2012-08-21 18:15:28 +01:00
|
|
|
# -*- encoding : utf-8 -*-
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
shared_examples_for 'api platform user with reader rights' do
|
|
|
|
include_examples "api platform user with show rights"
|
|
|
|
|
2012-08-21 18:15:28 +01:00
|
|
|
it 'should be able to perform index action' do
|
|
|
|
get :index, :format => :json
|
|
|
|
response.should render_template(:index)
|
|
|
|
end
|
2012-10-09 17:23:48 +01:00
|
|
|
|
2012-10-09 17:51:41 +01:00
|
|
|
it 'should be able to perform members action' do
|
|
|
|
get :members, :id => @platform.id, :format => :json
|
|
|
|
response.should render_template(:members)
|
2012-10-09 17:23:48 +01:00
|
|
|
end
|
2012-10-09 17:51:41 +01:00
|
|
|
end
|
|
|
|
|
2013-03-05 22:04:31 +00:00
|
|
|
shared_examples_for 'api platform user with owner rights' do
|
2012-10-04 16:20:10 +01:00
|
|
|
|
2012-10-09 17:51:41 +01:00
|
|
|
context 'api platform user with update rights' do
|
|
|
|
before do
|
|
|
|
put :update, {:platform => {:description => 'new description'}, :id => @platform.id}, :format => :json
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should be able to perform update action' do
|
|
|
|
response.should be_success
|
|
|
|
end
|
|
|
|
it 'ensures that platform has been updated' do
|
|
|
|
@platform.reload
|
|
|
|
@platform.description.should == 'new description'
|
|
|
|
end
|
2012-10-09 17:23:48 +01:00
|
|
|
end
|
2012-10-09 17:51:41 +01:00
|
|
|
|
2012-10-10 16:43:14 +01:00
|
|
|
context 'api platform user with destroy rights for main platforms only' do
|
|
|
|
it 'should be able to perform destroy action for main platform' do
|
|
|
|
delete :destroy, :id => @platform.id, :format => :json
|
|
|
|
response.should be_success
|
|
|
|
end
|
|
|
|
it 'ensures that main platform has been destroyed' do
|
|
|
|
lambda { delete :destroy, :id => @platform.id, :format => :json }.should change{ Platform.count }.by(-1)
|
|
|
|
end
|
|
|
|
it 'should not be able to perform destroy action for personal platform' do
|
|
|
|
delete :destroy, :id => @personal_platform.id, :format => :json
|
|
|
|
response.should_not be_success
|
|
|
|
end
|
|
|
|
it 'ensures that personal platform has not been destroyed' do
|
|
|
|
lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count }
|
|
|
|
end
|
|
|
|
end
|
2012-10-09 17:23:48 +01:00
|
|
|
end
|
|
|
|
|
2013-03-05 22:04:31 +00:00
|
|
|
shared_examples_for 'api platform user without owner rights' do
|
2012-10-09 17:51:41 +01:00
|
|
|
context 'api platform user without update rights' do
|
|
|
|
before do
|
|
|
|
put :update, {:platform => {:description => 'new description'}, :id => @platform.id}, :format => :json
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should not be able to perform update action' do
|
|
|
|
response.should_not be_success
|
|
|
|
end
|
|
|
|
it 'ensures that platform has not been updated' do
|
|
|
|
@platform.reload
|
|
|
|
@platform.description.should_not == 'new description'
|
|
|
|
end
|
2012-10-09 17:23:48 +01:00
|
|
|
end
|
2012-10-09 17:51:41 +01:00
|
|
|
|
2013-03-05 22:04:31 +00:00
|
|
|
context 'api platform user without destroy rights' do
|
|
|
|
it 'should not be able to perform destroy action for main platform' do
|
|
|
|
delete :destroy, :id => @platform.id, :format => :json
|
|
|
|
response.should_not be_success
|
|
|
|
end
|
|
|
|
it 'ensures that main platform has not been destroyed' do
|
|
|
|
lambda { delete :destroy, :id => @platform.id, :format => :json }.should_not change{ Platform.count }
|
|
|
|
end
|
|
|
|
it 'should not be able to perform destroy action for personal platform' do
|
|
|
|
delete :destroy, :id => @personal_platform.id, :format => :json
|
|
|
|
response.should_not be_success
|
|
|
|
end
|
|
|
|
it 'ensures that personal platform has not been destroyed' do
|
|
|
|
lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
