rosa-build/spec/controllers/api/v1/platforms_controller_spec.rb

459 lines
16 KiB
Ruby
Raw Normal View History

require 'spec_helper'
shared_examples_for 'api platform user with reader rights' do
include_examples "api platform user with show rights"
it 'should be able to perform index action' do
2014-01-21 04:51:49 +00:00
get :index, format: :json
expect(response).to render_template(:index)
end
2012-10-09 17:51:41 +01:00
it 'should be able to perform members action' do
2014-01-21 04:51:49 +00:00
get :members, id: @platform.id, format: :json
expect(response).to render_template(:members)
end
2014-04-07 22:30:01 +01:00
2012-10-09 17:51:41 +01:00
end
2013-03-05 22:04:31 +00:00
shared_examples_for 'api platform user with owner rights' do
2012-10-04 16:20:10 +01:00
2012-10-09 17:51:41 +01:00
context 'api platform user with update rights' do
before do
2014-03-19 10:34:30 +00:00
put :update, platform: { description: 'new description' }, id: @platform.id, format: :json
2012-10-09 17:51:41 +01:00
end
it 'should be able to perform update action' do
expect(response).to be_success
2012-10-09 17:51:41 +01:00
end
it 'ensures that platform has been updated' do
expect(@platform.reload.description).to eq 'new description'
2012-10-09 17:51:41 +01:00
end
end
2012-10-09 17:51:41 +01:00
context 'api platform user with destroy rights for main platforms only' do
it 'should be able to perform destroy action for main platform' do
2014-01-21 04:51:49 +00:00
delete :destroy, id: @platform.id, format: :json
expect(response).to be_success
end
it 'ensures that main platform has been destroyed' do
expect do
delete :destroy, id: @platform.id, format: :json
end.to change(Platform, :count).by(-1)
end
it 'should not be able to perform destroy action for personal platform' do
2014-01-21 04:51:49 +00:00
delete :destroy, id: @personal_platform.id, format: :json
expect(response).to_not be_success
end
it 'ensures that personal platform has not been destroyed' do
expect do
delete :destroy, id: @personal_platform.id, format: :json
end.to_not change(Platform, :count)
end
end
end
2013-03-05 22:04:31 +00:00
shared_examples_for 'api platform user without owner rights' do
2012-10-09 17:51:41 +01:00
context 'api platform user without update rights' do
before do
2014-03-19 10:34:30 +00:00
put :update, platform: { description: 'new description' }, id: @platform.id, format: :json
2012-10-09 17:51:41 +01:00
end
it 'should not be able to perform update action' do
expect(response).to_not be_success
2012-10-09 17:51:41 +01:00
end
it 'ensures that platform has not been updated' do
expect(@platform.reload.description).to_not eq 'new description'
2012-10-09 17:51:41 +01:00
end
end
2012-10-09 17:51:41 +01:00
2013-03-05 22:04:31 +00:00
context 'api platform user without destroy rights' do
it 'should not be able to perform destroy action for main platform' do
2014-01-21 04:51:49 +00:00
delete :destroy, id: @platform.id, format: :json
expect(response).to_not be_success
2013-03-05 22:04:31 +00:00
end
it 'ensures that main platform has not been destroyed' do
expect do
delete :destroy, id: @platform.id, format: :json
end.to_not change(Platform, :count)
2013-03-05 22:04:31 +00:00
end
it 'should not be able to perform destroy action for personal platform' do
2014-01-21 04:51:49 +00:00
delete :destroy, id: @personal_platform.id, format: :json
expect(response).to_not be_success
2013-03-05 22:04:31 +00:00
end
it 'ensures that personal platform has not been destroyed' do
expect do
delete :destroy, id: @personal_platform.id, format: :json
end.to_not change(Platform, :count)
2013-03-05 22:04:31 +00:00
end
end
end
shared_examples_for 'api platform user with member rights' do
context 'api platform user with add_member rights' do
2012-10-09 17:51:41 +01:00
let(:member) { FactoryGirl.create(:user) }
before do
2014-03-19 10:34:30 +00:00
put :add_member, member_id: member.id, type: 'User', id: @platform.id, format: :json
2012-10-09 17:51:41 +01:00
end
2013-03-05 22:04:31 +00:00
it 'should be able to perform add_member action' do
expect(response).to be_success
2012-10-09 17:51:41 +01:00
end
2013-03-05 22:04:31 +00:00
it 'ensures that new member has been added to platform' do
expect(@platform.members).to include(member)
2012-10-09 17:51:41 +01:00
end
end
2013-03-05 22:04:31 +00:00
context 'api platform user with remove_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
