From 894bc0c077d0395e594aeddcdf785653bbc2b0ba Mon Sep 17 00:00:00 2001
From: "konstantin.grabar" <santaux@gmail.com>
Date: Fri, 23 Dec 2011 14:56:46 +0400
Subject: [PATCH] [refs #54] Add issues tests. Fix some CanCan rights. Make
 some fixes to logic

---
 app/controllers/comments_controller.rb     |   2 +-
 app/controllers/issues_controller.rb       |   4 +-
 app/models/ability.rb                      |   5 +-
 db/schema.rb                               |  11 +-
 spec/controllers/issues_controller_spec.rb | 191 ++++++++++++++++++++-
 spec/factories/issues.rb                   |  12 +-
 spec/models/cancan_spec.rb                 |  32 +++-
 7 files changed, 234 insertions(+), 23 deletions(-)

diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb
index d6775451d..93baf3b77 100644
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@@ -2,7 +2,7 @@ class CommentsController < ApplicationController
   before_filter :authenticate_user!
   before_filter :set_commentable, :only => [:index, :edit, :create]
   before_filter :find_project, :only => [:index]
-  before_filter :find_comment, :only => [:show, :edit, :update, :destroy]
+  before_filter :find_comment, :only => [:edit, :update, :destroy]
 
   authorize_resource :only => [:show, :edit, :update, :destroy]
   authorize_resource :project, :only => [:index]
diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index ea0cc3c55..85cd9f291 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -34,8 +34,8 @@ class IssuesController < ApplicationController
   end
 
   def update
-    @user_id = params[:user_id]
-    @user_uname = params[:user_uname]
+    @user_id = params[:user_id].blank? ? @issue.user_id : params[:user_id]
+    @user_uname = params[:user_uname].blank? ? @issue.user.uname : params[:user_uname]
 
     if @issue.update_attributes( params[:issue].merge({:user_id => @user_id}) )
       flash[:notice] = I18n.t("flash.issue.saved")
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 6af166beb..ca4b2ffc7 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -97,7 +97,6 @@ class Ability
         end
 
         can [:read, :index], Issue do |issue|
-          puts "SHIT\n"*10
           issue.status == 'open'
         end
         #can [:read], Issue, :status => 'open'
@@ -120,9 +119,7 @@ class Ability
           comment.commentable.project.relations.exists?(:role => 'admin', :object_type => 'User', :object_id => user.id)
         end
         #
-        cannot [:index, :edit, :update, :create, :new, :read], Issue do |issue|
-          puts "FUCK\n"*10
-          puts !issue.project.has_issues
+        cannot [:index, :edit, :update, :create, :new, :read, :show], Issue do |issue|
           !issue.project.has_issues
         end
         cannot [:edit, :update, :create, :new, :destroy], Comment do |comment|
diff --git a/db/schema.rb b/db/schema.rb
index 5acde5031..794ab6874 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -243,6 +243,7 @@ ActiveRecord::Schema.define(:version => 20111219073859) do
     t.string   "object_type"
     t.integer  "target_id"
     t.string   "target_type"
+    t.integer  "role_id"
     t.datetime "created_at"
     t.datetime "updated_at"
     t.string   "role"
@@ -271,16 +272,16 @@ ActiveRecord::Schema.define(:version => 20111219073859) do
 
   create_table "users", :force => true do |t|
     t.string   "name"
-    t.string   "email",                               :default => "", :null => false
-    t.string   "encrypted_password",   :limit => 128, :default => "", :null => false
-    t.string   "password_salt",                       :default => "", :null => false
+    t.string   "email",                                 :default => "", :null => false
+    t.string   "encrypted_password",     :limit => 128, :default => "", :null => false
     t.string   "reset_password_token"
-    t.string   "remember_token"
+    t.datetime "reset_password_sent_at"
     t.datetime "remember_created_at"
     t.datetime "created_at"
     t.datetime "updated_at"
-    t.text     "ssh_key"
     t.string   "uname"
+    t.text     "ssh_key"
+    t.integer  "role_id"
     t.string   "role"
   end
 
diff --git a/spec/controllers/issues_controller_spec.rb b/spec/controllers/issues_controller_spec.rb
index c27154bda..2d9ba9a46 100644
--- a/spec/controllers/issues_controller_spec.rb
+++ b/spec/controllers/issues_controller_spec.rb
@@ -1,5 +1,194 @@
 require 'spec_helper'
 
-describe IssuesController do
+shared_examples_for 'issue user with project reader rights' do
+  #it_should_behave_like 'user with rights to view issues'
+  it 'should be able to perform index action' do
+    get :index, :project_id => @project.id
+    response.should render_template(:index)
+  end
 
+  it 'should be able to perform show action' do
+    get :show, :project_id => @project.id, :serial_id => @issue.serial_id
+    response.should render_template(:show)
+  end
+end
+
+shared_examples_for 'issue user with project writer rights' do
+  it 'should be able to perform create action' do
+    post :create, @create_params
+    response.should redirect_to(project_issues_path(@project))
+  end
+
+  it 'should create issue object into db' do
+    lambda{ post :create, @create_params }.should change{ Issue.count }.by(1)
+  end
+end
+
+shared_examples_for 'user with issue update rights' do
+  it 'should be able to perform update action' do
+    put :update, {:id => @issue.id}.merge(@update_params)
+    response.should redirect_to(show_issue_path(@project, @issue.serial_id))
+  end
+
+  it 'should update issue title' do
+    put :update, {:id => @issue.id}.merge(@update_params)
+    @issue.reload.title.should == 'issue2'
+  end
+end
+
+shared_examples_for 'user without issue update rights' do
+  it 'should not be able to perform update action' do
+    put :update, {:id => @issue.id}.merge(@update_params)
+    response.should redirect_to(forbidden_path)
+  end
+
+  it 'should not update issue title' do
+    put :update, {:id => @issue.id}.merge(@update_params)
+    @issue.reload.title.should_not == 'issue2'
+  end
+end
+
+shared_examples_for 'user without issue destroy rights' do
+  it 'should not be able to perform destroy action' do
+    delete :destroy, :id => @issue.id, :project_id => @project.id
+    response.should redirect_to(forbidden_path)
+  end
+
+  it 'should not reduce issues count' do
+    lambda{ delete :destroy, :id => @issue.id, :project_id => @project.id }.should change{ Issue.count }.by(0)
+  end
+end
+
+shared_examples_for 'project with issues turned off' do
+  pending 'should not be able to perform index action' do
+    get :index, :project_id => @project_with_turned_off_issues.id
+    #response.should redirect_to(forbidden_path)
+    response.should render_template(:index)
+  end
+
+  it 'should not be able to perform show action' do
+    get :show, :project_id => @project_with_turned_off_issues.id, :serial_id => @turned_of_issue.serial_id
+    response.should redirect_to(forbidden_path)
+  end
+end
+
+describe IssuesController do
+  before(:each) do
+    stub_rsync_methods
+
+    @project = Factory(:project)
+    @issue_user = Factory(:user)
+    @create_params = {:project => {:name => 'pro'}}
+    @update_params = {:project => {:name => 'pro2'}}
+
+    any_instance_of(Project, :versions => ['v1.0', 'v2.0'])
+
+    @issue = Factory(:issue, :project_id => @project.id, :user_id => @issue_user.id)
+    @create_params = {
+      :project_id => @project.id,
+      :issue => {
+        :title => "issue1",
+        :body => "issue body",
+        :project_id => @project.id
+      },
+      :user_id => @issue_user.id,
+      :user_uname => @issue_user.uname
+    }
+    @update_params = {
+      :project_id => @project.id,
+      :issue => {
+        :title => "issue2"
+      }
+    }
+
+    @project_with_turned_off_issues = Factory(:project, :has_issues => false)
+    @turned_of_issue = Factory(:issue, :project_id => @project_with_turned_off_issues.id, :user_id => @issue_user.id)
+  end
+
+  context 'for global admin user' do
+    before(:each) do
+      @admin = Factory(:admin)
+      set_session_for(@admin)
+    end
+
+    it_should_behave_like 'user without issue destroy rights'
+  end
+
+  context 'for project admin user' do
+    before(:each) do
+      #@admin = Factory(:admin)
+      #set_session_for(@admin)
+      @user = Factory(:user)
+      set_session_for(@user)
+      @project.relations.create!(:object_type => 'User', :object_id => @user.id, :role => 'admin')
+    end
+
+    it_should_behave_like 'issue user with project reader rights'
+    it_should_behave_like 'issue user with project writer rights'
+    it_should_behave_like 'user with issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+    it_should_behave_like 'project with issues turned off'
+  end
+
+  context 'for project owner user' do
+    before(:each) do
+      @user = Factory(:user)
+      set_session_for(@user)
+      @project.update_attribute(:owner, @user)
+      @project.relations.create!(:object_type => 'User', :object_id => @user.id, :role => 'admin')
+    end
+
+    it_should_behave_like 'issue user with project reader rights'
+    it_should_behave_like 'issue user with project writer rights'
+    it_should_behave_like 'user with issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+    it_should_behave_like 'project with issues turned off'
+  end
+
+  context 'for project reader user' do
+    before(:each) do
+      @user = Factory(:user)
+      set_session_for(@user)
+      @project.relations.create!(:object_type => 'User', :object_id => @user.id, :role => 'reader')
+    end
+
+    it_should_behave_like 'issue user with project reader rights'
+    it_should_behave_like 'user without issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+    it_should_behave_like 'project with issues turned off'
+
+    it 'should not be able to perform create action' do
+      post :create, @create_params
+      response.should redirect_to(forbidden_path)
+    end
+
+    it 'should not create issue object into db' do
+      lambda{ post :create, @create_params }.should change{ Issue.count }.by(0)
+    end
+  end
+
+  context 'for project writer user' do
+    before(:each) do
+      @user = Factory(:user)
+      set_session_for(@user)
+      @project.relations.create!(:object_type => 'User', :object_id => @user.id, :role => 'writer')
+    end
+
+    it_should_behave_like 'issue user with project reader rights'
+    it_should_behave_like 'issue user with project writer rights'
+    it_should_behave_like 'user without issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+    it_should_behave_like 'project with issues turned off'
+  end
+
+  context 'for issue assign user' do
+    before(:each) do
+      set_session_for(@issue_user)
+      #@project.relations.create!(:object_type => 'User', :object_id => @user.id, :role => 'writer')
+    end
+
+    it_should_behave_like 'user with issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+    it_should_behave_like 'project with issues turned off'
+  end
 end
diff --git a/spec/factories/issues.rb b/spec/factories/issues.rb
index 5e4c566b7..8b8017dbc 100644
--- a/spec/factories/issues.rb
+++ b/spec/factories/issues.rb
@@ -1,6 +1,6 @@
-# Read about factories at http://github.com/thoughtbot/factory_girl
-
-FactoryGirl.define do
-  factory :issue do
-    end
-end
\ No newline at end of file
+Factory.define(:issue) do |p|
+  p.title { Factory.next(:string) }
+  p.body { Factory.next(:string) }
+  p.association :user, :factory => :user
+  p.status "open"
+end
diff --git a/spec/models/cancan_spec.rb b/spec/models/cancan_spec.rb
index 97362bb66..cae0291ca 100644
--- a/spec/models/cancan_spec.rb
+++ b/spec/models/cancan_spec.rb
@@ -118,6 +118,7 @@ describe CanCan do
     context 'as project collaborator' do
       before(:each) do
         @project = Factory(:project)
+        @issue = Factory(:issue, :project_id => @project.id)
       end
 
       context 'with read rights' do
@@ -128,13 +129,17 @@ describe CanCan do
         it 'should be able to read project' do
           @ability.should be_able_to(:read, @project)
         end
-        
-        it 'should be able to read project' do
+
+        it 'should be able to read open platform' do
           @ability.should be_able_to(:read, open_platform)
         end
+
+        it 'should be able to read issue' do
+          @ability.should be_able_to(:read, @issue)
+        end
       end
-      
-      context 'with write rights' do
+
+      context 'with writer rights' do
         before(:each) do
           @project.relations.create!(:object_id => @user.id, :object_type => 'User', :role => 'writer')
         end
@@ -144,6 +149,12 @@ describe CanCan do
             @ability.should be_able_to(action, @project)
           end
         end
+
+        [:read, :create, :new].each do |action|
+          it "should be able to #{ action } project" do
+            @ability.should be_able_to(action, @project)
+          end
+        end
       end
 
       context 'with admin rights' do
@@ -160,11 +171,18 @@ describe CanCan do
         it "should be able to manage collaborators of project" do
           @ability.should be_able_to(:manage_collaborators, @project)
         end
+
+        [:read, :create, :new, :update, :edit].each do |action|
+          it "should be able to #{ action } issue" do
+            @ability.should be_able_to(action, @issue)
+          end
+        end
       end
 
       context 'with owner rights' do
         before(:each) do
           @project.update_attribute(:owner, @user)
+          @issue.project.reload
         end
 
         [:read, :update, :process_build, :build, :destroy].each do |action|
@@ -172,6 +190,12 @@ describe CanCan do
             @ability.should be_able_to(action, @project)
           end
         end
+
+        [:read, :update, :edit].each do |action|
+          it "should be able to #{ action } issue" do
+            @ability.should be_able_to(action, @issue)
+          end
+        end
       end
 
     end