shared_examples_for 'api platform user with member rights' do
|
|
|
|
|
|
|
|
context 'api platform user with add_member rights' do
|
2012-10-09 17:51:41 +01:00
|
|
|
let(:member) { FactoryGirl.create(:user) }
|
|
|
|
before do
|
|
|
|
put :add_member, {:member_id => member.id, :type => 'User', :id => @platform.id}, :format => :json
|
|
|
|
end
|
|
|
|
|
2013-03-05 22:04:31 +00:00
|
|
|
it 'should be able to perform add_member action' do
|
|
|
|
response.should be_success
|
2012-10-09 17:51:41 +01:00
|
|
|
end
|
2013-03-05 22:04:31 +00:00
|
|
|
it 'ensures that new member has been added to platform' do
|
|
|
|
@platform.members.should include(member)
|
2012-10-09 17:51:41 +01:00
|
|
|
end
|
2012-10-09 17:23:48 +01:00
|
|
|
end
|
2012-10-09 18:07:10 +01:00
|
|
|
|
2013-03-05 22:04:31 +00:00
|
|
|
context 'api platform user with remove_member rights' do
|
2012-10-09 18:07:10 +01:00
|
|
|
let(:member) { FactoryGirl.create(:user) }
|
|
|
|
before do
|
|
|
|
@platform.add_member(member)
|
|
|
|
delete :remove_member, {:member_id => member.id, :type => 'User', :id => @platform.id}, :format => :json
|
|
|
|
end
|
|
|
|
|
2013-03-05 22:04:31 +00:00
|
|
|
it 'should be able to perform remove_member action' do
|
|
|
|
response.should be_success
|
2012-10-09 18:07:10 +01:00
|
|
|
end
|
2013-03-05 22:04:31 +00:00
|
|
|
it 'ensures that member has been removed from platform' do
|
|
|
|
@platform.members.should_not include(member)
|
2012-10-09 18:07:10 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-03-05 22:04:31 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
shared_examples_for 'api platform user without member rights' do
|
|
|
|
|
|
|
|
context 'api platform user without add_member rights' do
|
|
|
|
let(:member) { FactoryGirl.create(:user) }
|
|
|
|
before do
|
|
|
|
put :add_member, {:member_id => member.id, :type => 'User', :id => @platform.id}, :format => :json
|
2012-10-10 16:27:53 +01:00
|
|
|
end
|
2013-03-05 22:04:31 +00:00
|
|
|
|
|
|
|
it 'should not be able to perform add_member action' do
|
2012-10-10 16:27:53 +01:00
|
|
|
response.should_not be_success
|
|
|
|
end
|
2013-03-05 22:04:31 +00:00
|
|
|
it 'ensures that new member has not been added to platform' do
|
|
|
|
@platform.members.should_not include(member)
|
|
|
|
end
|
2012-10-10 16:27:53 +01:00
|
|
|
end
|
|
|
|
|
2013-03-05 22:04:31 +00:00
|
|
|
context 'api platform user without remove_member rights' do
|
|
|
|
let(:member) { FactoryGirl.create(:user) }
|
|
|
|
before do
|
|
|
|
@platform.add_member(member)
|
|
|
|
delete :remove_member, {:member_id => member.id, :type => 'User', :id => @platform.id}, :format => :json
|
2012-10-10 16:43:14 +01:00
|
|
|
end
|
2013-03-05 22:04:31 +00:00
|
|
|
|
|
|
|
it 'should be able to perform update action' do
|
2012-10-10 16:43:14 +01:00
|
|
|
response.should_not be_success
|
|
|
|
end
|
2013-03-05 22:04:31 +00:00
|
|
|
it 'ensures that member has not been removed from platform' do
|
|
|
|
@platform.members.should include(member)
|
2012-10-10 16:43:14 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-10-10 16:13:14 +01:00
|
|
|
end
|
|
|
|
|
2012-10-10 18:45:56 +01:00
|
|
|
shared_examples_for 'api platform user without global admin rights' do
|
|
|
|
context 'should not be able to perform clear action' do
|
|
|
|
it 'for personal platform' do
|
|
|
|
put :clear, :id => @personal_platform.id, :format => :json
|
|
|
|
response.should_not be_success
|
|
|
|
end
|
|
|
|
it 'for main platform' do
|
|
|
|
put :clear, :id => @platform.id, :format => :json
|
|
|
|
response.should_not be_success
|
|
|
|
end
|
2012-10-10 16:13:14 +01:00
|
|
|
end
|
|
|
|
|
2012-10-10 18:45:56 +01:00
|
|
|
[:create, :clone].each do |action|
|
|
|
|
context "api platform user without #{action} rights" do
|
|
|
|
before { any_instance_of(Platform, :create_directory => true) }
