Software
/
rosa-build
mirror of https://github.com/OpenMandrivaSoftware/rosa-build.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#465: updated specs for Api::V1::PlatformsController

This commit is contained in:
Vokhmin Alexey V 2015-03-27 01:33:40 +03:00
parent 28988303d1
commit 0518749228
3 changed files with 95 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/controllers/api/v1/platforms_controller.rb
View File

@ -2,9 +2,10 @@ class Api::V1::PlatformsController < Api::V1::BaseController
before_action :authenticate_user!
skip_before_action :authenticate_user!, only: :allowed
skip_before_action :authenticate_user!, only: [:show, :platforms_for_build, :members] if APP_CONFIG['anonymous_access']
before_action :load_platform, except: :allowed
before_action :load_platform, except: [:index, :allowed, :platforms_for_build, :create]
def allowed
authorize :platform
if request.authorization.present?
token, pass = *ActionController::HttpAuthentication::Basic::user_name_and_password(request)
end
@ -17,7 +18,7 @@ class Api::V1::PlatformsController < Api::V1::BaseController
def index
authorize :platform
@platforms = PlatformPolicy::Scope.new(current_user, Platform).related.
@platforms = PlatformPolicy::Scope.new(current_user, Platform).show.
by_type(params[:type]).paginate(paginate_params)
end
@ -25,6 +26,7 @@ class Api::V1::PlatformsController < Api::V1::BaseController
end
def platforms_for_build
authorize :platform
@platforms = Platform.availables_main_platforms(current_user).paginate(paginate_params)
render :index
end
@ -32,6 +34,7 @@ class Api::V1::PlatformsController < Api::V1::BaseController
def create
platform_params = params[:platform] || {}
owner = User.where(id: platform_params[:owner_id]).first
@platform = Platform.new platform_params
@platform.owner = owner || get_owner
create_subject @platform
end

35
app/policies/platform_policy.rb
View File

@ -4,17 +4,28 @@ class PlatformPolicy < ApplicationPolicy
!user.guest?
end
def allowed?
true
end
def show?
return true if is_admin?
return true unless record.hidden?
return true if record.owner == user
owner? || local_reader? || user_platform_ids.include?(record.id)
end
alias_method :advisories?, :show?
alias_method :members?, :show?
alias_method :owned?, :show?
alias_method :read?, :show?
alias_method :related?, :show?
def members?
return true if is_admin?
return true unless record.hidden?
return true if record.owner == user
owner? || local_reader?
end
def platforms_for_build?
true
end
@ -24,31 +35,33 @@ class PlatformPolicy < ApplicationPolicy
end
def update?
owner?
is_admin? || owner?
end
alias_method :change_visibility?, :update?
def destroy?
record.main? && owner?
record.main? && ( is_admin? || owner? )
end
def local_admin_manage?
owner? || local_admin?
is_admin? || owner? || local_admin?
end
alias_method :add_project?, :local_admin_manage?
alias_method :remove_file?, :local_admin_manage?
def clone?
record.main? && ( owner? || local_admin? )
record.main? && is_admin?
end
alias_method :add_member?, :clone?
alias_method :members?, :clone?
alias_method :regenerate_metadata?, :clone?
alias_method :remove_member?, :clone?
alias_method :remove_members?, :clone?
def add_member?
record.main? && ( is_admin? || owner? || local_admin? )
end
alias_method :regenerate_metadata?, :add_member?
alias_method :remove_member?, :add_member?
alias_method :remove_members?, :add_member?
def clear?
record.personal? && owner?
record.personal? && ( is_admin? || owner? )
end
class Scope < Scope

122
spec/controllers/api/v1/platforms_controller_spec.rb
View File

@ -5,12 +5,12 @@ shared_examples_for 'api platform user with reader rights' do
it 'should be able to perform index action' do
get :index, format: :json
response.should render_template(:index)
expect(response).to render_template(:index)
end
it 'should be able to perform members action' do
get :members, id: @platform.id, format: :json
response.should render_template(:members)
expect(response).to render_template(:members)
end
end
@ -23,28 +23,31 @@ shared_examples_for 'api platform user with owner rights' do
end
it 'should be able to perform update action' do
response.should be_success
expect(response).to be_success
end
it 'ensures that platform has been updated' do
@platform.reload
@platform.description.should == 'new description'
expect(@platform.reload.description).to eq 'new description'
end
end
context 'api platform user with destroy rights for main platforms only' do
it 'should be able to perform destroy action for main platform' do
delete :destroy, id: @platform.id, format: :json
response.should be_success
expect(response).to be_success
end
it 'ensures that main platform has been destroyed' do
lambda { delete :destroy, id: @platform.id, format: :json }.should change{ Platform.count }.by(-1)
expect do
delete :destroy, id: @platform.id, format: :json
end.to change(Platform, :count).by(-1)
end
it 'should not be able to perform destroy action for personal platform' do
delete :destroy, id: @personal_platform.id, format: :json
response.should_not be_success
expect(response).to_not be_success
end
it 'ensures that personal platform has not been destroyed' do
lambda { delete :destroy, id: @personal_platform.id, format: :json }.should change{ Platform.count }.by(0)
expect do
delete :destroy, id: @personal_platform.id, format: :json
end.to_not change(Platform, :count)
end
end
end
@ -56,28 +59,31 @@ shared_examples_for 'api platform user without owner rights' do
end
it 'should not be able to perform update action' do
response.should_not be_success
expect(response).to_not be_success
end
it 'ensures that platform has not been updated' do
@platform.reload
@platform.description.should_not == 'new description'
expect(@platform.reload.description).to_not eq 'new description'
end
end
context 'api platform user without destroy rights' do
it 'should not be able to perform destroy action for main platform' do
delete :destroy, id: @platform.id, format: :json
response.should_not be_success
expect(response).to_not be_success
end
it 'ensures that main platform has not been destroyed' do
lambda { delete :destroy, id: @platform.id, format: :json }.should_not change{ Platform.count }
expect do
delete :destroy, id: @platform.id, format: :json
end.to_not change(Platform, :count)
end
it 'should not be able to perform destroy action for personal platform' do
delete :destroy, id: @personal_platform.id, format: :json
response.should_not be_success
expect(response).to_not be_success
end
it 'ensures that personal platform has not been destroyed' do
lambda { delete :destroy, id: @personal_platform.id, format: :json }.should_not change{ Platform.count }
expect do
delete :destroy, id: @personal_platform.id, format: :json
end.to_not change(Platform, :count)
end
end
@ -92,10 +98,10 @@ shared_examples_for 'api platform user with member rights' do
end
it 'should be able to perform add_member action' do
response.should be_success
expect(response).to be_success
end
it 'ensures that new member has been added to platform' do
@platform.members.should include(member)
expect(@platform.members).to include(member)
end
end
@ -107,10 +113,10 @@ shared_examples_for 'api platform user with member rights' do
end
it 'should be able to perform remove_member action' do
response.should be_success
expect(response).to be_success
end
it 'ensures that member has been removed from platform' do
@platform.members.should_not include(member)
expect(@platform.members).to_not include(member)
end
end
@ -125,10 +131,10 @@ shared_examples_for 'api platform user without member rights' do
end
it 'should not be able to perform add_member action' do
response.should_not be_success
expect(response).to_not be_success
end
it 'ensures that new member has not been added to platform' do
@platform.members.should_not include(member)
expect(@platform.members).to_not include(member)
end
end
@ -140,10 +146,10 @@ shared_examples_for 'api platform user without member rights' do
end
it 'should be able to perform update action' do
response.should_not be_success
expect(response).to_not be_success
end
it 'ensures that member has not been removed from platform' do
@platform.members.should include(member)
expect(@platform.members).to include(member)
end
end
@ -153,11 +159,11 @@ shared_examples_for 'api platform user without global admin rights' do
context 'should not be able to perform clear action' do
it 'for personal platform' do
put :clear, id: @personal_platform.id, format: :json
response.should_not be_success
expect(response).to_not be_success
end
it 'for main platform' do
put :clear, id: @platform.id, format: :json
response.should_not be_success
expect(response).to_not be_success
end
end
@ -165,10 +171,12 @@ shared_examples_for 'api platform user without global admin rights' do
context "api platform user without #{action} rights" do
it "should not be able to perform #{action} action" do
post action, clone_or_create_params
response.should_not be_success
expect(response).to_not be_success
end
it "ensures that platform has not been #{action}d" do
lambda { post action, clone_or_create_params }.should change{ Platform.count }.by(0)
expect do
post action, clone_or_create_params
end.to_not change(Platform, :count)
end
end
end
@ -190,7 +198,7 @@ shared_examples_for 'api platform user without reader rights for hidden platform
[:show, :members].each do |action|
it "should not be able to perform #{ action } action" do
get action, id: @platform.id, format: :json
response.body.should == {"message" => "Access violation to this page!"}.to_json
expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json)
end
end
end
@ -198,12 +206,12 @@ end
shared_examples_for "api platform user with show rights" do
it 'should be able to perform show action' do
get :show, id: @platform.id, format: :json
response.should render_template(:show)
expect(response).to render_template(:show)
end
it 'should be able to perform platforms_for_build action' do
get :platforms_for_build, format: :json
response.should render_template(:index)
expect(response).to render_template(:index)
end
end
@ -225,23 +233,23 @@ describe Api::V1::PlatformsController, type: :controller do
it "should not be able to perform index action" do
get :index, format: :json
response.status.should == 401
expect(response.status).to eq 401
end
it "should not be able to perform platforms_for_build action", :anonymous_access => false do
get :platforms_for_build, format: :json
response.status.should == 401
expect(response.status).to eq 401
end
it "should not be able to perform show action", :anonymous_access => false do
get :show, id: @platform, format: :json
response.status.should == 401
expect(response.status).to eq 401
end
it 'should be able to perform members action', :anonymous_access => true do
get :members, id: @platform.id, format: :json
response.should render_template(:members)
expect(response).to render_template(:members)
end
it_should_behave_like 'api platform user with show rights' if APP_CONFIG['anonymous_access']
@ -254,17 +262,17 @@ describe Api::V1::PlatformsController, type: :controller do
context 'perform allowed action' do
it 'ensures that status 200 if platform empty' do
get :allowed
response.status.should == 200
expect(response).to be_success
end
it 'ensures that status 403 if platform does not exist' do
get :allowed, path: "/rosa-server/repository/SRPMS/base/release/repodata/"
response.status.should == 403
expect(response.status).to eq 403
end
it 'ensures that status 200 if platform open' do
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 200
expect(response).to be_success
end
context 'for hidden platform' do
@ -272,44 +280,44 @@ describe Api::V1::PlatformsController, type: :controller do
it 'ensures that status 403 if no token' do
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 403
expect(response.status).to eq 403
end
it 'ensures that status 403 if no token and a lot of "/"' do
get :allowed, path: "///#{@platform.name}///repository/SRPMS/base/release/repodata/"
response.status.should == 403
expect(response.status).to eq 403
end
it 'ensures that status 200 if token correct and a lot of "/"' do
token = FactoryGirl.create(:platform_token, subject: @platform)
http_login token.authentication_token, ''
get :allowed, path: "///#{@platform.name}///repository/SRPMS/base/release/repodata/"
response.status.should == 200
expect(response).to be_success
end
it 'ensures that status 403 on access to root of platform if no token' do
get :allowed, path: "///#{@platform.name}"
response.status.should == 403
expect(response.status).to eq 403
end
it 'ensures that status 200 on access to root of platform if token correct' do
token = FactoryGirl.create(:platform_token, subject: @platform)
http_login token.authentication_token, ''
get :allowed, path: "///#{@platform.name}"
response.status.should == 200
expect(response).to be_success
end
it 'ensures that status 403 if wrong token' do
http_login 'KuKu', ''
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 403
expect(response.status).to eq 403
end
it 'ensures that status 200 if token correct' do
token = FactoryGirl.create(:platform_token, subject: @platform)
http_login token.authentication_token, ''
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 200
expect(response).to be_success
end
it 'ensures that status 403 if token correct but blocked' do
@ -317,20 +325,20 @@ describe Api::V1::PlatformsController, type: :controller do
token.block
http_login token.authentication_token, ''
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 403
expect(response.status).to eq 403
end
it 'ensures that status 200 if user token correct and user has ability to read platform' do
http_login @platform.owner.authentication_token, ''
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 200
expect(response).to be_success
end
it 'ensures that status 403 if user token correct but user has no ability to read platform' do
user = FactoryGirl.create(:user)
http_login user.authentication_token, ''
get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 403
expect(response.status).to eq 403
end
end
end
@ -353,10 +361,12 @@ describe Api::V1::PlatformsController, type: :controller do
it "should be able to perform #{action} action" do
post action, clone_or_create_params
response.should be_success
expect(response).to be_success
end
it "ensures that platform has been #{action}d" do
lambda { post action, clone_or_create_params }.should change{ Platform.count }.by(1)
expect do
post action, clone_or_create_params
end.to change(Platform, :count).by(1)
end
end
end
@ -389,8 +399,8 @@ describe Api::V1::PlatformsController, type: :controller do
%w(main personal).each do |type|
it "ensures that filter by type = #{type} returns true result" do
get :index, format: :json, type: type
JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.
uniq.should == [type]
types = JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.uniq
expect(types).to eq [type]
end
end
end
@ -415,9 +425,9 @@ describe Api::V1::PlatformsController, type: :controller do
render_views
%w(main personal).each do |type|
it "ensures that filter by type = #{type} returns true result" do
get :index, format: :json, type: "#{type}"
JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.
uniq.should == ["#{type}"]
get :index, format: :json, type: type
types = JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.uniq
expect(types).to eq [type]
end
end
end
@ -425,7 +435,7 @@ describe Api::V1::PlatformsController, type: :controller do
it 'should not be able to perform members action for hidden platform' do
@platform.update_column(:visibility, 'hidden')
get :members, id: @platform.id, format: :json
response.status.should == 403
expect(response.status).to eq 403
end
it_should_behave_like 'api platform user with reader rights'
it_should_behave_like 'api platform user with reader rights for hidden platform'