Merge pull request #697 from warpc/686-rest-api-for-projects
[refs #686]: REST API for Projects
This commit is contained in:
commit
81fcb62a06
2
Gemfile
2
Gemfile
|
@ -44,7 +44,7 @@ gem 'trinidad', '~> 1.0.2', :platforms => :jruby
|
|||
gem 'newrelic_rpm', '~> 3.4.1', :platforms => [:mri, :rbx]
|
||||
gem 'whenever', '~> 0.7.3', :require => false
|
||||
|
||||
gem 'jbuilder', '~> 0.4.0'
|
||||
gem 'jbuilder', '~> 0.8.2'
|
||||
gem 'rails3-jquery-autocomplete', '~> 1.0.7'
|
||||
gem 'will_paginate', '~> 3.0.3'
|
||||
gem 'meta-tags', '~> 1.2.5', :require => 'meta_tags'
|
||||
|
|
|
@ -145,9 +145,8 @@ GEM
|
|||
hike (1.2.1)
|
||||
hirb (0.7.0)
|
||||
i18n (0.6.0)
|
||||
jbuilder (0.4.3)
|
||||
jbuilder (0.8.2)
|
||||
activesupport (>= 3.0.0)
|
||||
blankslate (>= 2.1.2.4)
|
||||
journey (1.0.4)
|
||||
jquery-rails (2.0.2)
|
||||
railties (>= 3.2.0, < 5.0)
|
||||
|
@ -381,7 +380,7 @@ DEPENDENCIES
|
|||
haml-rails (~> 0.3.4)
|
||||
highline (~> 1.6.11)
|
||||
hirb
|
||||
jbuilder (~> 0.4.0)
|
||||
jbuilder (~> 0.8.2)
|
||||
jquery-rails (~> 2.0.2)
|
||||
mailcatcher
|
||||
meta-tags (~> 1.2.5)
|
||||
|
|
|
@ -25,6 +25,17 @@ class Api::V1::BaseController < ApplicationController
|
|||
end
|
||||
end
|
||||
|
||||
def update_member_in_subject(subject, relation = :relations)
|
||||
role = params[:role]
|
||||
class_name = subject.class.name.downcase
|
||||
if member.present? && role.present? && subject.respond_to?(:owner) && subject.owner != member &&
|
||||
subject.send(relation).by_actor(member).update_all(:role => role)
|
||||
render_json_response subject, "Role for #{member.class.name.downcase} '#{member.id} has been updated in #{class_name} successfully"
|
||||
else
|
||||
render_validation_error subject, "Role for member has not been updated in #{class_name}"
|
||||
end
|
||||
end
|
||||
|
||||
def add_member_to_subject(subject, role = 'admin')
|
||||
class_name = subject.class.name.downcase
|
||||
if member.present? && subject.add_member(member, role)
|
||||
|
|
|
@ -43,14 +43,8 @@ class Api::V1::GroupsController < Api::V1::BaseController
|
|||
end
|
||||
|
||||
def update_member
|
||||
member_id, role = params[:member_id], params[:role]
|
||||
if member_id.present? && role.present? && @group.owner_id != member_id.to_i &&
|
||||
@group.actors.where(:actor_id => member_id, :actor_type => 'User').
|
||||
update_all(:role => role)
|
||||
render_json_response @group, "Role for user #{member_id} has been updated in group successfully"
|
||||
else
|
||||
render_validation_error @group, 'Role for user has not been updated in group'
|
||||
end
|
||||
params[:type] = 'User'
|
||||
update_member_in_subject @group, :actors
|
||||
end
|
||||
|
||||
end
|
|
@ -1,10 +1,15 @@
|
|||
# -*- encoding : utf-8 -*-
|
||||
class Api::V1::ProjectsController < Api::V1::BaseController
|
||||
|
||||
|
||||
before_filter :authenticate_user!
|
||||
skip_before_filter :authenticate_user!, :only => [:get_id, :show, :refs] if APP_CONFIG['anonymous_access']
|
||||
|
||||
load_and_authorize_resource
|
||||
load_and_authorize_resource :project
|
||||
|
||||
def index
|
||||
@projects = Project.accessible_by(current_ability, :membered).
|
||||
paginate(paginate_params)
|
||||
end
|
||||
|
||||
def get_id
|
||||
if @project = Project.find_by_owner_and_name(params[:owner], params[:name])
|
||||
|
@ -20,4 +25,51 @@ class Api::V1::ProjectsController < Api::V1::BaseController
|
|||
def refs_list
|
||||
end
|
||||
|
||||
def update
|
||||
update_subject @project
|
||||
end
|
||||
|
||||
def destroy
|
||||
destroy_subject @project
|
||||
end
|
||||
|
||||
def create
|
||||
p_params = params[:project] || {}
|
||||
owner_type = p_params[:owner_type]
|
||||
if owner_type.present? && %w(User Group).include?(owner_type)
|
||||
@project.owner = owner_type.constantize.
|
||||
where(:id => p_params[:owner_id]).first
|
||||
else
|
||||
@project.owner = nil
|
||||
end
|
||||
authorize! :update, @project.owner if @project.owner != current_user
|
||||
create_subject @project
|
||||
end
|
||||
|
||||
def members
|
||||
@members = @project.collaborators.order('uname').paginate(paginate_params)
|
||||
end
|
||||
|
||||
def add_member
|
||||
add_member_to_subject @project, params[:role]
|
||||
end
|
||||
|
||||
def remove_member
|
||||
remove_member_from_subject @project
|
||||
end
|
||||
|
||||
def update_member
|
||||
update_member_in_subject @project
|
||||
end
|
||||
|
||||
def fork
|
||||
owner = (Group.find params[:group_id] if params[:group].present?) || current_user
|
||||
authorize! :update, owner if owner.class == Group
|
||||
if forked = @project.fork(owner) and forked.valid?
|
||||
render_json_response forked, 'Project has been forked successfully'
|
||||
else
|
||||
render_validation_error forked, 'Project has not been forked'
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -64,7 +64,9 @@ class Ability
|
|||
can [:read, :archive], Project, :owner_type => 'Group', :owner_id => user.group_ids
|
||||
can([:read, :membered, :get_id], Project, read_relations_for('projects')) {|project| local_reader? project}
|
||||
can(:write, Project) {|project| local_writer? project} # for grack
|
||||
can([:update, :sections, :manage_collaborators, :autocomplete_maintainers], Project) {|project| local_admin? project}
|
||||
can [:update, :sections, :manage_collaborators, :autocomplete_maintainers, :add_member, :remove_member, :update_member, :members], Project do |project|
|
||||
local_admin? project
|
||||
end
|
||||
can(:fork, Project) {|project| can? :read, project}
|
||||
can(:fork, Project) {|project| project.owner_type == 'Group' and can? :update, project.owner}
|
||||
can(:destroy, Project) {|project| owner? project}
|
||||
|
|
|
@ -40,13 +40,7 @@ class Group < Avatar
|
|||
end
|
||||
|
||||
def add_member(member, role = 'admin')
|
||||
if actors.exists?(:actor_id => member.id, :actor_type => member.class.to_s) || owner == member
|
||||
true
|
||||
else
|
||||
rel = actors.build(:role => role)
|
||||
rel.actor = member
|
||||
rel.save
|
||||
end
|
||||
Relation.add_member(member, self, role, :actors)
|
||||
end
|
||||
|
||||
def remove_member(member)
|
||||
|
|
|
@ -89,6 +89,14 @@ class Project < ActiveRecord::Base
|
|||
collaborators | groups.map(&:members).flatten
|
||||
end
|
||||
|
||||
def add_member(member, role = 'admin')
|
||||
Relation.add_member(member, self, role)
|
||||
end
|
||||
|
||||
def remove_member(member)
|
||||
Relation.remove_member(member, self)
|
||||
end
|
||||
|
||||
def platforms
|
||||
@platforms ||= repositories.map(&:platform).uniq
|
||||
end
|
||||
|
@ -191,7 +199,9 @@ class Project < ActiveRecord::Base
|
|||
end
|
||||
|
||||
def set_maintainer
|
||||
self.maintainer_id = (owner_type == 'User') ? self.owner_id : self.owner.owner_id
|
||||
if maintainer_id.blank?
|
||||
self.maintainer_id = (owner_type == 'User') ? self.owner_id : self.owner.owner_id
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -22,18 +22,18 @@ class Relation < ActiveRecord::Base
|
|||
r.save
|
||||
end
|
||||
|
||||
def self.add_member(member, target, role)
|
||||
if target.relations.exists?(:actor_id => member.id, :actor_type => member.class.to_s) || target.try(:owner) == member
|
||||
def self.add_member(member, target, role, relation = :relations)
|
||||
if target.send(relation).exists?(:actor_id => member.id, :actor_type => member.class.to_s) || (target.respond_to?(:owner) && target.owner == member)
|
||||
true
|
||||
else
|
||||
rel = target.relations.build(:role => role)
|
||||
rel = target.send(relation).build(:role => role)
|
||||
rel.actor = member
|
||||
rel.save
|
||||
end
|
||||
end
|
||||
|
||||
def self.remove_member(member, target)
|
||||
return false if target.try(:owner) == member
|
||||
return false if target.respond_to?(:owner) && target.owner == member
|
||||
Relation.by_actor(member).by_target(target).each{|r| r.destroy}
|
||||
end
|
||||
|
||||
|
|
|
@ -33,10 +33,7 @@ json.build_list do |json|
|
|||
json_build_for_platform.url api_v1_platform_path(@build_list.build_for_platform, :format => :json)
|
||||
end
|
||||
|
||||
json.owner do |json_owner|
|
||||
json_owner.(@build_list.user, :id, :name)
|
||||
json_owner.url url_for(@build_list.project.owner)
|
||||
end
|
||||
json.partial! 'api/v1/shared/owner', :owner => @build_list.project.owner
|
||||
|
||||
inc_repos = Repository.includes(:platform).where(:id => @build_list.include_repos)
|
||||
json.include_repos inc_repos do |json_include_repos, repo|
|
||||
|
|
|
@ -2,11 +2,7 @@ json.groups @groups do |json, group|
|
|||
json.(group, :id, :uname, :own_projects_count, :description)
|
||||
json.created_at group.created_at.to_i
|
||||
json.updated_at group.updated_at.to_i
|
||||
json.owner do |json_owner|
|
||||
json_owner.(group.owner, :id, :name)
|
||||
json_owner.type 'User'
|
||||
json_owner.url api_v1_user_path(group.owner_id, :format => :json)
|
||||
end
|
||||
json.partial! 'api/v1/shared/owner', :owner => group.owner
|
||||
json.avatar_url avatar_url(group, :big)
|
||||
json.url api_v1_group_path(group.id, :format => :json)
|
||||
json.html_url group_path(group.uname)
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
json.group do |json|
|
||||
json.(@group, :id)
|
||||
json.members @members do |json_members, member|
|
||||
json_members.(member, :id)
|
||||
json_members.type member.class.name
|
||||
json_members.url member_path(member)
|
||||
end
|
||||
json.partial! 'api/v1/shared/members'
|
||||
end
|
||||
json.url members_api_v1_group_path(@group.id, :format => :json)
|
|
@ -2,11 +2,7 @@ json.group do |json|
|
|||
json.(@group, :id, :uname, :own_projects_count, :description)
|
||||
json.created_at @group.created_at.to_i
|
||||
json.updated_at @group.updated_at.to_i
|
||||
json.owner do |json_owner|
|
||||
json_owner.(@group.owner, :id, :name)
|
||||
json_owner.type 'User'
|
||||
json_owner.url api_v1_user_path(@group.owner_id, :format => :json)
|
||||
end
|
||||
json.partial! 'api/v1/shared/owner', :owner => @group.owner
|
||||
json.avatar_url avatar_url(@group, :big)
|
||||
json.url api_v1_group_path(@group.id, :format => :json)
|
||||
json.html_url group_path(@group.uname)
|
||||
|
|
|
@ -1,10 +1,6 @@
|
|||
json.platforms @platforms do |json, platform|
|
||||
json.(platform, :id, :name, :platform_type, :visibility)
|
||||
json.owner do |json_owner|
|
||||
json_owner.(platform.owner, :id, :name)
|
||||
json_owner.type platform.owner_type
|
||||
json_owner.url member_path(platform.owner)
|
||||
end
|
||||
json.partial! 'api/v1/shared/owner', :owner => platform.owner
|
||||
json.repositories platform.repositories do |json_repos, repo|
|
||||
json_repos.(repo, :id, :name)
|
||||
json_repos.url api_v1_repository_path(repo.id, :format => :json)
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
json.platform do |json|
|
||||
json.(@platform, :id)
|
||||
json.members @members do |json_members, member|
|
||||
json_members.(member, :id)
|
||||
json_members.type member.class.name
|
||||
json_members.url member_path(member)
|
||||
end
|
||||
json.partial! 'api/v1/shared/members'
|
||||
end
|
||||
json.url members_api_v1_platform_path(@platform.id, :format => :json)
|
|
@ -2,11 +2,7 @@ json.platform do |json|
|
|||
json.(@platform, :id, :name, :description, :parent_platform_id, :released, :visibility, :platform_type, :distrib_type)
|
||||
json.created_at @platform.created_at.to_i
|
||||
json.updated_at @platform.updated_at.to_i
|
||||
json.owner do |json_owner|
|
||||
json_owner.(@platform.owner, :id, :name)
|
||||
json_owner.type @platform.owner_type
|
||||
json_owner.url member_path(@platform.owner)
|
||||
end
|
||||
json.partial! 'api/v1/shared/owner', :owner => @platform.owner
|
||||
json.repositories @platform.repositories do |json_repos, repo|
|
||||
json_repos.(repo, :id, :name)
|
||||
json_repos.url api_v1_repository_path(repo.id, :format => :json)
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
json.project do |json|
|
||||
json.(@project, :id, :name, :visibility)
|
||||
json.owner do |json_owner|
|
||||
json_owner.(@project.owner, :id, :name)
|
||||
json_owner.type @project.owner_type
|
||||
json_owner.url url_for(@project.owner)
|
||||
end
|
||||
json.partial! 'api/v1/shared/owner', :owner => @project.owner
|
||||
json.url api_v1_project_path(@project, :format => :json)
|
||||
end
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
json.projects @projects do |json, project|
|
||||
json.(project, :id, :name, :visibility)
|
||||
json.owner do |json_owner|
|
||||
json_owner.(project.owner, :id, :name)
|
||||
json_owner.type project.owner_type
|
||||
json_owner.url url_for(project.owner)
|
||||
end
|
||||
json.url api_v1_project_path(project, :format => :json)
|
||||
json.(project, :id, :name, :visibility, :description, :ancestry, :has_issues, :has_wiki, :default_branch, :is_package, :average_build_time)
|
||||
json.created_at project.created_at.to_i
|
||||
json.updated_at project.updated_at.to_i
|
||||
json.partial! 'api/v1/shared/owner', :owner => project.owner
|
||||
json.url api_v1_project_path(project.id, :format => :json)
|
||||
end
|
||||
|
||||
json.url api_v1_projects_path(:format => :json)
|
||||
json.url api_v1_projects_path(:format => :json)
|
|
@ -0,0 +1,5 @@
|
|||
json.project do |json|
|
||||
json.(@project, :id)
|
||||
json.partial! 'api/v1/shared/members'
|
||||
end
|
||||
json.url members_api_v1_project_path(@project.id, :format => :json)
|
|
@ -1,12 +1,10 @@
|
|||
json.project do |json|
|
||||
json.(@project, :id, :name, :visibility, :description, :ancestry, :has_issues, :has_wiki,
|
||||
:default_branch, :is_package, :average_build_time)
|
||||
json.(@project, :id, :name, :visibility, :description, :ancestry, :has_issues, :has_wiki, :default_branch, :is_package, :average_build_time)
|
||||
json.created_at @project.created_at.to_i
|
||||
json.updated_at @project.updated_at.to_i
|
||||
json.owner do |json_owner|
|
||||
json_owner.(@project.owner, :id, :name)
|
||||
json_owner.type @project.owner_type
|
||||
json_owner.url url_for(@project.owner)
|
||||
json.partial! 'api/v1/shared/owner', :owner => @project.owner
|
||||
json.maintainer do |json_maintainer|
|
||||
json.partial! 'api/v1/shared/member', :member => @project.maintainer, :tag => json_maintainer
|
||||
end
|
||||
json.repositories @project.repositories do |json_repos, repo|
|
||||
json_repos.(repo, :id, :name)
|
||||
|
@ -16,6 +14,5 @@ json.project do |json|
|
|||
json_platform.url api_v1_platform_path(repo.platform, :format => :json)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
json.url api_v1_project_path(@project, :format => :json)
|
||||
json.url api_v1_project_path(@project.id, :format => :json)
|
||||
end
|
|
@ -0,0 +1,3 @@
|
|||
tag.(member, :id, :name)
|
||||
tag.type member.class.name
|
||||
tag.url member_path(member)
|
|
@ -0,0 +1,3 @@
|
|||
json.members @members do |json_members, member|
|
||||
json.partial! 'api/v1/shared/member', :member => member, :tag => json_members
|
||||
end
|
|
@ -0,0 +1,3 @@
|
|||
json.owner do |json_owner|
|
||||
json.partial! 'api/v1/shared/member', :member => owner, :tag => json_owner
|
||||
end
|
|
@ -41,10 +41,15 @@ Rosa::Application.routes.draw do
|
|||
put :signatures
|
||||
}
|
||||
end
|
||||
resources :projects, :only => [:show] do
|
||||
resources :projects, :only => [:index, :show, :update, :create, :destroy] do
|
||||
collection { get :get_id }
|
||||
member {
|
||||
post :fork
|
||||
get :refs_list
|
||||
get :members
|
||||
put :add_member
|
||||
delete :remove_member
|
||||
put :update_member
|
||||
}
|
||||
end
|
||||
resources :users, :only => [:show]
|
||||
|
|
|
@ -36,6 +36,42 @@ shared_examples_for "api projects user without show rights" do
|
|||
get :get_id, :name => @project.name, :owner => @project.owner.uname, :format => :json
|
||||
response.should_not be_success
|
||||
end
|
||||
|
||||
it "should show access violation instead of project members data" do
|
||||
get :members, :id => @project.id, :format => :json
|
||||
response.should_not be_success
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
shared_examples_for 'api projects user without fork rights' do
|
||||
it 'should not be able to perform fork action' do
|
||||
post :fork, :id => @project.id, :format => :json
|
||||
response.should_not be_success
|
||||
end
|
||||
it 'ensures that project has not been forked' do
|
||||
lambda { post :fork, :id => @project.id, :format => :json }.should_not change{ Project.count }
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'api projects user with fork rights' do
|
||||
it 'should be able to perform fork action' do
|
||||
post :fork, :id => @project.id, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
it 'ensures that project has been forked' do
|
||||
lambda { post :fork, :id => @project.id, :format => :json }.should change{ Project.count }.by(1)
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'api projects user with fork rights for hidden project' do
|
||||
before { @project.update_column(:visibility, 'hidden') }
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
end
|
||||
|
||||
shared_examples_for 'api projects user without fork rights for hidden project' do
|
||||
before { @project.update_column(:visibility, 'hidden') }
|
||||
it_should_behave_like 'api projects user without fork rights'
|
||||
end
|
||||
|
||||
shared_examples_for "api projects user with show rights" do
|
||||
|
@ -68,6 +104,165 @@ shared_examples_for "api projects user with show rights" do
|
|||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'api projects user with admin rights' do
|
||||
|
||||
it "should be able to perform members action" do
|
||||
get :members, :id => @project.id, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
context 'api project user with update rights' do
|
||||
before do
|
||||
put :update, {:project => {:description => 'new description'}, :id => @project.id}, :format => :json
|
||||
end
|
||||
|
||||
it 'should be able to perform update action' do
|
||||
response.should be_success
|
||||
end
|
||||
it 'ensures that group has been updated' do
|
||||
@project.reload
|
||||
@project.description.should == 'new description'
|
||||
end
|
||||
end
|
||||
|
||||
context 'api project user with add_member rights' do
|
||||
let(:member) { FactoryGirl.create(:user) }
|
||||
before do
|
||||
put :add_member, {:member_id => member.id, :type => 'User', :role => 'admin', :id => @project.id}, :format => :json
|
||||
end
|
||||
|
||||
it 'should be able to perform add_member action' do
|
||||
response.should be_success
|
||||
end
|
||||
it 'ensures that new member has been added to project' do
|
||||
@project.members.should include(member)
|
||||
end
|
||||
end
|
||||
|
||||
context 'api project user with remove_member rights' do
|
||||
let(:member) { FactoryGirl.create(:user) }
|
||||
before do
|
||||
@project.add_member(member)
|
||||
delete :remove_member, {:member_id => member.id, :type => 'User', :id => @project.id}, :format => :json
|
||||
end
|
||||
|
||||
it 'should be able to perform remove_member action' do
|
||||
response.should be_success
|
||||
end
|
||||
it 'ensures that member has been removed from project' do
|
||||
@project.members.should_not include(member)
|
||||
end
|
||||
end
|
||||
|
||||
context 'api group user with update_member rights' do
|
||||
let(:member) { FactoryGirl.create(:user) }
|
||||
before do
|
||||
@project.add_member(member)
|
||||
put :update_member, {:member_id => member.id, :type => 'User', :role => 'reader', :id => @project.id}, :format => :json
|
||||
end
|
||||
|
||||
it 'should be able to perform update_member action' do
|
||||
response.should be_success
|
||||
end
|
||||
it 'ensures that member role has been updated in project' do
|
||||
@project.relations.by_actor(member).first.
|
||||
role.should == 'reader'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'api projects user without admin rights' do
|
||||
|
||||
it "should not be able to perform members action" do
|
||||
get :members, :id => @project.id, :format => :json
|
||||
response.should_not be_success
|
||||
end
|
||||
|
||||
context 'api project user without update_member rights' do
|
||||
let(:member) { FactoryGirl.create(:user) }
|
||||
before do
|
||||
@project.add_member(member)
|
||||
put :update_member, {:member_id => member.id, :type => 'User', :role => 'reader', :id => @project.id}, :format => :json
|
||||
end
|
||||
|
||||
it 'should not be able to perform update_member action' do
|
||||
response.should_not be_success
|
||||
end
|
||||
it 'ensures that member role has not been updated in project' do
|
||||
@project.relations.by_actor(member).first.
|
||||
role.should_not == 'reader'
|
||||
end
|
||||
end
|
||||
|
||||
context 'api project user without update rights' do
|
||||
before do
|
||||
put :update, {:project => {:description => 'new description'}, :id => @project.id}, :format => :json
|
||||
end
|
||||
|
||||
it 'should not be able to perform update action' do
|
||||
response.should_not be_success
|
||||
end
|
||||
it 'ensures that project has not been updated' do
|
||||
@project.reload
|
||||
@project.description.should_not == 'new description'
|
||||
end
|
||||
end
|
||||
|
||||
context 'api project user without add_member rights' do
|
||||
let(:member) { FactoryGirl.create(:user) }
|
||||
before do
|
||||
put :add_member, {:member_id => member.id, :type => 'User', :role => 'admin', :id => @project.id}, :format => :json
|
||||
end
|
||||
|
||||
it 'should not be able to perform add_member action' do
|
||||
response.should_not be_success
|
||||
end
|
||||
it 'ensures that new member has not been added to project' do
|
||||
@project.members.should_not include(member)
|
||||
end
|
||||
end
|
||||
|
||||
context 'api project user without remove_member rights' do
|
||||
let(:member) { FactoryGirl.create(:user) }
|
||||
before do
|
||||
@project.add_member(member)
|
||||
delete :remove_member, {:member_id => member.id, :type => 'User', :id => @project.id}, :format => :json
|
||||
end
|
||||
|
||||
it 'should be able to perform update action' do
|
||||
response.should_not be_success
|
||||
end
|
||||
it 'ensures that member has not been removed from project' do
|
||||
@project.members.should include(member)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
shared_examples_for 'api projects user with owner rights' do
|
||||
context 'api project user with destroy rights' do
|
||||
it 'should be able to perform destroy action' do
|
||||
delete :destroy, :id => @project.id, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
it 'ensures that project has been destroyed' do
|
||||
lambda { delete :destroy, :id => @project.id, :format => :json }.should change{ Project.count }.by(-1)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'api projects user without owner rights' do
|
||||
context 'api project user with destroy rights' do
|
||||
it 'should not be able to perform destroy action' do
|
||||
delete :destroy, :id => @project.id, :format => :json
|
||||
response.should_not be_success
|
||||
end
|
||||
it 'ensures that project has not been destroyed' do
|
||||
lambda { delete :destroy, :id => @project.id, :format => :json }.should_not change{ Project.count }
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe Api::V1::ProjectsController do
|
||||
|
||||
before(:each) do
|
||||
|
@ -79,14 +274,24 @@ describe Api::V1::ProjectsController do
|
|||
end
|
||||
|
||||
context 'for guest' do
|
||||
|
||||
|
||||
[:index, :members].each do |action|
|
||||
it "should not be able to perform #{action} action" do
|
||||
get action, :id => @project.id, :format => :json
|
||||
response.should_not be_success
|
||||
end
|
||||
end
|
||||
|
||||
if APP_CONFIG['anonymous_access']
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with show rights'
|
||||
it_should_behave_like 'api projects user without reader rights for hidden project'
|
||||
else
|
||||
it_should_behave_like 'api projects user without show rights'
|
||||
end
|
||||
|
||||
it_should_behave_like 'api projects user without fork rights'
|
||||
it_should_behave_like 'api projects user without fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user without admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
end
|
||||
|
||||
context 'for simple user' do
|
||||
|
@ -95,8 +300,28 @@ describe Api::V1::ProjectsController do
|
|||
http_login(@user)
|
||||
end
|
||||
|
||||
it 'should be able to perform index action' do
|
||||
get :index, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
context 'api project user with create rights' do
|
||||
let(:params) { {:project => {:name => 'test_name', :owner_id => @user.id, :owner_type => 'User', :visibility => 'open'}} }
|
||||
it 'should be able to perform create action' do
|
||||
post :create, params, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
it 'ensures that project has been created' do
|
||||
lambda { post :create, params, :format => :json }.should change{ Project.count }.by(1)
|
||||
end
|
||||
end
|
||||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user without reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user without fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user without admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
end
|
||||
|
||||
context 'for admin' do
|
||||
|
@ -107,18 +332,25 @@ describe Api::V1::ProjectsController do
|
|||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user with fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user with admin rights'
|
||||
it_should_behave_like 'api projects user with owner rights'
|
||||
end
|
||||
|
||||
context 'for owner user' do
|
||||
before(:each) do
|
||||
@user = FactoryGirl.create(:user)
|
||||
http_login(@user)
|
||||
@project.owner = @user; @project.save
|
||||
@project.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
|
||||
@project = FactoryGirl.create(:project, :owner => @user)
|
||||
end
|
||||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user without fork rights'
|
||||
it_should_behave_like 'api projects user without fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user with admin rights'
|
||||
it_should_behave_like 'api projects user with owner rights'
|
||||
end
|
||||
|
||||
context 'for reader user' do
|
||||
|
@ -130,6 +362,10 @@ describe Api::V1::ProjectsController do
|
|||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user with fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user without admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
end
|
||||
|
||||
context 'for writer user' do
|
||||
|
@ -141,25 +377,32 @@ describe Api::V1::ProjectsController do
|
|||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user with fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user without admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
end
|
||||
|
||||
context 'for group' do
|
||||
before(:each) do
|
||||
@group = FactoryGirl.create(:group)
|
||||
@group_user = FactoryGirl.create(:user)
|
||||
@project.relations.destroy_all
|
||||
# @project.relations.destroy_all
|
||||
http_login(@group_user)
|
||||
end
|
||||
|
||||
context 'with no relations to project' do
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user without reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user without fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user without admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
end
|
||||
|
||||
context 'owner of the project' do
|
||||
before(:each) do
|
||||
@project.owner = @group; @project.save
|
||||
@project.relations.create :actor_id => @project.owner.id, :actor_type => @project.owner.class.to_s, :role => 'admin'
|
||||
@project = FactoryGirl.create(:project, :owner => @group)
|
||||
end
|
||||
|
||||
context 'reader user' do
|
||||
|
@ -169,6 +412,10 @@ describe Api::V1::ProjectsController do
|
|||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user with fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user without admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
end
|
||||
|
||||
context 'admin user' do
|
||||
|
@ -178,6 +425,10 @@ describe Api::V1::ProjectsController do
|
|||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user with fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user with admin rights'
|
||||
it_should_behave_like 'api projects user with owner rights'
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -194,6 +445,10 @@ describe Api::V1::ProjectsController do
|
|||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user with fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user with admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
end
|
||||
|
||||
context 'admin user' do
|
||||
|
@ -203,6 +458,10 @@ describe Api::V1::ProjectsController do
|
|||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user with fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user with admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -218,12 +477,20 @@ describe Api::V1::ProjectsController do
|
|||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user with fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user without admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
|
||||
context 'user should has best role' do
|
||||
before(:each) do
|
||||
@project.relations.create :actor_id => @group_user.id, :actor_type => @group_user.class.to_s, :role => 'admin'
|
||||
end
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user with fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user with admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -234,6 +501,10 @@ describe Api::V1::ProjectsController do
|
|||
|
||||
it_should_behave_like 'api projects user with reader rights'
|
||||
it_should_behave_like 'api projects user with reader rights for hidden project'
|
||||
it_should_behave_like 'api projects user with fork rights'
|
||||
it_should_behave_like 'api projects user with fork rights for hidden project'
|
||||
it_should_behave_like 'api projects user without admin rights'
|
||||
it_should_behave_like 'api projects user without owner rights'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue