diff --git a/Gemfile b/Gemfile index 60869b4bb..e4ae78e4d 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'http://rubygems.org' -gem 'rails', '3.2.7' #, :git => 'git://github.com/rails/rails.git' +gem 'rails', '3.2.8' #, :git => 'git://github.com/rails/rails.git' gem 'pg', '~> 0.14.0' # gem 'silent-postgres', :git => 'git://github.com/dolzenko/silent-postgres.git' #'~> 0.1.1' @@ -25,13 +25,13 @@ gem 'state_machine' # gem 'rugged', '~> 0.16.0' gem 'grack', :git => 'git://github.com/rdblue/grack.git', :require => 'git_http' gem "grit", :git => 'git://github.com/warpc/grit.git' #, :path => '~/Sites/code/grit' -gem 'charlock_holmes', '~> 0.6.8' #, :git => 'git://github.com/brianmario/charlock_holmes.git', :branch => 'bundle-icu' +gem 'charlock_holmes', '~> 0.6.9' #, :git => 'git://github.com/brianmario/charlock_holmes.git', :branch => 'bundle-icu' # gem 'ruby-filemagic', '~> 0.4.2', :require => 'filemagic/ext' -gem 'github-linguist', '~> 2.1.2', :require => 'linguist' +gem 'github-linguist', '~> 2.2.1', :require => 'linguist' gem 'diff-display', '~> 0.0.1' # Wiki -gem "gollum", :git => 'git://github.com/github/gollum.git' +gem "gollum", '~> 2.1.3' gem "redcarpet", "1.17.2" gem 'creole' gem 'rdiscount' @@ -58,7 +58,7 @@ group :assets do gem 'coffee-rails', '~> 3.2.2' gem 'compass-rails', '~> 1.0.3' gem 'uglifier', '~> 1.2.4' - gem 'therubyracer', '~> 0.10.1', :platforms => [:mri, :rbx] + gem 'therubyracer', '~> 0.10.2', :platforms => [:mri, :rbx] gem 'therubyrhino', '~> 1.73.1', :platforms => :jruby end @@ -81,7 +81,7 @@ end group :test do gem 'rspec-rails', '~> 2.11.0', :group => 'development' - gem 'factory_girl_rails', '~> 3.6.0' + gem 'factory_girl_rails', '~> 4.0.0' gem 'rr', '~> 1.0.4' gem 'shoulda' end diff --git a/Gemfile.lock b/Gemfile.lock index 896f7a8ab..fa631de11 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -6,23 +6,6 @@ GIT redhillonrails_core (2.0.0.pre) activerecord (>= 3.1.0.rc) -GIT - remote: git://github.com/github/gollum.git - revision: 8422b712048656c8ea391c2d7ef27fb29f66746b - specs: - gollum (2.1.0) - github-markdown - github-markup (>= 0.7.0, < 1.0.0) - grit (~> 2.5.0) - mustache (>= 0.11.2, < 1.0.0) - nokogiri (~> 1.4) - posix-spawn (~> 0.3.0) - pygments.rb (~> 0.2.0) - sanitize (~> 2.0.0) - sinatra (~> 1.0) - stringex (~> 1.4.0) - useragent (~> 0.4.9) - GIT remote: git://github.com/rdblue/grack.git revision: 020be3fef3fb308b9d214252522aa5945bf6584a @@ -42,12 +25,12 @@ GEM remote: http://rubygems.org/ specs: RedCloth (4.2.9) - actionmailer (3.2.7) - actionpack (= 3.2.7) + actionmailer (3.2.8) + actionpack (= 3.2.8) mail (~> 2.4.4) - actionpack (3.2.7) - activemodel (= 3.2.7) - activesupport (= 3.2.7) + actionpack (3.2.8) + activemodel (= 3.2.8) + activesupport (= 3.2.8) builder (~> 3.0.0) erubis (~> 2.7.0) journey (~> 1.0.4) @@ -55,18 +38,18 @@ GEM rack-cache (~> 1.2) rack-test (~> 0.6.1) sprockets (~> 2.1.3) - activemodel (3.2.7) - activesupport (= 3.2.7) + activemodel (3.2.8) + activesupport (= 3.2.8) builder (~> 3.0.0) - activerecord (3.2.7) - activemodel (= 3.2.7) - activesupport (= 3.2.7) + activerecord (3.2.8) + activemodel (= 3.2.8) + activesupport (= 3.2.8) arel (~> 3.0.2) tzinfo (~> 0.3.29) - activeresource (3.2.7) - activemodel (= 3.2.7) - activesupport (= 3.2.7) - activesupport (3.2.7) + activeresource (3.2.8) + activemodel (= 3.2.8) + activesupport (= 3.2.8) + activesupport (3.2.8) i18n (~> 0.6) multi_json (~> 1.0) airbrake (3.1.2) @@ -92,9 +75,9 @@ GEM net-ssh (>= 2.0.14) net-ssh-gateway (>= 1.1.0) capistrano_colors (0.5.5) - charlock_holmes (0.6.8) + charlock_holmes (0.6.9) chronic (0.6.7) - chunky_png (1.2.5) + chunky_png (1.2.6) cocaine (0.2.1) coffee-rails (3.2.2) coffee-script (>= 2.2.0) @@ -125,21 +108,33 @@ GEM execjs (1.4.0) multi_json (~> 1.0) expression_parser (0.9.0) - factory_girl (3.6.0) + factory_girl (4.0.0) activesupport (>= 3.0.0) - factory_girl_rails (3.6.0) - factory_girl (~> 3.6.0) + factory_girl_rails (4.0.0) + factory_girl (~> 4.0.0) railties (>= 3.0.0) ffi (1.0.11) fssm (0.2.9) - github-linguist (2.1.2) + github-linguist (2.2.1) charlock_holmes (~> 0.6.6) escape_utils (~> 0.2.3) mime-types (~> 1.18) pygments.rb (>= 0.2.13) github-markdown (0.5.0) github-markup (0.7.4) - haml (3.1.6) + gollum (2.1.3) + github-markdown + github-markup (>= 0.7.0, < 1.0.0) + grit (~> 2.5.0) + mustache (>= 0.11.2, < 1.0.0) + nokogiri (~> 1.4) + posix-spawn (~> 0.3.0) + pygments.rb (~> 0.2.0) + sanitize (~> 2.0.0) + sinatra (~> 1.0) + stringex (~> 1.4.0) + useragent (~> 0.4.9) + haml (3.1.7) haml-rails (0.3.4) actionpack (~> 3.0) activesupport (~> 3.0) @@ -150,7 +145,7 @@ GEM hike (1.2.1) hirb (0.7.0) i18n (0.6.0) - jbuilder (0.4.0) + jbuilder (0.4.3) activesupport (>= 3.0.0) blankslate (>= 2.1.2.4) journey (1.0.4) @@ -223,14 +218,14 @@ GEM rack rack-test (0.6.1) rack (>= 1.0) - rails (3.2.7) - actionmailer (= 3.2.7) - actionpack (= 3.2.7) - activerecord (= 3.2.7) - activeresource (= 3.2.7) - activesupport (= 3.2.7) + rails (3.2.8) + actionmailer (= 3.2.8) + actionpack (= 3.2.8) + activerecord (= 3.2.8) + activeresource (= 3.2.8) + activesupport (= 3.2.8) bundler (~> 1.0) - railties (= 3.2.7) + railties (= 3.2.8) rails-backbone (0.7.2) coffee-script (~> 2.2.0) ejs (~> 1.0.0) @@ -239,9 +234,9 @@ GEM railties (>= 3.0.0) rails3-jquery-autocomplete (1.0.7) rails (~> 3.0) - railties (3.2.7) - actionpack (= 3.2.7) - activesupport (= 3.2.7) + railties (3.2.8) + actionpack (= 3.2.8) + activesupport (= 3.2.8) rack-ssl (~> 1.3.2) rake (>= 0.8.7) rdoc (~> 3.4) @@ -253,7 +248,7 @@ GEM json (~> 1.4) redcarpet (1.17.2) redis (3.0.1) - redis-namespace (1.2.0) + redis-namespace (1.2.1) redis (~> 3.0.0) redisk (0.2.2) redis (>= 0.1.1) @@ -277,7 +272,7 @@ GEM rspec-core (2.11.1) rspec-expectations (2.11.2) diff-lcs (~> 1.1.3) - rspec-mocks (2.11.1) + rspec-mocks (2.11.2) rspec-rails (2.11.0) actionpack (>= 3.0) activesupport (>= 3.0) @@ -296,7 +291,7 @@ GEM capistrano (>= 2.0.0) sanitize (2.0.3) nokogiri (>= 1.4.4, < 1.6) - sass (3.1.20) + sass (3.2.0) sass-rails (3.2.5) railties (~> 3.2.0) sass (>= 3.1.10) @@ -324,19 +319,19 @@ GEM state_machine (1.1.2) stringex (1.4.0) systemu (2.5.2) - therubyracer (0.10.1) + therubyracer (0.10.2) libv8 (~> 3.3.10) thin (1.4.1) daemons (>= 1.0.9) eventmachine (>= 0.12.6) rack (>= 1.0.0) - thor (0.15.4) + thor (0.16.0) tilt (1.3.3) treetop (1.4.10) polyglot polyglot (>= 0.3.1) tzinfo (0.3.33) - uglifier (1.2.6) + uglifier (1.2.7) execjs (>= 0.3.0) multi_json (~> 1.3) unicorn (4.3.1) @@ -370,15 +365,15 @@ DEPENDENCIES cape capistrano capistrano_colors - charlock_holmes (~> 0.6.8) + charlock_holmes (~> 0.6.9) coffee-rails (~> 3.2.2) compass-rails (~> 1.0.3) creole devise (~> 2.1.2) diff-display (~> 0.0.1) - factory_girl_rails (~> 3.6.0) - github-linguist (~> 2.1.2) - gollum! + factory_girl_rails (~> 4.0.0) + github-linguist (~> 2.2.1) + gollum (~> 2.1.3) grack! grit! haml-rails (~> 0.3.4) @@ -394,7 +389,7 @@ DEPENDENCIES paperclip (~> 3.1.4) perform_later (~> 1.3.0) pg (~> 0.14.0) - rails (= 3.2.7) + rails (= 3.2.8) rails-backbone (~> 0.7.2) rails3-generators rails3-jquery-autocomplete (~> 1.0.7) @@ -413,7 +408,7 @@ DEPENDENCIES shotgun shoulda state_machine - therubyracer (~> 0.10.1) + therubyracer (~> 0.10.2) therubyrhino (~> 1.73.1) trinidad (~> 1.0.2) uglifier (~> 1.2.4) diff --git a/app/controllers/platforms/platforms_controller.rb b/app/controllers/platforms/platforms_controller.rb index 5a948d06e..496c2ae9d 100644 --- a/app/controllers/platforms/platforms_controller.rb +++ b/app/controllers/platforms/platforms_controller.rb @@ -2,7 +2,7 @@ class Platforms::PlatformsController < Platforms::BaseController before_filter :authenticate_user! - skip_before_filter :authenticate_user!, :only => [:advisories] if APP_CONFIG['anonymous_access'] + skip_before_filter :authenticate_user!, :only => [:advisories, :members, :show] if APP_CONFIG['anonymous_access'] load_and_authorize_resource autocomplete :user, :uname diff --git a/app/controllers/platforms/product_build_lists_controller.rb b/app/controllers/platforms/product_build_lists_controller.rb index bed67a54b..64bf45541 100644 --- a/app/controllers/platforms/product_build_lists_controller.rb +++ b/app/controllers/platforms/product_build_lists_controller.rb @@ -23,7 +23,7 @@ class Platforms::ProductBuildListsController < Platforms::BaseController end def destroy - if @product_build_list.destroy + if @product_build_list.destroy flash[:notice] = t('flash.product_build_list.delete') else flash[:error] = t('flash.product_build_list.delete_error') diff --git a/app/controllers/platforms/products_controller.rb b/app/controllers/platforms/products_controller.rb index 020866a1c..7d97915ba 100644 --- a/app/controllers/platforms/products_controller.rb +++ b/app/controllers/platforms/products_controller.rb @@ -1,7 +1,8 @@ # -*- encoding : utf-8 -*- class Platforms::ProductsController < Platforms::BaseController before_filter :authenticate_user! - + skip_before_filter :authenticate_user!, :only => [:index, :show] if APP_CONFIG['anonymous_access'] + load_and_authorize_resource :platform load_and_authorize_resource :product, :through => :platform diff --git a/app/controllers/platforms/repositories_controller.rb b/app/controllers/platforms/repositories_controller.rb index 4063ec8d7..c5675dddb 100644 --- a/app/controllers/platforms/repositories_controller.rb +++ b/app/controllers/platforms/repositories_controller.rb @@ -1,6 +1,7 @@ # -*- encoding : utf-8 -*- class Platforms::RepositoriesController < Platforms::BaseController before_filter :authenticate_user! + skip_before_filter :authenticate_user!, :only => [:index, :show, :projects_list] if APP_CONFIG['anonymous_access'] load_and_authorize_resource :platform load_and_authorize_resource :repository, :through => :platform, :shallow => true diff --git a/app/controllers/projects/comments_controller.rb b/app/controllers/projects/comments_controller.rb index 3b36c3456..2a8b82685 100644 --- a/app/controllers/projects/comments_controller.rb +++ b/app/controllers/projects/comments_controller.rb @@ -4,7 +4,7 @@ class Projects::CommentsController < Projects::BaseController load_and_authorize_resource :project before_filter :find_commentable before_filter :find_or_build_comment - load_and_authorize_resource + load_and_authorize_resource #:through => :commentable include CommentsHelper diff --git a/app/controllers/projects/projects_controller.rb b/app/controllers/projects/projects_controller.rb index 740d62976..455b49ad4 100644 --- a/app/controllers/projects/projects_controller.rb +++ b/app/controllers/projects/projects_controller.rb @@ -5,9 +5,7 @@ class Projects::ProjectsController < Projects::BaseController def index @projects = Project.accessible_by(current_ability, :membered) - # @projects = @projects.search(params[:query]).search_order if params[:query].present? - #puts prepare_list(@projects).inspect respond_to do |format| format.html { @projects = @projects.recent.paginate(:page => params[:page], :per_page => 25) } format.json { @projects = prepare_list(@projects) } diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index bea77c80a..f4bf67e81 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -5,7 +5,6 @@ class SearchController < ApplicationController def index params[:type] ||= 'all' - params[:type] = 'projects' unless current_user case params[:type] when 'all' find_collection('projects') diff --git a/app/models/ability.rb b/app/models/ability.rb index c9dafc70f..ba94cf827 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -13,17 +13,21 @@ class Ability @user = user # Shared rights between guests and registered users - can :show, Project, :visibility => 'open' - can :archive, Project, :visibility => 'open' + can [:show, :archive], Project, :visibility => 'open' can :read, Issue, :project => {:visibility => 'open'} can :search, BuildList can [:read, :log, :everything], BuildList, :project => {:visibility => 'open'} can :read, ProductBuildList#, :product => {:platform => {:visibility => 'open'}} # double nested hash don't work can :read, Advisory - can(:advisories, Platform) {APP_CONFIG['anonymous_access']} + # Core callbacks can [:publish_build, :status_build, :pre_build, :post_build, :circle_build, :new_bbdt], BuildList + # Platforms block + can [:show, :members, :advisories], Platform, :visibility == 'open' + can [:read, :projects_list], Repository, :platform => {:visibility => 'open'} + can :read, Product, :platform => {:visibility => 'open'} + if user.guest? # Guest rights # can [:new, :create], RegisterRequest else # Registered user rights @@ -55,7 +59,7 @@ class Ability can [:read, :archive], Project, :owner_type => 'Group', :owner_id => user.group_ids can([:read, :membered], Project, read_relations_for('projects')) {|project| local_reader? project} can(:write, Project) {|project| local_writer? project} # for grack - can([:update, :sections, :manage_collaborators], Project) {|project| local_admin? project} + can([:update, :sections, :manage_collaborators, :autocomplete_maintainers], Project) {|project| local_admin? project} can(:fork, Project) {|project| can? :read, project} can(:fork, Project) {|project| project.owner_type == 'Group' and can? :update, project.owner} can(:destroy, Project) {|project| owner? project} @@ -76,30 +80,25 @@ class Ability end can(:cancel, BuildList) {|build_list| build_list.can_cancel? && can?(:write, build_list.project)} - can [:read], Advisory - - can [:read, :members], Platform, :visibility => 'open' can [:read, :owned, :related, :members], Platform, :owner_type => 'User', :owner_id => user.id can [:read, :related, :members], Platform, :owner_type => 'Group', :owner_id => user.group_ids can([:read, :related, :members], Platform, read_relations_for('platforms')) {|platform| local_reader? platform} can([:update, :members], Platform) {|platform| local_admin? platform} can([:destroy, :members, :add_member, :remove_member, :remove_members] , Platform) {|platform| owner?(platform) || local_admin?(platform) } - can [:autocomplete_user_uname, :read_advisories, :advisories], Platform + can [:autocomplete_user_uname], Platform can([:failed_builds_list, :create], MassBuild) {|mass_build| (owner?(mass_build.platform) || local_admin?(mass_build.platform)) && mass_build.platform.main? } can(:cancel, MassBuild) {|mass_build| (owner?(mass_build.platform) || local_admin?(mass_build.platform)) && !mass_build.stop_build && mass_build.platform.main?} - can [:read, :projects_list], Repository, :platform => {:visibility => 'open'} can [:read, :projects_list], Repository, :platform => {:owner_type => 'User', :owner_id => user.id} can [:read, :projects_list], Repository, :platform => {:owner_type => 'Group', :owner_id => user.group_ids} can([:read, :projects_list], Repository, read_relations_for('repositories', 'platforms')) {|repository| local_reader? repository.platform} - can([:create, :edit, :update, :projects_list, :add_project, :remove_project], Repository) {|repository| local_admin? repository.platform} + can([:create, :edit, :update, :destroy, :projects_list, :add_project, :remove_project], Repository) {|repository| local_admin? repository.platform} can(:clear, Platform) {|platform| local_admin?(platform) && platform.personal?} can([:change_visibility, :settings, :destroy, :edit, :update], Repository) {|repository| owner? repository.platform} can([:create, :destroy], KeyPair) {|key_pair| owner?(key_pair.repository.platform) || local_admin?(key_pair.repository.platform)} - can :read, Product, :platform => {:visibility => 'open'} can :read, Product, :platform => {:owner_type => 'User', :owner_id => user.id, :platform_type => 'main'} can :read, Product, :platform => {:owner_type => 'Group', :owner_id => user.group_ids, :platform_type => 'main'} can(:read, Product, read_relations_for('products', 'platforms')) {|product| product.platform.main?} @@ -119,7 +118,7 @@ class Ability cannot :manage, Issue, :project => {:has_issues => false} # switch off issues can(:create, Comment) {|comment| can? :read, comment.project} - can(:update, Comment) {|comment| comment.user_id == user.id or local_admin?(comment.project || comment.commentable.project)} + can(:update, Comment) {|comment| comment.user == user or comment.project.owner == user or local_admin?(comment.project)} cannot :manage, Comment, :commentable_type => 'Issue', :commentable => {:project => {:has_issues => false}} # switch off issues end diff --git a/app/models/mass_build.rb b/app/models/mass_build.rb index 4fa18720e..8383151f7 100644 --- a/app/models/mass_build.rb +++ b/app/models/mass_build.rb @@ -45,8 +45,8 @@ class MassBuild < ActiveRecord::Base end def cancel_all - self.update_attribute(:stop_build, true) - self.build_lists.find_each(:batch_size => 100) do |bl| + update_column(:stop_build, true) + build_lists.find_each(:batch_size => 100) do |bl| bl.cancel end end diff --git a/app/models/platform.rb b/app/models/platform.rb index c0b13246a..bd5856f3f 100644 --- a/app/models/platform.rb +++ b/app/models/platform.rb @@ -131,11 +131,11 @@ class Platform < ActiveRecord::Base end def change_visibility - if !self.hidden? - self.update_attribute(:visibility, 'hidden') + if !hidden? + update_attributes(:visibility => 'hidden') remove_symlink_directory else - self.update_attribute(:visibility, 'open') + update_attributes(:visibility => 'open') symlink_directory end end diff --git a/app/models/subscribe.rb b/app/models/subscribe.rb index 8b6907d98..8145286e1 100644 --- a/app/models/subscribe.rb +++ b/app/models/subscribe.rb @@ -34,7 +34,7 @@ class Subscribe < ActiveRecord::Base def self.set_subscribe_to_commit(options, status) if subscribe = Subscribe.where(options).first - subscribe.update_attribute(:status, status) + subscribe.update_attributes(:status => status) else Subscribe.create(options.merge(:status => status)) end diff --git a/app/presenters/maintainer_presenter.rb b/app/presenters/maintainer_presenter.rb index 19a55ab2d..186266061 100644 --- a/app/presenters/maintainer_presenter.rb +++ b/app/presenters/maintainer_presenter.rb @@ -37,7 +37,7 @@ class MaintainerPresenter < ApplicationPresenter end def maintainer_email_link - mail_to @maintainer.email, @maintainer.email + mail_to @maintainer.email, @maintainer.email, :encode => "javascript" end end diff --git a/app/views/platforms/base/_sidebar.html.haml b/app/views/platforms/base/_sidebar.html.haml index 742f45ba1..eda999eeb 100644 --- a/app/views/platforms/base/_sidebar.html.haml +++ b/app/views/platforms/base/_sidebar.html.haml @@ -10,7 +10,7 @@ = link_to t("layout.platforms.about"), platform_path(@platform) %li{:class => (contr == :repositories) ? 'active' : ''} = link_to t("layout.repositories.list_header"), platform_repositories_path(@platform) - - if can? :read, @platform + - if can? :show, @platform %li{:class => (act == :index && contr == :maintainers) ? 'active' : nil} = link_to t("layout.platforms.maintainers"), platform_maintainers_path(@platform) - if can? :edit, @platform @@ -19,7 +19,7 @@ - if can? :read, @platform.products.build %li{:class => (contr == :products) ? 'active' : ''} = link_to t("layout.products.list_header"), platform_products_path(@platform) - - if can? :read_advisories, @platform + - if can? :advisories, @platform %li{:class => (contr == :platforms and act == :advisories) ? 'active' : ''} = link_to t("layout.advisories.list_header"), advisories_platform_path(@platform) - if can? :update, @platform diff --git a/app/views/platforms/maintainers/_list.html.haml b/app/views/platforms/maintainers/_list.html.haml index bbda436b6..6effeb766 100644 --- a/app/views/platforms/maintainers/_list.html.haml +++ b/app/views/platforms/maintainers/_list.html.haml @@ -21,5 +21,5 @@ %td= pr.package_type %td= pr.package_version_release %td= pr.maintainer_link - %td= pr.maintainer_email_link + %td= pr.maintainer_email_link.html_safe %td= pr.package_updated_at diff --git a/app/views/projects/projects/_form.html.haml b/app/views/projects/projects/_form.html.haml index 2fd2a90e7..b0424975c 100644 --- a/app/views/projects/projects/_form.html.haml +++ b/app/views/projects/projects/_form.html.haml @@ -6,7 +6,7 @@ .leftlist= f.label :description, t("activerecord.attributes.project.description"), :class => :label .rightlist= f.text_area :description, :class => 'text_field', :cols => 80 .both -- if [:new, :create].include? controller.action_name +- if [:new, :create].include? act .leftlist= f.label :owner_id, t("activerecord.attributes.project.owner"), :class => :label .rightlist = label_tag t("activerecord.attributes.project.who_owns.me") diff --git a/app/views/users/profile/show.html.haml b/app/views/users/profile/show.html.haml index bc6167a0c..ace969117 100644 --- a/app/views/users/profile/show.html.haml +++ b/app/views/users/profile/show.html.haml @@ -6,7 +6,7 @@ %h3= title @user.uname = @user.name %br - = link_to @user.email, "mailto:#{@user.email}" + = mail_to @user.email, @user.email, :encode => "javascript" %br %h4= t("activerecord.attributes.user.professional_experience") + ":" %p= @user.professional_experience diff --git a/config/deploy.rb b/config/deploy.rb index b7042b318..a44b72a47 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -115,6 +115,7 @@ namespace :update do remote_settings = YAML::load_file("tmp/database.yml")[rails_env] local_settings = YAML::load_file("config/database.yml")["development"] + run "export PGPASSWORD=#{remote_settings["password"]} && pg_dump --host=#{remote_settings["host"]} --port=#{remote_settings["port"]} --username #{remote_settings["username"]} --file #{current_path}/tmp/#{remote_settings["database"]}_dump -Fc #{remote_settings["database"]}" run_locally "rsync --recursive --times --rsh=ssh --compress --human-readable --progress #{user}@#{domain}:#{current_path}/tmp/#{remote_settings["database"]}_dump tmp/" diff --git a/db/migrate/20120306212914_add_project_to_comment.rb b/db/migrate/20120306212914_add_project_to_comment.rb index 94b6f8361..1e8ef5abe 100644 --- a/db/migrate/20120306212914_add_project_to_comment.rb +++ b/db/migrate/20120306212914_add_project_to_comment.rb @@ -5,7 +5,7 @@ class AddProjectToComment < ActiveRecord::Migration Subscribe.reset_column_information Comment.where(:commentable_type => 'Grit::Commit').destroy_all Comment.where(:commentable_type => 'Issue').each do |comment| - comment.update_attribute(:project_id, comment.commentable.project) + comment.update_column(:project_id, comment.commentable.project.id) end end diff --git a/db/schema.rb b/db/schema.rb index e9375ad5d..7447b19d8 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -411,8 +411,11 @@ ActiveRecord::Schema.define(:version => 20120906115648) do t.text "ssh_key" t.string "uname" t.string "role" - t.string "language", :default => "en" - t.integer "own_projects_count", :default => 0, :null => false + t.string "language", :default => "en" + t.integer "own_projects_count", :default => 0, :null => false + t.string "confirmation_token" + t.datetime "confirmed_at" + t.datetime "confirmation_sent_at" t.text "professional_experience" t.string "site" t.string "company" @@ -424,9 +427,6 @@ ActiveRecord::Schema.define(:version => 20120906115648) do t.integer "failed_attempts", :default => 0 t.string "unlock_token" t.datetime "locked_at" - t.string "confirmation_token" - t.datetime "confirmed_at" - t.datetime "confirmation_sent_at" t.string "authentication_token" t.integer "build_priority", :default => 50 end diff --git a/lib/plugins/rosa_presenter/base.rb b/lib/plugins/rosa_presenter/base.rb index eff0f3387..531c74205 100644 --- a/lib/plugins/rosa_presenter/base.rb +++ b/lib/plugins/rosa_presenter/base.rb @@ -6,6 +6,7 @@ module RosaPresenter include ActionDispatch::Routing::UrlFor include ActionView::Helpers::UrlHelper include ActionView::Helpers::TextHelper + include ActionView::Helpers::JavaScriptHelper include Rails.application.routes.url_helpers def initialize(item, opts) diff --git a/spec/controllers/groups/profile_controller_spec.rb b/spec/controllers/groups/profile_controller_spec.rb index a0e29c31b..8ea65d72b 100644 --- a/spec/controllers/groups/profile_controller_spec.rb +++ b/spec/controllers/groups/profile_controller_spec.rb @@ -129,7 +129,8 @@ describe Groups::ProfileController do before(:each) do @user = FactoryGirl.create(:user) set_session_for(@user) - @group.update_attribute(:owner, @user) + @group.owner = @user + @group.save @group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') end diff --git a/spec/controllers/platforms/key_pairs_controller_spec.rb b/spec/controllers/platforms/key_pairs_controller_spec.rb index 5b27e41b0..e9b73fc97 100644 --- a/spec/controllers/platforms/key_pairs_controller_spec.rb +++ b/spec/controllers/platforms/key_pairs_controller_spec.rb @@ -126,7 +126,9 @@ describe Platforms::KeyPairsController do before(:each) do @user = FactoryGirl.create(:user) set_session_for(@user) - @platform.update_attribute(:owner, @user) + + @platform.owner = @user + @platform.save end it_should_behave_like 'key_pair platform owner' diff --git a/spec/controllers/platforms/maintainers_controller_spec.rb b/spec/controllers/platforms/maintainers_controller_spec.rb index d29f63247..d4c03b245 100644 --- a/spec/controllers/platforms/maintainers_controller_spec.rb +++ b/spec/controllers/platforms/maintainers_controller_spec.rb @@ -2,24 +2,10 @@ require 'spec_helper' shared_examples_for 'guest user' do - - # Only one action for now here - guest_actions = [:index] - if APP_CONFIG['anonymous_access'] - guest_actions.each do |action| - it "should be able to perform #{ action } action" do - get action, :platform_id => @platform.id - response.should be_success - end - end - else # non-anonymous access - guest_actions.each do |action| - it "should not be able to perform #{ action } action" do - get action, :platform_id => @platform.id - response.should redirect_to(new_user_session_path) - end - end + it "should be able to view maintainers list(index)" do + get :index, :platform_id => @platform.id + response.should be_success end end @@ -28,20 +14,56 @@ describe Platforms::MaintainersController do stub_symlink_methods @platform = FactoryGirl.create(:platform) - @platform.visibility = 'open' - - # JS format is the primary target for this callback - @assignee_rq = { :platform_id => @platform.id, :package => 'test', :format => 'js' } + @user = FactoryGirl.create(:user) + set_session_for(@user) end context 'for guest' do - it_should_behave_like 'guest user' + before {set_session_for(User.new)} - it 'should not be able to get api' do - get :assignee, @assignee_rq - response.response_code.should == 403 + it "should be able to view maintainers list(index)", :anonymous_access => true do + get :index, :platform_id => @platform.id + response.should be_success + end + + it "should not be able to view maintainers list(index)", :anonymous_access => false do + get :index, :platform_id => @platform.id + response.should redirect_to(new_user_session_path) end end + + context 'for global admin' do + before(:each) do + @user.role = "admin" + @user.save + end + + it_should_behave_like 'guest user' + end + + context 'for registrated user' do + + it_should_behave_like 'guest user' + end + + + context 'for platform owner' do + before(:each) do + @user = @platform.owner + set_session_for(@user) + end + + it_should_behave_like 'guest user' + end + + context 'for platform member' do + before(:each) do + @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') + end + + it_should_behave_like 'guest user' + end + end diff --git a/spec/controllers/platforms/mass_builds_controller_spec.rb b/spec/controllers/platforms/mass_builds_controller_spec.rb index 1cd611d72..8c673fb99 100644 --- a/spec/controllers/platforms/mass_builds_controller_spec.rb +++ b/spec/controllers/platforms/mass_builds_controller_spec.rb @@ -23,7 +23,7 @@ shared_examples_for 'mass_build platform owner' do end it 'should not be able to perform cancel action if stop_build is true' do - @mass_build.update_attribute(:stop_build, true) + @mass_build.stop_build = true; @mass_build.save post :cancel, :platform_id => @platform, :id => @mass_build response.should redirect_to(forbidden_path) end @@ -133,7 +133,9 @@ describe Platforms::MassBuildsController do before(:each) do @user = FactoryGirl.create(:user) set_session_for(@user) - @platform.update_attribute(:owner, @user) + + @platform.owner = @user + @platform.save end it_should_behave_like 'mass_build platform owner' diff --git a/spec/controllers/platforms/platforms_controller_spec.rb b/spec/controllers/platforms/platforms_controller_spec.rb index 027e10e51..6ec4157b4 100644 --- a/spec/controllers/platforms/platforms_controller_spec.rb +++ b/spec/controllers/platforms/platforms_controller_spec.rb @@ -2,7 +2,6 @@ require 'spec_helper' shared_examples_for 'platform owner' do - it_should_behave_like 'platform index viewer' it 'should not be able to destroy personal platform' do delete :destroy, :id => @personal_platform.id @@ -19,14 +18,39 @@ shared_examples_for 'platform owner' do end end -shared_examples_for 'platform index viewer' do +shared_examples_for 'system registered user' do it 'should be able to perform index action' do get :index response.should render_template(:index) end -end + it 'should be able to perform show action' do + get :show, :id => @platform.id + response.should render_template(:show) + assigns(:platform).should eq @platform + end + + it 'should be able to perform members action' do + get :members, :id => @platform.id + response.should render_template(:members) + response.should be_success + end + + it 'should be able to perform advisories action' do + get :advisories, :id => @platform.id + response.should render_template(:advisories) + response.should be_success + end + +end + shared_examples_for 'user without create rights' do + + it 'should not be able to perform new action' do + get :new + response.should redirect_to(forbidden_path) + end + it 'should not be able to create platform' do post :create, @create_params response.should redirect_to(forbidden_path) @@ -39,7 +63,10 @@ describe Platforms::PlatformsController do @platform = FactoryGirl.create(:platform) @personal_platform = FactoryGirl.create(:platform, :platform_type => 'personal') + @user = FactoryGirl.create(:user) + set_session_for(@user) + @create_params = {:platform => { :name => 'pl1', :description => 'pl1', @@ -49,6 +76,9 @@ describe Platforms::PlatformsController do end context 'for guest' do + before(:each) do + set_session_for(User.new) + end [:index, :create].each do |action| it "should not be able to perform #{ action } action" do @@ -57,21 +87,39 @@ describe Platforms::PlatformsController do end end - [:show, :new, :edit, :clone, :destroy].each do |action| + [:new, :edit, :clone, :destroy].each do |action| it "should not be able to perform #{ action } action" do get action, :id => @platform response.should redirect_to(new_user_session_path) end end + + [:show, :members, :advisories].each do |action| + it "should not be able to perform #{ action } action", :anonymous_access => false do + get action, :id => @platform + response.should redirect_to(new_user_session_path) + end + end + + [:show, :members, :advisories].each do |action| + it "should be able to perform #{ action } action", :anonymous_access => true do + get action, :id => @platform + response.should render_template(action) + response.should be_success + end + end + end context 'for global admin' do before(:each) do - @admin = FactoryGirl.create(:admin) - @user = FactoryGirl.create(:user) - set_session_for(@admin) + @user.role = "admin" + @user.save end + it_should_behave_like 'system registered user' + it_should_behave_like 'platform owner' + it 'should be able to perform new action' do get :new response.should render_template(:new) @@ -86,51 +134,37 @@ describe Platforms::PlatformsController do lambda { post :create, @create_params }.should change{ Platform.count }.by(1) end - it_should_behave_like 'platform owner' - it 'should create platform with mentioned owner if owner id present' do - post :create, @create_params.merge({:admin_id => @user.id, :admin_uname => @user.uname}) - Platform.last.owner.id.should eql(@user.id) + owner = FactoryGirl.create(:user) + post :create, @create_params.merge({:admin_id => owner.id, :admin_uname => owner.uname}) + Platform.last.owner.id.should eql(owner.id) end it 'should create platform with current user as owner if owner id not present' do post :create, @create_params - Platform.last.owner.id.should eql(@admin.id) + Platform.last.owner.id.should eql(@user.id) end end context 'for owner user' do before(:each) do - @user = FactoryGirl.create(:user) + @user = @platform.owner set_session_for(@user) - @platform.update_attribute(:owner, @user) - @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') end + it_should_behave_like 'system registered user' it_should_behave_like 'user without create rights' it_should_behave_like 'platform owner' - it 'should be able to perform new action' do - get :new - response.should redirect_to(forbidden_path) - end - - it 'should be able to perform create action' do - post :create, @create_params - response.should redirect_to(forbidden_path) - end - end context 'for reader user' do before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') end - it_should_behave_like 'platform index viewer' + it_should_behave_like 'system registered user' it_should_behave_like 'user without create rights' it 'should not be able to perform destroy action' do diff --git a/spec/controllers/platforms/products_controller_spec.rb b/spec/controllers/platforms/products_controller_spec.rb index e90d48cbc..4c500eb48 100644 --- a/spec/controllers/platforms/products_controller_spec.rb +++ b/spec/controllers/platforms/products_controller_spec.rb @@ -31,9 +31,16 @@ describe Platforms::ProductsController do @product = FactoryGirl.create(:product, :platform => @platform) @create_params = {:product => {:name => 'pro'}, :platform_id => @platform.id} @update_params = {:product => {:name => 'pro2'}, :platform_id => @platform.id} + + @user = FactoryGirl.create(:user) + set_session_for(@user) end - context 'for guest' do + context 'for guest' do + before(:each) do + set_session_for(User.new) + end + [:create].each do |action| it "should not be able to perform #{ action } action" do get action, :platform_id => @platform.id @@ -41,40 +48,56 @@ describe Platforms::ProductsController do end end - [:show, :new, :edit, :update, :destroy].each do |action| + [:new, :edit, :update, :destroy].each do |action| it "should not be able to perform #{ action } action" do get action, :id => @product.id, :platform_id => @platform.id response.should redirect_to(new_user_session_path) end end + + [:show, :index].each do |action| + it "should not be able to perform #{ action } action", :anonymous_access => false do + get action, :id => @product.id, :platform_id => @platform.id + response.should redirect_to(new_user_session_path) + end + end + + [:show, :index].each do |action| + it "should be able to perform #{ action } action", :anonymous_access => true do + get action, :id => @product.id, :platform_id => @platform.id + response.should render_template(action) + response.should be_success + end + end end context 'for global admin' do - before(:each) do - @admin = FactoryGirl.create(:admin) - set_session_for(@admin) - end + before(:each) do + @user.role = "admin" + @user.save + end it_should_behave_like 'admin user' end - + context 'for platform owner' do + before(:each) do + @user = @platform.owner + set_session_for(@user) + end + + it_should_behave_like 'admin user' + end context 'for admin relation user' do - before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) + before(:each) do @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') - end + end it_should_behave_like 'admin user' end context 'for no relation user' do - before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) - end it 'should not be able to create product' do lambda { post :create, @create_params }.should change{ Product.count }.by(0) diff --git a/spec/controllers/platforms/repositories_controller_spec.rb b/spec/controllers/platforms/repositories_controller_spec.rb index 82c4a5712..6a6a9933e 100644 --- a/spec/controllers/platforms/repositories_controller_spec.rb +++ b/spec/controllers/platforms/repositories_controller_spec.rb @@ -19,13 +19,13 @@ shared_examples_for 'user with change projects in repository rights' do it 'should be able to add project to repository' do get :add_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id response.should redirect_to(platform_repository_path(@repository.platform, @repository)) - @repository.projects.should include (@project) + @repository.projects.should include(@project) end it 'should be able to remove project from repository' do get :remove_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id response.should redirect_to(platform_repository_path(@repository.platform, @repository)) - @repository.projects.should_not include (@project) + @repository.projects.should_not include(@project) end end @@ -40,6 +40,12 @@ shared_examples_for 'registered user' do get :show, :id => @repository.id response.should render_template(:show) end + + it 'should be able to perform projects_list action' do + get :projects_list, :id => @repository.id, :platform_id => @platform.id, :format => :json + response.should be_success + end + end shared_examples_for 'platform admin user' do @@ -75,51 +81,77 @@ describe Platforms::RepositoriesController do @project = FactoryGirl.create(:project) @another_user = FactoryGirl.create(:user) @create_params = {:repository => {:name => 'pro', :description => 'pro2'}, :platform_id => @platform.id} + + @user = FactoryGirl.create(:user) + set_session_for(@user) end context 'for guest' do - [:index, :create].each do |action| - it "should not be able to perform #{ action } action" do - get action, :platform_id => @platform - response.should redirect_to(new_user_session_path) - end + + before(:each) do + set_session_for(User.new) end - [:show, :new, :add_project, :remove_project, :destroy].each do |action| + it "should not be able to perform create action" do + get :create, :platform_id => @platform + response.should redirect_to(new_user_session_path) + end + + [:new, :add_project, :remove_project, :destroy].each do |action| it "should not be able to perform #{ action } action" do get action, :id => @repository.id response.should redirect_to(new_user_session_path) end end + + it_should_behave_like 'registered user' if APP_CONFIG['anonymous_access'] + + it "should not be able to perform show action", :anonymous_access => false do + get :show, :id => @repository + response.should redirect_to(new_user_session_path) + end + + it "should not be able to perform index action", :anonymous_access => false do + get :index, :platform_id => @platform + response.should redirect_to(new_user_session_path) + end + + it 'should not be able to perform projects_list action', :anonymous_access => false do + get :projects_list, :id => @repository.id, :platform_id => @platform.id, :format => :json + response.response_code.should == 401 + end + end context 'for admin' do before(:each) do - @admin = FactoryGirl.create(:admin) - set_session_for(@admin) + @user.role = "admin" + @user.save end it_should_behave_like 'platform admin user' end - + context 'for platform owner user' do before(:each) do - @user = FactoryGirl.create(:user) + @user = @repository.platform.owner set_session_for(@user) - @repository.platform.update_attribute(:owner, @user) - @repository.platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') + end + + it_should_behave_like 'platform admin user' + end + + context 'for platform member user' do + before(:each) do + @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') end it_should_behave_like 'platform admin user' end context 'for user' do - before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) - end - + it_should_behave_like 'registered user' it 'should not be able to perform new action' do @@ -132,7 +164,7 @@ describe Platforms::RepositoriesController do lambda { post :create, @create_params }.should change{ Repository.count }.by(0) response.should redirect_to(forbidden_path) end - + it 'should not be able to destroy repository in main platform' do delete :destroy, :id => @repository.id response.should redirect_to(forbidden_path) @@ -142,13 +174,13 @@ describe Platforms::RepositoriesController do it 'should not be able to add project to repository' do get :add_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id response.should redirect_to(forbidden_path) - @repository.projects.should_not include (@project) + @repository.projects.should_not include(@project) end it 'should not be able to remove project from repository' do get :remove_project, :id => @repository.id, :platform_id => @platform.id, :project_id => @project.id response.should redirect_to(forbidden_path) - @repository.projects.should_not include (@project) + @repository.projects.should_not include(@project) end it_should_behave_like 'not destroy personal repository' diff --git a/spec/controllers/projects/build_lists_controller_spec.rb b/spec/controllers/projects/build_lists_controller_spec.rb index b2aa0d17d..4e9575f9c 100644 --- a/spec/controllers/projects/build_lists_controller_spec.rb +++ b/spec/controllers/projects/build_lists_controller_spec.rb @@ -109,7 +109,7 @@ describe Projects::BuildListsController do set_session_for(@user) @show_params = {:owner_name => @project.owner.uname, :project_name => @project.name, :id => @build_list.id} end - + context 'for all build lists' do before(:each) do @build_list1 = FactoryGirl.create(:build_list_core) @@ -326,8 +326,8 @@ describe Projects::BuildListsController do describe 'publish_build' do before { test_git_commit(build_list.project) - build_list.update_attribute :commit_hash, build_list.project.repo.commits('master').last.id - build_list.update_attribute(:status, BuildList::BUILD_PUBLISH) + build_list.update_column(:commit_hash, build_list.project.repo.commits('master').last.id) + build_list.update_column(:status, BuildList::BUILD_PUBLISH) build_list_package } @@ -337,7 +337,7 @@ describe Projects::BuildListsController do end it(:passes) { - build_list.update_attribute(:status, BuildServer::BUILD_STARTED) + build_list.update_column(:status, BuildServer::BUILD_STARTED) do_get(BuildServer::SUCCESS) response.should be_ok } @@ -401,7 +401,7 @@ describe Projects::BuildListsController do describe 'pre_build' do before do - build_list.update_attribute :status, BuildList::BUILD_PENDING + build_list.update_column :status, BuildList::BUILD_PENDING end def do_get @@ -428,29 +428,29 @@ describe Projects::BuildListsController do context 'with auto_publish' do it(:passes) { - build_list.update_attribute(:started_at, (Time.now - 1.day)) - build_list.update_attribute(:status, BuildServer::BUILD_STARTED) + build_list.update_column(:started_at, (Time.now - 1.day)) + build_list.update_column(:status, BuildServer::BUILD_STARTED) build_list.reload lambda{ do_get(BuildServer::SUCCESS) }.should change(build_list, :status).to(BuildList::BUILD_PUBLISH) } it(:passes) { - build_list.update_attribute(:started_at, (Time.now - 1.day)) - build_list.update_attribute(:status, BuildServer::BUILD_STARTED) + build_list.update_column(:started_at, (Time.now - 1.day)) + build_list.update_column(:status, BuildServer::BUILD_STARTED) lambda{ do_get(BuildServer::BUILD_ERROR) }.should change(build_list, :status).to(BuildServer::BUILD_ERROR) } end context 'without auto_publish' do - before { build_list.update_attribute(:auto_publish, false) } + before { build_list.update_column(:auto_publish, false) } it(:passes) { - build_list.update_attribute(:started_at, (Time.now - 1.day)) - build_list.update_attribute(:status, BuildServer::BUILD_STARTED) + build_list.update_column(:started_at, (Time.now - 1.day)) + build_list.update_column(:status, BuildServer::BUILD_STARTED) lambda{ do_get(BuildServer::SUCCESS) }.should change(build_list, :status).to(BuildServer::SUCCESS) } it(:passes) { - build_list.update_attribute(:started_at, (Time.now - 1.day)) - build_list.update_attribute(:status, BuildServer::BUILD_STARTED) + build_list.update_column(:started_at, (Time.now - 1.day)) + build_list.update_column(:status, BuildServer::BUILD_STARTED) lambda{ do_get(BuildServer::BUILD_ERROR) }.should change(build_list, :status).to(BuildServer::BUILD_ERROR) } end diff --git a/spec/controllers/projects/collaborators_controller_spec.rb b/spec/controllers/projects/collaborators_controller_spec.rb index 5c8d320c2..eac133b35 100644 --- a/spec/controllers/projects/collaborators_controller_spec.rb +++ b/spec/controllers/projects/collaborators_controller_spec.rb @@ -1,21 +1,35 @@ # -*- encoding : utf-8 -*- require 'spec_helper' -def create_params - @user_params = { - :actor_id => @another_user.id.to_s, - :actor_type => 'user', - :role => 'reader' - } - @group_params = { - :actor_id => @group.id.to_s, - :actor_type => 'group', - :role => 'reader' - } - @create_params = { - :owner_name => @project.owner.uname, :project_name => @project.name, - :format => :json - } +shared_context "collaborators controller" do + before(:each) do + stub_symlink_methods + @project = FactoryGirl.create(:project) + @another_user = FactoryGirl.create(:user) + @group = FactoryGirl.create(:group) + @member_user = FactoryGirl.create(:user) + # Create relation with 'writer' rights + @collaborator = Collaborator.create(:actor => @member_user, :project => @project, :role => 'writer') + + @user = FactoryGirl.create(:user) + set_session_for(@user) + + @user_params = { + :actor_id => @another_user.id.to_s, + :actor_type => 'user', + :role => 'reader' + } + @group_params = { + :actor_id => @group.id.to_s, + :actor_type => 'group', + :role => 'reader' + } if @group + @create_params = { + :owner_name => @project.owner.uname, :project_name => @project.name, + :format => :json + } + @update_params = @create_params.merge(:collaborator => {:role => 'reader'}) + end end shared_examples_for 'project admin user' do @@ -25,7 +39,7 @@ shared_examples_for 'project admin user' do end it 'should be able to perform update action' do - put :update, {:owner_name => @project.owner.uname, :project_name => @project.name, :id => @collaborator.id}.merge(@update_params) + put :update, {:id => @collaborator.id}.merge(@update_params) response.should be_success end @@ -40,7 +54,7 @@ shared_examples_for 'project admin user' do end it 'should be able to set reader role for any user' do - put :update, {:owner_name => @project.owner.uname, :project_name => @project.name, :id => @collaborator.id}.merge(@update_params) + put :update, {:id => @collaborator.id}.merge(@update_params) @another_user.relations.exists? :target_id => @project.id, :target_type => 'Project', :role => 'read' end end @@ -52,45 +66,38 @@ shared_examples_for 'user with no rights for this project' do end it 'should not be able to perform update action' do - put :update, {:owner_name => @project.owner.uname, :project_name => @project.name, :id => @collaborator.id}.merge(@update_params) + put :update, {:id => @collaborator.id}.merge(@update_params) response.should redirect_to(forbidden_path) end it 'should not be able to set reader role for any user' do - put :update, {:owner_name => @project.owner.uname, :project_name => @project.name, :id => @collaborator.id}.merge(@update_params) + put :update, {:id => @collaborator.id}.merge(@update_params) !@another_user.relations.exists? :target_id => @project.id, :target_type => 'Project', :role => 'read' end end describe Projects::CollaboratorsController do - before(:each) do - stub_symlink_methods - @project = FactoryGirl.create(:project) - @another_user = FactoryGirl.create(:user) - @member_user = FactoryGirl.create(:user) - @update_params = {:collaborator => {:role => :reader}, :format => :json} - # Create relation with 'writer' rights - @collaborator = Collaborator.create(:actor => @member_user, :project => @project, :role => 'writer') - end + include_context "collaborators controller" context 'for guest' do + before(:each) do + set_session_for(User.new) + end it 'should not be able to perform index action' do get :index, :owner_name => @project.owner.uname, :project_name => @project.name response.should redirect_to(new_user_session_path) end it 'should not be able to perform update action' do - put :update, {:owner_name => @project.owner.uname, :project_name => @project.name, :id => @collaborator.id}.merge(@update_params) + put :update, {:id => @collaborator.id}.merge(@update_params) response.code.should == '401' end end context 'for global admin' do before(:each) do - @admin = FactoryGirl.create(:admin) - set_session_for(@admin) - @group = FactoryGirl.create(:group) - create_params + @user.role = "admin" + @user.save end it_should_behave_like 'project admin user' @@ -98,28 +105,16 @@ describe Projects::CollaboratorsController do context 'for admin user' do before(:each) do - @user = FactoryGirl.create(:user) -# @user.relations - set_session_for(@user) - @group = FactoryGirl.create(:group) @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') - create_params end it_should_behave_like 'project admin user' - end context 'for owner user' do before(:each) do - @user = FactoryGirl.create(:user) + @user = @project.owner # owner should be user set_session_for(@user) - @group = FactoryGirl.create(:group) - - @project.update_attribute(:owner, @user) - @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') - - create_params end it_should_behave_like 'project admin user' @@ -127,8 +122,6 @@ describe Projects::CollaboratorsController do context 'for reader user' do before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') end @@ -137,8 +130,6 @@ describe Projects::CollaboratorsController do context 'for writer user' do before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'writer') end diff --git a/spec/controllers/projects/comments_controller_spec.rb b/spec/controllers/projects/comments_controller_spec.rb index 1e0501495..3fb36a7cd 100644 --- a/spec/controllers/projects/comments_controller_spec.rb +++ b/spec/controllers/projects/comments_controller_spec.rb @@ -1,13 +1,33 @@ # -*- encoding : utf-8 -*- require 'spec_helper' +shared_context "comments controller" do + before(:each) do + stub_symlink_methods + + @project = FactoryGirl.create(:project) + @issue = FactoryGirl.create(:issue, :project_id => @project.id, :user => FactoryGirl.create(:user)) + @comment = FactoryGirl.create(:comment, :commentable => @issue, :project_id => @project.id) + + @user = FactoryGirl.create(:user) + @own_comment = FactoryGirl.create(:comment, :commentable => @issue, :user => @user, :project_id => @project.id) + + set_session_for(@user) + + @address = {:owner_name => @project.owner.uname, :project_name => @project.name, :issue_id => @issue.serial_id} + @create_params = {:comment => {:body => 'I am a comment!'}}.merge(@address) + @update_params = {:comment => {:body => 'updated'}}.merge(@address) + end + +end + shared_examples_for 'user with create comment rights' do it 'should be able to perform create action' do post :create, @create_params response.should redirect_to(project_issue_path(@project, @issue)) end - it 'should create subscribe object into db' do + it 'should create comment in the database' do lambda{ post :create, @create_params }.should change{ Comment.count }.by(1) end end @@ -18,7 +38,7 @@ shared_examples_for 'user with update own comment rights' do response.should redirect_to([@project, @issue]) end - it 'should update subscribe body' do + it 'should update comment body' do put :update, {:id => @own_comment.id}.merge(@update_params) @own_comment.reload.body.should == 'updated' end @@ -30,7 +50,7 @@ shared_examples_for 'user with update stranger comment rights' do response.should redirect_to([@project, @issue]) end - it 'should update issue title' do + it 'should update comment body' do put :update, {:id => @comment.id}.merge(@update_params) @comment.reload.body.should == 'updated' end @@ -42,7 +62,7 @@ shared_examples_for 'user without update stranger comment rights' do response.should redirect_to(forbidden_path) end - it 'should not update issue title' do + it 'should not update comment body' do put :update, {:id => @comment.id}.merge(@update_params) @comment.reload.body.should_not == 'updated' end @@ -50,42 +70,39 @@ end shared_examples_for 'user without destroy comment rights' do it 'should not be able to perform destroy action' do - delete :destroy, :id => @comment.id, :issue_id => @issue.serial_id, :owner_name => @project.owner.uname, :project_name => @project.name + delete :destroy, {:id => @comment.id}.merge(@address) response.should redirect_to(forbidden_path) end - it 'should not reduce comments count' do - lambda{ delete :destroy, :id => @comment.id, :issue_id => @issue.serial_id, :owner_name => @project.owner.uname, :project_name => @project.name }.should change{ Issue.count }.by(0) + it 'should not delete comment from database' do + lambda{ delete :destroy, {:id => @comment.id}.merge(@address)}.should change{ Issue.count }.by(0) end end -#shared_examples_for 'user with destroy rights' do -# it 'should be able to perform destroy action' do -# delete :destroy, :id => @comment.id, :issue_id => @issue.id, :owner_name => @project.owner.uname, :project_name => @project.name -# response.should redirect_to([@project, @issue]) -# end -# -# it 'should reduce comments count' do -# lambda{ delete :destroy, :id => @comment.id, :issue_id => @issue.id, :owner_name => @project.owner.uname, :project_name => @project.name }.should change{ Comment.count }.by(-1) -# end -#end +shared_examples_for 'user with destroy comment rights' do + it 'should be able to perform destroy action' do + delete :destroy, {:id => @comment.id}.merge(@address) + response.should redirect_to([@project, @issue]) + end + + it 'should delete comment from database' do + lambda{ delete :destroy, {:id => @comment.id}.merge(@address)}.should change{ Comment.count }.by(-1) + end +end describe Projects::CommentsController do - before(:each) do - stub_symlink_methods + include_context "comments controller" - @project = FactoryGirl.create(:project) - @issue = FactoryGirl.create(:issue, :project_id => @project.id, :user => FactoryGirl.create(:user)) - @comment = FactoryGirl.create(:comment, :commentable => @issue, :project_id => @project.id) + context 'for global admin user' do + before(:each) do + @user.role = "admin" + @user.save + end - @create_params = {:comment => {:body => 'I am a comment!'}, :owner_name => @project.owner.uname, :project_name => @project.name, :issue_id => @issue.serial_id} - @update_params = {:comment => {:body => 'updated'}, :owner_name => @project.owner.uname, :project_name => @project.name, :issue_id => @issue.serial_id} - - any_instance_of(Project, :versions => ['v1.0', 'v2.0']) - - @user = FactoryGirl.create(:user) - set_session_for(@user) - @own_comment = FactoryGirl.create(:comment, :commentable => @issue, :user => @user, :project_id => @project.id) + it_should_behave_like 'user with create comment rights' + it_should_behave_like 'user with update stranger comment rights' + it_should_behave_like 'user with update own comment rights' + it_should_behave_like 'user with destroy comment rights' end context 'for project admin user' do @@ -101,10 +118,7 @@ describe Projects::CommentsController do context 'for project owner user' do before(:each) do - @project.update_attribute(:owner, @user) - @project.relations.destroy_all - @project.relations.create :actor_id => @project.owner.id, :actor_type => @project.owner.class.to_s, :role => 'admin' - @create_params[:owner_name] = @user.uname; @update_params[:owner_name] = @user.uname + set_session_for(@project.owner) # owner should be user end it_should_behave_like 'user with create comment rights' diff --git a/spec/controllers/projects/git/git_trees_controller_spec.rb b/spec/controllers/projects/git/git_trees_controller_spec.rb index f2baf5020..61c4d68af 100644 --- a/spec/controllers/projects/git/git_trees_controller_spec.rb +++ b/spec/controllers/projects/git/git_trees_controller_spec.rb @@ -16,18 +16,16 @@ describe Projects::Git::TreesController do end context 'for guest' do - if APP_CONFIG['anonymous_access'] - it 'should be able to perform archive action with anonymous acccess' do - fill_project - get :archive, @params.merge(:format => 'tar') - response.should be_success - end - else - it 'should not be able to perform archive action without anonymous acccess' do - fill_project - get :archive, @params.merge(:format => 'tar') - response.code.should == '401' - end + it 'should be able to perform archive action with anonymous acccess', :anonymous_access => true do + fill_project + get :archive, @params.merge(:format => 'tar') + response.should be_success + end + + it 'should not be able to perform archive action without anonymous acccess', :anonymous_access => false do + fill_project + get :archive, @params.merge(:format => 'tar') + response.code.should == '401' end end diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb index 49a6e9b07..65873a0a3 100644 --- a/spec/controllers/projects/issues_controller_spec.rb +++ b/spec/controllers/projects/issues_controller_spec.rb @@ -1,7 +1,43 @@ # -*- encoding : utf-8 -*- require 'spec_helper' -shared_examples_for 'issue user with project reader rights' do +shared_context "issues controller" do + before(:each) do + stub_symlink_methods + + @project = FactoryGirl.create(:project) + @issue_user = FactoryGirl.create(:user) + + @issue = FactoryGirl.create(:issue, :project_id => @project.id, :assignee_id => @issue_user.id) + + @project_with_turned_off_issues = FactoryGirl.create(:project, :has_issues => false) + @turned_of_issue = FactoryGirl.create(:issue, :project_id => @project_with_turned_off_issues.id, :assignee_id => @issue_user.id) + + @user = FactoryGirl.create(:user) + set_session_for(@user) + + @create_params = { + :owner_name => @project.owner.uname, :project_name => @project.name, + :issue => { + :title => "issue1", + :body => "issue body" + }, + :assignee_id => @issue_user.id, + :assignee_uname => @issue_user.uname + } + + @update_params = { + :owner_name => @project.owner.uname, :project_name => @project.name, + :issue => { + :title => "issue2" + } + } + + end + +end + +shared_examples_for 'issue user with project guest rights' do it 'should be able to perform index action' do get :index, :owner_name => @project.owner.uname, :project_name => @project.name response.should render_template(:index) @@ -11,9 +47,12 @@ shared_examples_for 'issue user with project reader rights' do get :show, :owner_name => @project.owner.uname, :project_name => @project.name, :id => @issue.serial_id response.should render_template(:show) end +end + +shared_examples_for 'issue user with project reader rights' do it 'should be able to perform index action on hidden project' do - @project.update_attribute :visibility, 'hidden' + @project.update_attributes(:visibility => 'hidden') get :index, :owner_name => @project.owner.uname, :project_name => @project.name response.should render_template(:index) end @@ -66,9 +105,9 @@ shared_examples_for 'user without issue destroy rights' do end shared_examples_for 'project with issues turned off' do - pending 'should not be able to perform index action' do + it 'should not be able to perform index action' do get :index, :project_id => @project_with_turned_off_issues.id - response.should render_template(:index) + response.should redirect_to(forbidden_path) end it 'should not be able to perform show action' do @@ -78,107 +117,82 @@ shared_examples_for 'project with issues turned off' do end describe Projects::IssuesController do - before(:each) do - stub_symlink_methods - - @project = FactoryGirl.create(:project) - @issue_user = FactoryGirl.create(:user) - - any_instance_of(Project, :versions => ['v1.0', 'v2.0']) - - @issue = FactoryGirl.create(:issue, :project_id => @project.id, :assignee_id => @issue_user.id) - @create_params = { - :owner_name => @project.owner.uname, :project_name => @project.name, - :issue => { - :title => "issue1", - :body => "issue body" - }, - :assignee_id => @issue_user.id, - :assignee_uname => @issue_user.uname - } - @update_params = { - :owner_name => @project.owner.uname, :project_name => @project.name, - :issue => { - :title => "issue2" - } - } - - @project_with_turned_off_issues = FactoryGirl.create(:project, :has_issues => false) - @turned_of_issue = FactoryGirl.create(:issue, :project_id => @project_with_turned_off_issues.id, :assignee_id => @issue_user.id) - end + include_context "issues controller" context 'for global admin user' do before(:each) do - @admin = FactoryGirl.create(:admin) - set_session_for(@admin) + @user.role = "admin" + @user.save end + it_should_behave_like 'issue user with project guest rights' + it_should_behave_like 'issue user with project reader rights' + it_should_behave_like 'issue user with project writer rights' + it_should_behave_like 'user with issue update rights' + it_should_behave_like 'project with issues turned off' it_should_behave_like 'user without issue destroy rights' end context 'for project admin user' do before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') end + it_should_behave_like 'issue user with project guest rights' it_should_behave_like 'issue user with project reader rights' it_should_behave_like 'issue user with project writer rights' it_should_behave_like 'user with issue update rights' - it_should_behave_like 'user without issue destroy rights' it_should_behave_like 'project with issues turned off' + it_should_behave_like 'user without issue destroy rights' end context 'for project owner user' do before(:each) do - @user = FactoryGirl.create(:user) + @user = @project.owner set_session_for(@user) - @project.update_attribute(:owner, @user); @create_params[:owner_name] = @user.uname; @update_params[:owner_name] = @user.uname - @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') end + it_should_behave_like 'issue user with project guest rights' it_should_behave_like 'issue user with project reader rights' it_should_behave_like 'issue user with project writer rights' it_should_behave_like 'user with issue update rights' - it_should_behave_like 'user without issue destroy rights' it_should_behave_like 'project with issues turned off' + it_should_behave_like 'user without issue destroy rights' end context 'for project reader user' do before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') end + it_should_behave_like 'issue user with project guest rights' it_should_behave_like 'issue user with project reader rights' + it_should_behave_like 'issue user with project writer rights' it_should_behave_like 'user without issue update rights' - it_should_behave_like 'user without issue destroy rights' it_should_behave_like 'project with issues turned off' + it_should_behave_like 'user without issue destroy rights' - it 'should not be able to perform create action' do - post :create, @create_params - response.should redirect_to(forbidden_path) - end + # it 'should not be able to perform create action on project' do + # post :create, @create_params + # response.should redirect_to(forbidden_path) + # end - it 'should not create issue object into db' do - lambda{ post :create, @create_params }.should change{ Issue.count }.by(0) - end + # it 'should not create issue object into db' do + # lambda{ post :create, @create_params }.should change{ Issue.count }.by(0) + # end end context 'for project writer user' do before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'writer') end + it_should_behave_like 'issue user with project guest rights' it_should_behave_like 'issue user with project reader rights' it_should_behave_like 'issue user with project writer rights' it_should_behave_like 'user without issue update rights' - it_should_behave_like 'user without issue destroy rights' it_should_behave_like 'project with issues turned off' + it_should_behave_like 'user without issue destroy rights' end context 'for issue assign user' do @@ -187,28 +201,26 @@ describe Projects::IssuesController do end it_should_behave_like 'user without issue update rights' - it_should_behave_like 'user without issue destroy rights' it_should_behave_like 'project with issues turned off' + it_should_behave_like 'user without issue destroy rights' end context 'for guest' do + + before(:each) do + set_session_for(User.new) + end + if APP_CONFIG['anonymous_access'] - # it_should_behave_like 'issue user with project reader rights' - it 'should be able to perform index action' do - get :index, :owner_name => @project.owner.uname, :project_name => @project.name - response.should render_template(:index) - end - - it 'should be able to perform show action' do - get :show, :owner_name => @project.owner.uname, :project_name => @project.name, :id => @issue.serial_id - response.should render_template(:show) - end - + + it_should_behave_like 'issue user with project guest rights' + it 'should not be able to perform index action on hidden project' do - @project.update_attribute :visibility, 'hidden' + @project.update_attributes(:visibility => 'hidden') get :index, :owner_name => @project.owner.uname, :project_name => @project.name response.should redirect_to(forbidden_path) end + else it 'should not be able to perform index action' do get :index, :owner_name => @project.owner.uname, :project_name => @project.name @@ -221,7 +233,7 @@ describe Projects::IssuesController do end it 'should not be able to perform index action on hidden project' do - @project.update_attribute :visibility, 'hidden' + @project.update_attributes(:visibility => 'hidden') get :index, :owner_name => @project.owner.uname, :project_name => @project.name response.should redirect_to(new_user_session_path) end diff --git a/spec/controllers/projects/projects_controller_spec.rb b/spec/controllers/projects/projects_controller_spec.rb index a94cced96..dc240686a 100644 --- a/spec/controllers/projects/projects_controller_spec.rb +++ b/spec/controllers/projects/projects_controller_spec.rb @@ -1,217 +1,277 @@ # -*- encoding : utf-8 -*- require 'spec_helper' +shared_examples_for 'projects user with reader rights' do + + it 'should be able to fork project' do + post :fork, :owner_name => @project.owner.uname, :project_name => @project.name + response.should redirect_to(project_path(Project.last)) + end + + it 'should be able to fork project to their group' do + group = FactoryGirl.create(:group) + group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') + lambda {post :fork, :owner_name => @project.owner.uname, :project_name => @project.name, + :group => group.id}.should change{ Project.count }.by(1) + end + + it 'should be able to fork project to own group' do + group = FactoryGirl.create(:group, :owner => @user) + lambda {post :fork, :owner_name => @project.owner.uname, :project_name => @project.name, + :group => group.id}.should change{ Project.count }.by(1) + end + + # it 'should be able to view project' do + # get :show, :owner_name => @project.owner.uname, :project_name => @project.name + # assigns(:project).should eq @project + # end + +end + +shared_examples_for 'projects user with project admin rights' do + it 'should be able to perform update action' do + put :update, {:owner_name => @project.owner.uname, :project_name => @project.name}.merge(@update_params) + response.should redirect_to(project_path(@project)) + end +end + +shared_examples_for 'user with destroy rights' do + it 'should be able to perform destroy action' do + delete :destroy, {:owner_name => @project.owner.uname, :project_name => @project.name} + response.should redirect_to(@project.owner) + end + + it 'should change objects count on destroy' do + lambda { delete :destroy, :owner_name => @project.owner.uname, :project_name => @project.name }.should change{ Project.count }.by(-1) + end +end + +shared_examples_for 'projects user without project admin rights' do + it 'should not be able to edit project' do + description = @project.description + put :update, :project=>{:description =>"hack"}, :owner_name => @project.owner.uname, :project_name => @project.name + @project.reload.description.should == description + response.should redirect_to(forbidden_path) + end + + it 'should not be able to edit project sections' do + has_wiki, has_issues = @project.has_wiki, @project.has_issues + post :sections, :project =>{:has_wiki => !has_wiki, :has_issues => !has_issues}, :owner_name => @project.owner.uname, :project_name => @project.name + @project.reload.has_wiki.should == has_wiki + @project.reload.has_issues.should == has_issues + response.should redirect_to(forbidden_path) + end +end + describe Projects::ProjectsController do before(:each) do stub_symlink_methods @project = FactoryGirl.create(:project) - @another_user = FactoryGirl.create(:user) + @create_params = {:project => {:name => 'pro'}} @update_params = {:project => {:description => 'pro2'}} + + @user = FactoryGirl.create(:user) + set_session_for(@user) end - context 'for guest' do - it 'should not be able to perform index action' do - get :index - response.should redirect_to(new_user_session_path) + context 'for system users' do + + context 'guest' do + + before(:each) do + set_session_for(User.new) + end + + it 'should not be able to perform index action' do + get :index + response.should redirect_to(new_user_session_path) + end + + it 'should not be able to perform update action' do + put :update, {:owner_name => @project.owner.uname, :project_name => @project.name}.merge(@update_params) + response.should redirect_to(new_user_session_path) + end end - it 'should not be able to perform update action' do - put :update, {:owner_name => @project.owner.uname, :project_name => @project.name}.merge(@update_params) - response.should redirect_to(new_user_session_path) - end - end + context 'registered user' do + + it 'should be able to perform index action' do + get :index + response.should render_template(:index) + end + + context 'create project for myself' do + + it 'should be able to perform create action' do + post :create, @create_params + response.should redirect_to(project_path( Project.last )) + end + + it 'should create project in the database' do + lambda { post :create, @create_params }.should change{ Project.count }.by(1) + end + end + + context 'create project for group' do + + it 'should not be able to create project for alien group' do + group = FactoryGirl.create(:group) + post :create, @create_params.merge({:who_owns => 'group', :owner_id => group.id}) + response.should redirect_to(forbidden_path) + end + + it 'should be able to create project for their group' do + group = FactoryGirl.create(:group) + group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') + lambda { post :create, @create_params.merge({:who_owns => 'group', :owner_id => group.id})}.should change{ Project.count }.by(1) + end + + it 'should be able to create project for own group' do + group = FactoryGirl.create(:group, :owner => @user) + lambda { post :create, @create_params.merge({:who_owns => 'group', :owner_id => group.id})}.should change{ Project.count }.by(1) + end + + end + + end # context 'registered user' + end # context 'for system users' + + context 'for project members' do + + context 'for global admin' do + before(:each) do + @user.role = "admin" + @user.save + set_session_for(@user) + end + + it_should_behave_like 'projects user with project admin rights' + it_should_behave_like 'projects user with reader rights' + it_should_behave_like 'user with destroy rights' - context 'for admin' do - before(:each) do - @admin = FactoryGirl.create(:admin) - set_session_for(@admin) end - it_should_behave_like 'projects user with admin rights' - it_should_behave_like 'projects user with reader rights' + context 'for owner user' do + before(:each) do + @user = @project.owner + set_session_for(@user) # owner should be user + end + + it_should_behave_like 'projects user with project admin rights' + it_should_behave_like 'projects user with reader rights' + it_should_behave_like 'user with destroy rights' + + it 'should not be able to fork own project' do + post :fork, :owner_name => @project.owner.uname, :project_name => @project.name + response.should redirect_to(@project) + end - it 'should be able to perform create action' do - post :create, @create_params - response.should redirect_to(project_path( Project.last )) end - it 'should change objects count on create' do - lambda { post :create, @create_params }.should change{ Project.count }.by(1) - end - end + context 'for reader user' do + before(:each) do + @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') + end - context 'for owner user' do - before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) - @project.update_attribute(:owner, @user) - @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') + it_should_behave_like 'projects user with reader rights' + it_should_behave_like 'projects user without project admin rights' end - it_should_behave_like 'projects user with admin rights' - it_should_behave_like 'user with rights to view projects' + context 'for writer user' do + before(:each) do + @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'writer') + end + + it_should_behave_like 'projects user with reader rights' + it_should_behave_like 'projects user without project admin rights' - it 'should be able to perform destroy action' do - delete :destroy, {:owner_name => @project.owner.uname, :project_name => @project.name} - response.should redirect_to(@project.owner) end - it 'should change objects count on destroy' do - lambda { delete :destroy, :owner_name => @project.owner.uname, :project_name => @project.name }.should change{ Project.count }.by(-1) + context 'for other user' do + + it 'should not be able to fork hidden project' do + @project.update_attributes(:visibility => 'hidden') + post :fork, :owner_name => @project.owner.uname, :project_name => @project.name + response.should redirect_to(forbidden_path) + end + + it_should_behave_like 'projects user without project admin rights' + end - it 'should not be able to fork project' do - post :fork, :owner_name => @project.owner.uname, :project_name => @project.name - # @project.errors.count.should == 1 - response.should redirect_to(@project) - end - - end - - context 'for reader user' do - before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) - @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') - end - - it_should_behave_like 'projects user with reader rights' - it_should_behave_like 'user without update rights' - end - - context 'for writer user' do - before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) - @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'writer') - end - - it_should_behave_like 'projects user with reader rights' - - it 'should not be able to create project to other group' do - group = FactoryGirl.create(:group) - post :create, @create_params.merge({:who_owns => 'group', :owner_id => group.id}) - response.should redirect_to(forbidden_path) - end - - it 'should not be able to fork project to other group' do - group = FactoryGirl.create(:group) - post :fork, :owner_name => @project.owner.uname, :project_name => @project.name, :group => group.id - response.should redirect_to(forbidden_path) - end - - it 'should be able to fork project to group' do - group = FactoryGirl.create(:group) - group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') - post :fork, :owner_name => @project.owner.uname, :project_name => @project.name, :group => group.id - response.should redirect_to(project_path(group.projects.first)) - end - end - - context 'search projects' do - before(:each) do - @admin = FactoryGirl.create(:admin) - @project1 = FactoryGirl.create(:project, :name => 'perl-debug') - @project2 = FactoryGirl.create(:project, :name => 'perl') - set_session_for(@admin) - end - - pending 'should return projects in right order' do - get :index, :query => 'per' - assigns(:projects).should eq([@project2, @project1]) - end - end - - context 'for other user' do - before(:each) do - @user = FactoryGirl.create(:user) - set_session_for(@user) - end - - it 'should not be able to fork hidden project' do - @project.update_attribute(:visibility, 'hidden') - post :fork, :owner_name => @project.owner.uname, :project_name => @project.name - response.should redirect_to(forbidden_path) - end - - it_should_behave_like 'user without update rights' - end + end # context 'for project members' context 'for group' do before(:each) do @group = FactoryGirl.create(:group) - @group_user = FactoryGirl.create(:user) - @project.relations.destroy_all - set_session_for(@group_user) end - context 'owner of the project' do + context 'group is owner of the project' do before(:each) do - @project.update_attribute :owner, @group - @project.relations.create :actor_id => @project.owner.id, :actor_type => @project.owner.class.to_s, :role => 'admin' + @project = FactoryGirl.create(:project, :owner => @group) end - context 'reader user' do + context 'group member user with reader role' do before(:each) do - @group.actors.create(:actor_id => @group_user.id, :actor_type => 'User', :role => 'reader') + @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'reader') end it_should_behave_like 'projects user with reader rights' - it_should_behave_like 'user without update rights' + it_should_behave_like 'projects user without project admin rights' it 'should has reader role to group project' do - @group_user.best_role(@project).should eql('reader') # Need this? + @user.best_role(@project).should eql('reader') end context 'user should has best role' do before(:each) do - @project.relations.create :actor_id => @group_user.id, :actor_type => @group_user.class.to_s, :role => 'admin' + @project.relations.create :actor_id => @user.id, :actor_type => @user.class.to_s, :role => 'admin' end - it_should_behave_like 'projects user with admin rights' + it_should_behave_like 'projects user with project admin rights' end end - context 'admin user' do + context 'group member user with admin role' do before(:each) do - @group.actors.create(:actor_id => @group_user.id, :actor_type => 'User', :role => 'admin') + @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'admin') end - it_should_behave_like 'projects user with admin rights' + it_should_behave_like 'projects user with project admin rights' it_should_behave_like 'projects user with reader rights' end end - context 'member of the project' do + context 'group is member of the project' do context 'with admin rights' do before(:each) do @project.relations.create :actor_id => @group.id, :actor_type => @group.class.to_s, :role => 'admin' end - context 'reader user' do + context 'group member user with reader role' do before(:each) do - @group.actors.create(:actor_id => @group_user.id, :actor_type => 'User', :role => 'reader') + @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'reader') end it_should_behave_like 'projects user with reader rights' - it_should_behave_like 'projects user with admin rights' + it_should_behave_like 'projects user with project admin rights' context 'user should has best role' do before(:each) do - @project.relations.create :actor_id => @group_user.id, :actor_type => @group_user.class.to_s, :role => 'reader' + @project.relations.create :actor_id => @user.id, :actor_type => @user.class.to_s, :role => 'reader' end - it_should_behave_like 'projects user with admin rights' + it_should_behave_like 'projects user with project admin rights' end end - context 'admin user' do + context 'group member user with admin role' do before(:each) do - @group.actors.create(:actor_id => @group_user.id, :actor_type => 'User', :role => 'admin') + @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'admin') end - it_should_behave_like 'projects user with admin rights' + it_should_behave_like 'projects user with project admin rights' it_should_behave_like 'projects user with reader rights' end end @@ -221,29 +281,29 @@ describe Projects::ProjectsController do @project.relations.create :actor_id => @group.id, :actor_type => @group.class.to_s, :role => 'reader' end - context 'reader user' do + context 'group member user with reader role' do before(:each) do - @group.actors.create(:actor_id => @group_user.id, :actor_type => 'User', :role => 'reader') + @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'reader') end it_should_behave_like 'projects user with reader rights' - it_should_behave_like 'user without update rights' + it_should_behave_like 'projects user without project admin rights' context 'user should has best role' do before(:each) do - @project.relations.create :actor_id => @group_user.id, :actor_type => @group_user.class.to_s, :role => 'admin' + @project.relations.create :actor_id => @user.id, :actor_type => @user.class.to_s, :role => 'admin' end - it_should_behave_like 'projects user with admin rights' + it_should_behave_like 'projects user with project admin rights' end end - context 'admin user' do + context 'group member user with admin role' do before(:each) do - @group.actors.create(:actor_id => @group_user.id, :actor_type => 'User', :role => 'admin') + @group.actors.create(:actor_id => @user.id, :actor_type => 'User', :role => 'admin') end it_should_behave_like 'projects user with reader rights' - it_should_behave_like 'user without update rights' + it_should_behave_like 'projects user without project admin rights' end end end diff --git a/spec/factories/build_lists.rb b/spec/factories/build_lists.rb index 0271f50ea..5f2b0d574 100644 --- a/spec/factories/build_lists.rb +++ b/spec/factories/build_lists.rb @@ -6,6 +6,7 @@ FactoryGirl.define do association :save_to_platform, :factory => :platform_with_repos association :arch build_for_platform {|bl| bl.save_to_platform} + save_to_repository {|bl| bl.save_to_platform.repositories.first} project_version "1.0" build_requires true update_type 'security' diff --git a/spec/factories/product_build_lists.rb b/spec/factories/product_build_lists.rb index ef7642340..9e99cbcc1 100644 --- a/spec/factories/product_build_lists.rb +++ b/spec/factories/product_build_lists.rb @@ -2,5 +2,6 @@ FactoryGirl.define do factory :product_build_list do association :product, :factory => :product + status 0 # BUILD_COMPLETED end end diff --git a/spec/models/cancan_spec.rb b/spec/models/cancan_spec.rb index 467b1e275..5f0ba821a 100644 --- a/spec/models/cancan_spec.rb +++ b/spec/models/cancan_spec.rb @@ -103,15 +103,15 @@ describe CanCan do @ability.should be_able_to(:read, @admin) end - pending "shoud be able to read index AutoBuildList" do - @ability.should be_able_to(:index, AutoBuildList) - end - it "shoud be able to read open projects" do @project = FactoryGirl.create(:project, :visibility => 'open') @ability.should be_able_to(:read, @project) end + it 'should be able to see open platform' do + @ability.should be_able_to(:show, open_platform) + end + it "shoud be able to create project" do @ability.should be_able_to(:create, Project) end @@ -123,7 +123,9 @@ describe CanCan do context "private users relations" do before(:each) do @private_user = FactoryGirl.create(:private_user) - @private_user.platform.update_attribute(:owner, @user) + + @private_user.platform.owner = @user + @private_user.platform.save end [:read, :create].each do |action| @@ -148,10 +150,6 @@ describe CanCan do @ability.should be_able_to(:read, @project) end - it 'should be able to read open platform' do - @ability.should be_able_to(:read, open_platform) - end - it 'should be able to read issue' do @ability.should be_able_to(:read, @issue) end @@ -207,7 +205,9 @@ describe CanCan do context 'with owner rights' do before(:each) do - @project.update_attribute(:owner, @user) + @project.owner = @user + @project.save + @project.relations.create!(:actor_id => @user.id, :actor_type => 'User', :role => 'admin') @issue.project.reload end @@ -241,7 +241,8 @@ describe CanCan do context 'with owner rights' do before(:each) do - @platform.update_attribute(:owner, @user) + @platform.owner = @user + @platform.save end [:read, :update, :destroy].each do |action| @@ -269,7 +270,8 @@ describe CanCan do context 'with owner rights' do before(:each) do - @repository.platform.update_attribute(:owner, @user) + @repository.platform.owner = @user + @repository.platform.save end [:read, :create, :update, :destroy, :add_project, :remove_project, :change_visibility, :settings].each do |action| diff --git a/spec/models/comment_for_commit_spec.rb b/spec/models/comment_for_commit_spec.rb index 6e51eb1fa..4b6ce9875 100644 --- a/spec/models/comment_for_commit_spec.rb +++ b/spec/models/comment_for_commit_spec.rb @@ -91,7 +91,7 @@ describe Comment do context 'for disabled notify setting new_comment_commit_repo_owner' do it 'should not send an e-mail' do - @user.notifier.update_attribute :new_comment_commit_repo_owner, false + @user.notifier.update_column :new_comment_commit_repo_owner, false comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 1 end @@ -99,7 +99,7 @@ describe Comment do context 'for disabled notify setting new_comment_commit_owner' do it 'should send an e-mail' do - @user.notifier.update_attribute :new_comment_commit_owner, false + @user.notifier.update_column :new_comment_commit_owner, false comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 1 ActionMailer::Base.deliveries.last.to.include?(@user.email).should == true @@ -108,7 +108,7 @@ describe Comment do context 'for disabled notify setting new_comment_commit_commentor' do it 'should send an e-mail' do - @user.notifier.update_attribute :new_comment_commit_commentor, false + @user.notifier.update_column :new_comment_commit_commentor, false comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 1 ActionMailer::Base.deliveries.last.to.include?(@user.email).should == true @@ -117,9 +117,9 @@ describe Comment do context 'for disabled all notify setting expect global' do it 'should not send an e-mail' do - @user.notifier.update_attribute :new_comment_commit_repo_owner, false - @user.notifier.update_attribute :new_comment_commit_owner, false - @user.notifier.update_attribute :new_comment_commit_commentor, false + @user.notifier.update_column :new_comment_commit_repo_owner, false + @user.notifier.update_column :new_comment_commit_owner, false + @user.notifier.update_column :new_comment_commit_commentor, false comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 0 end @@ -135,7 +135,7 @@ describe Comment do context 'for disabled global notify setting' do it 'should not send an e-mail' do - @user.notifier.update_attribute :can_notify, false + @user.notifier.update_column :can_notify, false comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 0 end @@ -148,7 +148,10 @@ describe Comment do @user = FactoryGirl.create(:user) @stranger = FactoryGirl.create(:user) set_comments_data_for_commit - @project.update_attribute(:owner, @user) + + @project.owner = @user + @project.save + ActionMailer::Base.deliveries = [] end @@ -178,7 +181,7 @@ describe Comment do context 'for disabled notify setting new_comment_commit_repo_owner' do it 'should not send an e-mail' do - @user.notifier.update_attribute :new_comment_commit_repo_owner, false + @user.notifier.update_column :new_comment_commit_repo_owner, false Comment.destroy_all comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 0 @@ -187,7 +190,7 @@ describe Comment do context 'for disabled notify setting new_comment_commit_owner' do it 'should send an e-mail' do - @user.notifier.update_attribute :new_comment_commit_owner, false + @user.notifier.update_column :new_comment_commit_owner, false comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 1 ActionMailer::Base.deliveries.last.to.include?(@user.email).should == true @@ -196,7 +199,7 @@ describe Comment do context 'for disabled notify setting new_comment_commit_commentor' do it 'should send an e-mail' do - @user.notifier.update_attribute :new_comment_commit_commentor, false + @user.notifier.update_column :new_comment_commit_commentor, false comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 1 ActionMailer::Base.deliveries.last.to.include?(@user.email).should == true @@ -205,9 +208,9 @@ describe Comment do context 'for disabled all notify setting expect global' do it 'should not send an e-mail' do - @user.notifier.update_attribute :new_comment_commit_repo_owner, false - @user.notifier.update_attribute :new_comment_commit_owner, false - @user.notifier.update_attribute :new_comment_commit_commentor, false + @user.notifier.update_column :new_comment_commit_repo_owner, false + @user.notifier.update_column :new_comment_commit_owner, false + @user.notifier.update_column :new_comment_commit_commentor, false comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 0 end @@ -223,7 +226,7 @@ describe Comment do context 'for disabled global notify setting' do it 'should not send an e-mail' do - @user.notifier.update_attribute :can_notify, false + @user.notifier.update_column :can_notify, false comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 0 end @@ -231,7 +234,7 @@ describe Comment do context 'for own commit' do it 'should send a one e-mail' do - @project.owner.update_attribute :email, 'code@tpope.net' + @project.owner.update_column :email, 'code@tpope.net' comment = create_comment(@stranger) ActionMailer::Base.deliveries.count.should == 1 ActionMailer::Base.deliveries.last.to.include?(@project.owner.email).should == true @@ -298,7 +301,7 @@ describe Comment do context 'for committer' do it 'should send an e-mail' do - @simple.update_attribute :email, 'code@tpope.net' + @simple.update_column :email, 'code@tpope.net' comment = create_comment(@user) ActionMailer::Base.deliveries.count.should == 1 ActionMailer::Base.deliveries.last.to.include?(@simple.email).should == true @@ -306,30 +309,30 @@ describe Comment do it 'should send a one e-mail when subscribed to commit' do Subscribe.subscribe_to_commit @subscribe_params.merge(:user_id => @simple.id) - @simple.update_attribute :email, 'code@tpope.net' + @simple.update_column :email, 'code@tpope.net' comment = create_comment(@user) ActionMailer::Base.deliveries.count.should == 1 ActionMailer::Base.deliveries.last.to.include?(@simple.email).should == true end it 'should not send an e-mail for own comment' do - @simple.update_attribute :email, 'code@tpope.net' + @simple.update_column :email, 'code@tpope.net' comment = create_comment(@simple) ActionMailer::Base.deliveries.count.should == 0 end it 'should not send an e-mail if global notify off' do - @project.owner.notifier.update_attribute :can_notify, false - @simple.update_attribute :email, 'code@tpope.net' - @simple.notifier.update_attribute :can_notify, false + @project.owner.notifier.update_column :can_notify, false + @simple.update_column :email, 'code@tpope.net' + @simple.notifier.update_column :can_notify, false comment = create_comment(@user) ActionMailer::Base.deliveries.count.should == 0 end it 'should not send an e-mail if notify for my commits off' do Comment.destroy_all - @simple.notifier.update_attribute :new_comment_commit_owner, false - @simple.update_attribute :email, 'code@tpope.net' + @simple.notifier.update_column :new_comment_commit_owner, false + @simple.update_column :email, 'code@tpope.net' comment = create_comment(@user) ActionMailer::Base.deliveries.count.should == 0 end diff --git a/spec/models/comment_spec.rb b/spec/models/comment_spec.rb index afc99e0bc..6afc22242 100644 --- a/spec/models/comment_spec.rb +++ b/spec/models/comment_spec.rb @@ -84,7 +84,8 @@ describe Comment do set_commentable_data - @project.update_attribute(:owner, @user) + @project.owner = @user + @project.save @project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 36209c472..e1bede7bf 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -61,8 +61,11 @@ describe Group do context 'for group owner' do before(:each) do - @user = FactoryGirl.create(:user) - @group.update_attribute(:owner, @user) + @user = FactoryGirl.create(:user) + + @group.owner = @user + @group.save + @group.actors.create(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') @ability = Ability.new(@user) end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 8e61b75c6..75e39175d 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -45,7 +45,9 @@ describe User do context 'for group project' do before(:each) do @project.relations.destroy_all - @project.update_attribute :owner, @group + + @project.owner = @group + @project.save @project.relations.create :actor_id => @project.owner.id, :actor_type => @project.owner.class.to_s, :role => 'admin' end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index a29d72fa6..e7ce00299 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -25,6 +25,9 @@ RSpec.configure do |config| # examples within a transaction, remove the following line or assign false # instead of true. config.use_transactional_fixtures = true + + config.filter_run_excluding :anonymous_access => !(APP_CONFIG['anonymous_access']) + end def set_session_for(user=nil) diff --git a/spec/support/shared_examples/projects_controller.rb b/spec/support/shared_examples/projects_controller.rb deleted file mode 100644 index 0e4b4aff2..000000000 --- a/spec/support/shared_examples/projects_controller.rb +++ /dev/null @@ -1,42 +0,0 @@ -# -*- encoding : utf-8 -*- -shared_examples_for 'projects user with reader rights' do - include_examples 'user with rights to view projects' # nested shared_examples_for dont work - - it 'should be able to fork project' do - post :fork, :owner_name => @project.owner.uname, :project_name => @project.name - response.should redirect_to(project_path(Project.last)) - end - -end - -shared_examples_for 'projects user with admin rights' do - it 'should be able to perform update action' do - put :update, {:owner_name => @project.owner.uname, :project_name => @project.name}.merge(@update_params) - response.should redirect_to(project_path(@project)) - end -end - -shared_examples_for 'user with rights to view projects' do - it 'should be able to perform index action' do - get :index - response.should render_template(:index) - end -end - -shared_examples_for 'user without update rights' do - it 'should not be able to edit project' do - description = @project.description - put :update, :project=>{:description =>"hack"}, :owner_name => @project.owner.uname, :project_name => @project.name - Project.find(@project.id).description.should == description - response.should redirect_to(forbidden_path) - end - - it 'should not be able to edit project sections' do - has_wiki, has_issues = @project.has_wiki, @project.has_issues - post :sections, :project =>{:has_wiki => !has_wiki, :has_issues => !has_issues}, :owner_name => @project.owner.uname, :project_name => @project.name - project = Project.find(@project.id) - project.has_wiki.should == has_wiki - project.has_issues.should == has_issues - response.should redirect_to(forbidden_path) - end -end