From 2dee10a23f1f14d6bda15202426bc29f5f4ec9a7 Mon Sep 17 00:00:00 2001 From: Vokhmin Alexey V Date: Thu, 4 Jul 2013 23:39:02 +0400 Subject: [PATCH] #211: added specs for BuildList API controller --- .../api/v1/platforms_controller.rb | 2 +- app/models/ability.rb | 6 +++++- .../api/v1/build_lists_controller_spec.rb | 19 +++++++++++++++++-- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/app/controllers/api/v1/platforms_controller.rb b/app/controllers/api/v1/platforms_controller.rb index b8abd468a..864bedac8 100644 --- a/app/controllers/api/v1/platforms_controller.rb +++ b/app/controllers/api/v1/platforms_controller.rb @@ -26,7 +26,7 @@ class Api::V1::PlatformsController < Api::V1::BaseController user = User.find_by_authentication_token token @current_ability, @current_user = nil, user - if user && can?(:read, platform) + if user && can?(:show, platform) render :nothing => true else render :nothing => true, :status => 403 diff --git a/app/models/ability.rb b/app/models/ability.rb index 53ca8bd42..f6ec47f4f 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -82,7 +82,11 @@ class Ability can [:read, :log, :related, :everything], BuildList, :project => {:owner_type => 'User', :owner_id => user.id} can [:read, :log, :related, :everything], BuildList, :project => {:owner_type => 'Group', :owner_id => user.group_ids} can([:read, :log, :everything], BuildList, read_relations_for('build_lists', 'projects')) {|build_list| can? :read, build_list.project} - can(:create, BuildList) {|build_list| build_list.project.is_package && can?(:write, build_list.project) && can?(:read, build_list.build_for_platform) } + can(:create, BuildList) {|build_list| + build_list.project.is_package && + can?(:write, build_list.project) && + can?(:show, build_list.build_for_platform) + } can(:publish, BuildList) do |build_list| if build_list.build_published? diff --git a/spec/controllers/api/v1/build_lists_controller_spec.rb b/spec/controllers/api/v1/build_lists_controller_spec.rb index 370d1dd1d..2a692b670 100644 --- a/spec/controllers/api/v1/build_lists_controller_spec.rb +++ b/spec/controllers/api/v1/build_lists_controller_spec.rb @@ -116,7 +116,7 @@ describe Api::V1::BuildListsController do # Create and show params: @create_params = {:build_list => @build_list.attributes.symbolize_keys.merge(:qwerty=>'!')} # wrong parameter - @create_params = @create_params.merge(:arches => [@params[:arch_id]], :build_for_platforms => [@params[:build_for_platform_id]], :format => :json) + @create_params = @create_params.merge(:arches => [@params[:arch_id]], :build_for_platform_id => @platform.id, :format => :json) any_instance_of(Project, :versions => ['v1.0', 'v2.0']) http_login(@user) @@ -466,10 +466,25 @@ describe Api::V1::BuildListsController do context 'if user is project owner' do before(:each) {http_login(@owner_user)} it_should_behave_like 'create build list via api' + + context 'no ability to read build_for_platform' do + before do + repository = FactoryGirl.create(:repository) + repository.platform.change_visibility + Platform.where(:id => @platform.id).update_all(:platform_type => 'personal') + @create_params[:build_list].merge!({ + :include_repos => [repository.id], + :build_for_platform_id => repository.platform_id + }) + end + it_should_behave_like 'not create build list via api' + end + end context 'if user is project read member' do before(:each) {http_login(@member_user)} + it_should_behave_like 'not create build list via api' end end @@ -510,7 +525,7 @@ describe Api::V1::BuildListsController do # Create and show params: @create_params = {:build_list => @build_list.attributes.symbolize_keys} - @create_params = @create_params.merge(:arches => [@params[:arch_id]], :build_for_platforms => [@params[:build_for_platform_id]], :format => :json) + @create_params = @create_params.merge(:arches => [@params[:arch_id]], :build_for_platform_id => @platform.id, :format => :json) any_instance_of(Project, :versions => ['v1.0', 'v2.0']) # Groups: