#192: added new specs, some refactoring of controller

2013-06-26 18:23:36 +04:00 · 2013-06-26 18:23:36 +04:00 · 4a3b694af7
parent 4d719f2d88
commit 4a3b694af7
2 changed files with 15 additions and 14 deletions
--- a/app/controllers/api/v1/platforms_controller.rb
+++ b/app/controllers/api/v1/platforms_controller.rb
@ -12,31 +12,26 @@ class Api::V1::PlatformsController < Api::V1::BaseController
    platform_name = url.gsub(/^http\:\/\/.*#{downloads_url}[\/]+/, '')
                       .gsub(/\/.*/, '')
    platform = Platform.find_by_name platform_name
+    has_access = platform.present?
    if platform && platform.hidden?
      token = url.gsub(/^http\:\/\//, '').match(/.*\:\@/)
      token = token[0].gsub(/\:\@/, '') if token
-      if token.present?
+      if has_access = token.present?
        if platform.tokens.where(:authentication_token => token).exists?
-          render :inline => 'true'
+          has_access = true
        else # find user by token and check ability
          user = User.find_by_authentication_token token
          @current_ability = nil
          @current_user = user
-          if user && can?(:read, platform)
-            render :inline => 'true'
-          else
-            render :inline => 'false', :status => 403
-          end
+          has_access = user && can?(:read, platform)
        end
-      else # no token for hidden platform
-        render :inline => 'false', :status => 403
      end
+    end
+
+    if has_access
+      render :inline => 'true'
    else
-      if platform # platform open
-        render :inline => 'true'
-      else # platform does not exist
-        render :inline => 'false', :status => 403
-      end
+      render :inline => 'false', :status => 403
    end
  end

--- a/spec/controllers/api/v1/platforms_controller_spec.rb
+++ b/spec/controllers/api/v1/platforms_controller_spec.rb
@ -288,6 +288,12 @@ describe Api::V1::PlatformsController do
          get :allowed, :url => "http://#{@platform.owner.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
          response.status.should == 200
        end
+
+        it 'ensures that status 403 if user token correct but user has no ability to read platform' do
+          user = FactoryGirl.create(:user)
+          get :allowed, :url => "http://#{user.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
+          response.status.should == 403
+        end
      end
    end
  end