@platform.add_member(member)
2014-03-19 10:34:30 +00:00
delete :remove_member, member_id: member.id, type: 'User', id: @platform.id, format: :json
end
2013-03-05 22:04:31 +00:00
it 'should be able to perform remove_member action' do
expect(response).to be_success
end
2013-03-05 22:04:31 +00:00
it 'ensures that member has been removed from platform' do
expect(@platform.members).to_not include(member)
end
end
2013-03-05 22:04:31 +00:00
end
shared_examples_for 'api platform user without member rights' do
context 'api platform user without add_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
2014-03-19 10:34:30 +00:00
put :add_member, member_id: member.id, type: 'User', id: @platform.id, format: :json
end
2013-03-05 22:04:31 +00:00
it 'should not be able to perform add_member action' do
expect(response).to_not be_success
end
2013-03-05 22:04:31 +00:00
it 'ensures that new member has not been added to platform' do
expect(@platform.members).to_not include(member)
2013-03-05 22:04:31 +00:00
end
end
2013-03-05 22:04:31 +00:00
context 'api platform user without remove_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
@platform.add_member(member)
2014-03-19 10:34:30 +00:00
delete :remove_member, member_id: member.id, type: 'User', id: @platform.id, format: :json
end
2013-03-05 22:04:31 +00:00
it 'should be able to perform update action' do
expect(response).to_not be_success
end
2013-03-05 22:04:31 +00:00
it 'ensures that member has not been removed from platform' do
expect(@platform.members).to include(member)
end
end
end
shared_examples_for 'api platform user without global admin rights' do
context 'should not be able to perform clear action' do
it 'for personal platform' do
2014-01-21 04:51:49 +00:00
put :clear, id: @personal_platform.id, format: :json
expect(response).to_not be_success
end
it 'for main platform' do
2014-01-21 04:51:49 +00:00
put :clear, id: @platform.id, format: :json
expect(response).to_not be_success
end
end
[:create, :clone].each do |action|
context "api platform user without #{action} rights" do
it "should not be able to perform #{action} action" do
post action, clone_or_create_params
expect(response).to_not be_success
end
it "ensures that platform has not been #{action}d" do
expect do
post action, clone_or_create_params
end.to_not change(Platform, :count)
end
end
end
end
shared_examples_for 'api platform user with reader rights for hidden platform' do
before(:each) do
@platform.update_column(:visibility, 'hidden')
end
it_should_behave_like 'api platform user with show rights'
end
shared_examples_for 'api platform user without reader rights for hidden platform' do
before(:each) do
@platform.update_column(:visibility, 'hidden')
end
[:show, :members].each do |action|
it "should not be able to perform #{ action } action" do
2014-01-21 04:51:49 +00:00
get action, id: @platform.id, format: :json
expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json)
end
end
end
shared_examples_for "api platform user with show rights" do
it 'should be able to perform show action' do
2014-01-21 04:51:49 +00:00
get :show, id: @platform.id, format: :json
expect(response).to render_template(:show)
end
it 'should be able to perform platforms_for_build action' do
2014-01-21 04:51:49 +00:00
get :platforms_for_build, format: :json
expect(response).to render_template(:index)
end
end
2015-02-19 01:12:08 +00:00
describe Api::V1::PlatformsController, type: :controller do
let(:clone_or_create_params) do
{ id: @platform.id,
platform: { description: 'new description', name: 'new_name',
2015-02-19 01:59:20 +00:00
owner_id: @user.id, distrib_type: APP_CONFIG['distr_types'].first, default_branch: 'new_name' }, format: :json }
end
2012-10-04 16:20:10 +01:00
before do
stub_symlink_methods
2014-01-21 04:51:49 +00:00
@platform = FactoryGirl.create(:platform, visibility: 'open')
@personal_platform = FactoryGirl.create(:platform, platform_type: 'personal')
@user = FactoryGirl.create(:user)
end
context 'for guest' do
2014-01-21 04:51:49 +00:00
it "should not be able to perform index action" do
2014-01-21 04:51:49 +00:00
get :index, format: :json
expect(response.status).to eq 401
end
2013-06-10 12:26:36 +01:00
it "should not be able to perform platforms_for_build action", :anonymous_access => false do
2014-01-21 04:51:49 +00:00
get :platforms_for_build, format: :json
expect(response.status).to eq 401
