diff --git a/app/controllers/api/v1/arches_controller.rb b/app/controllers/api/v1/arches_controller.rb index 2b2e164bd..641869742 100644 --- a/app/controllers/api/v1/arches_controller.rb +++ b/app/controllers/api/v1/arches_controller.rb @@ -3,7 +3,7 @@ class Api::V1::ArchesController < Api::V1::BaseController before_filter :authenticate_user! unless APP_CONFIG['anonymous_access'] def index - @arches = Arch.order(:id).all + @arches = Arch.order(:id).paginate(paginate_params) end end \ No newline at end of file diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb index 7d8ef241d..6b4baa981 100644 --- a/app/controllers/api/v1/base_controller.rb +++ b/app/controllers/api/v1/base_controller.rb @@ -1,7 +1,5 @@ # -*- encoding : utf-8 -*- class Api::V1::BaseController < ApplicationController - - before_filter :restrict_paginate, :only => :index #respond_to :json rescue_from CanCan::AccessDenied do |exception| @@ -12,9 +10,30 @@ class Api::V1::BaseController < ApplicationController protected - def restrict_paginate - params[:per_page] = 30 if params[:per_page].to_i < 1 - params[:per_page] = 100 if params[:per_page].to_i >100 + def paginate_params + per_page = params[:per_page].to_i + per_page = 20 if per_page < 1 + per_page = 100 if per_page >100 + {:page => params[:page], :per_page => per_page} + end + + def render_json_response(subject, message, status = 200) + id = status != 200 ? nil : subject.id + + render :json => { + subject.class.name.downcase.to_sym => { + :id => id, + :message => message + } + }.to_json, :status => status + end + + def render_validation_error(subject, message) + errors = subject.errors.full_messages.join('. ') + if errors.present? + message << '. ' << errors + end + render_json_response(subject, message, 422) end end diff --git a/app/controllers/api/v1/build_lists_controller.rb b/app/controllers/api/v1/build_lists_controller.rb index d6a909c98..d2c4f947e 100644 --- a/app/controllers/api/v1/build_lists_controller.rb +++ b/app/controllers/api/v1/build_lists_controller.rb @@ -10,7 +10,7 @@ class Api::V1::BuildListsController < Api::V1::BaseController def index filter = BuildList::Filter.new(nil, current_user, params[:filter] || {}) @build_lists = filter.find.scoped(:include => [:save_to_platform, :project, :user, :arch]) - @build_lists = @build_lists.recent.paginate :page => params[:page], :per_page => params[:per_page] + @build_lists = @build_lists.recent.paginate(paginate_params) end def create diff --git a/app/controllers/api/v1/platforms_controller.rb b/app/controllers/api/v1/platforms_controller.rb index 361b9f9bd..ff37d009a 100644 --- a/app/controllers/api/v1/platforms_controller.rb +++ b/app/controllers/api/v1/platforms_controller.rb @@ -1,21 +1,97 @@ # -*- encoding : utf-8 -*- class Api::V1::PlatformsController < Api::V1::BaseController - before_filter :authenticate_user! - skip_before_filter :authenticate_user!, :only => [:show, :platforms_for_build] if APP_CONFIG['anonymous_access'] + skip_before_filter :authenticate_user!, :only => [:show, :platforms_for_build, :members] if APP_CONFIG['anonymous_access'] load_and_authorize_resource def index @platforms = @platforms.accessible_by(current_ability, :related). - by_type(params[:type]).paginate(:page => params[:page], :per_page => 20) + by_type(params[:type]).paginate(paginate_params) end def show end def platforms_for_build - @platforms = Platform.main.opened.paginate(:page => params[:page], :per_page => 20) + @platforms = Platform.main.opened.paginate(paginate_params) render :index end + + def create + platform_params = params[:platform] || {} + owner = User.where(:id => platform_params[:owner_id]).first + @platform.owner = owner || get_owner + if @platform.save + render_json_response @platform, 'Platform has been created successfully' + else + render_validation_error @platform, 'Platform has not been created' + end + end + + def update + platform_params = params[:platform] || {} + owner = User.where(:id => platform_params[:owner_id]).first + platform_params[:owner] = owner if owner + if @platform.update_attributes(platform_params) + render_json_response @platform, 'Platform has been updated successfully' + else + render_validation_error @platform, 'Platform has not been updated' + end + end + + def members + @members = @platform.members.order('name').paginate(paginate_params) + end + + def add_member + if member.present? && @platform.add_member(member) + render_json_response @platform, "#{member.class.to_s} '#{member.id}' has been added to platform successfully" + else + render_validation_error @platform, 'Member has not been added to platform' + end + end + + def remove_member + if member.present? && @platform.remove_member(member) + render_json_response @platform, "#{member.class.to_s} '#{member.id}' has been removed from platform successfully" + else + render_validation_error @platform, 'Member has not been removed from platform' + end + end + + def clone + platform_params = params[:platform] || {} + platform_params[:owner] = current_user + @cloned = @platform.full_clone(platform_params) + if @cloned.persisted? + render_json_response @platform, 'Platform has been cloned successfully' + else + render_validation_error @platform, 'Platform has not been cloned' + end + end + + def clear + @platform.clear + render_json_response @platform, 'Platform has been cleared successfully' + end + + def destroy + @platform.destroy # later with resque + render_json_response @platform, 'Platform has been destroyed successfully' + end + + private + + def member + return @member if @member + if params[:type] == 'User' + member = User + elsif params[:type] == 'Group' + member = Group + end + @member = member.where(:id => params[:member_id]).first if member + @member ||= '' + end + end diff --git a/app/controllers/api/v1/projects_controller.rb b/app/controllers/api/v1/projects_controller.rb index 2345e4214..7f9182563 100644 --- a/app/controllers/api/v1/projects_controller.rb +++ b/app/controllers/api/v1/projects_controller.rb @@ -2,7 +2,7 @@ class Api::V1::ProjectsController < Api::V1::BaseController before_filter :authenticate_user! - skip_before_filter :authenticate_user!, :only => [:get_id, :show] if APP_CONFIG['anonymous_access'] + skip_before_filter :authenticate_user!, :only => [:get_id, :show, :refs] if APP_CONFIG['anonymous_access'] load_and_authorize_resource @@ -15,6 +15,9 @@ class Api::V1::ProjectsController < Api::V1::BaseController end def show - end + + def refs_list + end + end diff --git a/app/models/platform.rb b/app/models/platform.rb index 2dedbbde4..802a2461a 100644 --- a/app/models/platform.rb +++ b/app/models/platform.rb @@ -20,9 +20,15 @@ class Platform < ActiveRecord::Base has_many :mass_builds validates :description, :presence => true + validates :owner, :presence => true validates :visibility, :presence => true, :inclusion => {:in => VISIBILITIES} validates :name, :uniqueness => {:case_sensitive => false}, :presence => true, :format => { :with => /^[a-zA-Z0-9_\-\.]+$/ } validates :distrib_type, :presence => true, :inclusion => {:in => APP_CONFIG['distr_types']} + validate lambda { + if released_was && !released + errors.add(:released, I18n.t('flash.platform.released_status_can_not_be_changed')) + end + } before_create :create_directory, :if => lambda {Thread.current[:skip]} # TODO remove this when core will be ready before_create :xml_rpc_create, :unless => lambda {Thread.current[:skip]} @@ -167,7 +173,7 @@ class Platform < ActiveRecord::Base def update_owner_relation if owner_id_was != owner_id - r = relations.where(:actor_id => owner_id_was, :actor_type => owner_type_was)[0] + r = relations.where(:actor_id => owner_id_was, :actor_type => owner_type_was).first r.update_attributes(:actor_id => owner_id, :actor_type => owner_type) end end diff --git a/app/views/api/v1/platforms/index.json.jbuilder b/app/views/api/v1/platforms/index.json.jbuilder index ac3d0dc3a..1a7298f12 100644 --- a/app/views/api/v1/platforms/index.json.jbuilder +++ b/app/views/api/v1/platforms/index.json.jbuilder @@ -7,7 +7,7 @@ json.platforms @platforms do |json, platform| end json.repositories platform.repositories do |json_repos, repo| json_repos.(repo, :id, :name) - json_repos.url api_v1_repository_path(repo.name, :format => :json) + json_repos.url api_v1_repository_path(repo.id, :format => :json) end json.url api_v1_platform_path(platform.name, :format => :json) end diff --git a/app/views/api/v1/platforms/members.json.jbuilder b/app/views/api/v1/platforms/members.json.jbuilder new file mode 100644 index 000000000..d491ca5ff --- /dev/null +++ b/app/views/api/v1/platforms/members.json.jbuilder @@ -0,0 +1,8 @@ +json.platform do |json| + json.(@platform, :id) + json.members @members do |json_members, member| + json_members.(member, :id) + json_members.type member.class.name + end +end +json.url members_api_v1_platform_path(@platform, :format => :json) \ No newline at end of file diff --git a/app/views/api/v1/platforms/show.json.jbuilder b/app/views/api/v1/platforms/show.json.jbuilder index 21a1b07f0..05be542b8 100644 --- a/app/views/api/v1/platforms/show.json.jbuilder +++ b/app/views/api/v1/platforms/show.json.jbuilder @@ -9,7 +9,7 @@ json.platform do |json| end json.repositories @platform.repositories do |json_repos, repo| json_repos.(repo, :id, :name) - json_repos.url api_v1_repository_path(repo.name, :format => :json) + json_repos.url api_v1_repository_path(repo.id, :format => :json) end end json.url api_v1_platform_path(@platform, :format => :json) diff --git a/app/views/api/v1/projects/refs_list.json.jbuilder b/app/views/api/v1/projects/refs_list.json.jbuilder new file mode 100644 index 000000000..7b913f98b --- /dev/null +++ b/app/views/api/v1/projects/refs_list.json.jbuilder @@ -0,0 +1,8 @@ +json.refs_list (@project.repo.branches + @project.repo.tags) do |json_grit, grit| + json_grit.ref grit.name + json_grit.object do |json_object| + json_object.type (grit.class.name =~ /Tag/ ? 