Merge pull request #38 from warpc/37-acl_build_list_bug_fix
[issue #37] Fixed bug that user can't show created build_list * Changed ability.rb to grant priviliges to show build_list to non-admin users * Added specs
This commit is contained in:
Vladimir Sharshov
commit
85231d3f91
|
|
@ -44,6 +44,9 @@ class Ability
|
|||
can :publish, BuildList do |build_list|
|
||||
build_list.can_published? && build_list.project.relations.exists?(:object_type => 'User', :object_id => user.id)
|
||||
end
|
||||
can :read, BuildList do |build_list|
|
||||
build_list.project.public? || build_list.project.relations.exists?(:object_type => 'User', :object_id => user.id)
|
||||
end
|
||||
can [:read, :create], PrivateUser, :platform => {:owner_type => 'User', :owner_id => user.id}
|
||||
|
||||
# If rule has multiple conditions CanCan joins them by 'AND' sql operator
|
||||
|
|
@ -100,6 +103,9 @@ class Ability
|
|||
can :publish, BuildList do |build_list|
|
||||
build_list.can_published? && build_list.project.relations.exists?(:object_type => 'Group', :object_id => user.group_ids)
|
||||
end
|
||||
can :read, BuildList do |build_list|
|
||||
build_list.project.public? || build_list.project.relations.exists?(:object_type => 'Group', :object_id => user.group_ids)
|
||||
end
|
||||
|
||||
can :manage_collaborators, Project, projects_in_relations_with(:role => 'admin', :object_type => 'Group', :object_id => user.group_ids) do |project|
|
||||
project.relations.exists? :object_id => user.group_ids, :object_type => 'Group', :role => 'admin'
|
||||
|
|
|
|||
|
|
@ -1,6 +1,21 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe BuildListsController do
|
||||
|
||||
shared_examples_for 'show build list' do
|
||||
it 'should be able to perform show action' do
|
||||
get :show, @show_params
|
||||
response.should be_success
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'not show build list' do
|
||||
it 'should not be able to perform show action' do
|
||||
get :show, @show_params
|
||||
response.should redirect_to(forbidden_url)
|
||||
end
|
||||
end
|
||||
|
||||
context 'crud' do
|
||||
context 'for guest' do
|
||||
it 'should not be able to perform all action' do
|
||||
|
|
@ -10,12 +25,57 @@ describe BuildListsController do
|
|||
end
|
||||
|
||||
context 'for user' do
|
||||
before(:each) { set_session_for Factory(:user) }
|
||||
before(:each) do
|
||||
@build_list = Factory(:build_list_core)
|
||||
@project = @build_list.project
|
||||
@owner_user = @project.owner
|
||||
@member_user = Factory(:user)
|
||||
rel = @project.relations.build(:role => 'reader')
|
||||
rel.object = @member_user
|
||||
rel.save
|
||||
@user = Factory(:user)
|
||||
set_session_for(@user)
|
||||
@show_params = {:project_id => @project.id, :id => @build_list.id}
|
||||
end
|
||||
|
||||
it 'should not be able to perform all action' do
|
||||
get :all
|
||||
response.should redirect_to(forbidden_url)
|
||||
end
|
||||
|
||||
context 'for open project' do
|
||||
it_should_behave_like 'show build list'
|
||||
|
||||
context 'if user is project owner' do
|
||||
before(:each) {set_session_for(@owner_user)}
|
||||
it_should_behave_like 'show build list'
|
||||
end
|
||||
|
||||
context 'if user is project owner' do
|
||||
before(:each) {set_session_for(@member_user)}
|
||||
it_should_behave_like 'show build list'
|
||||
end
|
||||
end
|
||||
|
||||
context 'for hidden project' do
|
||||
before(:each) do
|
||||
@project.visibility = 'hidden'
|
||||
@project.save
|
||||
end
|
||||
|
||||
it_should_behave_like 'not show build list'
|
||||
|
||||
context 'if user is project owner' do
|
||||
before(:each) {set_session_for(@owner_user)}
|
||||
it_should_behave_like 'show build list'
|
||||
end
|
||||
|
||||
context 'if user is project owner' do
|
||||
before(:each) {set_session_for(@member_user)}
|
||||
it_should_behave_like 'show build list'
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
context 'for admin' do
|
||||
|
|
|
|||
Loading…
Reference in New Issue