diff --git a/Gemfile b/Gemfile index 5b3de9bfa..fdffdb31c 100644 --- a/Gemfile +++ b/Gemfile @@ -14,8 +14,7 @@ gem 'omniauth-facebook' gem 'omniauth-google-oauth2' gem 'omniauth-github' # gem 'omniauth-openid', '~> 1.0.1' -# gem 'cancan', '1.6.10' -gem 'cancan', git: 'git://github.com/rosa-abf/cancan.git', tag: '1.6.10-abf' +gem 'pundit' gem 'ancestry' gem 'paperclip' diff --git a/Gemfile.lock b/Gemfile.lock index ea370ee06..52a43a070 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -26,13 +26,6 @@ GIT ransack (~> 1.3) sass-rails -GIT - remote: git://github.com/rosa-abf/cancan.git - revision: fe1089b70c08d3ed11bac4f8e69ecb3d1d9adc29 - tag: 1.6.10-abf - specs: - cancan (1.6.10) - GIT remote: git://github.com/rosa-abf/grack.git revision: 020be3fef3fb308b9d214252522aa5945bf6584a @@ -349,6 +342,8 @@ GEM activemodel (>= 4.0.1, < 5.0) puma (2.11.1) rack (>= 1.1, < 2.0) + pundit (0.3.0) + activesupport (>= 3.0.0) pygments.rb (0.6.2) posix-spawn (~> 0.3.6) yajl-ruby (~> 1.2.0) @@ -590,7 +585,6 @@ DEPENDENCIES better_errors binding_of_caller bootstrap-sass - cancan! cape capistrano capistrano_colors @@ -637,6 +631,7 @@ DEPENDENCIES pg protected_attributes puma + pundit rack-throttle (~> 0.3.0) rack-utf8_sanitizer rails (= 4.1.9) diff --git a/app/controllers/advisories_controller.rb b/app/controllers/advisories_controller.rb index fff0df8a5..3f3c7d295 100644 --- a/app/controllers/advisories_controller.rb +++ b/app/controllers/advisories_controller.rb @@ -1,11 +1,10 @@ class AdvisoriesController < ApplicationController before_action :authenticate_user! skip_before_action :authenticate_user! if APP_CONFIG['anonymous_access'] - load_resource find_by: :advisory_id - authorize_resource def index - @advisories = @advisories.includes(:platforms).search(params[:q]).uniq + authorize :advisories + @advisories = Advisory.includes(:platforms).search(params[:q]).uniq @advisories_count = @advisories.count @advisories = @advisories.paginate(page: current_page, per_page: Advisory.per_page) respond_to do |format| @@ -16,10 +15,12 @@ class AdvisoriesController < ApplicationController end def show + authorize @advisory = Advisory.find_by(advisory_id: params[:id]) @packages_info = @advisory.fetch_packages_info end def search + authorize :advisories @advisory = Advisory.by_update_type(params[:bl_type]).search_by_id(params[:query]).first if @advisory.nil? render nothing: true, status: 404 diff --git a/app/controllers/api/v1/advisories_controller.rb b/app/controllers/api/v1/advisories_controller.rb index 6688036ab..669ca036f 100644 --- a/app/controllers/api/v1/advisories_controller.rb +++ b/app/controllers/api/v1/advisories_controller.rb @@ -1,27 +1,26 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController before_action :authenticate_user! - skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access'] - load_resource :advisory, find_by: :advisory_id - before_action :find_and_authorize_build_list, only: [:create, :update] - authorize_resource :build_list, only: [:create, :update] + skip_before_action :authenticate_user!, only: %i(index show) if APP_CONFIG['anonymous_access'] + before_action :load_advisory, only: %i(show update) + before_action :load_build_list, only: %i(create update) def index - @advisories = @advisories.includes(:platforms, :projects).paginate(paginate_params) - respond_to :json + authorize :advisory + @advisories = Advisory.includes(:platforms, :projects).paginate(paginate_params) end def show @packages_info = @advisory.fetch_packages_info - respond_to :json end def create + authorize :advisory if @build_list.can_attach_to_advisory? && @build_list.associate_and_create_advisory(params[:advisory]) && @build_list.save - render_json_response @advisory, 'Advisory has been created successfully' + render_json_response @build_list.advisory, 'Advisory has been created successfully' else - render_validation_error @advisory, error_message(@build_list, 'Advisory has not been created') + render_validation_error @build_list.advisory, error_message(@build_list, 'Advisory has not been created') end end @@ -36,9 +35,14 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController protected - def find_and_authorize_build_list + def load_build_list @build_list = BuildList.find params[:build_list_id] - authorize! :local_admin_manage, @build_list.save_to_platform + authorize @build_list.save_to_platform, :local_admin_manage? + end + + def load_advisory + @advisory = Advisory.find_by(advisory_id: params[:id]) if params[:id] + authorize @advisory if @advisory end end diff --git a/app/controllers/api/v1/arches_controller.rb b/app/controllers/api/v1/arches_controller.rb index 3968bad77..80786b878 100644 --- a/app/controllers/api/v1/arches_controller.rb +++ b/app/controllers/api/v1/arches_controller.rb @@ -2,8 +2,8 @@ class Api::V1::ArchesController < Api::V1::BaseController before_action :authenticate_user! unless APP_CONFIG['anonymous_access'] def index + authorize :arch @arches = Arch.order(:id).paginate(paginate_params) - respond_to :json end end diff --git a/app/controllers/api/v1/base_controller.rb b/app/controllers/api/v1/base_controller.rb index 739803f4f..3fa1c1dfe 100644 --- a/app/controllers/api/v1/base_controller.rb +++ b/app/controllers/api/v1/base_controller.rb @@ -4,7 +4,7 @@ class Api::V1::BaseController < ApplicationController helper_method :member_path - rescue_from CanCan::AccessDenied do |exception| + rescue_from Pundit::NotAuthorizedError do |exception| respond_to do |format| format.json { render json: {message: t('flash.exception_message')}.to_json, status: 403 } format.csv { render text: t('flash.exception_message'), status: 403 } @@ -35,6 +35,7 @@ class Api::V1::BaseController < ApplicationController end def create_subject(subject) + authorize subject, :create? class_name = subject.class.name if subject.save render_json_response subject, "#{class_name} has been created successfully" @@ -44,6 +45,7 @@ class Api::V1::BaseController < ApplicationController end def update_member_in_subject(subject, relation = :relations) + authorize subject, :update_member? role = params[:role] class_name = subject.class.name.downcase if member.present? && role.present? && subject.respond_to?(:owner) && subject.owner != member && @@ -55,6 +57,7 @@ class Api::V1::BaseController < ApplicationController end def add_member_to_subject(subject, role = 'admin') + authorize subject, :add_member? class_name = subject.class.name.downcase if member.present? && subject.add_member(member, role) render_json_response subject, "#{member.class.to_s} '#{member.id}' has been added to #{class_name} successfully" @@ -64,6 +67,7 @@ class Api::V1::BaseController < ApplicationController end def remove_member_from_subject(subject) + authorize subject, :remove_member? class_name = subject.class.name.downcase if member.present? && subject.remove_member(member) render_json_response subject, "#{member.class.to_s} '#{member.id}' has been removed from #{class_name} successfully" @@ -73,11 +77,13 @@ class Api::V1::BaseController < ApplicationController end def destroy_subject(subject) + authorize subject, :destroy? subject.destroy # later with resque render_json_response subject, "#{subject.class.name} has been destroyed successfully" end def update_subject(subject) + authorize subject, :update? class_name = subject.class.name if subject.update_attributes(params[class_name.underscore.to_sym] || {}) render_json_response subject, "#{class_name} has been updated successfully" @@ -94,7 +100,7 @@ class Api::V1::BaseController < ApplicationController id: id, message: message } - }.to_json, status: status + }, status: status end def render_validation_error(subject, message) diff --git a/app/controllers/api/v1/build_lists_controller.rb b/app/controllers/api/v1/build_lists_controller.rb index 8d1a1a67c..5f211b09f 100644 --- a/app/controllers/api/v1/build_lists_controller.rb +++ b/app/controllers/api/v1/build_lists_controller.rb @@ -1,17 +1,26 @@ class Api::V1::BuildListsController < Api::V1::BaseController before_action :authenticate_user! - skip_before_action :authenticate_user!, only: [:show, :index] if APP_CONFIG['anonymous_access'] - - load_and_authorize_resource :build_list, only: [:show, :create, :cancel, :publish, :reject_publish, :create_container, :publish_into_testing, :rerun_tests] + before_action :load_build_list, only: %i( + cancel + create_container + publish + publish_into_testing + reject_publish + rerun_tests + show + ) + skip_before_action :authenticate_user!, only: %i(show index) if APP_CONFIG['anonymous_access'] def show + authorize @build_list respond_to :json end def index + authorize :build_list @project = Project.find(params[:project_id]) if params[:project_id].present? - authorize!(:show, @project) if @project - filter = BuildList::Filter.new(@project, current_user, current_ability, params[:filter] || {}) + authorize @project, :show? if @project + filter = BuildList::Filter.new(@project, current_user, params[:filter] || {}) @build_lists = filter.find.includes(:build_for_platform, :save_to_repository, :save_to_platform, @@ -36,34 +45,45 @@ class Api::V1::BuildListsController < Api::V1::BaseController end def cancel + authorize @build_list render_json :cancel end def publish + authorize @build_list @build_list.publisher = current_user render_json :publish end def reject_publish + authorize @build_list @build_list.publisher = current_user render_json :reject_publish end def create_container + authorize @build_list render_json :create_container, :publish_container end def rerun_tests + authorize @build_list render_json :rerun_tests end def publish_into_testing + authorize @build_list @build_list.publisher = current_user render_json :publish_into_testing end private + # Private: before_action hook which loads BuidList. + def load_build_list + @build_list = BuildList.find params[:id] + end + def render_json(action_name, action_method = nil) if @build_list.try("can_#{action_name}?") && @build_list.send(action_method || action_name) render_json_response @build_list, t("layout.build_lists.#{action_name}_success") diff --git a/app/controllers/api/v1/groups_controller.rb b/app/controllers/api/v1/groups_controller.rb index 4ca344a1b..c9e8c6ea7 100644 --- a/app/controllers/api/v1/groups_controller.rb +++ b/app/controllers/api/v1/groups_controller.rb @@ -2,22 +2,21 @@ class Api::V1::GroupsController < Api::V1::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:show] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource + before_action :load_group, except: %i(index create) def index - # accessible_by(current_ability) + authorize :group @groups = current_user.groups.paginate(paginate_params) - respond_to :json end def show - respond_to :json + authorize @group end def members + authorize @group @members = @group.members.where('actor_id != ?', @group.owner_id) .order('name').paginate(paginate_params) - respond_to :json end def update @@ -48,4 +47,11 @@ class Api::V1::GroupsController < Api::V1::BaseController update_member_in_subject @group, :actors end + private + + # Private: before_action hook which loads Group. + def load_group + @group = Group.find params[:id] + end + end diff --git a/app/controllers/api/v1/issues_controller.rb b/app/controllers/api/v1/issues_controller.rb index 55d612e90..fb4fbc79d 100644 --- a/app/controllers/api/v1/issues_controller.rb +++ b/app/controllers/api/v1/issues_controller.rb @@ -1,11 +1,13 @@ class Api::V1::IssuesController < Api::V1::BaseController - before_action :authenticate_user! - skip_before_action :authenticate_user!, only: [:index, :group_index, :show] if APP_CONFIG['anonymous_access'] + include Api::V1::Issueable - load_and_authorize_resource :group, only: :group_index, find_by: :id, parent: false - load_and_authorize_resource :project - skip_load_and_authorize_resource :project, only: [:all_index, :user_index, :group_index] - load_and_authorize_resource :issue, through: :project, find_by: :serial_id, only: [:show, :update, :create, :index] + before_action :authenticate_user! + skip_before_action :authenticate_user!, only: %i(index group_index show) if APP_CONFIG['anonymous_access'] + + before_action :load_group, only: :group_index + before_action :load_project + skip_before_action :load_project, only: %i(all_index user_index group_index) + before_action :load_issue, only: %i(show update index) def index @issues = @project.issues @@ -13,12 +15,14 @@ class Api::V1::IssuesController < Api::V1::BaseController end def all_index - project_ids = get_all_project_ids Project.accessible_by(current_ability, :membered).pluck(:id) + authorize :issue, :index? + project_ids = get_all_project_ids membered_projects.pluck(:id) @issues = Issue.where(project_id: project_ids) render_issues_list end def user_index + authorize :issue, :index? project_ids = get_all_project_ids current_user.projects.pluck(:id) @issues = Issue.where(project_id: project_ids) render_issues_list @@ -26,7 +30,7 @@ class Api::V1::IssuesController < Api::V1::BaseController def group_index project_ids = @group.projects.pluck(:id) - project_ids = Project.accessible_by(current_ability, :membered).where(id: project_ids).pluck(:id) + project_ids = membered_projects.where(id: project_ids).pluck(:id) @issues = Issue.where(project_id: project_ids) render_issues_list end @@ -40,13 +44,14 @@ class Api::V1::IssuesController < Api::V1::BaseController end def create + @issue = @project.issues.new(params[:issue]) @issue.user = current_user - @issue.assignee = nil if cannot?(:write, @project) + @issue.assignee = nil unless policy(@project).write? create_subject @issue end def update - unless can?(:write, @project) + unless policy(@project).write? params.delete :update_labels [:assignee_id, :labelings, :labelings_attributes].each do |k| params[:issue].delete k @@ -94,7 +99,7 @@ class Api::V1::IssuesController < Api::V1::BaseController end if params[:labels].present? - labels = params[:labels].split(',').map {|e| e.strip}.select {|e| e.present?