From d20d72f63b2a8d7d553564797805b1c66a1914c0 Mon Sep 17 00:00:00 2001
From: Vokhmin Alexey V <avokhmin@gmail.com>
Date: Wed, 17 Jul 2013 17:20:48 +0400
Subject: [PATCH 1/5] #221: updated ability.rb

---
 app/models/ability.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/models/ability.rb b/app/models/ability.rb
index 15aef2ff7..40d88f335 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -108,7 +108,7 @@ class Ability
         can [:read, :owned, :related, :members], Platform, :owner_type => 'User', :owner_id => user.id
         can [:read, :related, :members], Platform, :owner_type => 'Group', :owner_id => user.group_ids
         can([:read, :related, :members], Platform, read_relations_for('platforms')) {|platform| local_reader? platform}
-        can :related, Platform, :id => user.repositories.pluck(:platform_id)
+        can [:read, :related], Platform, :id => user.repositories.pluck(:platform_id)
         can([:update, :destroy, :change_visibility], Platform) {|platform| owner?(platform) }
         can([:local_admin_manage, :members, :add_member, :remove_member, :remove_members] , Platform) {|platform| owner?(platform) || local_admin?(platform) }
 
@@ -117,6 +117,7 @@ class Ability
 
         can [:read, :projects_list, :projects], Repository, :platform => {:owner_type => 'User', :owner_id => user.id}
         can [:read, :projects_list, :projects], Repository, :platform => {:owner_type => 'Group', :owner_id => user.group_ids}
+        can([:read, :projects_list, :projects], Repository, read_relations_for('repositories')) {|repository| can? :show, repository.platform}
         can([:read, :projects_list, :projects], Repository, read_relations_for('repositories', 'platforms')) {|repository| local_reader? repository.platform}
         can([:create, :edit, :update, :destroy, :projects_list, :projects, :add_project, :remove_project, :regenerate_metadata], Repository) {|repository| local_admin? repository.platform}
         can([:remove_members, :remove_member, :add_member, :signatures], Repository) {|repository| owner?(repository.platform) || local_admin?(repository.platform)}

From 9726284ace95b0c10d9cab7309a8d7a2d50af794 Mon Sep 17 00:00:00 2001
From: Vokhmin Alexey V <avokhmin@gmail.com>
Date: Wed, 17 Jul 2013 18:31:32 +0400
Subject: [PATCH 2/5] #221: added specs for Platform API

---
 .../api/v1/platforms_controller_spec.rb       | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/spec/controllers/api/v1/platforms_controller_spec.rb b/spec/controllers/api/v1/platforms_controller_spec.rb
index 7b5c36ed3..bd04dfed3 100644
--- a/spec/controllers/api/v1/platforms_controller_spec.rb
+++ b/spec/controllers/api/v1/platforms_controller_spec.rb
@@ -401,6 +401,38 @@ describe Api::V1::PlatformsController do
     it_should_behave_like 'api platform user without global admin rights'
   end
 
+  context 'for member of repository' do
+    before do
+      http_login(@user)
+      repository = FactoryGirl.create(:repository, :platform => @platform)
+      repository.add_member(@user)
+      personal_repository = FactoryGirl.create(:repository, :platform => @personal_platform)
+      personal_repository.add_member(@user)
+    end
+
+    context 'perform index action with type param' do
+      render_views
+      %w(main personal).each do |type|
+        it "ensures that filter by type = #{type} returns true result" do
+          get :index, :format => :json, :type => "#{type}"
+          JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.
+            uniq.should == ["#{type}"]
+        end
+      end
+    end
+
+    it 'should not be able to perform members action for hidden platform' do
+      @platform.update_column(:visibility, 'hidden')
+      get :members, :id => @platform.id, :format => :json
+      response.status.should == 403
+    end
+    it_should_behave_like 'api platform user with reader rights'
+    it_should_behave_like 'api platform user with reader rights for hidden platform'
+    it_should_behave_like 'api platform user without member rights'
+    it_should_behave_like 'api platform user without owner rights'
+    it_should_behave_like 'api platform user without global admin rights'
+  end
+
   context 'for simple user' do
     before do
       http_login(@user)

From 90b5c59582a2588c1dc4bbe99d03e4097be612ca Mon Sep 17 00:00:00 2001
From: Vokhmin Alexey V <avokhmin@gmail.com>
Date: Wed, 17 Jul 2013 18:57:46 +0400
Subject: [PATCH 3/5] #221: added speca for Repository API

