Software
/
rosa-build
mirror of https://github.com/OpenMandrivaSoftware/rosa-build.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[refs #232] Add mass-assignment fixes. Add create and mass-assig tests.

This commit is contained in:
konstantin.grabar 2012-03-21 17:52:35 +04:00
parent aa4bd2c1bc
commit 72c02282aa
7 changed files with 32 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@ -70,4 +70,5 @@ group :test do
gem 'rspec-rails', '~> 2.8.1' gem 'rspec-rails', '~> 2.8.1'
gem 'factory_girl_rails', '~> 1.7.0' gem 'factory_girl_rails', '~> 1.7.0'
gem 'rr', '~> 1.0.4' gem 'rr', '~> 1.0.4'
gem 'shoulda'
end end

6
Gemfile.lock
View File

@ -251,6 +251,11 @@ GEM
tilt (~> 1.3) tilt (~> 1.3)
shotgun (0.9) shotgun (0.9)
rack (>= 1.0) rack (>= 1.0)
shoulda (3.0.1)
shoulda-context (~> 1.0.0)
shoulda-matchers (~> 1.0.0)
shoulda-context (1.0.0)
shoulda-matchers (1.0.0)
sinatra (1.3.2) sinatra (1.3.2)
rack (~> 1.3, >= 1.3.6) rack (~> 1.3, >= 1.3.6)
rack-protection (~> 1.2) rack-protection (~> 1.2)
@ -338,6 +343,7 @@ DEPENDENCIES
russian (~> 0.6.0) russian (~> 0.6.0)
sass-rails (~> 3.2.4) sass-rails (~> 3.2.4)
shotgun shotgun
shoulda
therubyracer (~> 0.9.10) therubyracer (~> 0.9.10)
uglifier (~> 1.2.1) uglifier (~> 1.2.1)
unicorn (~> 4.2.0) unicorn (~> 4.2.0)

6
app/controllers/groups_controller.rb
View File

@ -7,7 +7,8 @@ class GroupsController < ApplicationController
before_filter :authenticate_user! before_filter :authenticate_user!
before_filter :find_group, :only => [:show, :edit, :update, :destroy] before_filter :find_group, :only => [:show, :edit, :update, :destroy]
load_and_authorize_resource load_and_authorize_resource :except => :create
authorize_resource :only => :create
autocomplete :group, :uname autocomplete :group, :uname
def index def index
@ -34,8 +35,9 @@ class GroupsController < ApplicationController
end end
def create def create
@group = Group.new params[:group] @group = Group.new(:description => params[:group][:description])
@group.owner = current_user @group.owner = current_user
@group.uname = params[:group][:uname]
if @group.save if @group.save
flash[:notice] = t('flash.group.saved') flash[:notice] = t('flash.group.saved')

1
app/models/group.rb
View File

@ -22,6 +22,7 @@ class Group < ActiveRecord::Base
scope :by_owner, lambda {|owner| where(:owner_id => owner.id)} scope :by_owner, lambda {|owner| where(:owner_id => owner.id)}
scope :by_admin, lambda {|admin| joins(:relations).where(:'relations.role' => 'admin', :'relations.target_id' => admin.id, :'relations.target_type' => 'User')} scope :by_admin, lambda {|admin| joins(:relations).where(:'relations.role' => 'admin', :'relations.target_id' => admin.id, :'relations.target_type' => 'User')}
attr_accessible :description
attr_readonly :own_projects_count attr_readonly :own_projects_count
delegate :ssh_key, :email, :to => :owner delegate :ssh_key, :email, :to => :owner

