#34: added specs for Hooks controller

2013-04-15 15:47:53 +04:00 · 2013-04-15 15:47:53 +04:00 · 26c7a5a711
parent 5dca2e914d
commit 26c7a5a711
4 changed files with 212 additions and 8 deletions
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@ -3,11 +3,13 @@ class Projects::HooksController < Projects::BaseController
  before_filter :authenticate_user!
  load_and_authorize_resource :project
  load_and_authorize_resource :hook
+  skip_load_and_authorize_resource :hook, :only => [:index, :new, :create]
+  before_filter lambda { authorize! :edit, @project }, :only => [:index, :new, :create]
+

  # GET /uname/project/hooks
  # GET /uname/project/hooks?name=web
  def index
-    authorize! :edit, @project
    @name = params[:name]
    @hooks = @project.hooks.for_name(@name).order('name asc, created_at desc')
    if @name.present?
@ -57,4 +59,5 @@ class Projects::HooksController < Projects::BaseController
    @hook.destroy
    redirect_to project_hooks_path(@project, :name => @hook.name)
  end
+
 end
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -73,7 +73,7 @@ class Ability
        can :preview, Project
        can(:refs_list, Project) {|project| can? :read, project}

-        can([:read, :create, :destroy], Hook) {|hook| hook.project && can?(:edit, hook.project)}
+        can([:read, :destroy, :update], Hook) {|hook| can?(:edit, hook.project)}

        can [:autocomplete_to_extra_repos_and_builds, :update_extra_repos_and_builds], BuildList
        can [:read, :log, :owned, :everything], BuildList, :user_id => user.id
--- a/spec/controllers/projects/hooks_controller_spec.rb
+++ b/spec/controllers/projects/hooks_controller_spec.rb
@ -1,12 +1,205 @@
 # -*- encoding : utf-8 -*-
 require 'spec_helper'