|
|
|
|
it "should not be able to perform #{action} action" do
|
|
|
|
post action, clone_or_create_params, :format => :json
|
|
|
|
response.should_not be_success
|
|
|
|
end
|
|
|
|
it "ensures that platform has not been #{action}d" do
|
|
|
|
lambda { post action, clone_or_create_params, :format => :json }.should_not change{ Platform.count }
|
|
|
|
end
|
|
|
|
end
|
2012-10-10 16:13:14 +01:00
|
|
|
end
|
2012-08-22 14:44:01 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
shared_examples_for 'api platform user with reader rights for hidden platform' do
|
|
|
|
before(:each) do
|
|
|
|
@platform.update_column(:visibility, 'hidden')
|
|
|
|
end
|
|
|
|
|
|
|
|
it_should_behave_like 'api platform user with show rights'
|
|
|
|
end
|
|
|
|
|
|
|
|
shared_examples_for 'api platform user without reader rights for hidden platform' do
|
|
|
|
before(:each) do
|
|
|
|
@platform.update_column(:visibility, 'hidden')
|
|
|
|
end
|
|
|
|
|
2013-03-06 12:17:42 +00:00
|
|
|
[:show, :members].each do |action|
|
|
|
|
it "should not be able to perform #{ action } action" do
|
|
|
|
get action, :id => @platform.id, :format => :json
|
|
|
|
response.body.should == {"message" => "Access violation to this page!"}.to_json
|
|
|
|
end
|
|
|
|
end
|
2012-08-22 14:44:01 +01:00
|
|
|
end
|
2012-08-21 18:15:28 +01:00
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
shared_examples_for "api platform user with show rights" do
|
2012-08-21 18:15:28 +01:00
|
|
|
it 'should be able to perform show action' do
|
|
|
|
get :show, :id => @platform.id, :format => :json
|
|
|
|
response.should render_template(:show)
|
|
|
|
end
|
2012-10-09 17:23:48 +01:00
|
|
|
|
|
|
|
it 'should be able to perform platforms_for_build action' do
|
|
|
|
get :platforms_for_build, :format => :json
|
|
|
|
response.should render_template(:index)
|
|
|
|
end
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
describe Api::V1::PlatformsController do
|
2012-10-10 18:45:56 +01:00
|
|
|
let(:clone_or_create_params) { {:id => @platform.id, :platform => {:description => 'new description', :name => 'new_name', :owner_id => @user.id, :distrib_type => APP_CONFIG['distr_types'].first}} }
|
2012-10-04 16:20:10 +01:00
|
|
|
before do
|
2012-08-21 18:15:28 +01:00
|
|
|
stub_symlink_methods
|
|
|
|
|
2012-10-09 17:23:48 +01:00
|
|
|
@platform = FactoryGirl.create(:platform, :visibility => 'open')
|
2012-08-21 18:15:28 +01:00
|
|
|
@personal_platform = FactoryGirl.create(:platform, :platform_type => 'personal')
|
|
|
|
@user = FactoryGirl.create(:user)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'for guest' do
|
2012-09-26 18:15:11 +01:00
|
|
|
|
2012-08-21 18:15:28 +01:00
|
|
|
it "should not be able to perform index action" do
|
|
|
|
get :index, :format => :json
|
2012-08-22 14:44:01 +01:00
|
|
|
response.status.should == 401
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
2013-06-10 12:26:36 +01:00
|
|
|
it "should not be able to perform platforms_for_build action", :anonymous_access => false do
|
|
|
|
get :platforms_for_build, :format => :json
|
|
|
|
response.status.should == 401
|
|
|
|
end
|
|
|
|
|
|
|
|
it "should not be able to perform show action", :anonymous_access => false do
|
|
|
|
get :show, :id => @platform, :format => :json
|
|
|
|
response.status.should == 401
|
2012-10-09 17:23:48 +01:00
|
|
|
end
|
|
|
|
|
2013-06-10 12:26:36 +01:00
|
|
|
|
2012-10-11 19:38:19 +01:00
|
|
|
it 'should be able to perform members action', :anonymous_access => true do
|
2012-10-09 17:23:48 +01:00
|
|
|
get :members, :id => @platform.id, :format => :json
|
|
|
|
response.should render_template(:members)
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
2012-09-26 18:15:11 +01:00
|
|
|
|
|
|
|
it_should_behave_like 'api platform user with show rights' if APP_CONFIG['anonymous_access']
|
|
|
|