9
db/schema.rb
View File

@ -285,17 +285,17 @@ ActiveRecord::Schema.define(:version => 20120314223151) do
t.text "description" t.text "description"
t.string "ancestry" t.string "ancestry"
t.boolean "has_issues", :default => true t.boolean "has_issues", :default => true
t.boolean "has_wiki", :default => false
t.string "srpm_file_name" t.string "srpm_file_name"
t.string "srpm_content_type" t.string "srpm_content_type"
t.integer "srpm_file_size" t.integer "srpm_file_size"
t.datetime "srpm_updated_at" t.datetime "srpm_updated_at"
t.boolean "has_wiki", :default => false
t.string "default_branch", :default => "master" t.string "default_branch", :default => "master"
t.boolean "is_rpm", :default => true t.boolean "is_rpm", :default => true
end end
add_index "projects", ["category_id"], :name => "index_projects_on_category_id" add_index "projects", ["category_id"], :name => "index_projects_on_category_id"
add_index "projects", ["owner_id"], :name => "index_projects_on_name_and_owner_id_and_owner_type", :unique => true add_index "projects", ["owner_id"], :name => "index_projects_on_name_and_owner_id_and_owner_type", :unique => true, :case_sensitive => false
create_table "register_requests", :force => true do |t| create_table "register_requests", :force => true do |t|
t.string "name" t.string "name"
@ -303,14 +303,13 @@ ActiveRecord::Schema.define(:version => 20120314223151) do
t.string "token" t.string "token"
t.boolean "approved", :default => false t.boolean "approved", :default => false
t.boolean "rejected", :default => false t.boolean "rejected", :default => false
t.datetime "created_at", :null => false t.datetime "created_at"
t.datetime "updated_at", :null => false t.datetime "updated_at"
t.string "interest" t.string "interest"
t.text "more" t.text "more"
end end
add_index "register_requests", ["email"], :name => "index_register_requests_on_email", :unique => true, :case_sensitive => false add_index "register_requests", ["email"], :name => "index_register_requests_on_email", :unique => true, :case_sensitive => false
add_index "register_requests", ["token"], :name => "index_register_requests_on_token", :unique => true, :case_sensitive => false
create_table "relations", :force => true do |t| create_table "relations", :force => true do |t|
t.integer "object_id" t.integer "object_id"

15
spec/controllers/groups_controller_spec.rb
View File

@ -11,11 +11,6 @@ shared_examples_for 'group user without update rights' do
put :update, :id => @group.id, :group => {:description => 'new description'} put :update, :id => @group.id, :group => {:description => 'new description'}
@group.reload.description.should_not == 'new description' @group.reload.description.should_not == 'new description'
end end
pending 'should be able to manage_members group' do
get :manage_members, :id => @group.id
response.should render_template("")
end
end end
shared_examples_for 'group user without destroy rights' do shared_examples_for 'group user without destroy rights' do
@ -41,11 +36,6 @@ shared_examples_for 'group admin' do
put :update, {:id => @group.id}.merge(@update_params) put :update, {:id => @group.id}.merge(@update_params)
response.should redirect_to(group_path(@group)) response.should redirect_to(group_path(@group))
end end
pending 'should be able to manage_members group' do
get :manage_members, :id => @group.id
response.should render_template("")
end
end end
shared_examples_for 'no group user' do shared_examples_for 'no group user' do
@ -96,6 +86,11 @@ describe GroupsController do
put :update, {:id => @group.id}.merge(@update_params) put :update, {:id => @group.id}.merge(@update_params)
response.should redirect_to(new_user_session_path) response.should redirect_to(new_user_session_path)
end end
it 'should not be able to perform create action' do
post :create, @create_params
response.should redirect_to(new_user_session_path)
end
end end
context 'for global admin' do context 'for global admin' do

11
spec/models/group_spec.rb
View File

@ -33,6 +33,7 @@ describe Group do
context 'for group admin' do context 'for group admin' do
before(:each) do before(:each) do
@user = Factory(:user) @user = Factory(:user)
@another_user = Factory(:user)
@group.objects.create(:object_type => 'User', :object_id => @user.id, :role => 'admin') @group.objects.create(:object_type => 'User', :object_id => @user.id, :role => 'admin')
@ability = Ability.new(@user) @ability = Ability.new(@user)
end end
@ -46,6 +47,16 @@ describe Group do
it "should not be able to destroy group" do it "should not be able to destroy group" do
@ability.should_not be_able_to(:destroy, @group) @ability.should_not be_able_to(:destroy, @group)
end end
context 'with mass assignment' do
it 'should not be able to update uname' do
@group.should_not allow_mass_assignment_of :uname => 'new_uname'
end
it 'should not be able to update owner' do
@group.should_not allow_mass_assignment_of :owner_type => 'User', :owner_id => @another_user.id
end
end
end end
context 'for group owner' do context 'for group owner' do