-describe "Hooks" do
-  describe "GET /hooks" do
-    it "works! (now write some real specs)" do
-      # Run the generator again with the --webrat flag if you want to use webrat methods/matchers
-      get hooks_path
-      response.status.should be(200)
+shared_examples_for 'hooks user with project admin rights' do
+  it 'should be able to perform index action' do
+    get :index, {:owner_name => @project.owner.uname, :project_name => @project.name}
+    response.should be_success
+  end
+
+  it 'should be able to perform new action' do
+    get :new, {:owner_name => @project.owner.uname, :project_name => @project.name, :hook => {:name => 'web'}}
+    response.should be_success
+  end
+
+  it 'should be able to perform edit action' do
+    get :new, {:owner_name => @project.owner.uname, :project_name => @project.name, :id => @hook.id}
+    response.should be_success
+  end
+
+  it 'should be able to perform update action' do
+    put :update, {:owner_name => @project.owner.uname, :project_name => @project.name, :id => @hook.id}.merge(@update_params)
+    response.should redirect_to(project_hooks_path(@project, :name => 'web'))
+  end
+
+  it 'should be able to perform create action' do
+    post :create, {:owner_name => @project.owner.uname, :project_name => @project.name}.merge(@create_params)
+    response.should redirect_to(project_hooks_path(@project, :name => 'web'))
+  end
+end
+
+shared_examples_for 'hooks user without project admin rights' do
+  it 'should not be able to perform index action' do
+    get :index, {:owner_name => @project.owner.uname, :project_name => @project.name}
+    response.should redirect_to(forbidden_path)
+  end
+
+  it 'should not be able to perform new action' do
+    get :new, {:owner_name => @project.owner.uname, :project_name => @project.name, :hook => {:name => 'web'}}
+    response.should redirect_to(forbidden_path)
+  end
+
+  it 'should not be able to perform edit action' do
+    get :new, {:owner_name => @project.owner.uname, :project_name => @project.name, :id => @hook.id}
+    response.should redirect_to(forbidden_path)
+  end
+
+  it 'should not be able to perform update action' do
+    put :update, {:owner_name => @project.owner.uname, :project_name => @project.name, :id => @hook.id}.merge(@update_params)
+    response.should redirect_to(forbidden_path)
+  end
+
+  it 'should not be able to perform create action' do
+    post :create, {:owner_name => @project.owner.uname, :project_name => @project.name}.merge(@create_params)
+    response.should redirect_to(forbidden_path)
+  end
+end
+
+describe Projects::HooksController do
+
+  before(:each) do
+    stub_symlink_methods
+
+    @project = FactoryGirl.create(:project)
+    @hook = FactoryGirl.create(:hook, :project => @project)
+
+    @create_params = {:hook => {:name => 'web', :data => {:url => 'create'}}}
+    @update_params = {:hook => {:data => {:url => 'update'}}}
+
+    @user = FactoryGirl.create(:user)
+    set_session_for(@user)
+  end
+
+  context 'registered user' do
+    it_should_behave_like 'hooks user without project admin rights'
+  end # context 'registered user'
+
+  context 'for project members' do
+
+    context 'for global admin' do
+      before do
+        @user.role = "admin"
+        @user.save
+      end
+
+      it_should_behave_like 'hooks user with project admin rights'
+    end
+
+    context 'for owner user' do
+      before do
+        @user = @project.owner
+        set_session_for(@user) # owner should be user
+      end
+      it_should_behave_like 'hooks user with project admin rights'
+    end
+
+    context 'for reader user' do
+      before do
+        @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader')
+      end
+      it_should_behave_like 'hooks user without project admin rights'
+    end
+
+    context 'for writer user' do
+      before do
+        @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'writer')
+      end
+      it_should_behave_like 'hooks user without project admin rights'
+    end
+
+  end # context 'for project members'
+
+  context 'for group' do
+    before do
+      @group = FactoryGirl.create(:group)
+    end
+
+    context 'group is owner of the project' do
+      before do
+        @project = FactoryGirl.create(:project, :owner => @group)
+        @hook = FactoryGirl.create(:hook, :project => @project)
+      end
+
+      context 'group member user with reader role' do
+        before do
+          @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'reader')
+        end
+
+        it_should_behave_like 'hooks user without project admin rights'
+
+        context 'user should has best role' do
+          before do
+            @project.relations.create :actor_id => @user.id, :actor_type => @user.class.to_s, :role => 'admin'
+          end
+          it_should_behave_like 'hooks user with project admin rights'
+        end
+      end
+
+      context 'group member user with admin role' do
+        before do
+          @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'admin')
+        end
+
+        it_should_behave_like 'hooks user with project admin rights'
+      end
+    end
+
+    context 'group is member of the project' do
+      context 'with admin rights' do
+        before do
+          @project.relations.create :actor_id => @group.id, :actor_type => @group.class.to_s, :role => 'admin'
+        end
+
+        context 'group member user with reader role' do
+          before do
+            @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'reader')
+          end
+
+          it_should_behave_like 'hooks user with project admin rights'
+
+          context 'user should has best role' do
+            before do
+              @project.relations.create :actor_id => @user.id, :actor_type => @user.class.to_s, :role => 'reader'
+            end
+            it_should_behave_like 'hooks user with project admin rights'
+          end
+        end
+
+        context 'group member user with admin role' do
+          before do
+            @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'admin')
+          end
+
+          it_should_behave_like 'hooks user with project admin rights'
+        end
+      end
+
+      context 'with reader rights' do
+        before do
+          @project.relations.create :actor_id => @group.id, :actor_type => @group.class.to_s, :role => 'reader'
+        end
+
+        context 'group member user with reader role' do
+          before do
+            @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'reader')
+          end
+          it_should_behave_like 'hooks user without project admin rights'
+
+          context 'user should has best role' do
+            before do
+              @project.relations.create :actor_id => @user.id, :actor_type => @user.class.to_s, :role => 'admin'
+            end
+            it_should_behave_like 'hooks user with project admin rights'
+          end
+        end
+
+        context 'group member user with admin role' do
+          before do
+            @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'admin')
+          end
+          it_should_behave_like 'hooks user without project admin rights'
+        end
+      end
    end
  end
 end
--- a/spec/factories/hook.rb
+++ b/spec/factories/hook.rb
@ -0,0 +1,8 @@
+# -*- encoding : utf-8 -*-
+FactoryGirl.define do
+  factory :hook do
+    name 'web'
+    association :project, :factory => :project
+    data { |hook| hook.data = {:url => 'url'} }
+  end
+end