2013-06-10 12:26:36 +01:00
end
it "should not be able to perform show action", :anonymous_access => false do
2014-01-21 04:51:49 +00:00
get :show, id: @platform, format: :json
expect(response.status).to eq 401
end
2013-06-10 12:26:36 +01:00
2012-10-11 19:38:19 +01:00
it 'should be able to perform members action', :anonymous_access => true do
2014-01-21 04:51:49 +00:00
get :members, id: @platform.id, format: :json
expect(response).to render_template(:members)
end
it_should_behave_like 'api platform user with show rights' if APP_CONFIG['anonymous_access']
it_should_behave_like 'api platform user without reader rights for hidden platform' if APP_CONFIG['anonymous_access']
2013-03-05 22:04:31 +00:00
it_should_behave_like 'api platform user without member rights'
it_should_behave_like 'api platform user without owner rights'
it_should_behave_like 'api platform user without global admin rights'
2013-06-26 13:34:58 +01:00
context 'perform allowed action' do
it 'ensures that status 200 if platform empty' do
2013-06-26 13:34:58 +01:00
get :allowed
expect(response).to be_success
2013-06-26 13:34:58 +01:00
end
it 'ensures that status 403 if platform does not exist' do
2014-01-21 04:51:49 +00:00
get :allowed, path: "/rosa-server/repository/SRPMS/base/release/repodata/"
expect(response.status).to eq 403
2013-06-26 13:34:58 +01:00
end
it 'ensures that status 200 if platform open' do
2014-01-21 04:51:49 +00:00
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
expect(response).to be_success
2013-06-26 13:34:58 +01:00
end
context 'for hidden platform' do
before { @platform.change_visibility }
it 'ensures that status 403 if no token' do
2014-01-21 04:51:49 +00:00
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
expect(response.status).to eq 403
2013-06-26 13:34:58 +01:00
end
it 'ensures that status 403 if no token and a lot of "/"' do
2014-01-21 04:51:49 +00:00
get :allowed, path: "///#{@platform.name}///repository/SRPMS/base/release/repodata/"
expect(response.status).to eq 403
end
it 'ensures that status 200 if token correct and a lot of "/"' do
2014-01-21 04:51:49 +00:00
token = FactoryGirl.create(:platform_token, subject: @platform)
http_login token.authentication_token, ''
2014-01-21 04:51:49 +00:00
get :allowed, path: "///#{@platform.name}///repository/SRPMS/base/release/repodata/"
expect(response).to be_success
end
it 'ensures that status 403 on access to root of platform if no token' do
2014-01-21 04:51:49 +00:00
get :allowed, path: "///#{@platform.name}"
expect(response.status).to eq 403
end
it 'ensures that status 200 on access to root of platform if token correct' do
2014-01-21 04:51:49 +00:00
token = FactoryGirl.create(:platform_token, subject: @platform)
http_login token.authentication_token, ''
2014-01-21 04:51:49 +00:00
get :allowed, path: "///#{@platform.name}"
expect(response).to be_success
end
2013-06-26 13:34:58 +01:00
it 'ensures that status 403 if wrong token' do
2013-07-02 19:23:46 +01:00
http_login 'KuKu', ''
2014-01-21 04:51:49 +00:00
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
expect(response.status).to eq 403
2013-06-26 13:34:58 +01:00
end
it 'ensures that status 200 if token correct' do
2014-01-21 04:51:49 +00:00
token = FactoryGirl.create(:platform_token, subject: @platform)
2013-07-02 19:23:46 +01:00
http_login token.authentication_token, ''
2014-01-21 04:51:49 +00:00
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
expect(response).to be_success
2013-06-26 13:34:58 +01:00
end
it 'ensures that status 403 if token correct but blocked' do
2014-01-21 04:51:49 +00:00
token = FactoryGirl.create(:platform_token, subject: @platform)
token.block
2013-07-02 19:23:46 +01:00
http_login token.authentication_token, ''
2014-01-21 04:51:49 +00:00
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
expect(response.status).to eq 403
end
2013-06-26 13:34:58 +01:00
it 'ensures that status 200 if user token correct and user has ability to read platform' do
2013-07-02 19:23:46 +01:00
http_login @platform.owner.authentication_token, ''
2014-01-21 04:51:49 +00:00
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
expect(response).to be_success
2013-06-26 13:34:58 +01:00
end
it 'ensures that status 403 if user token correct but user has no ability to read platform' do
user = FactoryGirl.create(:user)
2013-07-02 19:23:46 +01:00
http_login user.authentication_token, ''
2014-01-21 04:51:49 +00:00
