Merge pull request #629 from warpc/349-anonymous_access

[issue #349] Guest user can show open platforms.
This commit is contained in:
Pasha 2012-09-07 06:10:08 -07:00
commit 0f6744f74b
19 changed files with 200 additions and 117 deletions

View File

@ -2,7 +2,7 @@
class Platforms::PlatformsController < Platforms::BaseController
before_filter :authenticate_user!
skip_before_filter :authenticate_user!, :only => [:advisories] if APP_CONFIG['anonymous_access']
skip_before_filter :authenticate_user!, :only => [:advisories, :members, :show] if APP_CONFIG['anonymous_access']
load_and_authorize_resource
autocomplete :user, :uname

View File

@ -1,6 +1,7 @@
# -*- encoding : utf-8 -*-
class Platforms::ProductsController < Platforms::BaseController
before_filter :authenticate_user!
skip_before_filter :authenticate_user!, :only => [:index, :show] if APP_CONFIG['anonymous_access']
load_and_authorize_resource :platform
load_and_authorize_resource :product, :through => :platform

View File

@ -1,6 +1,7 @@
# -*- encoding : utf-8 -*-
class Platforms::RepositoriesController < Platforms::BaseController
before_filter :authenticate_user!
skip_before_filter :authenticate_user!, :only => [:index, :show, :projects_list] if APP_CONFIG['anonymous_access']
load_and_authorize_resource :platform
load_and_authorize_resource :repository, :through => :platform, :shallow => true

View File

@ -5,7 +5,6 @@ class SearchController < ApplicationController
def index
params[:type] ||= 'all'
params[:type] = 'projects' unless current_user
case params[:type]
when 'all'
find_collection('projects')

View File

@ -13,17 +13,21 @@ class Ability
@user = user
# Shared rights between guests and registered users
can :show, Project, :visibility => 'open'
can :archive, Project, :visibility => 'open'
can [:show, :archive], Project, :visibility => 'open'
can :read, Issue, :project => {:visibility => 'open'}
can :search, BuildList
can [:read, :log, :everything], BuildList, :project => {:visibility => 'open'}
can :read, ProductBuildList#, :product => {:platform => {:visibility => 'open'}} # double nested hash don't work
can :read, Advisory
can(:advisories, Platform) {APP_CONFIG['anonymous_access']}
# Core callbacks
can [:publish_build, :status_build, :pre_build, :post_build, :circle_build, :new_bbdt], BuildList
# Platforms block
can [:show, :members, :advisories], Platform, :visibility == 'open'
can [:read, :projects_list], Repository, :platform => {:visibility => 'open'}
can :read, Product, :platform => {:visibility => 'open'}
if user.guest? # Guest rights
# can [:new, :create], RegisterRequest
else # Registered user rights
@ -76,30 +80,25 @@ class Ability
end
can(:cancel, BuildList) {|build_list| build_list.can_cancel? && can?(:write, build_list.project)}
can [:read], Advisory
can [:read, :members], Platform, :visibility => 'open'
can [:read, :owned, :related, :members], Platform, :owner_type => 'User', :owner_id => user.id
can [:read, :related, :members], Platform, :owner_type => 'Group', :owner_id => user.group_ids
can([:read, :related, :members], Platform, read_relations_for('platforms')) {|platform| local_reader? platform}
can([:update, :members], Platform) {|platform| local_admin? platform}
can([:destroy, :members, :add_member, :remove_member, :remove_members] , Platform) {|platform| owner?(platform) || local_admin?(platform) }
can [:autocomplete_user_uname, :read_advisories, :advisories], Platform
can [:autocomplete_user_uname], Platform
can([:failed_builds_list, :create], MassBuild) {|mass_build| (owner?(mass_build.platform) || local_admin?(mass_build.platform)) && mass_build.platform.main? }
can(:cancel, MassBuild) {|mass_build| (owner?(mass_build.platform) || local_admin?(mass_build.platform)) && !mass_build.stop_build && mass_build.platform.main?}
can [:read, :projects_list], Repository, :platform => {:visibility => 'open'}
can [:read, :projects_list], Repository, :platform => {:owner_type => 'User', :owner_id => user.id}
can [:read, :projects_list], Repository, :platform => {:owner_type => 'Group', :owner_id => user.group_ids}
can([:read, :projects_list], Repository, read_relations_for('repositories', 'platforms')) {|repository| local_reader? repository.platform}
can([:create, :update, :projects_list, :add_project, :remove_project], Repository) {|repository| local_admin? repository.platform}
can([:create, :update, :destroy, :projects_list, :add_project, :remove_project], Repository) {|repository| local_admin? repository.platform}
can(:clear, Platform) {|platform| local_admin?(platform) && platform.personal?}
can([:change_visibility, :settings, :destroy], Repository) {|repository| owner? repository.platform}
can([:create, :destroy], KeyPair) {|key_pair| owner?(key_pair.repository.platform) || local_admin?(key_pair.repository.platform)}
can :read, Product, :platform => {:visibility => 'open'}
can :read, Product, :platform => {:owner_type => 'User', :owner_id => user.id, :platform_type => 'main'}
can :read, Product, :platform => {:owner_type => 'Group', :owner_id => user.group_ids, :platform_type => 'main'}
can(:read, Product, read_relations_for('products', 'platforms')) {|product| product.platform.main?}