'tag' : 'commit') + json_object.sha grit.commit.id + end +end +json.url refs_list_api_v1_project_path(@project.id, :format => :json) \ No newline at end of file diff --git a/config/locales/models/platform.en.yml b/config/locales/models/platform.en.yml index 9a828c31c..afb83a510 100644 --- a/config/locales/models/platform.en.yml +++ b/config/locales/models/platform.en.yml @@ -49,6 +49,7 @@ en: flash: platform: + released_status_can_not_be_changed: Released status can't be changed if platform has been released saved: Platform saved created: Platform created save_error: Platform save error diff --git a/config/locales/models/platform.ru.yml b/config/locales/models/platform.ru.yml index a71e49bdc..a379f293b 100644 --- a/config/locales/models/platform.ru.yml +++ b/config/locales/models/platform.ru.yml @@ -49,6 +49,7 @@ ru: flash: platform: + released_status_can_not_be_changed: Released статус платформы не может быть изменен, если платформа уже выпущена saved: Платформа успешно сохранена created: Платформа успешно добавлена save_error: Не удалось сохранить платформу diff --git a/config/routes.rb b/config/routes.rb index 098e7d9f5..9e9038b08 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -20,12 +20,24 @@ Rosa::Application.routes.draw do } end resources :arches, :only => [:index] - resources :platforms, :only => [:index, :show] do - collection { get :platforms_for_build } + resources :platforms, :only => [:index, :show, :update, :destroy, :create] do + collection { + get :platforms_for_build + } + member { + get :members + put :add_member + delete :remove_member + post :clone + put :clear + } end resources :repositories, :only => [:show] resources :projects, :only => [:show] do collection { get :get_id } + member { + get :refs_list + } end end end diff --git a/spec/controllers/api/v1/platforms_controller_spec.rb b/spec/controllers/api/v1/platforms_controller_spec.rb index ce565c7eb..fc906dbae 100644 --- a/spec/controllers/api/v1/platforms_controller_spec.rb +++ b/spec/controllers/api/v1/platforms_controller_spec.rb @@ -9,6 +9,175 @@ shared_examples_for 'api platform user with reader rights' do response.should render_template(:index) end + it 'should be able to perform members action' do + get :members, :id => @platform.id, :format => :json + response.should render_template(:members) + end +end + +shared_examples_for 'api platform user with writer rights' do + + context 'api platform user with update rights' do + before do + put :update, {:platform => {:description => 'new description'}, :id => @platform.id}, :format => :json + end + + it 'should be able to perform update action' do + response.should be_success + end + it 'ensures that platform has been updated' do + @platform.reload + @platform.description.should == 'new description' + end + end + + context 'api platform user with add_member rights' do + let(:member) { FactoryGirl.create(:user) } + before do + put :add_member, {:member_id => member.id, :type => 'User', :id => @platform.id}, :format => :json + end + + it 'should be able to perform add_member action' do + response.should be_success + end + it 'ensures that new member has been added to platform' do + @platform.members.should include(member) + end + end + + context 'api platform user with remove_member rights' do + let(:member) { FactoryGirl.create(:user) } + before do + @platform.add_member(member) + delete :remove_member, {:member_id => member.id, :type => 'User', :id => @platform.id}, :format => :json + end + + it 'should be able to perform update action' do + response.should be_success + end + it 'ensures that member has been removed from platform' do + @platform.members.should_not include(member) + end + end + + context 'api platform user with destroy rights for main platforms only' do + it 'should be able to perform destroy action for main platform' do + delete :destroy, :id => @platform.id, :format => :json + response.should be_success + end + it 'ensures that main platform has been destroyed' do + lambda { delete :destroy, :id => @platform.id, :format => :json }.should change{ Platform.count }.by(-1) + end + it 'should not be able to perform destroy action for personal platform' do + delete :destroy, :id => @personal_platform.id, :format => :json + response.should_not be_success + end + it 'ensures that personal platform has not been destroyed' do + lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count } + end + end +end + +shared_examples_for 'api platform user without writer rights' do + + context 'api platform user without update rights' do + before do + put :update, {:platform => {:description => 'new description'}, :id => @platform.id}, :format => :json + end + + it 'should not