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
expect(response.status).to eq 403
end
2013-06-26 13:34:58 +01:00
end
end
end
context 'for global admin' do
2012-10-04 16:20:10 +01:00
before do
@admin = FactoryGirl.create(:admin)
http_login(@admin)
end
it_should_behave_like 'api platform user with reader rights'
it_should_behave_like 'api platform user with reader rights for hidden platform'
2013-03-05 22:04:31 +00:00
it_should_behave_like 'api platform user with member rights'
it_should_behave_like 'api platform user with owner rights'
[:clone, :create].each do |action|
context "with #{action} rights" do
2014-03-20 16:54:40 +00:00
before { clone_or_create_params[:platform][:owner_id] = @admin.id }
it "should be able to perform #{action} action" do
post action, clone_or_create_params
expect(response).to be_success
end
it "ensures that platform has been #{action}d" do
expect do
post action, clone_or_create_params
end.to change(Platform, :count).by(1)
end
end
end
end
context 'for owner user' do
2012-10-04 16:20:10 +01:00
before do
http_login(@user)
@platform.owner = @user; @platform.save
create_relation(@platform, @user, 'admin')
end
it_should_behave_like 'api platform user with reader rights'
it_should_behave_like 'api platform user with reader rights for hidden platform'
2013-03-05 22:04:31 +00:00
it_should_behave_like 'api platform user with member rights'
it_should_behave_like 'api platform user with owner rights'
it_should_behave_like 'api platform user without global admin rights'
end
2013-03-05 22:04:31 +00:00
context 'for member of platform' do
2012-10-04 16:20:10 +01:00
before do
http_login(@user)
2013-03-05 22:04:31 +00:00
@platform.add_member(@user)
@personal_platform.add_member(@user)
2012-10-04 16:20:10 +01:00
end
2012-10-04 16:50:20 +01:00
context 'perform index action with type param' do
2012-10-04 16:20:10 +01:00
render_views
%w(main personal).each do |type|
it "ensures that filter by type = #{type} returns true result" do
2014-03-20 16:13:21 +00:00
get :index, format: :json, type: type
types = JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.uniq
expect(types).to eq [type]
2012-10-04 16:20:10 +01:00
end
end
end
it_should_behave_like 'api platform user with reader rights'
it_should_behave_like 'api platform user with reader rights for hidden platform'
2013-03-05 22:04:31 +00:00
it_should_behave_like 'api platform user with member rights'
it_should_behave_like 'api platform user without owner rights'
it_should_behave_like 'api platform user without global admin rights'
end
2013-07-17 15:31:32 +01:00
context 'for member of repository' do
before do
http_login(@user)
2014-01-21 04:51:49 +00:00
repository = FactoryGirl.create(:repository, platform: @platform)
2013-07-17 15:31:32 +01:00
repository.add_member(@user)
2014-01-21 04:51:49 +00:00
personal_repository = FactoryGirl.create(:repository, platform: @personal_platform)
2013-07-17 15:31:32 +01:00
personal_repository.add_member(@user)
end
context 'perform index action with type param' do
render_views
%w(main personal).each do |type|
it "ensures that filter by type = #{type} returns true result" do
get :index, format: :json, type: type
types = JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.uniq
expect(types).to eq [type]
2013-07-17 15:31:32 +01:00
end
end
end
it 'should not be able to perform members action for hidden platform' do
@platform.update_column(:visibility, 'hidden')
2014-01-21 04:51:49 +00:00
get :members, id: @platform.id, format: :json
expect(response.status).to eq 403
2013-07-17 15:31:32 +01:00
end
it_should_behave_like 'api platform user with reader rights'
it_should_behave_like 'api platform user with reader rights for hidden platform'
it_should_behave_like 'api platform user without member rights'
it_should_behave_like 'api platform user without owner rights'
it_should_behave_like 'api platform user without global admin rights'
end
context 'for simple user' do
2012-10-04 16:20:10 +01:00
before do
http_login(@user)
end
it_should_behave_like 'api platform user with reader rights'
it_should_behave_like 'api platform user without reader rights for hidden platform'
2013-03-05 22:04:31 +00:00
it_should_behave_like 'api platform user without member rights'
it_should_behave_like 'api platform user without owner rights'
it_should_behave_like 'api platform user without global admin rights'
end
end