage rights'
|
2012-12-20 19:46:16 +00:00
|
|
|
it_should_behave_like 'api repository user without key_pair rights'
|
2014-01-20 22:07:12 +00:00
|
|
|
it_should_behave_like 'api repository user without packages rights'
|
2012-10-19 15:49:01 +01:00
|
|
|
|
2014-01-21 04:51:49 +00:00
|
|
|
it 'should not be able to perform projects action', anonymous_access: false do
|
|
|
|
|
get :projects, id: @repository.id, format: :json
|
2012-10-19 15:49:01 +01:00
|
|
|
response.should_not be_success
|
|
|
|
|
end
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'for admin' do
|
|
|
|
|
before(:each) do
|
|
|
|
|
@admin = FactoryGirl.create(:admin)
|
2012-09-21 20:48:30 +01:00
|
|
|
http_login(@admin)
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
it_should_behave_like 'api repository user with reader rights'
|
|
|
|
|
it_should_behave_like 'api repository user with reader rights for hidden platform'
|
2012-10-14 13:00:49 +01:00
|
|
|
it_should_behave_like 'api repository user with writer rights'
|
2014-01-20 22:07:12 +00:00
|
|
|
it_should_behave_like 'api repository user with packages rights'
|
2012-12-20 19:46:16 +00:00
|
|
|
it_should_behave_like 'api repository user without key_pair rights'
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'for platform owner user' do
|
|
|
|
|
before(:each) do
|
|
|
|
|
@user = FactoryGirl.create(:user)
|
2012-09-21 20:48:30 +01:00
|
|
|
http_login(@user)
|
2013-04-08 22:54:34 +01:00
|
|
|
[@repository, @personal_repository].each do |repository|
|
|
|
|
|
platform = repository.platform
|
|
|
|
|
platform.owner = @user; platform.save
|
2014-01-21 04:51:49 +00:00
|
|
|
repository.platform.relations.create!(actor_type: 'User', actor_id: @user.id, role: 'admin')
|
2013-04-08 22:54:34 +01:00
|
|
|
end
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
it_should_behave_like 'api repository user with reader rights'
|
|
|
|
|
it_should_behave_like 'api repository user with reader rights for hidden platform'
|
2012-10-14 13:00:49 +01:00
|
|
|
it_should_behave_like 'api repository user with writer rights'
|
2014-01-20 22:07:12 +00:00
|
|
|
it_should_behave_like 'api repository user with packages rights'
|
2012-12-20 19:46:16 +00:00
|
|
|
it_should_behave_like 'api repository user without key_pair rights'
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'for user' do
|
|
|
|
|
before(:each) do
|
|
|
|
|
@user = FactoryGirl.create(:user)
|
2012-09-21 20:48:30 +01:00
|
|
|
http_login(@user)
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
it_should_behave_like 'api repository user with reader rights'
|
|
|
|
|
it_should_behave_like 'api repository user without reader rights for hidden platform'
|
|
|
|
|
it_should_behave_like 'api repository user with show rights'
|
2012-10-14 13:00:49 +01:00
|
|
|
it_should_behave_like 'api repository user without writer rights'
|
2013-07-17 15:57:46 +01:00
|
|
|
it_should_behave_like 'api repository user without project manage rights'
|
2014-01-20 22:07:12 +00:00
|
|
|
it_should_behave_like 'api repository user without packages rights'
|
2013-07-17 15:57:46 +01:00
|
|
|
it_should_behave_like 'api repository user without key_pair rights'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'for member of repository' do
|
|
|
|
|
before(:each) do
|
|
|
|
|
@user = FactoryGirl.create(:user)
|
|
|
|
|
@repository.add_member @user
|
|
|
|
|
http_login @user
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it_should_behave_like 'api repository user with reader rights'
|
|
|
|
|
it_should_behave_like 'api repository user with reader rights for hidden platform'
|
|
|
|
|
it_should_behave_like 'api repository user with show rights'
|
|
|
|
|
it_should_behave_like 'api repository user with project manage rights'
|
|
|
|
|
it_should_behave_like 'api repository user without writer rights'
|
2014-01-20 22:07:12 +00:00
|
|
|
it_should_behave_like 'api repository user without packages rights'
|
2012-12-20 19:46:16 +00:00
|
|
|
it_should_behave_like 'api repository user without key_pair rights'
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'for system user' do
|
|
|
|
|
before(:each) do
|
2014-01-21 04:51:49 +00:00
|
|
|
@user = FactoryGirl.create(:user, role: 'system')
|
2012-12-20 19:46:16 +00:00
|
|
|
http_login(@user)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'should be able to perform key_pair action when repository has not keys' do
|
2014-01-21 04:51:49 +00:00
|
|
|
get :key_pair, id: @repository.id, format: :json
|
2012-12-20 19:46:16 +00:00
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it 'should be able to perform key_pair action when repository has keys' do
|
2014-01-21 04:51:49 +00:00
|
|
|
FactoryGirl.create(:key_pair, repository: @repository)
|
|
|
|
|
get :key_pair, id: @repository.id, format: :json
|
2012-12-20 19:46:16 +00:00
|
|
|
response.should be_success
|
|
|
|
|
end
|
|
|
|
|
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
2012-12-20 19:46:16 +00:00
|
|
|
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