it_should_behave_like 'api platform user without reader rights for hidden platform' if APP_CONFIG['anonymous_access']
|
2013-03-05 22:04:31 +00:00
|
|
|
it_should_behave_like 'api platform user without member rights'
|
|
|
|
it_should_behave_like 'api platform user without owner rights'
|
|
|
|
it_should_behave_like 'api platform user without global admin rights'
|
2013-06-26 13:34:58 +01:00
|
|
|
|
|
|
|
|
|
|
|
context 'perform allowed action' do
|
2013-07-02 19:13:00 +01:00
|
|
|
it 'ensures that status 200 if platform empty' do
|
2013-06-26 13:34:58 +01:00
|
|
|
get :allowed
|
2013-07-02 19:13:00 +01:00
|
|
|
response.status.should == 200
|
2013-06-26 13:34:58 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
it 'ensures that status 403 if platform does not exist' do
|
2013-07-02 19:13:00 +01:00
|
|
|
get :allowed, :path => "/rosa-server/repository/SRPMS/base/release/repodata/"
|
2013-06-26 13:34:58 +01:00
|
|
|
response.status.should == 403
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'ensures that status 200 if platform open' do
|
2013-07-02 19:13:00 +01:00
|
|
|
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
|
2013-06-26 13:34:58 +01:00
|
|
|
response.status.should == 200
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'for hidden platform' do
|
|
|
|
before { @platform.change_visibility }
|
|
|
|
|
|
|
|
it 'ensures that status 403 if no token' do
|
2013-07-02 19:13:00 +01:00
|
|
|
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
|
2013-06-26 13:34:58 +01:00
|
|
|
response.status.should == 403
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'ensures that status 403 if wrong token' do
|
2013-07-02 19:13:00 +01:00
|
|
|
@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64("KuKu:password")
|
|
|
|
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
|
2013-06-26 13:34:58 +01:00
|
|
|
response.status.should == 403
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'ensures that status 200 if token correct' do
|
|
|
|
token = FactoryGirl.create(:platform_token, :subject => @platform)
|
2013-07-02 19:13:00 +01:00
|
|
|
@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(token.authentication_token + ':')
|
|
|
|
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
|
2013-06-26 13:34:58 +01:00
|
|
|
response.status.should == 200
|
|
|
|
end
|
|
|
|
|
2013-07-02 19:13:00 +01:00
|
|
|
it 'ensures that status 403 if token correct but blocked' do
|
|
|
|
token = FactoryGirl.create(:platform_token, :subject => @platform)
|
|
|
|
token.block
|
|
|
|
@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(token.authentication_token + ':')
|
|
|
|
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
|
|
|
|
response.status.should == 403
|
|
|
|
end
|
|
|
|
|
2013-06-26 13:34:58 +01:00
|
|
|
it 'ensures that status 200 if user token correct and user has ability to read platform' do
|
2013-07-02 19:13:00 +01:00
|
|
|
@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(@platform.owner.authentication_token + ':')
|
|
|
|
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
|
2013-06-26 13:34:58 +01:00
|
|
|
response.status.should == 200
|
|
|
|
end
|
2013-06-26 15:23:36 +01:00
|
|
|
|
|
|
|
it 'ensures that status 403 if user token correct but user has no ability to read platform' do
|
|
|
|
user = FactoryGirl.create(:user)
|
2013-07-02 19:13:00 +01:00
|
|
|
@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(user.authentication_token + ':')
|
|
|
|
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
|
2013-06-26 15:23:36 +01:00
|
|
|
response.status.should == 403
|
|
|
|
end
|
2013-06-26 13:34:58 +01:00
|
|
|
end
|
|
|
|
end
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'for global admin' do
|
2012-10-04 16:20:10 +01:00
|
|
|
before do
|
2012-08-21 18:15:28 +01:00
|
|
|
@admin = FactoryGirl.create(:admin)
|
2012-09-21 20:48:30 +01:00
|
|
|