---
 .../api/v1/repositories_controller_spec.rb    | 77 ++++++++++++-------
 1 file changed, 50 insertions(+), 27 deletions(-)

diff --git a/spec/controllers/api/v1/repositories_controller_spec.rb b/spec/controllers/api/v1/repositories_controller_spec.rb
index 0b6f2391e..3d591343e 100644
--- a/spec/controllers/api/v1/repositories_controller_spec.rb
+++ b/spec/controllers/api/v1/repositories_controller_spec.rb
@@ -120,6 +120,23 @@ shared_examples_for 'api repository user with writer rights' do
     end
   end
 
+  context 'api repository user with update signatures rights' do
+    before do
+      kp = FactoryGirl.build(:key_pair)
+      put :signatures, :id => @repository.id, :repository => {:public => kp.public, :secret => kp.secret}, :format => :json
+    end
+    it 'should be able to perform signatures action' do
+      response.should be_success
+    end
+    it 'ensures that signatures has been updated' do
+      @repository.key_pair.should_not be_nil
+    end
+  end
+
+end
+
+shared_examples_for 'api repository user with project manage rights' do
+
   context 'api repository user with add_project rights' do
     before { put :add_project, :id => @repository.id, :project_id => @project.id, :format => :json }
     it 'should be able to perform add_project action' do
@@ -144,19 +161,6 @@ shared_examples_for 'api repository user with writer rights' do
     end
   end
 
-  context 'api repository user with update signatures rights' do
-    before do
-      kp = FactoryGirl.build(:key_pair)
-      put :signatures, :id => @repository.id, :repository => {:public => kp.public, :secret => kp.secret}, :format => :json
-    end
-    it 'should be able to perform signatures action' do
-      response.should be_success
-    end
-    it 'ensures that signatures has been updated' do
-      @repository.key_pair.should_not be_nil
-    end
-  end
-
 end
 
 shared_examples_for 'api repository user without writer rights' do
@@ -221,6 +225,22 @@ shared_examples_for 'api repository user without writer rights' do
     end
   end
 
+  context 'api repository user without update signatures rights' do
+    before do
+      kp = FactoryGirl.build(:key_pair)
+      put :signatures, :id => @repository.id, :repository => {:public => kp.public, :secret => kp.secret}, :format => :json
+    end
+    it 'should not be able to perform signatures action' do
+      response.should_not be_success
+    end
+    it 'ensures that signatures has not been updated' do
+      @repository.key_pair.should be_nil
+    end
+  end
+
+end
+
+shared_examples_for 'api repository user without project manage rights' do
   context 'api repository user without add_project rights' do
     before { put :add_project, :id => @repository.id, :project_id => @project.id, :format => :json }
     it 'should not be able to perform add_project action' do
@@ -244,20 +264,6 @@ shared_examples_for 'api repository user without writer rights' do
       @repository.projects.should include(@project)
     end
   end
-
-  context 'api repository user without update signatures rights' do
-    before do
-      kp = FactoryGirl.build(:key_pair)
-      put :signatures, :id => @repository.id, :repository => {:public => kp.public, :secret => kp.secret}, :format => :json
-    end
-    it 'should not be able to perform signatures action' do
-      response.should_not be_success
-    end
-    it 'ensures that signatures has not been updated' do
-      @repository.key_pair.should be_nil
-    end
-  end
-
 end
 
 
@@ -284,6 +290,7 @@ describe Api::V1::RepositoriesController do
       it_should_behave_like 'api repository user with show rights'
     end
     it_should_behave_like 'api repository user without writer rights'
+    it_should_behave_like 'api repository user without project manage rights'
     it_should_behave_like 'api repository user without key_pair rights'
 
     it 'should not be able to perform projects action', :anonymous_access => false do
@@ -331,6 +338,22 @@ describe Api::V1::RepositoriesController do
     it_should_behave_like 'api repository user without reader rights for hidden platform'
     it_should_behave_like 'api repository user with show rights'
     it_should_behave_like 'api repository user without writer rights'
+    it_should_behave_like 'api repository user without project manage rights'
+    it_should_behave_like 'api repository user without key_pair rights'
+  end
+
+  context 'for member of repository' do
+    before(:each) do
+      @user = FactoryGirl.create(:user)
+      @repository.add_member @user
+      http_login @user
+    end
+
+    it_should_behave_like 'api repository user with reader rights'
+    it_should_behave_like 'api repository user with reader rights for hidden platform'
+    it_should_behave_like 'api repository user with show rights'
+    it_should_behave_like 'api repository user with project manage rights'
+    it_should_behave_like 'api repository user without writer rights'
     it_should_behave_like 'api repository user without key_pair rights'
   end
 

