[refs #54] Add issues tests. Fix some CanCan rights. Make some fixes to logic

2011-12-23 14:56:46 +04:00 · 2011-12-23 14:56:46 +04:00 · 894bc0c077
parent e2144e0fdb
commit 894bc0c077
7 changed files with 234 additions and 23 deletions
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@ -2,7 +2,7 @@ class CommentsController < ApplicationController
  before_filter :authenticate_user!
  before_filter :set_commentable, :only => [:index, :edit, :create]
  before_filter :find_project, :only => [:index]
-  before_filter :find_comment, :only => [:show, :edit, :update, :destroy]
+  before_filter :find_comment, :only => [:edit, :update, :destroy]

  authorize_resource :only => [:show, :edit, :update, :destroy]
  authorize_resource :project, :only => [:index]
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@ -34,8 +34,8 @@ class IssuesController < ApplicationController
  end

  def update
-    @user_id = params[:user_id]
-    @user_uname = params[:user_uname]
+    @user_id = params[:user_id].blank? ? @issue.user_id : params[:user_id]
+    @user_uname = params[:user_uname].blank? ? @issue.user.uname : params[:user_uname]

    if @issue.update_attributes( params[:issue].merge({:user_id => @user_id}) )
      flash[:notice] = I18n.t("flash.issue.saved")
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@ -97,7 +97,6 @@ class Ability
        end

        can [:read, :index], Issue do |issue|
-          puts "SHIT\n"*10
          issue.status == 'open'
        end
        #can [:read], Issue, :status => 'open'
@ -120,9 +119,7 @@ class Ability
          comment.commentable.project.relations.exists?(:role => 'admin', :object_type => 'User', :object_id => user.id)
        end
        #
-        cannot [:index, :edit, :update, :create, :new, :read], Issue do |issue|
-          puts "FUCK\n"*10
-          puts !issue.project.has_issues
+        cannot [:index, :edit, :update, :create, :new, :read, :show], Issue do |issue|
          !issue.project.has_issues
        end
        cannot [:edit, :update, :create, :new, :destroy], Comment do |comment|
--- a/db/schema.rb
+++ b/db/schema.rb
@ -243,6 +243,7 @@ ActiveRecord::Schema.define(:version => 20111219073859) do
    t.string   "object_type"
    t.integer  "target_id"
    t.string   "target_type"
+    t.integer  "role_id"
    t.datetime "created_at"
    t.datetime "updated_at"
    t.string   "role"
@ -271,16 +272,16 @@ ActiveRecord::Schema.define(:version => 20111219073859) do

  create_table "users", :force => true do |t|
    t.string   "name"
-    t.string   "email",                               :default => "", :null => false
-    t.string   "encrypted_password",   :limit => 128, :default => "", :null => false
-    t.string   "password_salt",                       :default => "", :null => false
+    t.string   "email",                                 :default => "", :null => false
+    t.string   "encrypted_password",     :limit => 128, :default => "", :null => false
    t.string   "reset_password_token"
-    t.string   "remember_token"
+    t.datetime "reset_password_sent_at"
    t.datetime "remember_created_at"
    t.datetime "created_at"
    t.datetime "updated_at"
-    t.text     "ssh_key"
    t.string   "uname"
+    t.text     "ssh_key"
+    t.integer  "role_id"
    t.string   "role"
  end

--- a/spec/controllers/issues_controller_spec.rb
+++ b/spec/controllers/issues_controller_spec.rb
@ -1,5 +1,194 @@
 require 'spec_helper'

-describe IssuesController do
+shared_examples_for 'issue user with project reader rights' do
+  #it_should_behave_like 'user with rights to view issues'
+  it 'should be able to perform index action' do
+    get :index, :project_id => @project.id
+    response.should render_template(:index)
+  end