be able to perform update action' do + response.should_not be_success + end + it 'ensures that platform has not been updated' do + @platform.reload + @platform.description.should_not == 'new description' + end + end + + context 'api platform user without add_member rights' do + let(:member) { FactoryGirl.create(:user) } + before do + put :add_member, {:member_id => member.id, :type => 'User', :id => @platform.id}, :format => :json + end + + it 'should not be able to perform add_member action' do + response.should_not be_success + end + it 'ensures that new member has not been added to platform' do + @platform.members.should_not include(member) + end + end + + context 'api platform user without remove_member rights' do + let(:member) { FactoryGirl.create(:user) } + before do + @platform.add_member(member) + delete :remove_member, {:member_id => member.id, :type => 'User', :id => @platform.id}, :format => :json + end + + it 'should be able to perform update action' do + response.should_not be_success + end + it 'ensures that member has not been removed from platform' do + @platform.members.should include(member) + end + end + + context 'should not be able to perform clear action' do + it 'for personal platform' do + put :clear, :id => @personal_platform.id, :format => :json + response.should_not be_success + end + it 'for main platform' do + put :clear, :id => @platform.id, :format => :json + response.should_not be_success + end + end + + context 'api platform user without destroy rights' do + it 'should not be able to perform destroy action for main platform' do + delete :destroy, :id => @platform.id, :format => :json + response.should_not be_success + end + it 'ensures that main platform has not been destroyed' do + lambda { delete :destroy, :id => @platform.id, :format => :json }.should_not change{ Platform.count } + end + it 'should not be able to perform destroy action for personal platform' do + delete :destroy, :id => @personal_platform.id, :format => :json + response.should_not be_success + end + it 'ensures that personal platform has not been destroyed' do + lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count } + end + end + + it_should_behave_like 'api platform user without global admin rights' +end + +shared_examples_for 'api platform user without global admin rights' do + context 'should not be able to perform clear action' do + it 'for personal platform' do + put :clear, :id => @personal_platform.id, :format => :json + response.should_not be_success + end + it 'for main platform' do + put :clear, :id => @platform.id, :format => :json + response.should_not be_success + end + end + + [:create, :clone].each do |action| + context "api platform user without #{action} rights" do + before { any_instance_of(Platform, :create_directory => true) } + it "should not be able to perform #{action} action" do + post action, clone_or_create_params, :format => :json + response.should_not be_success + end + it "ensures that platform has not been #{action}d" do + lambda { post action, clone_or_create_params, :format => :json }.should_not change{ Platform.count } + end + end + end end shared_examples_for 'api platform user with reader rights for hidden platform' do @@ -32,20 +201,28 @@ shared_examples_for "api platform user with show rights" do get :show, :id => @platform.id, :format => :json response.should render_template(:show) end + + it 'should be able to perform platforms_for_build action' do + get :platforms_for_build, :format => :json + response.should render_template(:index) + end end shared_examples_for "api platform user without show rights" do - it 'should not be able to perform show action' do - get :show, :id => @platform.id, :format => :json - response.body.should == {"message" => "Access violation to this page!"}.to_json + [:show, :members].each do |action| + it "should not be able to perform #{ action } action" do + get action, :id => @platform.id, :format => :json + response.body.should == {"message" => "Access violation to this page!"}.to_json + end end end describe Api::V1::PlatformsController do + let(:clone_or_create_params) { {:id => @platform.id, :platform => {:description => 'new description', :name => 'new_name', :owner_id => @user.id, :distrib_type => APP_CONFIG['distr_types'].first}} } before do stub_symlink_methods - @platform = FactoryGirl.create(:platform) + @platform = FactoryGirl.create(:platform, :visibility => 'open') @personal_platform = FactoryGirl.create(:platform, :platform_type => 'personal') @user = FactoryGirl.create(:user) end @@ -57,30 +234,53 @@ describe Api::V1::PlatformsController do response.status.should == 401 end - it "should not be able to perform show action", :anonymous_access => false do - get :show, :id => @platform.id, :format => :json - response.status.should == 401 + [:show, :platforms_for_build].each do |action| + it "should not be able to perform #{ action } action", :anonymous_access => false do + get action, :format => :json + response.status.should == 401 + end + end + + it 'should be able to perform members action', :anonymous_access => true do + get :members, :id => @platform.id, :format => :json + response.should render_template(:members) end it_should_behave_like 'api platform user with show rights' if APP_CONFIG['anonymous_access'] it_should_behave_like 'api platform user without reader rights for hidden platform' if APP_CONFIG['anonymous_access'] - + it_should_behave_like 'api platform user without writer rights' end context 'for global admin' do before do @admin = FactoryGirl.create(:admin) - @user = FactoryGirl.create(:user) http_login(@admin) end it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights for hidden platform' + it_should_behave_like 'api platform user with writer rights' + + [:clone, :create].each do |action| + context "with #{action} rights" do + before do + any_instance_of(Platform, :create_directory => true) + clone_or_create_params[:platform][:owner_id] = @admin.id + end + it "should be able to perform #{action} action" do + post action, clone_or_create_params, :format => :json + response.should be_success + end + it "ensures that platform has been #{action}d" do + lambda { post action, clone_or_create_params, :format => :json }.should change{ Platform.count }.by(1) + end + end + end + end context 'for owner user' do before do - @user = FactoryGirl.create(:user) http_login(@user) @platform.owner = @user; @platform.save @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') @@ -88,11 +288,12 @@ describe Api::V1::PlatformsController do it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights for hidden platform' + it_should_behave_like 'api platform user with writer rights' + it_should_behave_like 'api platform user without global admin rights' end context 'for reader user' do before do - @user = FactoryGirl.create(:user) http_login(@user) @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') @personal_platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') @@ -111,15 +312,16 @@ describe Api::V1::PlatformsController do it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights for hidden platform' + it_should_behave_like 'api platform user without writer rights' end context 'for simple user' do before do - @user = FactoryGirl.create(:user) http_login(@user) end it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user without reader rights for hidden platform' + it_should_behave_like 'api platform user without writer rights' end end diff --git a/spec/controllers/api/v1/projects_controller_spec.rb b/spec/controllers/api/v1/projects_controller_spec.rb index f76e4f468..1f22d28f8 100644 --- a/spec/controllers/api/v1/projects_controller_spec.rb +++ b/spec/controllers/api/v1/projects_controller_spec.rb @@ -24,12 +24,17 @@ end shared_examples_for "api projects user without show rights" do it "should show access violation instead of project data" do get :show, :id => @project.id, :format => :json - response.body.should == {"message" => "Access violation to this page!"}.to_json + response.should_not be_success + end + + it "should show access violation instead of project refs_list" do + get :refs_list, :id => @project.id, :format => :json + response.should_not be_success end it "should access violation instead of project data by get_id" do get :get_id, :name => @project.name, :owner => @project.owner.uname, :format => :json - response.body.should == {"message" => "Access violation to this page!"}.to_json + response.should_not be_success end end @@ -39,6 +44,11 @@ shared_examples_for "api projects user with show rights" do render_template(:show) end + it "should show refs_list of project" do + get :refs_list, :id => @project.id, :format => :json + render_template(:refs_list) + end + context 'project find by get_id' do it "should find project by name and owner name" do @project.reload @@ -70,19 +80,13 @@ describe Api::V1::ProjectsController do context 'for guest' do - it 'should be able to perform get_id action', :anonymous_access => false do - get :get_id, :format => :json - response.status.should == 401 + if APP_CONFIG['anonymous_access'] + it_should_behave_like 'api projects user with reader rights' + it_should_behave_like 'api projects user without reader rights for hidden project' + else + it_should_behave_like 'api projects user without show rights' end - it 'should be able to perform show action', :anonymous_access => false do - get :show, :id => @project.id, :format => :json - response.status.should == 401 - end - - it_should_behave_like 'api projects user with reader rights' if APP_CONFIG['anonymous_access'] - it_should_behave_like 'api projects user without reader rights for hidden project' if APP_CONFIG['anonymous_access'] - end context 'for simple user' do