View File

@ -37,7 +37,7 @@ class MaintainerPresenter < ApplicationPresenter
end
def maintainer_email_link
mail_to @maintainer.email, @maintainer.email
mail_to @maintainer.email, @maintainer.email, :encode => "javascript"
end
end

View File

@ -10,7 +10,7 @@
= link_to t("layout.platforms.about"), platform_path(@platform)
%li{:class => (contr == :repositories) ? 'active' : ''}
= link_to t("layout.repositories.list_header"), platform_repositories_path(@platform)
- if can? :read, @platform
- if can? :show, @platform
%li{:class => (act == :index && contr == :maintainers) ? 'active' : nil}
= link_to t("layout.platforms.maintainers"), platform_maintainers_path(@platform)
- if can? :edit, @platform
@ -19,7 +19,7 @@
- if can? :read, @platform.products.build
%li{:class => (contr == :products) ? 'active' : ''}
= link_to t("layout.products.list_header"), platform_products_path(@platform)
- if can? :read_advisories, @platform
- if can? :advisories, @platform
%li{:class => (contr == :platforms and act == :advisories) ? 'active' : ''}
= link_to t("layout.advisories.list_header"), advisories_platform_path(@platform)
- if can? :update, @platform

View File

@ -21,5 +21,5 @@
%td= pr.package_type
%td= pr.package_version_release
%td= pr.maintainer_link
%td= pr.maintainer_email_link
%td= pr.maintainer_email_link.html_safe
%td= pr.package_updated_at

View File

@ -6,7 +6,7 @@
.leftlist= f.label :description, t("activerecord.attributes.project.description"), :class => :label
.rightlist= f.text_area :description, :class => 'text_field', :cols => 80
.both
- if [:new, :create].include? controller.action_name
- if [:new, :create].include? act
.leftlist= f.label :owner_id, t("activerecord.attributes.project.owner"), :class => :label
.rightlist
= label_tag t("activerecord.attributes.project.who_owns.me")

View File

@ -6,7 +6,7 @@
%h3= title @user.uname
= @user.name
%br
= link_to @user.email, "mailto:#{@user.email}"
= mail_to @user.email, @user.email, :encode => "javascript"
%br
%h4= t("activerecord.attributes.user.professional_experience") + ":"
%p= @user.professional_experience

View File

@ -6,6 +6,7 @@ module RosaPresenter
include ActionDispatch::Routing::UrlFor
include ActionView::Helpers::UrlHelper
include ActionView::Helpers::TextHelper
include ActionView::Helpers::JavaScriptHelper
include Rails.application.routes.url_helpers
def initialize(item, opts)

View File

@ -2,6 +2,7 @@
require 'spec_helper'
shared_examples_for 'guest user' do
it "should be able to view maintainers list(index)" do
get :index, :platform_id => @platform.id
response.should be_success
@ -20,15 +21,14 @@ describe Platforms::MaintainersController do
context 'for guest' do
before {set_session_for(User.new)}
# it_should_behave_like 'guest user'
# it "should be able to view maintainers list(index)", :anonymous_access => true do
# get :index, :platform_id => @platform.id
# response.should be_success
# end
it "should not be able to view maintainers list(index)" do
it "should be able to view maintainers list(index)", :anonymous_access => true do
get :index, :platform_id => @platform.id
response.should redirect_to(forbidden_path)
response.should be_success
end
it "should not be able to view maintainers list(index)", :anonymous_access => false do
get :index, :platform_id => @platform.id
response.should redirect_to(new_user_session_path)
end
end