+  it 'should be able to perform show action' do
+    get :show, :project_id => @project.id, :serial_id => @issue.serial_id
+    response.should render_template(:show)
+  end
+end
+
+shared_examples_for 'issue user with project writer rights' do
+  it 'should be able to perform create action' do
+    post :create, @create_params
+    response.should redirect_to(project_issues_path(@project))
+  end
+
+  it 'should create issue object into db' do
+    lambda{ post :create, @create_params }.should change{ Issue.count }.by(1)
+  end
+end
+
+shared_examples_for 'user with issue update rights' do
+  it 'should be able to perform update action' do
+    put :update, {:id => @issue.id}.merge(@update_params)
+    response.should redirect_to(show_issue_path(@project, @issue.serial_id))
+  end
+
+  it 'should update issue title' do
+    put :update, {:id => @issue.id}.merge(@update_params)
+    @issue.reload.title.should == 'issue2'
+  end
+end
+
+shared_examples_for 'user without issue update rights' do
+  it 'should not be able to perform update action' do
+    put :update, {:id => @issue.id}.merge(@update_params)
+    response.should redirect_to(forbidden_path)
+  end
+
+  it 'should not update issue title' do
+    put :update, {:id => @issue.id}.merge(@update_params)
+    @issue.reload.title.should_not == 'issue2'
+  end
+end
+
+shared_examples_for 'user without issue destroy rights' do
+  it 'should not be able to perform destroy action' do
+    delete :destroy, :id => @issue.id, :project_id => @project.id
+    response.should redirect_to(forbidden_path)
+  end
+
+  it 'should not reduce issues count' do
+    lambda{ delete :destroy, :id => @issue.id, :project_id => @project.id }.should change{ Issue.count }.by(0)
+  end
+end
+
+shared_examples_for 'project with issues turned off' do
+  pending 'should not be able to perform index action' do
+    get :index, :project_id => @project_with_turned_off_issues.id
+    #response.should redirect_to(forbidden_path)
+    response.should render_template(:index)
+  end
+
+  it 'should not be able to perform show action' do
+    get :show, :project_id => @project_with_turned_off_issues.id, :serial_id => @turned_of_issue.serial_id
+    response.should redirect_to(forbidden_path)
+  end
+end
+
+describe IssuesController do
+  before(:each) do
+    stub_rsync_methods
+
+    @project = Factory(:project)
+    @issue_user = Factory(:user)
+    @create_params = {:project => {:name => 'pro'}}
+    @update_params = {:project => {:name => 'pro2'}}
+
+    any_instance_of(Project, :versions => ['v1.0', 'v2.0'])
+
+    @issue = Factory(:issue, :project_id => @project.id, :user_id => @issue_user.id)
+    @create_params = {
+      :project_id => @project.id,
+      :issue => {
+        :title => "issue1",
+        :body => "issue body",
+        :project_id => @project.id
+      },
+      :user_id => @issue_user.id,
+      :user_uname => @issue_user.uname
+    }
+    @update_params = {
+      :project_id => @project.id,
+      :issue => {
+        :title => "issue2"
+      }
+    }
+
+    @project_with_turned_off_issues = Factory(:project, :has_issues => false)
+    @turned_of_issue = Factory(:issue, :project_id => @project_with_turned_off_issues.id, :user_id => @issue_user.id)
+  end
+
+  context 'for global admin user' do
+    before(:each) do
+      @admin = Factory(:admin)
+      set_session_for(@admin)
+    end
+
+    it_should_behave_like 'user without issue destroy rights'
+  end
+
+  context 'for project admin user' do
+    before(:each) do
+      #@admin = Factory(:admin)
+      #set_session_for(@admin)
+      @user = Factory(:user)
+      set_session_for(@user)
+      @project.relations.create!(:object_type => 'User', :object_id => @user.id, :role => 'admin')
+    end
+
+    it_should_behave_like 'issue user with project reader rights'
+    it_should_behave_like 'issue user with project writer rights'
+    it_should_behave_like 'user with issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+    it_should_behave_like 'project with issues turned off'
+  end
+
+  context 'for project owner user' do
+    before(:each) do
+      @user = Factory(:user)
+      set_session_for(@user)
+      @project.update_attribute(:owner, @user)
+      @project.relations.create!(:object_type => 'User', :object_id => @user.id, :role => 'admin')
+    end
+
+    it_should_behave_like 'issue user with project reader rights'
+    it_should_behave_like 'issue user with project writer rights'
+    it_should_behave_like 'user with issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+    it_should_behave_like 'project with issues turned off'
+  end
+
+  context 'for project reader user' do
+    before(:each) do
+      @user = Factory(:user)
+      set_session_for(@user)
+      @project.relations.create!(:object_type => 'User', :object_id => @user.id, :role => 'reader')
+    end
+
+    it_should_behave_like 'issue user with project reader rights'
+    it_should_behave_like 'user without issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+    it_should_behave_like 'project with issues turned off'
+
+    it 'should not be able to perform create action' do
+      post :create, @create_params
+      response.should redirect_to(forbidden_path)
+    end
+
+    it 'should not create issue object into db' do
+      lambda{ post :create, @create_params }.should change{ Issue.count }.by(0)
+    end
+  end
+
+  context 'for project writer user' do
+    before(:each) do
+      @user = Factory(:user)
+      set_session_for(@user)
+      @project.relations.create!(:object_type => 'User', :object_id => @user.id, :role => 'writer')
+    end
+
+    it_should_behave_like 'issue user with project reader rights'
+    it_should_behave_like 'issue user with project writer rights'
+    it_should_behave_like 'user without issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+    it_should_behave_like 'project with issues turned off'
+  end
+
+  context 'for issue assign user' do
+    before(:each) do
+      set_session_for(@issue_user)
+      #@project.relations.create!(:object_type => 'User', :object_id => @user.id, :role => 'writer')
+    end
+
+    it_should_behave_like 'user with issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+    it_should_behave_like 'project with issues turned off'
+  end
 end
--- a/spec/factories/issues.rb
+++ b/spec/factories/issues.rb
@ -1,6 +1,6 @@
-# Read about factories at http://github.com/thoughtbot/factory_girl
-
-FactoryGirl.define do
-  factory :issue do
-    end
-end
+Factory.define(:issue) do |p|
+  p.title { Factory.next(:string) }
+  p.body { Factory.next(:string) }
+  p.association :user, :factory => :user
+  p.status "open"
+end
--- a/spec/models/cancan_spec.rb
+++ b/spec/models/cancan_spec.rb
@ -118,6 +118,7 @@ describe CanCan do
    context 'as project collaborator' do
      before(:each) do
        @project = Factory(:project)
+        @issue = Factory(:issue, :project_id => @project.id)
      end

      context 'with read rights' do
@ -128,13 +129,17 @@ describe CanCan do
        it 'should be able to read project' do
          @ability.should be_able_to(:read, @project)
        end
-        
-        it 'should be able to read project' do
+
+        it 'should be able to read open platform' do
          @ability.should be_able_to(:read, open_platform)
        end
+
+        it 'should be able to read issue' do
+          @ability.should be_able_to(:read, @issue)
+        end
      end
-      
-      context 'with write rights' do
+
+      context 'with writer rights' do
        before(:each) do
          @project.relations.create!(:object_id => @user.id, :object_type => 'User', :role => 'writer')
        end
@ -144,6 +149,12 @@ describe CanCan do
            @ability.should be_able_to(action, @project)
          end
        end
+
+        [:read, :create, :new].each do |action|
+          it "should be able to #{ action } project" do
+            @ability.should be_able_to(action, @project)
+          end
+        end
      end

      context 'with admin rights' do
@ -160,11 +171,18 @@ describe CanCan do
        it "should be able to manage collaborators of project" do
          @ability.should be_able_to(:manage_collaborators, @project)
        end
+
+        [:read, :create, :new, :update, :edit].each do |action|
+          it "should be able to #{ action } issue" do
+            @ability.should be_able_to(action, @issue)
+          end
+        end
      end

      context 'with owner rights' do
        before(:each) do
          @project.update_attribute(:owner, @user)
+          @issue.project.reload
        end

        [:read, :update, :process_build, :build, :destroy].each do |action|
@ -172,6 +190,12 @@ describe CanCan do
            @ability.should be_able_to(action, @project)
          end
        end
+
+        [:read, :update, :edit].each do |action|
+          it "should be able to #{ action } issue" do
+            @ability.should be_able_to(action, @issue)
+          end
+        end
      end

    end