} + labels = params[:labels].split(',').map(&:strip).select(&:present?) @issues = @issues.where('labels.name IN (?)', labels) end @@ -110,13 +115,4 @@ class Api::V1::IssuesController < Api::V1::BaseController end end - def get_all_project_ids default_project_ids - project_ids = [] - if ['created', 'all'].include? params[:filter] - # add own issues - project_ids = Project.accessible_by(current_ability, :show).joins(:issues). - where(issues: {user_id: current_user.id}).pluck('projects.id') - end - project_ids |= default_project_ids - end end diff --git a/app/controllers/api/v1/jobs_controller.rb b/app/controllers/api/v1/jobs_controller.rb index 915c19c18..1dd0f7459 100644 --- a/app/controllers/api/v1/jobs_controller.rb +++ b/app/controllers/api/v1/jobs_controller.rb @@ -5,6 +5,7 @@ class Api::V1::JobsController < Api::V1::BaseController QUEUE_CLASSES = %w(AbfWorker::RpmWorkerObserver) before_action :authenticate_user! + skip_after_action :verify_authorized def shift @build_list = BuildList.next_build(arch_ids, platform_ids) if current_user.system? @@ -21,8 +22,8 @@ class Api::V1::JobsController < Api::V1::BaseController @build_list ||= build_lists.external_nodes(:everything).first else @build_list = build_lists.external_nodes(:owned).for_user(current_user).first - @build_list ||= build_lists.external_nodes(:everything). - accessible_by(current_ability, :related).readonly(false).first + @build_list ||= BuildListPolicy::Scope.new(current_user, build_lists).owned. + external_nodes(:everything).readonly(false).first end set_builder end diff --git a/app/controllers/api/v1/maintainers_controller.rb b/app/controllers/api/v1/maintainers_controller.rb index a5045dbb8..2d0666fa2 100644 --- a/app/controllers/api/v1/maintainers_controller.rb +++ b/app/controllers/api/v1/maintainers_controller.rb @@ -1,12 +1,11 @@ class Api::V1::MaintainersController < Api::V1::BaseController before_action :authenticate_user! unless APP_CONFIG['anonymous_access'] - load_and_authorize_resource :platform def index + authorize @platform = Platform.find(params[:platform_id]), :show? @maintainers = BuildList::Package.includes(:project) .actual.by_platform(@platform) .like_name(params[:package_name]) .paginate(paginate_params) - respond_to :json end end diff --git a/app/controllers/api/v1/platforms_controller.rb b/app/controllers/api/v1/platforms_controller.rb index 1aeea6556..f352bd7df 100644 --- a/app/controllers/api/v1/platforms_controller.rb +++ b/app/controllers/api/v1/platforms_controller.rb @@ -2,9 +2,10 @@ class Api::V1::PlatformsController < Api::V1::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: :allowed skip_before_action :authenticate_user!, only: [:show, :platforms_for_build, :members] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource except: :allowed + before_action :load_platform, except: [:index, :allowed, :platforms_for_build, :create] def allowed + authorize :platform if request.authorization.present? token, pass = *ActionController::HttpAuthentication::Basic::user_name_and_password(request) end @@ -16,25 +17,24 @@ class Api::V1::PlatformsController < Api::V1::BaseController end def index - @platforms = @platforms.accessible_by(current_ability, :related) - .by_type(params[:type]).paginate(paginate_params) - respond_to :json + authorize :platform + @platforms = PlatformPolicy::Scope.new(current_user, Platform).show. + by_type(params[:type]).paginate(paginate_params) end def show - respond_to :json end def platforms_for_build - @platforms = Platform.availables_main_platforms(current_user, current_ability).paginate(paginate_params) - respond_to do |format| - format.json { render :index } - end + authorize :platform + @platforms = Platform.availables_main_platforms(current_user).paginate(paginate_params) + render :index end def create platform_params = params[:platform] || {} owner = User.where(id: platform_params[:owner_id]).first + @platform = Platform.new platform_params @platform.owner = owner || get_owner create_subject @platform end @@ -48,7 +48,6 @@ class Api::V1::PlatformsController < Api::V1::BaseController def members @members = @platform.members.order('name').paginate(paginate_params) - respond_to :json end def add_member @@ -79,4 +78,11 @@ class Api::V1::PlatformsController < Api::V1::BaseController destroy_subject @platform end + private + + # Private: before_action hook which loads Platform. + def load_platform + authorize @platform = Platform.find(params[:id]) + end + end diff --git a/app/controllers/api/v1/product_build_lists_controller.rb b/app/controllers/api/v1/product_build_lists_controller.rb index b05e06fe2..b360051c2 100644 --- a/app/controllers/api/v1/product_build_lists_controller.rb +++ b/app/controllers/api/v1/product_build_lists_controller.rb @@ -2,21 +2,22 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource :product, only: :index - load_and_authorize_resource + before_action :load_product, only: :index + before_action :load_product_build_list, except: [:index, :create] def index - @product_build_lists = if @product - @product.product_build_lists - else - ProductBuildList.accessible_by current_ability, :read - end + @product_build_lists = + if @product + @product.product_build_lists + else + PlatformPolicy::Scope.new(current_user, ProductBuildList.joins(product: :platform)).show + end @product_build_lists = @product_build_lists.joins(:product, :project, :arch) @product_build_lists = @product_build_lists.recent.paginate(paginate_params) - respond_to :json end def create + @product_build_list = ProductBuildList.new(params[:product_build_list]) @product_build_list.project ||= @product_build_list.try(:product).try(:project) @product_build_list.main_script ||= @product_build_list.try(:product).try(:main_script) @product_build_list.params ||= @product_build_list.try(:product).try(:params) @@ -25,7 +26,6 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController end def show - respond_to :json end def update @@ -44,4 +44,16 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController render_validation_error @product_build_list, t("layout.product_build_lists.cancel_fail") end end + + private + + # Private: before_action hook which loads ProductBuildList. + def load_product_build_list + authorize @product_build_list = ProductBuildList.find(params[:id]) + end + + # Private: before_action hook which loads Product. + def load_product + authorize @product = Product.find(params[:product_id]), :show? if params[:product_id] + end end diff --git a/app/controllers/api/v1/products_controller.rb b/app/controllers/api/v1/products_controller.rb index 3e51a3dbf..4c3a5edd5 100644 --- a/app/controllers/api/v1/products_controller.rb +++ b/app/controllers/api/v1/products_controller.rb @@ -2,10 +2,10 @@ class Api::V1::ProductsController < Api::V1::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource + before_action :load_product, except: :create def create - create_subject @product + create_subject @product = Product.new(params[:product]) end def update @@ -13,10 +13,17 @@ class Api::V1::ProductsController < Api::V1::BaseController end def show - respond_to :json end def destroy destroy_subject @product end + + private + + # Private: before_action hook which loads Product. + def load_product + authorize @product = Product.find(params[:id]) + end + end diff --git a/app/controllers/api/v1/projects_controller.rb b/app/controllers/api/v1/projects_controller.rb index 541121b9d..a0bd9ec0d 100644 --- a/app/controllers/api/v1/projects_controller.rb +++ b/app/controllers/api/v1/projects_controller.rb @@ -3,30 +3,23 @@ class Api::V1::ProjectsController < Api::V1::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:get_id, :show, :refs_list] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource :project + before_action :load_project, except: [:index, :create, :get_id] def index - @projects = Project.accessible_by(current_ability, :membered) - .paginate(paginate_params) - respond_to :json + authorize :project + @projects = ProjectPolicy::Scope.new(current_user, Project). + membered.paginate(paginate_params) end def get_id - if @project = Project.find_by_owner_and_name(params[:owner], params[:name]) - authorize! :show, @project - else - raise ActiveRecord::RecordNotFound - end - respond_to :json + authorize @project = Project.find_by_owner_and_name!(params[:owner], params[:name]) end def show - respond_to :json end def refs_list @refs = @project.repo.branches + @project.repo.tags.select{ |t| t.commit } - respond_to :json end def update @@ -38,21 +31,20 @@ class Api::V1::ProjectsController < Api::V1::BaseController end def create - p_params = params[:project] || {} - owner_type = p_params[:owner_type] - if owner_type.present? && %w(User Group).include?(owner_type) - @project.owner = owner_type.constantize. - where(id: p_params[:owner_id]).first + @project = Project.new(params[:project]) + p_params = params[:project] || {} + owner_type = %w(User Group).find{ |t| t == p_params[:owner_type] } + if owner_type.present? + @project.owner = owner_type.constantize.find_by(id: p_params[:owner_id]) else @project.owner = nil end - authorize! :write, @project.owner if @project.owner != current_user + authorize @project create_subject @project end def members @members = @project.collaborators.order('uname').paginate(paginate_params) - respond_to :json end def add_member @@ -69,7 +61,9 @@ class Api::V1::ProjectsController < Api::V1::BaseController def fork(is_alias = false) owner = (Group.find params[:group_id] if params[:group_id].present?) || current_user - authorize! :write, owner if owner.class == Group + authorize @project, :show? + authorize owner, :write? if owner.is_a?(Group) + if forked = @project.fork(owner, new_name: params[:fork_name], is_alias: is_alias) and forked.valid? render_json_response forked, 'Project has been forked successfully' else @@ -78,6 +72,14 @@ class Api::V1::ProjectsController < Api::V1::BaseController end def alias + authorize @project fork(true) end + + private + + # Private: before_action hook which loads Project. + def load_project + authorize @project = Project.find(params[:id]) + end end diff --git a/app/controllers/api/v1/pull_requests_controller.rb b/app/controllers/api/v1/pull_requests_controller.rb index 1e68b6234..7dc2a5faf 100644 --- a/app/controllers/api/v1/pull_requests_controller.rb +++ b/app/controllers/api/v1/pull_requests_controller.rb @@ -1,13 +1,13 @@ class Api::V1::PullRequestsController < Api::V1::BaseController - respond_to :json + include Api::V1::Issueable before_action :authenticate_user! - skip_before_action :authenticate_user!, only: [:show, :index, :group_index, :commits, :files] if APP_CONFIG['anonymous_access'] + skip_before_action :authenticate_user!, only: %i(show index group_index commits files) if APP_CONFIG['anonymous_access'] - load_resource :group, only: :group_index, find_by: :id, parent: false - load_resource :project - load_resource :issue, through: :project, find_by: :serial_id, parent: false, only: [:show, :index, :commits, :files, :merge, :update] - load_and_authorize_resource instance_name: :pull, through: :issue, singleton: true, only: [:show, :index, :commits, :files, :merge, :update] + before_action :load_group, only: %i(group_index) + before_action :load_project, except: %i(all_index user_index) + before_action :load_issue, only: %i(show index commits files merge update) + before_action :load_pull, only: %i(show index commits files merge update) def index @pulls = @project.pull_requests @@ -16,13 +16,15 @@ class Api::V1::PullRequestsController < Api::V1::BaseController end def all_index - project_ids = get_all_project_ids Project.accessible_by(current_ability, :membered).pluck(:id) + authorize :pull_request, :index? + project_ids = get_all_project_ids membered_projects.pluck(:id) @pulls = PullRequest.where('pull_requests.to_project_id IN (?)', project_ids) @pulls_url = api_v1_pull_requests_path format: :json render_pulls_list end def user_index + authorize :pull_request, :index? project_ids = get_all_project_ids current_user.projects.pluck(:id) @pulls = PullRequest.where('pull_requests.to_project_id IN (?)', project_ids) @pulls_url = pull_requests_api_v1_user_path format: :json @@ -31,31 +33,31 @@ class Api::V1::PullRequestsController < Api::V1::BaseController def group_index project_ids = @group.projects.pluck(:id) - project_ids = Project.accessible_by(current_ability, :membered).where(id: project_ids).pluck(:id) + project_ids = membered_projects.where(id: project_ids).pluck(:id) @pulls = PullRequest.where(to_project_id: project_ids) @pulls_url = pull_requests_api_v1_group_path render_pulls_list end def show - redirect_to api_v1_project_issue_path(@project.id, @issue.serial_id) if @pull.nil? - respond_to :json + redirect_to api_v1_project_issue_path(@project.id, @issue.serial_id) and return if @pull.nil? end def create - from_project = Project.find(pull_params[:from_project_id]) if pull_params[:from_project_id].present? + from_project = Project.find_by(id: pull_params[:from_project_id]) from_project ||= @project - authorize! :read, from_project + authorize from_project, :show? - @pull = @project.pull_requests.new + @pull = @project.pull_requests.build @pull.build_issue title: pull_params[:title], body: pull_params[:body] @pull.from_project = from_project @pull.to_ref, @pull.from_ref = pull_params[:to_ref], pull_params[:from_ref] - @pull.issue.assignee_id = pull_params[:assignee_id] if can?(:write, @project) + @pull.issue.assignee_id = pull_params[:assignee_id] if policy(@project).write? @pull.issue.user, @pull.issue.project = current_user, @project @pull.issue.new_pull_request = true render_validation_error(@pull, "#{@pull.class.name} has not been created") && return unless @pull.valid? + authorize @pull @pull.save # set pull id @pull.reload @pull.check(false) # don't make event transaction @@ -71,13 +73,13 @@ class Api::V1::PullRequestsController < Api::V1::BaseController def update @pull = @project.pull_requests.includes(:issue).where(issues: {serial_id: params[:id]}).first - authorize! :update, @pull + authorize @pull if pull_params.present? attrs = pull_params.slice(:title, :body) - attrs.merge!(assignee_id: pull_params[:assignee_id]) if can?(:write, @project) + attrs.merge!(assignee_id: pull_params[:assignee_id]) if policy(@project).write? - if (action = pull_params[:status]) && %w(close reopen).include?(pull_params[:status]) + if action = %w(close reopen).find{ |s| s == pull_params[:status] } if @pull.send("can_#{action}?") @pull.set_user_and_time current_user need_check = true if action == 'reopen' && @pull.valid? @@ -96,16 +98,17 @@ class Api::V1::PullRequestsController < Api::V1::BaseController end def commits + authorize @pull @commits = @pull.repo.commits_between(@pull.to_commit, @pull.from_commit).paginate(paginate_params) - respond_to :json end def files + authorize @pull @stats = @pull.diff_stats.zip(@pull.diff).paginate(paginate_params) - respond_to :json end def merge + authorize @pull class_name = @pull.class.name if @pull.merge!(current_user) render_json_response @pull, "#{class_name} has been merged successfully" @@ -116,6 +119,12 @@ class Api::V1::PullRequestsController < Api::V1::BaseController private + # Private: before_action hook which loads PullRequest. + def load_pull + @pull = @issue.pull_request + authorize @pull, :show? if @pull + end + def render_pulls_list @pulls = @pulls.includes(issue: [:user, :assignee]) if params[:status] == 'closed' @@ -154,22 +163,9 @@ class Api::V1::PullRequestsController < Api::V1::BaseController @pulls = @pulls.where('issues.created_at >= to_timestamp(?)', params[:since]) if params[:since] =~ /\A\d+\z/ @pulls = @pulls.paginate(paginate_params) - respond_to do |format| - format.json { render :index } - end + render :index end - def get_all_project_ids default_project_ids - project_ids = [] - if ['created', 'all'].include? params[:filter] - # add own pulls - project_ids = Project.accessible_by(current_ability, :show).joins(:issues). - where(issues: {user_id: current_user.id}).pluck('projects.id') - end - project_ids |= default_project_ids - end - - def pull_params @pull_params ||= params[:pull_request] || {} end diff --git a/app/controllers/api/v1/repositories_controller.rb b/app/controllers/api/v1/repositories_controller.rb index 389b958d9..9a7d4e195 100644 --- a/app/controllers/api/v1/repositories_controller.rb +++ b/app/controllers/api/v1/repositories_controller.rb @@ -3,16 +3,13 @@ class Api::V1::RepositoriesController < Api::V1::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:show, :projects] if APP_CONFIG['anonymous_access'] - - load_and_authorize_resource :repository, through: :platform, shallow: true + before_action :load_repository def show - respond_to :json end def projects @projects = @repository.projects.recent.paginate(paginate_params) - respond_to :json end def update @@ -32,7 +29,6 @@ class Api::V1::RepositoriesController < Api::V1::BaseController end def key_pair - respond_to :json end # Only one request per 15 minutes for each platform @@ -40,7 +36,7 @@ class Api::V1::RepositoriesController < Api::V1::BaseController key, now = [@repository.platform.id, :repository_packages], Time.zone.now last_request = Rails.cache.read(key) if last_request.present? && last_request + 15.minutes > now - raise CanCan::AccessDenied + raise Pundit::NotAuthorizedError else Rails.cache.write(key, now, expires_at: 15.minutes) @@ -77,7 +73,7 @@ class Api::V1::RepositoriesController < Api::V1::BaseController def add_project if project = Project.where(id: params[:project_id]).first - if can?(:read, project) + if policy(project).read? begin @repository.projects << project render_json_response @repository, "Project '#{project.id}' has been added to repository successfully" @@ -110,4 +106,11 @@ class Api::V1::RepositoriesController < Api::V1::BaseController end end -end \ No newline at end of file + private + + # Private: before_action hook which loads Repository. + def load_repository + authorize @repository = Repository.find(params[:id]) + end + +end diff --git a/app/controllers/api/v1/search_controller.rb b/app/controllers/api/v1/search_controller.rb index ff27a2f24..c4a07dcfc 100644 --- a/app/controllers/api/v1/search_controller.rb +++ b/app/controllers/api/v1/search_controller.rb @@ -1,14 +1,12 @@ class Api::V1::SearchController < Api::V1::BaseController - before_action :authenticate_user! unless APP_CONFIG['anonymous_access'] - def index - search = Search.new(params[:query], current_ability, paginate_params) + authorize :search + + search = Search.new(params[:query], current_user, paginate_params) types = Search::TYPES.find{ |t| t == params[:type] } || Search::TYPES @results = {} [types].flatten.each do |type| @results[type] = search.send(type) end - - respond_to :json end -end \ No newline at end of file +end diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb index 6dee2793b..33060f508 100644 --- a/app/controllers/api/v1/users_controller.rb +++ b/app/controllers/api/v1/users_controller.rb @@ -2,18 +2,15 @@ class Api::V1::UsersController < Api::V1::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:show] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource :user, only: :show + before_action :load_user, only: %i(show) before_action :set_current_user, except: :show def show @user = User.opened.find params[:id] # dont show system users - respond_to :json end def show_current_user - respond_to do |format| - format.json { render :show } - end + render :show end def update @@ -37,15 +34,18 @@ class Api::V1::UsersController < Api::V1::BaseController else render_json_response @user, error_message(@user.notifier, 'User notification settings have not been updated'), 422 end - else - respond_to :json end end protected def set_current_user - @user = current_user + authorize @user = current_user + end + + # Private: before_action hook which loads User. + def load_user + authorize @user = User.find(params[:id]) end end diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c30360a5f..3043b47b7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,4 +1,7 @@ class ApplicationController < ActionController::Base + include StrongParams + include Pundit + AIRBRAKE_IGNORE = [ ActionController::InvalidAuthenticityToken, AbstractController::ActionNotFound @@ -14,7 +17,10 @@ class ApplicationController < ActionController::Base before_action :set_locale before_action -> { EventLog.current_controller = self }, only: [:create, :destroy, :open_id, :cancel, :publish, :change_visibility] # :update + before_action :banned? after_action -> { EventLog.current_controller = nil } + after_action :verify_authorized, unless: :devise_controller? + skip_after_action :verify_authorized, only: %i(render_500 render_404) helper_method :get_owner @@ -27,7 +33,7 @@ class ApplicationController < ActionController::Base AbstractController::ActionNotFound, with: :render_404 end - rescue_from CanCan::AccessDenied do |exception| + rescue_from Pundit::NotAuthorizedError do |exception| redirect_to forbidden_url, alert: t("flash.exception_message") end @@ -40,6 +46,15 @@ class ApplicationController < ActionController::Base protected + # Disables access to site for banned users + def banned? + if user_signed_in? && current_user.access_locked? + sign_out current_user + flash[:error] = I18n.t('devise.failure.locked') + redirect_to root_path + end + end + # For this example, we are simply using token authentication # via parameters. However, anyone could use Rails's token # authentication features to get the token from a header. @@ -75,6 +90,8 @@ class ApplicationController < ActionController::Base if Rails.env.production? && !AIRBRAKE_IGNORE.include?(e.class) notify_airbrake(e) end + Rails.logger.error e.message + Rails.logger.error e.backtrace.inspect render_error 500 end diff --git a/app/controllers/autocompletes_controller.rb b/app/controllers/autocompletes_controller.rb index e6ec9bbc9..17798401e 100644 --- a/app/controllers/autocompletes_controller.rb +++ b/app/controllers/autocompletes_controller.rb @@ -1,5 +1,6 @@ class AutocompletesController < ApplicationController - before_action :authenticate_user! + before_action :authenticate_user! + skip_after_action :verify_authorized def autocomplete_user_uname results = User.opened.search(params[:query]).search_order.limit(5) @@ -13,7 +14,8 @@ class AutocompletesController < ApplicationController end def autocomplete_extra_build_list - bl = BuildList.for_extra_build_lists(params[:term], current_ability, save_to_platform).first + bl = BuildListPolicy::Scope.new(current_user, BuildList).read. + for_extra_build_lists(params[:term], save_to_platform).first results << { :id => bl.id, :value => bl.id, :label => "#{bl.id} (#{bl.project.name} - #{bl.arch.name})", @@ -29,16 +31,16 @@ class AutocompletesController < ApplicationController value: mb.id, label: "#{mb.id} - #{mb.name}", path: platform_mass_build_path(mb.save_to_platform, mb) - } if mb && can?(:show, mb) + } if mb && policy(mb).show? render json: results.to_json end def autocomplete_extra_repositories # Only personal and build for platform repositories can be attached to the build - Platform.includes(:repositories).search(params[:term]).search_order - .accessible_by(current_ability, :read).limit(5) - .where("platforms.platform_type = 'personal' OR platforms.id = ?", - params[:build_for_platform_id].to_i).each do |platform| + platforms = PlatformPolicy::Scope.new(current_user, Platform).show. + includes(:repositories).search(params[:term]).search_order.limit(5). + where("platforms.platform_type = 'personal' OR platforms.id = ?", params[:build_for_platform_id]) + platforms.each do |platform| platform.repositories.each do |repository| results << { @@ -56,7 +58,7 @@ class AutocompletesController < ApplicationController protected def save_to_platform - @save_to_platform ||= Platform.find(params[:platform_id]) + @save_to_platform ||= Platform.find_cached(params[:platform_id]) end def results diff --git a/app/controllers/concerns/api/v1/issueable.rb b/app/controllers/concerns/api/v1/issueable.rb new file mode 100644 index 000000000..b64ef994c --- /dev/null +++ b/app/controllers/concerns/api/v1/issueable.rb @@ -0,0 +1,45 @@ +module Api + module V1 + module Issueable + extend ActiveSupport::Concern + + protected + + # Private: before_action hook which loads Group. + def load_group + authorize @group = Group.find(params[:id]), :show? + end + + # Private: before_action hook which loads Project. + def load_project + authorize @project = Project.find(params[:project_id]), :show? + end + + # Private: before_action hook which loads Issue. + def load_issue + authorize @issue = @project.issues.find_by!(serial_id: params[:id]), :show? + end + + # Private: Get membered projects. + # + # Returns the ActiveRecord::Relation instance. + def membered_projects + @membered_projects ||= ProjectPolicy::Scope.new(current_user, Project).membered + end + + # Private: Get project ids which available for current user. + # + # Returns the Array of project ids. + def get_all_project_ids(default_project_ids) + project_ids = [] + if %w(created all).include? params[:filter] + # add own issues + project_ids = Project.opened.joins(:issues). + where(issues: {user_id: current_user.id}). + pluck('projects.id') + end + project_ids | default_project_ids + end + end + end +end diff --git a/app/controllers/concerns/strong_params.rb b/app/controllers/concerns/strong_params.rb new file mode 100644 index 000000000..0e798ded1 --- /dev/null +++ b/app/controllers/concerns/strong_params.rb @@ -0,0 +1,9 @@ +module StrongParams + extend ActiveSupport::Concern + + protected + + def permit_params(param_name, *accessible) + (params[param_name] || ActionController::Parameters.new).permit(*accessible.flatten) + end +end diff --git a/app/controllers/contacts_controller.rb b/app/controllers/contacts_controller.rb index 207182722..519b3bd65 100644 --- a/app/controllers/contacts_controller.rb +++ b/app/controllers/contacts_controller.rb @@ -1,4 +1,5 @@ class ContactsController < ApplicationController + skip_after_action :verify_authorized def new @form = Feedback.new(current_user) diff --git a/app/controllers/groups/base_controller.rb b/app/controllers/groups/base_controller.rb index 8ae7d9344..db18ac584 100644 --- a/app/controllers/groups/base_controller.rb +++ b/app/controllers/groups/base_controller.rb @@ -4,6 +4,7 @@ class Groups::BaseController < ApplicationController protected + # Private: before_action hook which loads Group. def find_group if group_id = params[:uname] || params[:group_id] || params[:id] @group = Group.find_by_insensitive_uname! group_id diff --git a/app/controllers/groups/members_controller.rb b/app/controllers/groups/members_controller.rb index e70119a9c..c3293e7f7 100644 --- a/app/controllers/groups/members_controller.rb +++ b/app/controllers/groups/members_controller.rb @@ -1,12 +1,12 @@ class Groups::MembersController < Groups::BaseController - before_action -> { authorize! :manage_members, @group } + before_action -> { authorize @group, :manage_members? } def index @members = @group.members.order(:uname) - [@group.owner] end def update - raise CanCan::AccessDenied if @group.owner_id.to_s == params[:member_id] + raise Pundit::NotAuthorizedError if @group.owner_id.to_s == params[:member_id] relation = @group.actors.where(actor_id: params[:member_id], actor_type: 'User').first relation ||= @group.actors.build(actor_id: params[:member_id], actor_type: 'User') @@ -25,7 +25,7 @@ class Groups::MembersController < Groups::BaseController end def add - @user = User.where(id: params[:member_id]).first + @user = User.find_by(id: params[:member_id]) if !@user flash[:error] = t("flash.collaborators.wrong_user", uname: params[:user_uname]) elsif @group.add_member(@user, params[:role]) diff --git a/app/controllers/groups/profile_controller.rb b/app/controllers/groups/profile_controller.rb index 5c5d7b40b..27cbce4c9 100644 --- a/app/controllers/groups/profile_controller.rb +++ b/app/controllers/groups/profile_controller.rb @@ -2,15 +2,16 @@ class Groups::ProfileController < Groups::BaseController include AvatarHelper include PaginateHelper - load_and_authorize_resource class: Group, instance_name: 'group' skip_before_action :authenticate_user!, only: :show if APP_CONFIG['anonymous_access'] def index + authorize :group @groups = current_user.groups.paginate(page: params[:group_page]) # accessible_by(current_ability) @groups = @groups.search(params[:query]) if params[:query].present? end def show + authorize @group respond_to do |format| format.html do @members = @group.members.order(:uname) @@ -21,9 +22,10 @@ class Groups::ProfileController < Groups::BaseController when 'open' @projects = @projects.opened when 'hidden' - @projects = @projects.by_visibilities('hidden').accessible_by(current_ability, :read) + @projects = @projects.by_visibilities('hidden') + @projects = @projects.none unless policy(@group).reader? else - @projects = @projects.accessible_by(current_ability, :read) + @projects = @projects.opened unless policy(@group).reader? end @total_items = @projects.count @projects = @projects.paginate(paginate_params) @@ -33,13 +35,15 @@ class Groups::ProfileController < Groups::BaseController end def new + authorize @group = current_user.own_groups.build end def edit + authorize @group end def create - @group = current_user.own_groups.new params[:group] + authorize @group = current_user.own_groups.build(params[:group]) if @group.save flash[:notice] = t('flash.group.saved') redirect_to group_path(@group) @@ -51,6 +55,7 @@ class Groups::ProfileController < Groups::BaseController end def update + authorize @group if @group.update_attributes(params[:group]) update_avatar(@group, params) flash[:notice] = t('flash.group.saved') @@ -62,12 +67,14 @@ class Groups::ProfileController < Groups::BaseController end def destroy + authorize @group @group.destroy flash[:notice] = t("flash.group.destroyed") redirect_to groups_path end def remove_user + authorize @group Relation.by_actor(current_user).by_target(@group).destroy_all redirect_to groups_path end diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb index a644eb8a1..97ce0aa3a 100644 --- a/app/controllers/home_controller.rb +++ b/app/controllers/home_controller.rb @@ -1,5 +1,6 @@ class HomeController < ApplicationController before_action :authenticate_user!, only: [:activity, :issues, :pull_requests] + skip_after_action :verify_authorized def root respond_to do |format| @@ -23,7 +24,7 @@ class HomeController < ApplicationController def issues @created_issues = current_user.issues @assigned_issues = Issue.where(assignee_id: current_user.id) - pr_ids = Project.accessible_by(current_ability, :membered).uniq.pluck(:id) + pr_ids = ProjectPolicy::Scope.new(current_user, Project).membered.uniq.pluck(:id) @all_issues = Issue.where(project_id: pr_ids) @created_issues, @assigned_issues, @all_issues = if action_name == 'issues' @@ -66,4 +67,4 @@ class HomeController < ApplicationController def pull_requests issues end -end \ No newline at end of file +end diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb index a4bb80869..40d3ed2f8 100644 --- a/app/controllers/pages_controller.rb +++ b/app/controllers/pages_controller.rb @@ -1,4 +1,5 @@ class PagesController < ApplicationController + skip_after_action :verify_authorized def tour_inside @entries = case params[:id] diff --git a/app/controllers/platforms/base_controller.rb b/app/controllers/platforms/base_controller.rb index 16b4dcef3..0ab91fa89 100644 --- a/app/controllers/platforms/base_controller.rb +++ b/app/controllers/platforms/base_controller.rb @@ -1,2 +1,11 @@ class Platforms::BaseController < ApplicationController + before_action :load_platform + +protected + + def load_platform + return unless params[:platform_id] + authorize @platform = Platform.find_cached(params[:platform_id]), :show? + end + end diff --git a/app/controllers/platforms/contents_controller.rb b/app/controllers/platforms/contents_controller.rb index ee4a8e796..904f005dc 100644 --- a/app/controllers/platforms/contents_controller.rb +++ b/app/controllers/platforms/contents_controller.rb @@ -4,8 +4,6 @@ class Platforms::ContentsController < Platforms::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: :index if APP_CONFIG['anonymous_access'] - load_and_authorize_resource :platform - def index respond_to do |format| format.html @@ -22,7 +20,7 @@ class Platforms::ContentsController < Platforms::BaseController end def remove_file - authorize!