#698: updated specs, permission access

This commit is contained in:
Vokhmin Alexey V 2012-10-18 19:44:28 +04:00
parent d5ad5b1a95
commit 84e5f3ead3
2 changed files with 86 additions and 8 deletions

View File

@ -2,9 +2,9 @@
class Api::V1::AdvisoriesController < Api::V1::BaseController class Api::V1::AdvisoriesController < Api::V1::BaseController
before_filter :authenticate_user! before_filter :authenticate_user!
skip_before_filter :authenticate_user!, :only => [:index, :show] if APP_CONFIG['anonymous_access'] skip_before_filter :authenticate_user!, :only => [:index, :show] if APP_CONFIG['anonymous_access']
load_and_authorize_resource :advisory, :find_by => :advisory_id load_resource :advisory, :find_by => :advisory_id
load_and_authorize_resource :build_list, before_filter :find_build_list, :only => [:create, :update]
:find_by => :build_list_id, :only => [:create, :update] authorize_resource :build_list, :only => [:create, :update]
def index def index
@advisories = @advisories.scoped(:include => :platforms). @advisories = @advisories.scoped(:include => :platforms).
@ -26,7 +26,7 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController
end end
def update def update
if @build_list.status == BuildList::BUILD_PUBLISHED && if @advisory && @build_list.status == BuildList::BUILD_PUBLISHED &&
@advisory.attach_build_list(@build_list) && @advisory.attach_build_list(@build_list) &&
@advisory.save && @build_list.save @advisory.save && @build_list.save
render_json_response @advisory, "Build list '#{@build_list.id}' has been attached to advisory successfully" render_json_response @advisory, "Build list '#{@build_list.id}' has been attached to advisory successfully"
@ -35,4 +35,11 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController
end end
end end
protected
def find_build_list
@build_list = BuildList.find params[:build_list_id]
authorize! :publish, @build_list
end
end end

View File

@ -13,6 +13,74 @@ shared_examples_for 'api advisories user with show rights' do
end end
end end
shared_examples_for 'api advisories user with admin rights' do
context 'api advisories user with create rights' do
let(:params) { {:build_list_id => @build_list.id, :advisory => {:description => 'test'}} }
it 'should be able to perform create action' do
post :create, params, :format => :json
response.should be_success
end
it 'ensures that advisory has been created' do
lambda { post :create, params, :format => :json }.should change{ Advisory.count }.by(1)
end
it 'ensures that build_list has been associated with advisory' do
post :create, params, :format => :json
@build_list.reload
@build_list.advisory.should_not be_nil
end
end
context 'api advisories user with update rights' do
let(:params) { {:id => @advisory.advisory_id, :build_list_id => @build_list.id} }
it 'should be able to perform update action' do
put :update, params, :format => :json
response.should be_success
end
it 'ensures that advisory has not been created' do
lambda { put :update, params, :format => :json }.should_not change{ Advisory.count }
end
it 'ensures that build_list has been associated with advisory' do
put :update, params, :format => :json
@build_list.reload
@build_list.advisory.should_not be_nil
end
end
end
shared_examples_for 'api advisories user without admin rights' do
context 'api advisories user without create rights' do
let(:params) { {:build_list_id => @build_list.id, :advisory => {:description => 'test'}} }
it 'should not be able to perform create action' do
post :create, params, :format => :json
response.should_not be_success
end
it 'ensures that advisory has not been created' do
lambda { post :create, params, :format => :json }.should_not change{ Advisory.count }
end
it 'ensures that build_list has not been associated with advisory' do
post :create, params, :format => :json
@build_list.reload
@build_list.advisory.should be_nil
end
end
context 'api advisories user without update rights' do
let(:params) { {:id => @advisory.advisory_id, :build_list_id => @build_list.id} }
it 'should not be able to perform update action' do
put :update, params, :format => :json
response.should_not be_success
end
it 'ensures that advisory has not been created' do
lambda { put :update, params, :format => :json }.should_not change{ Advisory.count }
end
it 'ensures that build_list has not been associated with advisory' do
put :update, params, :format => :json
@build_list.reload
@build_list.advisory.should be_nil
end
end
end
describe Api::V1::AdvisoriesController do describe Api::V1::AdvisoriesController do
before do before do
@ -20,7 +88,7 @@ describe Api::V1::AdvisoriesController do
@advisory = FactoryGirl.create(:advisory) @advisory = FactoryGirl.create(:advisory)
@build_list = FactoryGirl.create(:build_list_core) @build_list = FactoryGirl.create(:build_list_core)
@another_user = FactoryGirl.create(:user) @build_list.update_column(:status, BuildList::BUILD_PUBLISHED)
end end
context 'for guest' do context 'for guest' do
@ -38,7 +106,7 @@ describe Api::V1::AdvisoriesController do
get :index, :format => :json get :index, :format => :json
response.should_not be_success response.should_not be_success
end end
it_should_behave_like 'api advisories user without admin rights'
end end
context 'for simple user' do context 'for simple user' do
@ -47,7 +115,7 @@ describe Api::V1::AdvisoriesController do
http_login(@user) http_login(@user)
end end
it_should_behave_like 'api advisories user with show rights' it_should_behave_like 'api advisories user with show rights'
it_should_behave_like 'api advisories user without admin rights'
end end
context 'for admin' do context 'for admin' do
@ -57,16 +125,19 @@ describe Api::V1::AdvisoriesController do
end end
it_should_behave_like 'api advisories user with show rights' it_should_behave_like 'api advisories user with show rights'
it_should_behave_like 'api advisories user with admin rights'
end end
context 'for user who has access to update build_list' do context 'for user who has access to update build_list' do
before do before do
@user = FactoryGirl.create(:user) @user = FactoryGirl.create(:user)
@build_list.project.relations.create(:role => 'фвьшт', :actor => @user) @build_list.project.relations.create(:role => 'admin', :actor => @user)
@build_list.save_to_platform.relations.create(:role => 'admin', :actor => @user)
http_login(@user) http_login(@user)
end end
it_should_behave_like 'api advisories user with show rights' it_should_behave_like 'api advisories user with show rights'
it_should_behave_like 'api advisories user with admin rights'
end end
end end