#192: added new specs, some refactoring of controller

This commit is contained in:
Vokhmin Alexey V 2013-06-26 18:23:36 +04:00
parent 4d719f2d88
commit 4a3b694af7
2 changed files with 15 additions and 14 deletions

View File

@ -12,31 +12,26 @@ class Api::V1::PlatformsController < Api::V1::BaseController
platform_name = url.gsub(/^http\:\/\/.*#{downloads_url}[\/]+/, '') platform_name = url.gsub(/^http\:\/\/.*#{downloads_url}[\/]+/, '')
.gsub(/\/.*/, '') .gsub(/\/.*/, '')
platform = Platform.find_by_name platform_name platform = Platform.find_by_name platform_name
has_access = platform.present?
if platform && platform.hidden? if platform && platform.hidden?
token = url.gsub(/^http\:\/\//, '').match(/.*\:\@/) token = url.gsub(/^http\:\/\//, '').match(/.*\:\@/)
token = token[0].gsub(/\:\@/, '') if token token = token[0].gsub(/\:\@/, '') if token
if token.present? if has_access = token.present?
if platform.tokens.where(:authentication_token => token).exists? if platform.tokens.where(:authentication_token => token).exists?
render :inline => 'true' has_access = true
else # find user by token and check ability else # find user by token and check ability
user = User.find_by_authentication_token token user = User.find_by_authentication_token token
@current_ability = nil @current_ability = nil
@current_user = user @current_user = user
if user && can?(:read, platform) has_access = user && can?(:read, platform)
render :inline => 'true'
else
render :inline => 'false', :status => 403
end
end end
else # no token for hidden platform
render :inline => 'false', :status => 403
end end
end
if has_access
render :inline => 'true'
else else
if platform # platform open render :inline => 'false', :status => 403
render :inline => 'true'
else # platform does not exist
render :inline => 'false', :status => 403
end
end end
end end

View File

@ -288,6 +288,12 @@ describe Api::V1::PlatformsController do
get :allowed, :url => "http://#{@platform.owner.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/" get :allowed, :url => "http://#{@platform.owner.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 200 response.status.should == 200
end end
it 'ensures that status 403 if user token correct but user has no ability to read platform' do
user = FactoryGirl.create(:user)
get :allowed, :url => "http://#{user.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 403
end
end end
end end
end end