View File

@ -2,7 +2,6 @@
require 'spec_helper'
shared_examples_for 'platform owner' do
it_should_behave_like 'platform index viewer'
it 'should not be able to destroy personal platform' do
delete :destroy, :id => @personal_platform.id
@ -19,14 +18,39 @@ shared_examples_for 'platform owner' do
end
end
shared_examples_for 'platform index viewer' do
shared_examples_for 'system registered user' do
it 'should be able to perform index action' do
get :index
response.should render_template(:index)
end
it 'should be able to perform show action' do
get :show, :id => @platform.id
response.should render_template(:show)
assigns(:platform).should eq @platform
end
it 'should be able to perform members action' do
get :members, :id => @platform.id
response.should render_template(:members)
response.should be_success
end
it 'should be able to perform advisories action' do
get :advisories, :id => @platform.id
response.should render_template(:advisories)
response.should be_success
end
end
shared_examples_for 'user without create rights' do
it 'should not be able to perform new action' do
get :new
response.should redirect_to(forbidden_path)
end
it 'should not be able to create platform' do
post :create, @create_params
response.should redirect_to(forbidden_path)
@ -39,7 +63,10 @@ describe Platforms::PlatformsController do
@platform = FactoryGirl.create(:platform)
@personal_platform = FactoryGirl.create(:platform, :platform_type => 'personal')
@user = FactoryGirl.create(:user)
set_session_for(@user)
@create_params = {:platform => {
:name => 'pl1',
:description => 'pl1',
@ -49,6 +76,9 @@ describe Platforms::PlatformsController do
end
context 'for guest' do
before(:each) do
set_session_for(User.new)
end
[:index, :create].each do |action|
it "should not be able to perform #{ action } action" do
@ -57,21 +87,39 @@ describe Platforms::PlatformsController do
end
end
[:show, :new, :edit, :clone, :destroy].each do |action|
[:new, :edit, :clone, :destroy].each do |action|
it "should not be able to perform #{ action } action" do
get action, :id => @platform
response.should redirect_to(new_user_session_path)
end
end
[:show, :members, :advisories].each do |action|
it "should not be able to perform #{ action } action", :anonymous_access => false do
get action, :id => @platform
response.should redirect_to(new_user_session_path)
end
end
[:show, :members, :advisories].each do |action|
it "should be able to perform #{ action } action", :anonymous_access => true do
get action, :id => @platform
response.should render_template(action)
response.should be_success
end
end
end
context 'for global admin' do
before(:each) do
@admin = FactoryGirl.create(:admin)
@user = FactoryGirl.create(:user)
set_session_for(@admin)
@user.role = "admin"
@user.save
end
it_should_behave_like 'system registered user'
it_should_behave_like 'platform owner'
it 'should be able to perform new action' do
get :new
response.should render_template(:new)
@ -86,54 +134,37 @@ describe Platforms::PlatformsController do
lambda { post :create, @create_params }.should change{ Platform.count }.by(1)
end
it_should_behave_like 'platform owner'
it 'should create platform with mentioned owner if owner id present' do
post :create, @create_params.merge({:admin_id => @user.id, :admin_uname => @user.uname})
Platform.last.owner.id.should eql(@user.id)
owner = FactoryGirl.create(:user)
post :create, @create_params.merge({:admin_id => owner.id, :admin_uname => owner.uname})
Platform.last.owner.id.should eql(owner.id)
end
it 'should create platform with current user as owner if owner id not present' do
post :create, @create_params
Platform.last.owner.id.should eql(@admin.id)
Platform.last.owner.id.should eql(@user.id)
end
end
context 'for owner user' do
before(:each) do
@user = FactoryGirl.create(:user)
@user = @platform.owner
set_session_for(@user)
@platform.owner = @user
@platform.save
@platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
end
it_should_behave_like 'system registered user'
it_should_behave_like 'user without create rights'
it_should_behave_like 'platform owner'
it 'should be able to perform new action' do
get :new
response.should redirect_to(forbidden_path)
end
it 'should be able to perform create action' do
post :create, @create_params
response.should redirect_to(forbidden_path)
end
end
context 'for reader user' do
before(:each) do
@user = FactoryGirl.create(:user)
set_session_for(@user)
@platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader')
end
it_should_behave_like 'platform index viewer'
it_should_behave_like 'system registered user'
it_should_behave_like 'user without create rights'
it 'should not be able to perform destroy action' do

View File

@ -31,9 +31,16 @@ describe Platforms::ProductsController do
@product = FactoryGirl.create(:product, :platform => @platform)
@create_params = {:product => {:name => 'pro'}, :platform_id => @platform.id}
@update_params = {:product => {:name => 'pro2'}, :platform_id => @platform.id}
@user = FactoryGirl.create(:user)
set_session_for(@user)
end
context 'for guest' do
context 'for guest' do
before(:each) do
set_session_for(User.new)
end
[:create].each do |action|
it "should not be able to perform #{ action } action" do
get action, :platform_id => @platform.id
@ -41,40 +48,56 @@ describe Platforms::ProductsController do
end
end
[:show, :new, :edit, :update, :destroy].each do |action|
[:new, :edit, :update, :destroy].each do |action|
it "should not be able to perform #{ action } action" do
get action, :id => @product.id, :platform_id => @platform.id
response.should redirect_to(new_user_session_path)
end
end
[:show, :index].each do |action|
it "should not be able to perform #{ action } action", :anonymous_access => false do
get action, :id => @product.id, :platform_id => @platform.id
response.should redirect_to(new_user_session_path)
end
end
[:show, :index].each do |action|
it "should be able to perform #{ action } action", :anonymous_access => true do
get action, :id => @product.id, :platform_id => @platform.id
response.should render_template(action)
response.should be_success
end
end
end
context 'for global admin' do
before(:each) do
@admin = FactoryGirl.create(:admin)
set_session_for(@admin)
end
before(:each) do
@user.role = "admin"
@user.save
end
it_should_behave_like 'admin user'
end
context 'for platform owner' do
before(:each) do
@user = @platform.owner
set_session_for(@user)
end
it_should_behave_like 'admin user'
end
context 'for admin relation user' do
before(:each) do
@user = FactoryGirl.create(:user)
set_session_for(@user)
before(:each) do
@platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
end
end
it_should_behave_like 'admin user'
end
context 'for no relation user' do
before(:each) do
@user = FactoryGirl.create(:user)
set_session_for(@user)
end
it 'should not be able to create product' do
lambda { post :create, @create_params }.should change{ Product.count }.by(0)

View File

@ -19,13 +19,13 @@ shared_examples_for 'user with change projects in repository rights' do
it 'should be able to add project to repository' do
get :add_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id
response.should redirect_to(platform_repository_path(@repository.platform, @repository))
@repository.projects.should include (@project)
@repository.projects.should include(@project)
end
it 'should be able to remove project from repository' do
get :remove_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id
response.should redirect_to(platform_repository_path(@repository.platform, @repository))
@repository.projects.should_not include (@project)
@repository.projects.should_not include(@project)
end
end
@ -40,6 +40,12 @@ shared_examples_for 'registered user' do
get :show, :id => @repository.id
response.should render_template(:show)
end
it 'should be able to perform projects_list action' do
get :projects_list, :id => @repository.id, :platform_id => @platform.id, :format => :json
response.should be_success
end
end
shared_examples_for 'platform admin user' do
@ -75,28 +81,52 @@ describe Platforms::RepositoriesController do
@project = FactoryGirl.create(:project)
@another_user = FactoryGirl.create(:user)
@create_params = {:repository => {:name => 'pro', :description => 'pro2'}, :platform_id => @platform.id}
@user = FactoryGirl.create(:user)
set_session_for(@user)
end
context 'for guest' do
[:index, :create].each do |action|
it "should not be able to perform #{ action } action" do
get action, :platform_id => @platform
response.should redirect_to(new_user_session_path)
end
before(:each) do
set_session_for(User.new)
end
[:show, :new, :add_project, :remove_project, :destroy].each do |action|
it "should not be able to perform create action" do
get :create, :platform_id => @platform
response.should redirect_to(new_user_session_path)
end
[:new, :add_project, :remove_project, :destroy].each do |action|
it "should not be able to perform #{ action } action" do
get action, :id => @repository.id
response.should redirect_to(new_user_session_path)
end
end
it_should_behave_like 'registered user' if APP_CONFIG['anonymous_access']
it "should not be able to perform show action", :anonymous_access => false do
get :show, :id => @repository
response.should redirect_to(new_user_session_path)
end
it "should not be able to perform index action", :anonymous_access => false do
get :index, :platform_id => @platform
response.should redirect_to(new_user_session_path)
end
it 'should not be able to perform projects_list action', :anonymous_access => false do
get :projects_list, :id => @repository.id, :platform_id => @platform.id, :format => :json
response.response_code.should == 401
end
end
context 'for admin' do
before(:each) do
@admin = FactoryGirl.create(:admin)
set_session_for(@admin)
@user.role = "admin"
@user.save
end
it_should_behave_like 'platform admin user'
@ -105,21 +135,22 @@ describe Platforms::RepositoriesController do
context 'for platform owner user' do
before(:each) do
@user = FactoryGirl.create(:user)
@user = @repository.platform.owner
set_session_for(@user)
@repository.platform.owner = @user
@repository.platform.save
@repository.platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
end
it_should_behave_like 'platform admin user'
end
context 'for platform member user' do
before(:each) do
@platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
end
it_should_behave_like 'platform admin user'
end
context 'for user' do
before(:each) do
@user = FactoryGirl.create(:user)
set_session_for(@user)
end
it_should_behave_like 'registered user'
@ -143,13 +174,13 @@ describe Platforms::RepositoriesController do
it 'should not be able to add project to repository' do
get :add_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id
response.should redirect_to(forbidden_path)
@repository.projects.should_not include (@project)
@repository.projects.should_not include(@project)
end
it 'should not be able to remove project from repository' do
get :remove_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id
response.should redirect_to(forbidden_path)
@repository.projects.should_not include (@project)
@repository.projects.should_not include(@project)
end
it_should_behave_like 'not destroy personal repository'

View File

@ -16,18 +16,16 @@ describe Projects::Git::TreesController do
end
context 'for guest' do
if APP_CONFIG['anonymous_access']
it 'should be able to perform archive action with anonymous acccess' do
fill_project
get :archive, @params.merge(:format => 'tar')
response.should be_success
end
else
it 'should not be able to perform archive action without anonymous acccess' do
fill_project
get :archive, @params.merge(:format => 'tar')
response.code.should == '401'
end
it 'should be able to perform archive action with anonymous acccess', :anonymous_access => true do
fill_project
get :archive, @params.merge(:format => 'tar')
response.should be_success
end
it 'should not be able to perform archive action without anonymous acccess', :anonymous_access => false do
fill_project
get :archive, @params.merge(:format => 'tar')
response.code.should == '401'
end
end

View File

@ -103,15 +103,15 @@ describe CanCan do
@ability.should be_able_to(:read, @admin)
end
pending "shoud be able to read index AutoBuildList" do
@ability.should be_able_to(:index, AutoBuildList)
end
it "shoud be able to read open projects" do
@project = FactoryGirl.create(:project, :visibility => 'open')
@ability.should be_able_to(:read, @project)
end
it 'should be able to see open platform' do
@ability.should be_able_to(:show, open_platform)
end
it "shoud be able to create project" do
@ability.should be_able_to(:create, Project)
end
@ -150,10 +150,6 @@ describe CanCan do
@ability.should be_able_to(:read, @project)
end
it 'should be able to read open platform' do
@ability.should be_able_to(:read, open_platform)
end
it 'should be able to read issue' do
@ability.should be_able_to(:read, @issue)
end

View File

@ -25,6 +25,9 @@ RSpec.configure do |config|
# examples within a transaction, remove the following line or assign false
# instead of true.
config.use_transactional_fixtures = true
config.filter_run_excluding :anonymous_access => !(APP_CONFIG['anonymous_access'])
end
def set_session_for(user=nil)