From 1b314e808504f5e4fbe72742725be42731c9dc0e Mon Sep 17 00:00:00 2001
From: Vokhmin Alexey V <avokhmin@gmail.com>
Date: Wed, 17 Jul 2013 19:33:58 +0400
Subject: [PATCH 4/5] #221: added specs for Platform and Repositories
 controller

---
 .../platforms/platforms_controller_spec.rb       | 16 ++++++++++++++++
 .../platforms/repositories_controller_spec.rb    | 16 +++++++++++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/spec/controllers/platforms/platforms_controller_spec.rb b/spec/controllers/platforms/platforms_controller_spec.rb
index 697a18cfb..9838194b4 100644
--- a/spec/controllers/platforms/platforms_controller_spec.rb
+++ b/spec/controllers/platforms/platforms_controller_spec.rb
@@ -378,6 +378,22 @@ describe Platforms::PlatformsController do
     it_should_behave_like 'platform user without global admin rights'
   end
 
+  context 'for member of repository' do
+    before do
+      http_login(@user)
+      repository = FactoryGirl.create(:repository, :platform => @platform)
+      repository.add_member(@user)
+      personal_repository = FactoryGirl.create(:repository, :platform => @personal_platform)
+      personal_repository.add_member(@user)
+    end
+
+    it_should_behave_like 'platform user with reader rights'
+    it_should_behave_like 'platform user with reader rights for hidden platform'
+    it_should_behave_like 'platform user without member rights'
+    it_should_behave_like 'platform user without owner rights'
+    it_should_behave_like 'platform user without global admin rights'
+  end
+
   context 'for simple user' do
     before do
       http_login(@user)
diff --git a/spec/controllers/platforms/repositories_controller_spec.rb b/spec/controllers/platforms/repositories_controller_spec.rb
index 593085a1f..5a3b4bfd7 100644
--- a/spec/controllers/platforms/repositories_controller_spec.rb
+++ b/spec/controllers/platforms/repositories_controller_spec.rb
@@ -302,7 +302,8 @@ describe Platforms::RepositoriesController do
   context 'for repository member user' do
     before(:each) do
       [@repository, @personal_repository].each do |repo|
-        repo.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
+        # repo.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
+        repo.add_member @user
       end
     end
 
@@ -311,6 +312,19 @@ describe Platforms::RepositoriesController do
     let(:redirect_path) { forbidden_path }
     it_should_behave_like 'registered user or guest'
     it_should_behave_like 'user with change projects in repository rights'
+
+    context 'for hidden platform' do
+      before do
+        @platform.update_column(:visibility, 'hidden')
+        @personal_repository.platform.update_column(:visibility, 'hidden')
+      end
+      it_should_behave_like 'registered user'
+
+      let(:redirect_path) { forbidden_path }
+      it_should_behave_like 'registered user or guest'
+      it_should_behave_like 'user with change projects in repository rights'
+    end
+
   end
 
 end

From dc3186198a65494ea1d460d8afaa5adc3244e73d Mon Sep 17 00:00:00 2001
From: Vokhmin Alexey V <avokhmin@gmail.com>
Date: Fri, 19 Jul 2013 20:44:00 +0400
Subject: [PATCH 5/5] #221: removed unnecessary code

---
 spec/controllers/platforms/repositories_controller_spec.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/spec/controllers/platforms/repositories_controller_spec.rb b/spec/controllers/platforms/repositories_controller_spec.rb
index 5a3b4bfd7..f0568077e 100644
--- a/spec/controllers/platforms/repositories_controller_spec.rb
+++ b/spec/controllers/platforms/repositories_controller_spec.rb
@@ -302,7 +302,6 @@ describe Platforms::RepositoriesController do
   context 'for repository member user' do
     before(:each) do
       [@repository, @personal_repository].each do |repo|
-        # repo.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
         repo.add_member @user
       end
     end