http_login(@admin)
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
it_should_behave_like 'api platform user with reader rights'
|
|
|
|
it_should_behave_like 'api platform user with reader rights for hidden platform'
|
2013-03-05 22:04:31 +00:00
|
|
|
it_should_behave_like 'api platform user with member rights'
|
|
|
|
it_should_behave_like 'api platform user with owner rights'
|
2012-10-10 16:27:53 +01:00
|
|
|
|
2012-10-10 18:45:56 +01:00
|
|
|
[:clone, :create].each do |action|
|
|
|
|
context "with #{action} rights" do
|
|
|
|
before do
|
|
|
|
any_instance_of(Platform, :create_directory => true)
|
|
|
|
clone_or_create_params[:platform][:owner_id] = @admin.id
|
|
|
|
end
|
|
|
|
it "should be able to perform #{action} action" do
|
|
|
|
post action, clone_or_create_params, :format => :json
|
|
|
|
response.should be_success
|
|
|
|
end
|
|
|
|
it "ensures that platform has been #{action}d" do
|
|
|
|
lambda { post action, clone_or_create_params, :format => :json }.should change{ Platform.count }.by(1)
|
|
|
|
end
|
2012-10-10 16:27:53 +01:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'for owner user' do
|
2012-10-04 16:20:10 +01:00
|
|
|
before do
|
2012-09-21 20:48:30 +01:00
|
|
|
http_login(@user)
|
2012-08-21 18:15:28 +01:00
|
|
|
@platform.owner = @user; @platform.save
|
|
|
|
@platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
|
|
|
|
end
|
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
it_should_behave_like 'api platform user with reader rights'
|
|
|
|
it_should_behave_like 'api platform user with reader rights for hidden platform'
|
2013-03-05 22:04:31 +00:00
|
|
|
it_should_behave_like 'api platform user with member rights'
|
|
|
|
it_should_behave_like 'api platform user with owner rights'
|
2012-10-10 18:45:56 +01:00
|
|
|
it_should_behave_like 'api platform user without global admin rights'
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
2013-03-05 22:04:31 +00:00
|
|
|
context 'for member of platform' do
|
2012-10-04 16:20:10 +01:00
|
|
|
before do
|
2012-09-21 20:48:30 +01:00
|
|
|
http_login(@user)
|
2013-03-05 22:04:31 +00:00
|
|
|
@platform.add_member(@user)
|
|
|
|
@personal_platform.add_member(@user)
|
2012-10-04 16:20:10 +01:00
|
|
|
end
|
|
|
|
|
2012-10-04 16:50:20 +01:00
|
|
|
context 'perform index action with type param' do
|
2012-10-04 16:20:10 +01:00
|
|
|
render_views
|
|
|
|
%w(main personal).each do |type|
|
|
|
|
it "ensures that filter by type = #{type} returns true result" do
|
|
|
|
get :index, :format => :json, :type => "#{type}"
|
|
|
|
JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.
|
|
|
|
uniq.should == ["#{type}"]
|
|
|
|
end
|
|
|
|
end
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
|
2012-08-22 14:44:01 +01:00
|
|
|
it_should_behave_like 'api platform user with reader rights'
|
|
|
|
it_should_behave_like 'api platform user with reader rights for hidden platform'
|
2013-03-05 22:04:31 +00:00
|
|
|
it_should_behave_like 'api platform user with member rights'
|
|
|
|
it_should_behave_like 'api platform user without owner rights'
|
|
|
|
it_should_behave_like 'api platform user without global admin rights'
|
2012-08-22 14:44:01 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'for simple user' do
|
2012-10-04 16:20:10 +01:00
|
|
|
before do
|
2012-09-21 20:48:30 +01:00
|
|
|
http_login(@user)
|
2012-08-22 14:44:01 +01:00
|
|
|
end
|
|
|
|
|
|
|
|
it_should_behave_like 'api platform user with reader rights'
|
|
|
|
it_should_behave_like 'api platform user without reader rights for hidden platform'
|
2013-03-05 22:04:31 +00:00
|
|
|
it_should_behave_like 'api platform user without member rights'
|
|
|
|
it_should_behave_like 'api platform user without owner rights'
|
|
|
|
it_should_behave_like 'api platform user without global admin rights'
|
2012-08-21 18:15:28 +01:00
|
|
|
end
|
|
|
|
end
|