(:remove_file, @platform) + authorize @platform PlatformContent.remove_file(@platform, params[:path]) render nothing: true end diff --git a/app/controllers/platforms/key_pairs_controller.rb b/app/controllers/platforms/key_pairs_controller.rb index 22522e6f0..1c024c83a 100644 --- a/app/controllers/platforms/key_pairs_controller.rb +++ b/app/controllers/platforms/key_pairs_controller.rb @@ -1,16 +1,14 @@ class Platforms::KeyPairsController < Platforms::BaseController before_action :authenticate_user! - load_and_authorize_resource :platform - load_and_authorize_resource only: [:create, :destroy] - def index @key_pair = KeyPair.new end def create + @key_pair = KeyPair.new params[:key_pair] @key_pair.user_id = current_user.id - + authorize @key_pair if @key_pair.save flash[:notice] = t('flash.key_pairs.saved') redirect_to platform_key_pairs_path(@key_pair.repository.platform) and return @@ -21,6 +19,7 @@ class Platforms::KeyPairsController < Platforms::BaseController end def destroy + authorize @key_pair = @platform.key_pairs.find(params[:id]) if @key_pair.destroy flash[:notice] = t('flash.key_pairs.destroyed') else diff --git a/app/controllers/platforms/maintainers_controller.rb b/app/controllers/platforms/maintainers_controller.rb index ba6f70eb6..1c181a848 100644 --- a/app/controllers/platforms/maintainers_controller.rb +++ b/app/controllers/platforms/maintainers_controller.rb @@ -1,7 +1,6 @@ -class Platforms::MaintainersController < ApplicationController +class Platforms::MaintainersController < Platforms::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:index] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource :platform def index @maintainer = BuildList::Package.new(params[:build_list_package]) diff --git a/app/controllers/platforms/mass_builds_controller.rb b/app/controllers/platforms/mass_builds_controller.rb index 70daee366..de7674f28 100644 --- a/app/controllers/platforms/mass_builds_controller.rb +++ b/app/controllers/platforms/mass_builds_controller.rb @@ -4,28 +4,30 @@ class Platforms::MassBuildsController < Platforms::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:index, :get_list] if APP_CONFIG['anonymous_access'] - load_resource :platform - load_and_authorize_resource :through => :platform, :shallow => true - + before_action :find_mass_build, only: %i(show publish cancel get_list) def new if params[:mass_build_id].present? @mass_build = @platform.mass_builds.find(params[:mass_build_id]).dup @mass_build.arches = Arch.where(name: @mass_build.arch_names.split(', ')).pluck(:id) end + authorize @mass_build ||= @platform.mass_builds.build @mass_build.arches ||= @platform.platform_arch_settings.by_default.pluck(:arch_id) @mass_build.repositories ||= [] @mass_build.arches.map!(&:to_s) end def show + authorize @platform.mass_builds.find(params[:id]) end def create + @mass_build = @platform.mass_builds.build(params[:mass_build]) @mass_build.user = current_user @mass_build.arches = params[:arches] || [] @mass_build.repositories ||= params[:repositories] || [] + authorize @mass_build if @mass_build.save redirect_to(platform_mass_builds_path(@platform), notice: t("flash.platform.build_all_success")) else @@ -57,7 +59,6 @@ class Platforms::MassBuildsController < Platforms::BaseController end def get_list - text = case params[:kind] when 'failed_builds_list', 'tests_failed_builds_list', 'success_builds_list' @@ -67,4 +68,11 @@ class Platforms::MassBuildsController < Platforms::BaseController end render text: text end + + private + + # Private: before_action hook which loads MassBuild. + def find_mass_build + authorize @mass_build = @platform.mass_builds.find(params[:id]) + end end diff --git a/app/controllers/platforms/platforms_controller.rb b/app/controllers/platforms/platforms_controller.rb index 8762c11c2..0404292e0 100644 --- a/app/controllers/platforms/platforms_controller.rb +++ b/app/controllers/platforms/platforms_controller.rb @@ -3,14 +3,14 @@ class Platforms::PlatformsController < Platforms::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:advisories, :members, :show] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource def index + authorize :platform respond_to do |format| format.html {} format.json { - @platforms = @platforms.accessible_by(current_ability, :related) + @platforms = PlatformPolicy::Scope.new(current_user, Platform).related @platforms_count = @platforms.count @platforms = @platforms.paginate(page: current_page, per_page: Platform.per_page) } @@ -21,18 +21,20 @@ class Platforms::PlatformsController < Platforms::BaseController end def new + authorize @platform = Platform.new @admin_uname = current_user.uname @admin_id = current_user.id - @platform = Platform.new end def edit + authorize @platform @admin_id = @platform.owner.id @admin_uname = @platform.owner.uname end def create - @admin_id = params[:admin_id] + authorize @platform = Platform.new(params[:platform]) + @admin_id = params[:admin_id] @admin_uname = params[:admin_uname] # FIXME: do not allow manipulate owner model, only platforms onwer_id and onwer_type @platform.owner = @admin_id.blank? ? get_owner : User.find(@admin_id) @@ -47,6 +49,7 @@ class Platforms::PlatformsController < Platforms::BaseController end def update + authorize @platform @admin_id = params[:admin_id] @admin_uname = params[:admin_uname] @@ -54,7 +57,6 @@ class Platforms::PlatformsController < Platforms::BaseController platform_params = platform_params.slice(:description, :platform_arch_settings_attributes, :released, :automatic_metadata_regeneration, :default_branch) platform_params[:owner] = User.find(@admin_id) if @admin_id.present? - respond_to do |format| format.html do if @platform.update_attributes(platform_params) @@ -76,6 +78,7 @@ class Platforms::PlatformsController < Platforms::BaseController end def regenerate_metadata + authorize @platform if @platform.regenerate flash[:notice] = I18n.t('flash.platform.saved') else @@ -85,6 +88,7 @@ class Platforms::PlatformsController < Platforms::BaseController end def change_visibility + authorize @platform if @platform.change_visibility flash[:notice] = I18n.t("flash.platform.saved") redirect_to @platform @@ -96,12 +100,14 @@ class Platforms::PlatformsController < Platforms::BaseController end def clone + authorize @platform @cloned = Platform.new @cloned.name = @platform.name + "_clone" @cloned.description = @platform.description + "_clone" end def make_clone + authorize @platform @cloned = @platform.full_clone params[:platform].merge(owner: current_user) if @cloned.persisted? flash[:notice] = I18n.t("flash.platform.clone_success") @@ -113,16 +119,19 @@ class Platforms::PlatformsController < Platforms::BaseController end def destroy + authorize @platform @platform.destroy # later with resque flash[:notice] = t("flash.platform.destroyed") redirect_to platforms_path end def members + authorize @platform @members = @platform.members.order(:uname) end def remove_members + authorize @platform User.where(id: params[:members]).each do |user| @platform.remove_member(user) end @@ -130,7 +139,8 @@ class Platforms::PlatformsController < Platforms::BaseController end def add_member - member = User.where(id: params[:member_id]).first + authorize @platform + member = User.find_by(id: params[:member_id]) if !member flash[:error] = t("flash.collaborators.wrong_user", uname: params[:member_id]) elsif @platform.add_member(member) @@ -142,13 +152,22 @@ class Platforms::PlatformsController < Platforms::BaseController end def advisories + authorize @platform @advisories = @platform.advisories.paginate(page: params[:page]) end def clear + authorize @platform @platform.clear flash[:notice] = t('flash.repository.clear') redirect_to edit_platform_path(@platform) end + private + + # Private: before_action hook which loads Platform. + def load_platform + authorize @platform = Platform.find_cached(params[:id]), :show? if params[:id] + end + end diff --git a/app/controllers/platforms/product_build_lists_controller.rb b/app/controllers/platforms/product_build_lists_controller.rb index c2a3ecf83..74c76b4ea 100644 --- a/app/controllers/platforms/product_build_lists_controller.rb +++ b/app/controllers/platforms/product_build_lists_controller.rb @@ -4,18 +4,17 @@ class Platforms::ProductBuildListsController < Platforms::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:index, :show, :log] if APP_CONFIG['anonymous_access'] before_action :redirect_to_full_path_if_short_url, only: [:show, :update] - load_and_authorize_resource :platform, except: :index - load_and_authorize_resource :product, through: :platform, except: :index - load_and_authorize_resource :product_build_list, through: :product, except: :index - load_and_authorize_resource only: [:index, :show, :log, :cancel, :update] + + before_action :load_product, except: :index + before_action :load_product_build_list, except: [:index, :new, :create] def new - product = @product_build_list.product - @product_build_list.params = product.params - @product_build_list.main_script = product.main_script - @product_build_list.time_living = product.time_living - @product_build_list.project_version = product.project_version - @product_build_list.project = product.project + @product_build_list = @product.product_build_lists.new + @product_build_list.params = @product.params + @product_build_list.main_script = @product.main_script + @product_build_list.time_living = @product.time_living + @product_build_list.project_version = @product.project_version + @product_build_list.project = @product.project unless @product_build_list.project flash[:error] = t('flash.product_build_list.no_project') redirect_to edit_platform_product_path(@platform, @product) @@ -53,6 +52,7 @@ class Platforms::ProductBuildListsController < Platforms::BaseController pbl.user = current_user pbl.base_url = "http://#{request.host_with_port}" + authorize pbl if pbl.save flash[:notice] = t('flash.product.build_started') redirect_to [@platform, @product] @@ -73,8 +73,11 @@ class Platforms::ProductBuildListsController < Platforms::BaseController end def index + authorize :product_build_list @product_build_list = ProductBuildList.new(params[:product_build_list]) @product_build_list.status = nil if params[:product_build_list].try(:[], :status).blank? + @product_build_lists = @platform.product_build_lists if @platform + @product_build_lists ||= PlatformPolicy::Scope.new(current_user, ProductBuildList.joins(product: :platform)).show if @product_build_list.product_id.present? @product_build_lists = @product_build_lists.where(id: @product_build_list.product_id) else @@ -98,4 +101,14 @@ class Platforms::ProductBuildListsController < Platforms::BaseController end end + # Private: before_action hook which loads ProductBuildList. + def load_product_build_list + authorize @product_build_list = ProductBuildList.find(params[:id]) + end + + # Private: before_action hook which loads Product. + def load_product + authorize @product = Product.find(params[:product_id]), :show? if params[:product_id] + end + end diff --git a/app/controllers/platforms/products_controller.rb b/app/controllers/platforms/products_controller.rb index 42eec8516..67714d999 100644 --- a/app/controllers/platforms/products_controller.rb +++ b/app/controllers/platforms/products_controller.rb @@ -4,22 +4,22 @@ class Platforms::ProductsController < Platforms::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource :platform - load_and_authorize_resource :product, through: :platform, except: :autocomplete_project + before_action :load_product, except: %i(index new create autocomplete_project) def index - @products = @products.paginate(page: params[:page]) + authorize @platform.products.new + @products = @platform.products.paginate(page: params[:page]) end def new - @product = @platform.products.new + authorize @product = @platform.products.new end - def edit end def create + authorize @product = @platform.products.build(params[:product]) if @product.save flash[:notice] = t('flash.product.saved') redirect_to platform_product_path(@platform, @product) @@ -53,9 +53,17 @@ class Platforms::ProductsController < Platforms::BaseController end def autocomplete_project - @items = Project.accessible_by(current_ability, :membered) - .by_owner_and_name(params[:query]).limit(20) + authorize :project + @items = ProjectPolicy::Scope.new(current_user, Project).membered. + by_owner_and_name(params[:query]).limit(20) #items.select! {|e| e.repo.branches.count > 0} end + private + + # Private: before_action hook which loads Product. + def load_product + authorize @product = Product.find(params[:id]) + end + end diff --git a/app/controllers/platforms/repositories_controller.rb b/app/controllers/platforms/repositories_controller.rb index e4e86101f..ec80cfd5e 100644 --- a/app/controllers/platforms/repositories_controller.rb +++ b/app/controllers/platforms/repositories_controller.rb @@ -7,11 +7,12 @@ class Platforms::RepositoriesController < Platforms::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:index, :show, :projects_list] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource :platform - load_and_authorize_resource :repository, through: :platform, shallow: true - before_action :set_members, only: [:edit, :update] + before_action :load_repository, except: [:index, :create, :new] + before_action :set_members, only: [:edit, :update] + before_action -> { @repository = @platform.repositories.find(params[:id]) if params[:id] } def index + @repositories = @platform.repositories @repositories = Repository.custom_sort(@repositories).paginate(page: current_page) end @@ -23,6 +24,7 @@ class Platforms::RepositoriesController < Platforms::BaseController end def update + authorize @repository = @platform.repositories.build(params[:repository]) if @repository.update_attributes params[:repository].slice(:description, :synchronizing_publications, :publish_builds_only_from_branch).merge(publish_without_qa: (params[:repository][:publish_without_qa] || @repository.publish_without_qa)) flash[:notice] = I18n.t("flash.repository.updated") redirect_to platform_repository_path(@platform, @repository) @@ -34,14 +36,14 @@ class Platforms::RepositoriesController < Platforms::BaseController end def remove_members - User.where(id: params[:members]).each do |user| + User.where(id: params[:members]).find_each do |user| @repository.remove_member(user) end redirect_to edit_platform_repository_path(@platform, @repository) end def add_member - if member = User.where(id: params[:member_id]).first + if member = User.find_by(id: params[:member_id]) if @repository.add_member(member) flash[:notice] = t('flash.repository.members.successfully_added', name: member.uname) else @@ -52,11 +54,12 @@ class Platforms::RepositoriesController < Platforms::BaseController end def new - @repository = Repository.new + authorize @repository = @platform.repositories.new @platform_id = params[:platform_id] end def destroy + authorize @repository @repository.destroy flash[:notice] = t("flash.repository.destroyed") @@ -64,7 +67,7 @@ class Platforms::RepositoriesController < Platforms::BaseController end def create - @repository = @platform.repositories.build(params[:repository]) + authorize @repository = @platform.repositories.build(params[:repository]) if @repository.save flash[:notice] = t('flash.repository.saved') redirect_to platform_repository_path(@platform, @repository) @@ -75,6 +78,7 @@ class Platforms::RepositoriesController < Platforms::BaseController end def add_project + authorize @repository if projects_list = params.try(:[], :repository).try(:[], :projects_list) @repository.add_projects projects_list, current_user redirect_to platform_repository_path(@platform, @repository), notice: t('flash.repository.projects_will_be_added') @@ -82,7 +86,7 @@ class Platforms::RepositoriesController < Platforms::BaseController end if params[:project_id].present? @project = Project.find(params[:project_id]) - if can?(:read, @project) + if policy(@project).read? begin @repository.projects << @project flash[:notice] = t('flash.repository.project_added') @@ -149,6 +153,7 @@ class Platforms::RepositoriesController < Platforms::BaseController end def regenerate_metadata + authorize @repository if @repository.regenerate(params[:repository].try :[], :build_for_platform_id) flash[:notice] = t('flash.repository.regenerate_in_queue') else @@ -170,6 +175,11 @@ class Platforms::RepositoriesController < Platforms::BaseController protected + # Private: before_action hook which loads Repository. + def load_repository + authorize @repository = @platform.repositories.find(params[:id]) + end + def set_members @members = @repository.members.order('name') end diff --git a/app/controllers/platforms/tokens_controller.rb b/app/controllers/platforms/tokens_controller.rb index 49a58a722..16b662a90 100644 --- a/app/controllers/platforms/tokens_controller.rb +++ b/app/controllers/platforms/tokens_controller.rb @@ -1,11 +1,10 @@ class Platforms::TokensController < Platforms::BaseController before_action :authenticate_user! - load_resource :platform - load_and_authorize_resource :through => :platform, :shallow => true + before_action :load_token, except: [:index, :create, :new] def index - authorize! :local_admin_manage, @platform + authorize @platform, :local_admin_manage? @tokens = @platform.tokens.includes(:creator, :updater) .paginate(per_page: 20, page: params[:page]) end @@ -24,11 +23,13 @@ class Platforms::TokensController < Platforms::BaseController end def new + authorize @token = @platform.tokens.new end def create @token = @platform.tokens.build params[:token] @token.creator = current_user + authorize @token if @token.save flash[:notice] = t('flash.tokens.saved') redirect_to platform_tokens_path(@platform) @@ -39,4 +40,11 @@ class Platforms::TokensController < Platforms::BaseController end end + protected + + # Private: before_action hook which loads Repository. + def load_token + authorize @token = @platform.tokens.find(params[:id]) + end + end diff --git a/app/controllers/projects/base_controller.rb b/app/controllers/projects/base_controller.rb index 626823400..3722d869e 100644 --- a/app/controllers/projects/base_controller.rb +++ b/app/controllers/projects/base_controller.rb @@ -12,7 +12,8 @@ class Projects::BaseController < ApplicationController end def find_project - @project = Project.find_by_owner_and_name! params[:name_with_owner] if params[:name_with_owner].present? + return if params[:name_with_owner].blank? + authorize @project = Project.find_by_owner_and_name!(params[:name_with_owner]), :show? end def init_statistics diff --git a/app/controllers/projects/build_lists_controller.rb b/app/controllers/projects/build_lists_controller.rb index 983ef4d14..df7e61ce6 100644 --- a/app/controllers/projects/build_lists_controller.rb +++ b/app/controllers/projects/build_lists_controller.rb @@ -7,23 +7,18 @@ class Projects::BuildListsController < Projects::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:show, :index, :log] if APP_CONFIG['anonymous_access'] - before_action :find_build_list, only: [:show, :publish, :cancel, :update, :log, :create_container, :dependent_projects] - - load_and_authorize_resource :project, only: [:new, :create] - load_resource :project, only: :index, parent: false - load_and_authorize_resource :build_list, through: :project, only: NESTED_ACTIONS, shallow: true - load_and_authorize_resource except: NESTED_ACTIONS + before_action :load_build_list, except: NESTED_ACTIONS before_action :create_from_build_list, only: :new def index - authorize!(:show, @project) if @project + authorize :build_list params[:filter].each{|k,v| params[:filter].delete(k) if v.blank? } if params[:filter] respond_to do |format| format.html format.json do - @filter = BuildList::Filter.new(@project, current_user, current_ability, params[:filter] || {}) + @filter = BuildList::Filter.new(@project, current_user, params[:filter] || {}) params[:page] = params[:page].to_i == 0 ? nil : params[:page] params[:per_page] = if BuildList::Filter::PER_PAGE.include? params[:per_page].to_i params[:per_page].to_i @@ -46,6 +41,7 @@ class Projects::BuildListsController < Projects::BaseController end def new + authorize @build_list = @project.build_lists.build if params[:show] == 'inline' && params[:build_list_id].present? render json: new_build_list_data(@build_list, @project, params), layout: false else @@ -73,7 +69,8 @@ class Projects::BuildListsController < Projects::BaseController @build_list.priority = current_user.build_priority # User builds more priority than mass rebuild with zero priority flash_options = { project_version: @build_list.project_version, arch: arch.name, build_for_platform: build_for_platform.name } - if authorize!(:create, @build_list) && @build_list.save + authorize @build_list + if @build_list.save build_lists << @build_list notices << t('flash.build_list.saved', flash_options) else @@ -125,8 +122,6 @@ class Projects::BuildListsController < Projects::BaseController end def dependent_projects - raise CanCan::AccessDenied if @build_list.save_to_platform.personal? - if request.post? prs = params[:build_list] if prs.present? && prs[:projects].present? && prs[:arches].present? @@ -211,6 +206,16 @@ class Projects::BuildListsController < Projects::BaseController protected + # Private: before_action hook which loads BuidList. + def load_build_list + authorize @build_list = + if @project + @project.build_lists + else + BuildList + end.find(params[:id]) + end + def do_and_back(action, prefix, success = 'success', fail = 'fail') result = @build_list.send("can_#{action}?") && @build_list.send(action) message = result ? success : fail @@ -218,10 +223,6 @@ class Projects::BuildListsController < Projects::BaseController redirect_to :back end - def find_build_list - @build_list = BuildList.find(params[:id]) - end - def create_from_build_list return if params[:build_list_id].blank? build_list = @project.build_lists.find(params[:build_list_id]) diff --git a/app/controllers/projects/collaborators_controller.rb b/app/controllers/projects/collaborators_controller.rb index 8ba508a6d..75f84db29 100644 --- a/app/controllers/projects/collaborators_controller.rb +++ b/app/controllers/projects/collaborators_controller.rb @@ -2,7 +2,6 @@ class Projects::CollaboratorsController < Projects::BaseController respond_to :html, :json before_action :authenticate_user! - load_resource :project before_action :authorize_collaborators before_action :find_users @@ -74,6 +73,6 @@ class Projects::CollaboratorsController < Projects::BaseController end def authorize_collaborators - authorize! :update, @project + authorize @project, :update? end end diff --git a/app/controllers/projects/comments_controller.rb b/app/controllers/projects/comments_controller.rb index 54c4f9773..d90cd05a6 100644 --- a/app/controllers/projects/comments_controller.rb +++ b/app/controllers/projects/comments_controller.rb @@ -1,9 +1,7 @@ class Projects::CommentsController < Projects::BaseController before_action :authenticate_user! - load_and_authorize_resource :project before_action :find_commentable before_action :find_or_build_comment - load_and_authorize_resource new: :new_line include CommentsHelper @@ -58,5 +56,6 @@ class Projects::CommentsController < Projects::BaseController def find_or_build_comment @comment = params[:id].present? && Comment.where(automatic: false).find(params[:id]) || current_user.comments.build(params[:comment]) {|c| c.commentable = @commentable; c.project = @project} + authorize @comment end end diff --git a/app/controllers/projects/commit_subscribes_controller.rb b/app/controllers/projects/commit_subscribes_controller.rb index 28d61ac5c..440e52a47 100644 --- a/app/controllers/projects/commit_subscribes_controller.rb +++ b/app/controllers/projects/commit_subscribes_controller.rb @@ -1,7 +1,5 @@ class Projects::CommitSubscribesController < Projects::BaseController before_action :authenticate_user! - load_and_authorize_resource :project - before_action :find_commit def create diff --git a/app/controllers/projects/git/base_controller.rb b/app/controllers/projects/git/base_controller.rb index a52145470..d95c4eb32 100644 --- a/app/controllers/projects/git/base_controller.rb +++ b/app/controllers/projects/git/base_controller.rb @@ -5,7 +5,6 @@ class Projects::Git::BaseController < Projects::BaseController before_action :authenticate_user, only: %i(show index blame raw archive diff tags branches) end - load_and_authorize_resource :project before_action :set_treeish_and_path before_action :set_branch_and_tree diff --git a/app/controllers/projects/git/blobs_controller.rb b/app/controllers/projects/git/blobs_controller.rb index 76d199b88..20979b566 100644 --- a/app/controllers/projects/git/blobs_controller.rb +++ b/app/controllers/projects/git/blobs_controller.rb @@ -1,6 +1,6 @@ class Projects::Git::BlobsController < Projects::Git::BaseController before_action :set_blob - before_action -> {authorize! :write, @project}, only: [:edit, :update] + before_action -> {authorize @project, :write? }, only: [:edit, :update] def show end diff --git a/app/controllers/projects/git/trees_controller.rb b/app/controllers/projects/git/trees_controller.rb index 3d7dfcf69..87cdf3f14 100644 --- a/app/controllers/projects/git/trees_controller.rb +++ b/app/controllers/projects/git/trees_controller.rb @@ -5,8 +5,8 @@ class Projects::Git::TreesController < Projects::Git::BaseController before_action :redirect_to_project, only: :show before_action :resolve_treeish, only: [:branch, :destroy] - skip_authorize_resource :project, only: [:destroy, :restore_branch, :create] - before_action -> { authorize!(:write, @project) }, only: [:destroy, :restore_branch, :create] + # skip_authorize_resource :project, only: [:destroy, :restore_branch, :create] + before_action -> { authorize(@project, :show?) }, only: [:show, :archive, :tags, :branches] def show unless request.xhr? @@ -54,16 +54,19 @@ class Projects::Git::TreesController < Projects::Git::BaseController end def restore_branch + authorize @project, :write? status = @project.create_branch(@treeish, params[:sha], current_user) ? 200 : 422 render nothing: true, status: status end def create + authorize @project, :write? status = @project.create_branch(params[:new_ref], params[:from_ref], current_user) ? 200 : 422 render nothing: true, status: status end def destroy + authorize @project, :write? status = @branch && @project.delete_branch(@branch, current_user) ? 200 : 422 render nothing: true, status: status end diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb index d580e7c08..9bf982207 100644 --- a/app/controllers/projects/hooks_controller.rb +++ b/app/controllers/projects/hooks_controller.rb @@ -1,22 +1,23 @@ class Projects::HooksController < Projects::BaseController before_action :authenticate_user! - load_and_authorize_resource :project - load_and_authorize_resource :hook, through: :project + before_action -> { authorize @project, :update? } + before_action :load_hook, except: %i(index new create) def index - authorize! :edit, @project @name = params[:name] @hooks = @project.hooks.for_name(@name).order('name asc, created_at desc') render(:show) if @name.present? end def new + @hook = @project.hooks.build end def edit end def create + authorize @hook = @project.hooks.build(params[:hook]) if @hook.save redirect_to project_hooks_path(@project, name: @hook.name), notice: t('flash.hook.created') else @@ -41,4 +42,11 @@ class Projects::HooksController < Projects::BaseController redirect_to project_hooks_path(@project, name: @hook.name) end + private + + # Private: before_action hook which loads Hook. + def load_hook + authorize @hook = @project.hooks.find(params[:id]) + end + end diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb index 6c4df4003..006bf947a 100644 --- a/app/controllers/projects/issues_controller.rb +++ b/app/controllers/projects/issues_controller.rb @@ -1,15 +1,15 @@ class Projects::IssuesController < Projects::BaseController - NON_RESTFUL_ACTION = [:create_label, :update_label, :destroy_label] before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access'] - load_resource :project - load_and_authorize_resource :issue, through: :project, find_by: :serial_id, only: [:show, :edit, :update, :destroy, :new, :create, :index] - before_action :load_and_authorize_label, only: NON_RESTFUL_ACTION - before_action :find_collaborators, only: [:new, :create, :show, :search_collaborators] + before_action :load_issue, only: %i(show edit update destroy) + before_action :load_and_authorize_label, only: %i(create_label update_label destroy_label) + before_action :find_collaborators, only: :search_collaborators layout false, only: [:update, :search_collaborators] def index + raise Pundit::NotAuthorizedError unless @project.has_issues? + params[:kind] = params[:kind] == 'pull_requests' ? 'pull_requests' : 'issues' params[:filter] = params[:filter].in?(['created', 'assigned']) ? params[:filter] : 'all' params[:sort] = params[:sort] == 'submitted' ? 'submitted' : 'updated' @@ -22,11 +22,12 @@ class Projects::IssuesController < Projects::BaseController respond_to do |format| format.html { render 'index' } format.json do - if params[:kind] == 'pull_requests' - all_issues = @project.issues.joins(:pull_request) - else - all_issues = @project.issues.without_pull_requests - end + all_issues = + if params[:kind] == 'pull_requests' + @project.issues.joins(:pull_request) + else + @project.issues.without_pull_requests + end @all_issues = all_issues if current_user @@ -74,15 +75,18 @@ class Projects::IssuesController < Projects::BaseController end def new + authorize @issue = @project.issues.build end def create + @issue = @project.issues.build(params[:issue]) @issue.user_id = current_user.id - unless can?(:write, @project) + unless policy(@project).write? @issue.assignee_id = nil @issue.labelings = [] end + authorize @issue if @issue.save @issue.subscribe_creator(current_user.id) flash[:notice] = I18n.t("flash.issue.saved") @@ -104,7 +108,7 @@ class Projects::IssuesController < Projects::BaseController format.json { status = 200 - unless can?(:write, @project) + unless policy(@project).write? params.delete :update_labels [:assignee_id, :labelings, :labelings_attributes].each do |k| params[:issue].delete k @@ -165,8 +169,14 @@ class Projects::IssuesController < Projects::BaseController private + # Private: before_action hook which loads Issue. + def load_issue + authorize @issue = @project.issues.find_by!(serial_id: params[:id]) + end + + # Private: before_action hook which loads Label. def load_and_authorize_label - authorize! :write, @project - @label = Label.find(params[:label_id]) if params[:label_id] + authorize @project, :write? + @label = @project.labels.find(params[:label_id]) if params[:label_id] end end diff --git a/app/controllers/projects/projects_controller.rb b/app/controllers/projects/projects_controller.rb index 84a1ba68b..6ff4a2a06 100644 --- a/app/controllers/projects/projects_controller.rb +++ b/app/controllers/projects/projects_controller.rb @@ -3,11 +3,11 @@ class Projects::ProjectsController < Projects::BaseController include ProjectsHelper before_action :authenticate_user! - load_and_authorize_resource id_param: :name_with_owner # to force member actions load before_action :who_owns, only: [:new, :create, :mass_import, :run_mass_import] def index - @projects = Project.accessible_by(current_ability, :membered).search(params[:search]) + authorize :project + @projects = ProjectPolicy::Scope.new(current_user, Project).membered.search(params[:search]) respond_to do |format| format.html { @groups = current_user.groups @@ -24,18 +24,19 @@ class Projects::ProjectsController < Projects::BaseController end def new + authorize :project @project = Project.new end def mass_import + authorize :project @project = Project.new(mass_import: true) end def run_mass_import @project = Project.new params[:project] @project.owner = choose_owner - authorize! :write, @project.owner if @project.owner.class == Group - authorize! :add_project, Repository.find(params[:project][:add_to_repository_id]) + authorize @project @project.valid? @project.errors.messages.slice! :url if @project.errors.messages.blank? # We need only url validation @@ -48,13 +49,14 @@ class Projects::ProjectsController < Projects::BaseController end def edit + authorize @project @project_aliases = Project.project_aliases(@project).paginate(page: current_page) end def create @project = Project.new params[:project] @project.owner = choose_owner - authorize! :write, @project.owner if @project.owner.class == Group + authorize @project if @project.save flash[:notice] = t('flash.project.saved') @@ -67,6 +69,7 @@ class Projects::ProjectsController < Projects::BaseController end def update + authorize @project params[:project].delete(:maintainer_id) if params[:project][:maintainer_id].blank? respond_to do |format| format.html do @@ -82,18 +85,19 @@ class Projects::ProjectsController < Projects::BaseController end format.json do if @project.update_attributes(params[:project]) - render json: { notice: I18n.t('flash.project.saved') }.to_json + render json: { notice: I18n.t('flash.project.saved') } else - render json: { error: I18n.t('flash.project.save_error') }.to_json, status: 422 + render json: { error: I18n.t('flash.project.save_error') }, status: 422 end end end end def schedule + authorize @project p_to_r = @project.project_to_repositories.where(repository_id: params[:repository_id]).first unless p_to_r.repository.publish_without_qa - authorize! :local_admin_manage, p_to_r.repository.platform + authorize p_to_r.repository.platform, :local_admin_manage? end p_to_r.user_id = current_user.id p_to_r.enabled = params[:enabled].present? @@ -107,6 +111,7 @@ class Projects::ProjectsController < Projects::BaseController end def destroy + authorize @project @project.destroy flash[:notice] = t("flash.project.destroyed") redirect_to @project.owner @@ -114,8 +119,7 @@ class Projects::ProjectsController < Projects::BaseController def fork(is_alias = false) owner = (Group.find params[:group] if params[:group].present?) || current_user - authorize! :write, owner if owner.class == Group - + authorize owner, :write? if forked = @project.fork(owner, new_name: params[:fork_name], is_alias: is_alias) and forked.valid? redirect_to forked, notice: t("flash.project.forked") else @@ -126,15 +130,18 @@ class Projects::ProjectsController < Projects::BaseController end def alias + authorize @project fork(true) end def possible_forks + authorize @project render partial: 'projects/git/base/forks', layout: false, locals: { owner: current_user, name: (params[:name].presence || @project.name) } end def sections + authorize @project, :update? if request.patch? if @project.update_attributes(params[:project]) flash[:notice] = t('flash.project.saved') @@ -147,6 +154,7 @@ class Projects::ProjectsController < Projects::BaseController end def remove_user + authorize @project @project.relations.by_actor(current_user).destroy_all respond_to do |format| format.html do @@ -158,6 +166,7 @@ class Projects::ProjectsController < Projects::BaseController end def autocomplete_maintainers + authorize @project term, limit = params[:query], params[:limit] || 10 items = User.member_of_project(@project) .where("users.name ILIKE ? OR users.uname ILIKE ?", "%#{term}%", "%#{term}%") @@ -166,6 +175,7 @@ class Projects::ProjectsController < Projects::BaseController end def preview + authorize @project respond_to do |format| format.json {} format.html {render inline: view_context.markdown(params[:text]), layout: false} @@ -173,6 +183,7 @@ class Projects::ProjectsController < Projects::BaseController end def refs_list + authorize @project refs = @project.repo.branches_and_tags.map(&:name) @selected = params[:selected] if refs.include?(params[:selected]) @selected ||= @project.resolve_default_branch diff --git a/app/controllers/projects/pull_requests_controller.rb b/app/controllers/projects/pull_requests_controller.rb index dd71e5ddc..89337f716 100644 --- a/app/controllers/projects/pull_requests_controller.rb +++ b/app/controllers/projects/pull_requests_controller.rb @@ -1,20 +1,19 @@ class Projects::PullRequestsController < Projects::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access'] - load_and_authorize_resource :project - load_resource :issue, through: :project, find_by: :serial_id, parent: false, except: [:index, :autocomplete_to_project] - load_and_authorize_resource instance_name: :pull, through: :issue, singleton: true, except: [:index, :autocomplete_to_project] - before_action :find_collaborators, only: [:new, :create, :show] + before_action :load_issue, except: %i(index autocomplete_to_project new create) + before_action :load_pull, except: %i(index autocomplete_to_project new create) def new to_project = find_destination_project(false) - authorize! :read, to_project + authorize to_project, :show? - @pull = to_project.pull_requests.new - @pull.issue = to_project.issues.new + @pull = to_project.pull_requests.new + @issue = @pull.issue = to_project.issues.new set_attrs + authorize @pull if PullRequest.check_ref(@pull, 'to', @pull.to_ref) && PullRequest.check_ref(@pull, 'from', @pull.from_ref) || @pull.uniq_merge flash.now[:warning] = @pull.errors.full_messages.join('. ') else @@ -33,15 +32,17 @@ class Projects::PullRequestsController < Projects::BaseController redirect :back end to_project = find_destination_project - authorize! :read, to_project + authorize to_project, :show? - @pull = to_project.pull_requests.new pull_params - @pull.issue.assignee_id = (params[:issue] || {})[:assignee_id] if can?(:write, to_project) + @pull = to_project.pull_requests.new pull_params + @issue = @pull.issue + @pull.issue.assignee_id = (params[:issue] || {})[:assignee_id] if policy(to_project).write? @pull.issue.user, @pull.issue.project, @pull.from_project = current_user, to_project, @project @pull.from_project_owner_uname = @pull.from_project.owner.uname @pull.from_project_name = @pull.from_project.name @pull.issue.new_pull_request = true + authorize @pull if @pull.valid? # FIXME more clean/clever logics @pull.save # set pull id @pull.reload @@ -67,11 +68,13 @@ class Projects::PullRequestsController < Projects::BaseController end def merge + authorize @pull status = @pull.merge!(current_user) ? 200 : 422 render nothing: true, status: status end def update + authorize @pull status = 422 if (action = params[:pull_request_action]) && %w(close reopen).include?(params[:pull_request_action]) if @pull.send("can_#{action}?") @@ -106,7 +109,7 @@ class Projects::PullRequestsController < Projects::BaseController term = params[:query].to_s.strip.downcase [ Project.where(id: @project.pull_requests.last.try(:to_project_id)), @project.ancestors, - Project.accessible_by(current_ability, :membered) + ProjectPolicy::Scope.new(current_user, Project).membered ].each do |p| items.concat p.by_owner_and_name(term) end @@ -116,6 +119,17 @@ class Projects::PullRequestsController < Projects::BaseController protected + # Private: before_action hook which loads Issue. + def load_issue + @issue = @project.issues.find_by!(serial_id: params[:id]) + end + + # Private: before_action hook which loads PullRequest. + def load_pull + @pull = @issue.pull_request + authorize @pull, :show? if @pull + end + def pull_params @pull_params ||= params[:pull_request].presence end diff --git a/app/controllers/projects/subscribes_controller.rb b/app/controllers/projects/subscribes_controller.rb index ac66411a3..a5b8aef31 100644 --- a/app/controllers/projects/subscribes_controller.rb +++ b/app/controllers/projects/subscribes_controller.rb @@ -1,12 +1,10 @@ class Projects::SubscribesController < Projects::BaseController before_action :authenticate_user! - load_and_authorize_resource :project - load_and_authorize_resource :issue, through: :project, find_by: :serial_id - load_and_authorize_resource :subscribe, through: :issue, find_by: :user_id + before_action :load_issue def create - @subscribe = @issue.subscribes.build(user_id: current_user.id) + authorize @subscribe = @issue.subscribes.build(user_id: current_user.id) if @subscribe.save flash[:notice] = I18n.t("flash.subscribe.saved") redirect_to :back @@ -17,9 +15,17 @@ class Projects::SubscribesController < Projects::BaseController end def destroy + authorize @subscribe = @issue.subscribes.find_by(user_id: current_user.id) @subscribe.destroy flash[:notice] = t("flash.subscribe.destroyed") redirect_to :back end + + private + + # Private: before_action hook which loads Issue. + def load_issue + authorize @issue = @project.issues.find_by!(serial_id: params[:issue_id]), :show? + end end diff --git a/app/controllers/projects/wiki_controller.rb b/app/controllers/projects/wiki_controller.rb index 3a6c08cc3..ccdfd5d6d 100644 --- a/app/controllers/projects/wiki_controller.rb +++ b/app/controllers/projects/wiki_controller.rb @@ -6,7 +6,6 @@ class Projects::WikiController < Projects::BaseController before_action :authenticate_user! skip_before_action :authenticate_user!, only: [:show, :index, :git, :compare, :compare_wiki, :history, :wiki_history, :search, :pages] if APP_CONFIG['anonymous_access'] - load_resource :project before_action :authorize_read_actions, only: [:index, :show, :git, :compare, :compare_wiki, :history, :wiki_history, :search, :pages] before_action :authorize_write_actions, only: [:edit, :update, :new, :create, :destroy, :revert, :revert_wiki, :preview] @@ -262,11 +261,11 @@ class Projects::WikiController < Projects::BaseController def show_or_create_page if @page @content = @page.formatted_data - @editable = can?(:write, @project) + @editable = policy(@project).write? render :show elsif file = @wiki.file(@name) render text: file.raw_data, content_type: file.mime_type - elsif can? :write, @project + elsif policy(@project).write? @new = true render :new else @@ -279,11 +278,10 @@ class Projects::WikiController < Projects::BaseController end def authorize_read_actions - authorize! :show, @project + authorize @project, :show? end def authorize_write_actions - authorize! :write, @project + authorize @project, :write? end end - diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index 2291cddb6..7f2d2111e 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -2,12 +2,12 @@ class SearchController < ApplicationController include PaginateHelper before_action :authenticate_user! unless APP_CONFIG['anonymous_access'] - # load_and_authorize_resource + skip_after_action :verify_authorized def index @type = Search::TYPES.find{ |t| t == params[:type] } || Search::TYPES.first @query = params[:query] - @search = Search.new(@query, current_ability, paginate_params) + @search = Search.new(@query, current_user, paginate_params) @collection = @search.send(@type) end end diff --git a/app/controllers/sitemap_controller.rb b/app/controllers/sitemap_controller.rb index 521a6bee3..a5527a2db 100644 --- a/app/controllers/sitemap_controller.rb +++ b/app/controllers/sitemap_controller.rb @@ -1,4 +1,5 @@ class SitemapController < ApplicationController + skip_after_action :verify_authorized def show redirect_to "/sitemaps/#{request.host_with_port.gsub(/www./, '')}/sitemap.xml.gz" @@ -8,4 +9,4 @@ class SitemapController < ApplicationController render file: 'sitemap/robots', layout: false, content_type: Mime::TEXT end -end \ No newline at end of file +end diff --git a/app/controllers/statistics_controller.rb b/app/controllers/statistics_controller.rb index 26f80263a..65b3ec906 100644 --- a/app/controllers/statistics_controller.rb +++ b/app/controllers/statistics_controller.rb @@ -11,6 +11,7 @@ class StatisticsController < ApplicationController ] def index + authorize :statistic respond_to do |format| format.html format.json do @@ -76,4 +77,4 @@ class StatisticsController < ApplicationController raise ActiveRecord::RecordNotFound end -end \ No newline at end of file +end diff --git a/app/controllers/users/profile_controller.rb b/app/controllers/users/profile_controller.rb index c3470371b..89c2e9864 100644 --- a/app/controllers/users/profile_controller.rb +++ b/app/controllers/users/profile_controller.rb @@ -4,6 +4,7 @@ class Users::ProfileController < Users::BaseController skip_before_action :authenticate_user!, only: :show if APP_CONFIG['anonymous_access'] def show + authorize @user respond_to do |format| format.html do @groups = @user.groups.order(:uname) @@ -14,9 +15,9 @@ class Users::ProfileController < Users::BaseController when 'open' @projects = @projects.opened when 'hidden' - @projects = @projects.by_visibilities('hidden').accessible_by(current_ability, :read) + @projects = ProjectPolicy::Scope.new(current_user, @projects.by_visibilities('hidden')).read else - @projects = @projects.accessible_by(current_ability, :read) + @projects = ProjectPolicy::Scope.new(current_user, @projects).read end @total_items = @projects.count @projects = @projects.paginate(paginate_params) diff --git a/app/controllers/users/settings_controller.rb b/app/controllers/users/settings_controller.rb index 155bb64be..d9677e470 100644 --- a/app/controllers/users/settings_controller.rb +++ b/app/controllers/users/settings_controller.rb @@ -2,6 +2,7 @@ class Users::SettingsController < Users::BaseController include AvatarHelper before_action :set_current_user + before_action -> { authorize @user, :update? } def profile if request.patch? diff --git a/app/controllers/users/ssh_keys_controller.rb b/app/controllers/users/ssh_keys_controller.rb index 64c7575de..cb36d8a37 100644 --- a/app/controllers/users/ssh_keys_controller.rb +++ b/app/controllers/users/ssh_keys_controller.rb @@ -1,5 +1,6 @@ class Users::SshKeysController < Users::BaseController before_action :set_current_user + before_action -> { authorize current_user, :update? } def index @ssh_key = SshKey.new @@ -28,4 +29,4 @@ class Users::SshKeysController < Users::BaseController redirect_to ssh_keys_path end -end \ No newline at end of file +end diff --git a/app/controllers/users/users_controller.rb b/app/controllers/users/users_controller.rb index dd5b0c0e1..88047132a 100644 --- a/app/controllers/users/users_controller.rb +++ b/app/controllers/users/users_controller.rb @@ -1,16 +1,18 @@ class Users::UsersController < Users::BaseController skip_before_action :authenticate_user!, only: [:allowed, :check, :discover] + skip_after_action :verify_authorized before_action :find_user_by_key, only: [:allowed, :discover] def allowed project = Project.find_by_owner_and_name! params[:project] - action = case params[:action_type] - when 'git-upload-pack' - then :read - when 'git-receive-pack' - then :write - end - render inline: (!@user.access_locked? && Ability.new(@user).can?(action, project)).to_s + pp = ProjectPolicy.new(@user, project) + can = case params[:action_type] + when 'git-upload-pack' + pp.read? + when 'git-receive-pack' + pp.write? + end + render inline: (!@user.access_locked? && can).to_s end def check diff --git a/app/helpers/build_lists_helper.rb b/app/helpers/build_lists_helper.rb index 0ce5fa9a0..98dbb726f 100644 --- a/app/helpers/build_lists_helper.rb +++ b/app/helpers/build_lists_helper.rb @@ -20,7 +20,7 @@ module BuildListsHelper end def availables_main_platforms - Platform.availables_main_platforms current_user, current_ability + Platform.availables_main_platforms current_user end def dependent_projects(package) @@ -294,8 +294,9 @@ module BuildListsHelper end def default_extra_repos(project) - project.repositories.joins(:platform).accessible_by(current_ability, :read) - .where(platforms: { platform_type: 'personal' }).map do |extra| + scope = project.repositories.joins(:platform).where(platforms: { platform_type: 'personal' }) + scope = PlatformPolicy::Scope.new(current_user, scope).show + scope.map do |extra| { id: extra.id, platform_id: extra.platform.id, diff --git a/app/helpers/markdown_helper.rb b/app/helpers/markdown_helper.rb index e02eca6f6..214a2c5fd 100644 --- a/app/helpers/markdown_helper.rb +++ b/app/helpers/markdown_helper.rb @@ -153,7 +153,7 @@ module MarkdownHelper end def reference_issue(identifier) - if issue = Issue.find_by_hash_tag(identifier, current_ability, @project) + if issue = Issue.find_by_hash_tag(identifier, current_user, @project) if issue.pull_request title = "#{PullRequest.model_name.human}: #{issue.title}" url = project_pull_request_path(issue.project, issue.pull_request) diff --git a/app/helpers/mass_build_helper.rb b/app/helpers/mass_build_helper.rb index 2024f5070..d90223447 100644 --- a/app/helpers/mass_build_helper.rb +++ b/app/helpers/mass_build_helper.rb @@ -3,7 +3,7 @@ module MassBuildHelper def link_to_list platform, mass_build, which link_to t("layout.mass_builds.#{which}"), get_list_platform_mass_build_path(platform, mass_build, kind: which, format: :txt), - target: "_blank" if can?(:get_list, mass_build) + target: "_blank" if policy(mass_build).get_list? end def link_to_mass_build(mass_build) diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index 97d785be6..639df967c 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -17,7 +17,7 @@ module ProjectsHelper def available_project_to_repositories(project) project.project_to_repositories.includes(repository: :platform).select do |p_to_r| - p_to_r.repository.publish_without_qa ? true : can?(:local_admin_manage, p_to_r.repository.platform) + p_to_r.repository.publish_without_qa ? true : policy(p_to_r.repository.platform).local_admin_manage? end.sort_by do |p_to_r| "#{p_to_r.repository.platform.name}/#{p_to_r.repository.name}" end.map do |p_to_r| @@ -33,8 +33,8 @@ module ProjectsHelper def mass_import_repositories_for_group_select groups = {} - Platform.accessible_by(current_ability, :related).order(:name).each do |platform| - next unless can?(:local_admin_manage, platform) + PlatformPolicy::Scope.new(current_user, Platform).related.order(:name).each do |platform| + next unless policy(platform).local_admin_manage? groups[platform.name] = Repository.custom_sort(platform.repositories).map{ |r| [r.name, r.id] } end groups.to_a @@ -70,7 +70,9 @@ module ProjectsHelper end def alone_member?(project) - Relation.by_target(project).by_actor(current_user).size > 0 + Rails.cache.fetch(['ProjectsHelper#alone_member?', project, current_user]) do + Relation.by_target(project).by_actor(current_user).exists? + end end def participant_path(participant) diff --git a/app/jobs/build_lists/dependent_packages_job.rb b/app/jobs/build_lists/dependent_packages_job.rb index 1d2b75b8e..3b407d42a 100644 --- a/app/jobs/build_lists/dependent_packages_job.rb +++ b/app/jobs/build_lists/dependent_packages_job.rb @@ -6,13 +6,12 @@ module BuildLists build_list = BuildList.find(build_list_id) return if build_list.save_to_platform.personal? user = User.find(user_id) - ability = Ability.new(user) - return unless ability.can?(:show, build_list) + return unless BuildListPolicy.new(user, build_list).show? arches = Arch.where(id: arch_ids).to_a Project.where(id: project_ids).to_a.each do |project| - next unless ability.can?(:write, project) + next unless ProjectPolicy.new(user, project).write? build_for_platform = save_to_platform = build_list.build_for_platform save_to_repository = save_to_platform.repositories.find{ |r| r.projects.exists?(project.id) } @@ -48,7 +47,7 @@ module BuildLists use_extra_tests ).each { |field| bl.send("#{field}=", options[field]) } - ability.can?(:create, bl) && bl.save + BuildListPolicy.new(user, bl).create? && bl.save end end end diff --git a/app/models/ability.rb b/app/models/ability.rb index cccafbd9f..e31059b20 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -1,269 +1,268 @@ -# If rules goes one by one CanCan joins them by 'OR' sql operator -# If rule has multiple conditions CanCan joins them by 'AND' sql operator -# WARNING: -# - put cannot rules _after_ can rules and not before! -# - beware inner joins. Use sub queries against them! - -class Ability - include CanCan::Ability - - def initialize(user) - user ||= User.new # guest user (not logged in) - @user = user - - # Shared rights between guests and registered users - can [:show, :archive, :read], Project, visibility: 'open' - can :get_id, Project, visibility: 'open' # api - can(:refs_list, Project) {|project| can? :show, project} - can :read, Issue, project: { visibility: 'open' } - can [:read, :commits, :files], PullRequest, to_project: {visibility: 'open'} - can [:read, :log, :everything], BuildList, project: {visibility: 'open'} - can [:read, :log], ProductBuildList#, product: {platform: {visibility: 'open'}} # double nested hash don't work - can [:read, :search], Advisory - can :read, Statistic - - # Platforms block - can [:show, :members, :advisories], Platform, visibility: 'open' - can :platforms_for_build, Platform, visibility: 'open', platform_type: 'main' - can([:read, :get_list], MassBuild) {|mass_build| can?(:show, mass_build.save_to_platform) } - can [:read, :projects_list, :projects], Repository, platform: {visibility: 'open'} - can :read, Product, platform: {visibility: 'open'} - - can :show, Group - can :show, User - can :possible_forks, Project - - if user.guest? # Guest rights - cannot :index, Project - # can [:new, :create], RegisterRequest - else # Registered user rights - if user.admin? - can :manage, :all - # Protection - cannot :approve, RegisterRequest, approved: true - cannot :reject, RegisterRequest, rejected: true - cannot [:destroy, :create], Subscribe - # Act admin as simple user - cannot :read, Product, platform: {platform_type: 'personal'} - cannot [:owned, :related], [BuildList, Platform] - cannot :membered, Project # list products which user members - end - - if user.user? - can :edit, User, id: user.id - can [:read, :create], Group - can [:update, :manage_members, :members, :add_member, :remove_member, :remove_members, :update_member], Group do |group| - group.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin') # or group.owner_id = user.id - end - can :write, Group do |group| - group.actors.exists?(actor_type: 'User', actor_id: user.id, role: ['writer', 'admin']) - end - can :destroy, Group, owner_id: user.id - can :remove_user, Group - - can :create, Project - can([:mass_import, :run_mass_import], Project) if user.platforms.main.find{ |p| local_admin?(p) }.present? - can :read, Project, visibility: 'open' - can [:read, :archive, :membered, :get_id], Project, owner_type: 'User', owner_id: user.id - can [:read, :archive, :membered, :get_id], Project, owner_type: 'Group', owner_id: user_group_ids - # can([:read, :archive, :membered, :get_id], Project, read_relations_for('projects')) {|project| local_reader? project} - can([:read, :archive, :membered, :get_id], Project, read_relations_with_projects) {|project| local_reader? project} - can(:write, Project) {|project| local_writer? project} # for grack - can [:update, :sections, :manage_collaborators, :autocomplete_maintainers, :add_member, :remove_member, :remove_members, :update_member, :members, :schedule], Project do |project| - local_admin? project - end - - can(:fork, Project) {|project| can? :read, project} - can(:alias, Project) {|project| local_admin?(project) } - - can(:destroy, Project) {|project| owner? project} - can(:destroy, Project) {|project| project.owner_type == 'Group' and project.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin')} - can :remove_user, Project - can :preview, Project - - can([:read, :create, :edit, :destroy, :update], Hook) {|hook| can?(:edit, hook.project)} - - can [:read, :log, :owned, :everything], BuildList, user_id: user.id - can [:read, :log, :related, :everything], BuildList, project: {owner_type: 'User', owner_id: user.id} - can [:read, :log, :related, :everything], BuildList, project: {owner_type: 'Group', owner_id: user_group_ids} - # can([:read, :log, :everything, :list], BuildList, read_relations_for('build_lists', 'projects')) {|build_list| can? :read, build_list.project} - # can([:read, :log, :everything, :list], BuildList, read_relations_for_build_lists_and_projects) {|build_list| can? :read, build_list.project} - can([:read, :log, :everything, :list], BuildList, read_relations_with_projects('build_lists')) {|build_list| can? :read, build_list.project} - - can(:publish_into_testing, BuildList) { |build_list| ( can?(:create, build_list) || can?(:publish, build_list) ) && build_list.save_to_platform.main? } - can([:create, :rerun_tests], BuildList) {|build_list| - build_list.project && - build_list.project.is_package && - can?(:write, build_list.project) && - (build_list.build_for_platform.blank? || can?(:show, build_list.build_for_platform)) - } - - can(:publish, BuildList) do |build_list| - if build_list.build_published? - local_admin?(build_list.save_to_platform) || build_list.save_to_repository.members.exists?(id: user.id) - else - build_list.save_to_repository.publish_without_qa ? - can?(:write, build_list.project) : local_admin?(build_list.save_to_platform) - end - end - can(:create_container, BuildList) do |build_list| - local_admin?(build_list.save_to_platform) - end - can(:reject_publish, BuildList) do |build_list| - build_list.save_to_repository.publish_without_qa ? - can?(:write, build_list.project) : local_admin?(build_list.save_to_platform) - end - can([:cancel, :create_container], BuildList) {|build_list| can?(:write, build_list.project)} - - can [:read, :owned, :related, :members], Platform, owner_type: 'User', owner_id: user.id - can [:read, :related, :members], Platform, owner_type: 'Group', owner_id: user_group_ids - can([:read, :related, :members], Platform, read_relations_for('platforms')) {|platform| local_reader? platform} - can [:read, :related], Platform, id: user.repositories.pluck(:platform_id) - can([:update, :destroy, :change_visibility], Platform) {|platform| owner?(platform) } - can([:local_admin_manage, :members, :add_member, :remove_member, :remove_members, :remove_file] , Platform) {|platform| owner?(platform) || local_admin?(platform) } - - can([:create, :publish], MassBuild) {|mass_build| owner?(mass_build.save_to_platform) || local_admin?(mass_build.save_to_platform)} - can(:cancel, MassBuild) {|mass_build| (owner?(mass_build.save_to_platform) || local_admin?(mass_build.save_to_platform)) && !mass_build.stop_build} - - can [:read, :projects_list, :projects], Repository, platform: {owner_type: 'User', owner_id: user.id} - can [:read, :projects_list, :projects], Repository, platform: {owner_type: 'Group', owner_id: user_group_ids} - can([:read, :projects_list, :projects], Repository, read_relations_for('repositories')) {|repository| can? :show, repository.platform} - can([:read, :projects_list, :projects], Repository, read_relations_for('repositories', 'platforms')) {|repository| local_reader? repository.platform} - can([:create, :edit, :update, :destroy, :projects_list, :projects, :add_project, :remove_project, :regenerate_metadata, :sync_lock_file, :add_repo_lock_file, :remove_repo_lock_file], Repository) {|repository| local_admin? repository.platform} - can([:remove_member, :remove_members, :add_member, :signatures, :packages], Repository) {|repository| owner?(repository.platform) || local_admin?(repository.platform)} - can([:add_project, :remove_project], Repository) {|repository| repository.members.exists?(id: user.id)} - can(:clear, Platform) {|platform| owner?(platform) && platform.personal?} - can(:regenerate_metadata, Platform) {|platform| owner?(platform) || local_admin?(platform)} - can([:settings, :destroy, :edit, :update], Repository) {|repository| owner? repository.platform} - - can([:create, :destroy], KeyPair) {|key_pair| key_pair.repository.blank? || owner?(key_pair.repository.platform) || local_admin?(key_pair.repository.platform)} - - can([:read, :create, :withdraw], Token) {|token| local_admin?(token.subject)} - - can :read, Product, platform: {owner_type: 'User', owner_id: user.id, platform_type: 'main'} - can :read, Product, platform: {owner_type: 'Group', owner_id: user_group_ids, platform_type: 'main'} - can(:read, Product, read_relations_for('products', 'platforms')) {|product| product.platform.main?} - can([:create, :update, :destroy, :clone], Product) {|product| local_admin? product.platform and product.platform.main?} - - can([:create, :cancel], ProductBuildList) {|pbl| can?(:write, pbl.project)} - can([:create, :cancel, :update], ProductBuildList) {|pbl| can?(:update, pbl.product)} - can(:destroy, ProductBuildList) {|pbl| can?(:destroy, pbl.product)} - - can :read, Issue, project: {owner_type: 'User', owner_id: user.id} - can :read, Issue, project: {owner_type: 'Group', owner_id: user_group_ids} - can(:read, Issue, read_relations_for('issues', 'projects')) {|issue| can? :read, issue.project rescue nil} - can(:create, Issue) {|issue| can? :read, issue.project} - can(:update, Issue) {|issue| issue.user_id == user.id or local_admin?(issue.project)} - cannot :manage, Issue, project: {has_issues: false} # switch off issues - - can [:read, :commits, :files], PullRequest, to_project: {owner_type: 'User', owner_id: user.id} - can [:read, :commits, :files], PullRequest, to_project: {owner_type: 'Group', owner_id: user_group_ids} - can([:read, :commits, :files], PullRequest, read_relations_for('pull_requests', 'to_projects')) {|pull| can? :read, pull.to_project} - can :create, PullRequest - can(:update, PullRequest) {|pull| pull.user_id == user.id or local_writer?(pull.to_project)} - can(:merge, PullRequest) {|pull| local_writer?(pull.to_project)} - - can([:create, :new_line], Comment) {|comment| can? :read, comment.project} - can([:update, :destroy], Comment) {|comment| comment.user == user or comment.project.owner == user or local_admin?(comment.project)} - cannot :manage, Comment do |c| - c.commentable_type == 'Issue' && !c.project.has_issues && !c.commentable.pull_request # when switch off issues - end - end - - # Shared cannot rights for all users (registered, admin) - cannot [:regenerate_metadata, :destroy], Platform, platform_type: 'personal' - cannot [:create, :destroy], Repository, platform: {platform_type: 'personal'}, name: 'main' - cannot [:packages], Repository, platform: {platform_type: 'personal'} - cannot [:remove_member, :remove_members, :add_member, :sync_lock_file, :add_repo_lock_file, :remove_repo_lock_file], Repository, platform: {platform_type: 'personal'} - - cannot :clear, Platform, platform_type: 'main' - cannot :destroy, Issue - - cannot [:members, :add_member, :remove_member, :remove_members], Platform, platform_type: 'personal' - - cannot [:create, :update, :destroy, :clone], Product, platform: {platform_type: 'personal'} - cannot [:clone], Platform, platform_type: 'personal' - - cannot [:publish, :publish_into_testing], BuildList, new_core: false - cannot :create_container, BuildList, new_core: false - cannot(:publish, BuildList) {|build_list| !build_list.can_publish? } - cannot(:publish_into_testing, BuildList) {|build_list| !build_list.can_publish_into_testing? } - cannot :publish_into_testing, BuildList, save_to_platform: {platform_type: 'personal'} - - cannot(:cancel, MassBuild) {|mass_build| mass_build.stop_build} - - if @user.system? - can %i(key_pair add_repo_lock_file remove_repo_lock_file), Repository - else - cannot :key_pair, Repository - end - - can :create, Subscribe do |subscribe| - !subscribe.subscribeable.subscribes.exists?(user_id: user.id) - end - can :destroy, Subscribe do |subscribe| - subscribe.subscribeable.subscribes.exists?(user_id: user.id) && user.id == subscribe.user_id - end - end - end - - def read_relations_for(table, parent = nil) - key = parent ? "#{parent.singularize}_id" : 'id' - parent ||= table - - ["#{table}.#{key} = ANY ( - ARRAY ( - SELECT target_id - FROM relations - WHERE relations.target_type = ? AND - (relations.actor_type = 'User' AND relations.actor_id = ? OR - relations.actor_type = 'Group' AND relations.actor_id IN (?)) - ) - )", parent.classify, @user, user_group_ids - ] - end - - def read_relations_with_projects(table = 'projects') - key = table == 'projects' ? 'id' : 'project_id' - ["#{table}.#{key} = ANY ( - ARRAY ( - SELECT target_id - FROM relations - INNER JOIN projects ON projects.id = relations.target_id - WHERE relations.target_type = 'Project' AND - ( - projects.owner_type = 'User' AND projects.owner_id != :user OR - projects.owner_type = 'Group' AND projects.owner_id NOT IN (:groups) - ) AND ( - relations.actor_type = 'User' AND relations.actor_id = :user OR - relations.actor_type = 'Group' AND relations.actor_id IN (:groups) - ) - ) - )", { user: @user, groups: user_group_ids } - ] - end - - def local_reader?(target) - %w{reader writer admin}.include? @user.best_role(target) - end - - def local_writer?(target) - %w{writer admin}.include? @user.best_role(target) - end - - def local_admin?(target) - @user.best_role(target) == 'admin' - end - - def owner?(target) - target.owner == @user or user_own_groups.include?(target.owner) - end - - def user_own_groups - @user_own_groups ||= @user.own_groups - end - - def user_group_ids - @user_group_ids ||= @user.group_ids - end -end +# # If rules goes one by one CanCan joins them by 'OR' sql operator +# # If rule has multiple conditions CanCan joins them by 'AND' sql operator +# # WARNING: +# # - put cannot rules _after_ can rules and not before! +# # - beware inner joins. Use sub queries against them! +# +# class Ability +# include CanCan::Ability +# +# def initialize(user) +# user ||= User.new # guest user (not logged in) +# @user = user +# +# # Shared rights between guests and registered users +# can [:show, :archive, :read], Project, visibility: 'open' +# can :get_id, Project, visibility: 'open' # api +# can(:refs_list, Project) {|project| can? :show, project} +# can :read, Issue, project: { visibility: 'open' } +# can [:read, :commits, :files], PullRequest, to_project: {visibility: 'open'} +# can [:read, :log, :everything], BuildList, project: {visibility: 'open'} +# can [:read, :log], ProductBuildList#, product: {platform: {visibility: 'open'}} # double nested hash don't work +# can [:read, :search], Advisory +# can :read, Statistic +# +# # Platforms block +# can [:show, :members, :advisories], Platform, visibility: 'open' +# can :platforms_for_build, Platform, visibility: 'open', platform_type: 'main' +# can([:read, :get_list], MassBuild) {|mass_build| can?(:show, mass_build.save_to_platform) } +# can [:read, :projects_list, :projects], Repository, platform: {visibility: 'open'} +# can :read, Product, platform: {visibility: 'open'} +# +# can :show, Group +# can :show, User +# can :possible_forks, Project +# +# if user.guest? # Guest rights +# cannot :index, Project +# # can [:new, :create], RegisterRequest +# else # Registered user rights +# if user.admin? +# can :manage, :all +# # Protection +# cannot :approve, RegisterRequest, approved: true +# cannot :reject, RegisterRequest, rejected: true +# cannot [:destroy, :create], Subscribe +# # Act admin as simple user +# cannot :read, Product, platform: {platform_type: 'personal'} +# cannot [:owned, :related], [BuildList, Platform] +# cannot :membered, Project # list products which user members +# end +# +# if user.user? +# can :edit, User, id: user.id +# can [:read, :create], Group +# can [:update, :manage_members, :members, :add_member, :remove_member, :remove_members, :update_member], Group do |group| +# group.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin') # or group.owner_id = user.id +# end +# can :write, Group do |group| +# group.actors.exists?(actor_type: 'User', actor_id: user.id, role: ['writer', 'admin']) +# end +# can :destroy, Group, owner_id: user.id +# can :remove_user, Group +# +# can :create, Project +# can([:mass_import, :run_mass_import], Project) if user.platforms.main.find{ |p| local_admin?(p) }.present? +# can :read, Project, visibility: 'open' +# can [:read, :archive, :membered, :get_id], Project, owner_type: 'User', owner_id: user.id +# can [:read, :archive, :membered, :get_id], Project, owner_type: 'Group', owner_id: user_group_ids +# # can([:read, :archive, :membered, :get_id], Project, read_relations_for('projects')) {|project| local_reader? project} +# can([:read, :archive, :membered, :get_id], Project, read_relations_with_projects) {|project| local_reader? project} +# can(:write, Project) {|project| local_writer? project} # for grack +# can [:update, :sections, :manage_collaborators, :autocomplete_maintainers, :add_member, :remove_member, :remove_members, :update_member, :members, :schedule], Project do |project| +# local_admin? project +# end +# +# can(:fork, Project) {|project| can? :read, project} +# can(:alias, Project) {|project| local_admin?(project) } +# +# can(:destroy, Project) {|project| owner? project} +# can(:destroy, Project) {|project| project.owner_type == 'Group' and project.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin')} +# can :remove_user, Project +# can :preview, Project +# +# can([:read, :create, :edit, :destroy, :update], Hook) {|hook| can?(:edit, hook.project)} +# +# can [:read, :log, :owned, :everything], BuildList, user_id: user.id +# can [:read, :log, :related, :everything], BuildList, project: {owner_type: 'User', owner_id: user.id} +# can [:read, :log, :related, :everything], BuildList, project: {owner_type: 'Group', owner_id: user_group_ids} +# # can([:read, :log, :everything, :list], BuildList, read_relations_for('build_lists', 'projects')) {|build_list| can? :read, build_list.project} +# # can([:read, :log, :everything, :list], BuildList, read_relations_for_build_lists_and_projects) {|build_list| can? :read, build_list.project} +# can([:read, :log, :everything, :list], BuildList, read_relations_with_projects('build_lists')) {|build_list| can? :read, build_list.project} +# +# can(:publish_into_testing, BuildList) { |build_list| ( can?(:create, build_list) || can?(:publish, build_list) ) && build_list.save_to_platform.main? } +# can([:create, :rerun_tests], BuildList) {|build_list| +# build_list.project.is_package && +# can?(:write, build_list.project) && +# (build_list.build_for_platform.blank? || can?(:show, build_list.build_for_platform)) +# } +# +# can(:publish, BuildList) do |build_list| +# if build_list.build_published? +# local_admin?(build_list.save_to_platform) || build_list.save_to_repository.members.exists?(id: user.id) +# else +# build_list.save_to_repository.publish_without_qa ? +# can?(:write, build_list.project) : local_admin?(build_list.save_to_platform) +# end +# end +# can(:create_container, BuildList) do |build_list| +# local_admin?(build_list.save_to_platform) +# end +# can(:reject_publish, BuildList) do |build_list| +# build_list.save_to_repository.publish_without_qa ? +# can?(:write, build_list.project) : local_admin?(build_list.save_to_platform) +# end +# can([:cancel, :create_container], BuildList) {|build_list| can?(:write, build_list.project)} +# +# can [:read, :owned, :related, :members], Platform, owner_type: 'User', owner_id: user.id +# can [:read, :related, :members], Platform, owner_type: 'Group', owner_id: user_group_ids +# can([:read, :related, :members], Platform, read_relations_for('platforms')) {|platform| local_reader? platform} +# can [:read, :related], Platform, id: user.repositories.pluck(:platform_id) +# can([:update, :destroy, :change_visibility], Platform) {|platform| owner?(platform) } +# can([:local_admin_manage, :members, :add_member, :remove_member, :remove_members, :remove_file] , Platform) {|platform| owner?(platform) || local_admin?(platform) } +# +# can([:create, :publish], MassBuild) {|mass_build| owner?(mass_build.save_to_platform) || local_admin?(mass_build.save_to_platform)} +# can(:cancel, MassBuild) {|mass_build| (owner?(mass_build.save_to_platform) || local_admin?(mass_build.save_to_platform)) && !mass_build.stop_build} +# +# can [:read, :projects_list, :projects], Repository, platform: {owner_type: 'User', owner_id: user.id} +# can [:read, :projects_list, :projects], Repository, platform: {owner_type: 'Group', owner_id: user_group_ids} +# can([:read, :projects_list, :projects], Repository, read_relations_for('repositories')) {|repository| can? :show, repository.platform} +# can([:read, :projects_list, :projects], Repository, read_relations_for('repositories', 'platforms')) {|repository| local_reader? repository.platform} +# can([:create, :edit, :update, :destroy, :projects_list, :projects, :add_project, :remove_project, :regenerate_metadata, :sync_lock_file, :add_repo_lock_file, :remove_repo_lock_file], Repository) {|repository| local_admin? repository.platform} +# can([:remove_member, :remove_members, :add_member, :signatures, :packages], Repository) {|repository| owner?(repository.platform) || local_admin?(repository.platform)} +# can([:add_project, :remove_project], Repository) {|repository| repository.members.exists?(id: user.id)} +# can(:clear, Platform) {|platform| owner?(platform) && platform.personal?} +# can(:regenerate_metadata, Platform) {|platform| owner?(platform) || local_admin?(platform)} +# can([:settings, :destroy, :edit, :update], Repository) {|repository| owner? repository.platform} +# +# can([:create, :destroy], KeyPair) {|key_pair| key_pair.repository.blank? || owner?(key_pair.repository.platform) || local_admin?(key_pair.repository.platform)} +# +# can([:read, :create, :withdraw], Token) {|token| local_admin?(token.subject)} +# +# can :read, Product, platform: {owner_type: 'User', owner_id: user.id, platform_type: 'main'} +# can :read, Product, platform: {owner_type: 'Group', owner_id: user_group_ids, platform_type: 'main'} +# can(:read, Product, read_relations_for('products', 'platforms')) {|product| product.platform.main?} +# can([:create, :update, :destroy, :clone], Product) {|product| local_admin? product.platform and product.platform.main?} +# +# can([:create, :cancel], ProductBuildList) {|pbl| can?(:write, pbl.project)} +# can([:create, :cancel, :update], ProductBuildList) {|pbl| can?(:update, pbl.product)} +# can(:destroy, ProductBuildList) {|pbl| can?(:destroy, pbl.product)} +# +# can :read, Issue, project: {owner_type: 'User', owner_id: user.id} +# can :read, Issue, project: {owner_type: 'Group', owner_id: user_group_ids} +# can(:read, Issue, read_relations_for('issues', 'projects')) {|issue| can? :read, issue.project rescue nil} +# can(:create, Issue) {|issue| can? :read, issue.project} +# can(:update, Issue) {|issue| issue.user_id == user.id or local_admin?(issue.project)} +# cannot :manage, Issue, project: {has_issues: false} # switch off issues +# +# can [:read, :commits, :files], PullRequest, to_project: {owner_type: 'User', owner_id: user.id} +# can [:read, :commits, :files], PullRequest, to_project: {owner_type: 'Group', owner_id: user_group_ids} +# can([:read, :commits, :files], PullRequest, read_relations_for('pull_requests', 'to_projects')) {|pull| can? :read, pull.to_project} +# can :create, PullRequest +# can(:update, PullRequest) {|pull| pull.user_id == user.id or local_writer?(pull.to_project)} +# can(:merge, PullRequest) {|pull| local_writer?(pull.to_project)} +# +# can([:create, :new_line], Comment) {|comment| can? :read, comment.project} +# can([:update, :destroy], Comment) {|comment| comment.user == user or comment.project.owner == user or local_admin?(comment.project)} +# cannot :manage, Comment do |c| +# c.commentable_type == 'Issue' && !c.project.has_issues && !c.commentable.pull_request # when switch off issues +# end +# end +# +# # Shared cannot rights for all users (registered, admin) +# cannot [:regenerate_metadata, :destroy], Platform, platform_type: 'personal' +# cannot [:create, :destroy], Repository, platform: {platform_type: 'personal'}, name: 'main' +# cannot [:packages], Repository, platform: {platform_type: 'personal'} +# cannot [:remove_member, :remove_members, :add_member, :sync_lock_file, :add_repo_lock_file, :remove_repo_lock_file], Repository, platform: {platform_type: 'personal'} +# +# cannot :clear, Platform, platform_type: 'main' +# cannot :destroy, Issue +# +# cannot [:members, :add_member, :remove_member, :remove_members], Platform, platform_type: 'personal' +# +# cannot [:create, :update, :destroy, :clone], Product, platform: {platform_type: 'personal'} +# cannot [:clone], Platform, platform_type: 'personal' +# +# cannot [:publish, :publish_into_testing], BuildList, new_core: false +# cannot :create_container, BuildList, new_core: false +# cannot(:publish, BuildList) {|build_list| !build_list.can_publish? } +# cannot(:publish_into_testing, BuildList) {|build_list| !build_list.can_publish_into_testing? } +# cannot :publish_into_testing, BuildList, save_to_platform: {platform_type: 'personal'} +# +# cannot(:cancel, MassBuild) {|mass_build| mass_build.stop_build} +# +# if @user.system? +# can %i(key_pair add_repo_lock_file remove_repo_lock_file), Repository +# else +# cannot :key_pair, Repository +# end +# +# can :create, Subscribe do |subscribe| +# !subscribe.subscribeable.subscribes.exists?(user_id: user.id) +# end +# can :destroy, Subscribe do |subscribe| +# subscribe.subscribeable.subscribes.exists?(user_id: user.id) && user.id == subscribe.user_id +# end +# end +# end +# +# def read_relations_for(table, parent = nil) +# key = parent ? "#{parent.singularize}_id" : 'id' +# parent ||= table +# +# ["#{table}.#{key} = ANY ( +# ARRAY ( +# SELECT target_id +# FROM relations +# WHERE relations.target_type = ? AND +# (relations.actor_type = 'User' AND relations.actor_id = ? OR +# relations.actor_type = 'Group' AND relations.actor_id IN (?)) +# ) +# )", parent.classify, @user, user_group_ids +# ] +# end +# +# def read_relations_with_projects(table = 'projects') +# key = table == 'projects' ? 'id' : 'project_id' +# ["#{table}.#{key} = ANY ( +# ARRAY ( +# SELECT target_id +# FROM relations +# INNER JOIN projects ON projects.id = relations.target_id +# WHERE relations.target_type = 'Project' AND +# ( +# projects.owner_type = 'User' AND projects.owner_id != :user OR +# projects.owner_type = 'Group' AND projects.owner_id NOT IN (:groups) +# ) AND ( +# relations.actor_type = 'User' AND relations.actor_id = :user OR +# relations.actor_type = 'Group' AND relations.actor_id IN (:groups) +# ) +# ) +# )", { user: @user, groups: user_group_ids } +# ] +# end +# +# def local_reader?(target) +# %w{reader writer admin}.include? @user.best_role(target) +# end +# +# def local_writer?(target) +# %w{writer admin}.include? @user.best_role(target) +# end +# +# def local_admin?(target) +# @user.best_role(target) == 'admin' +# end +# +# def owner?(target) +# target.owner == @user or user_own_groups.include?(target.owner) +# end +# +# def user_own_groups +# @user_own_groups ||= @user.own_groups +# end +# +# def user_group_ids +# @user_group_ids ||= @user.group_ids +# end +# end diff --git a/app/models/build_list.rb b/app/models/build_list.rb index aa8342816..00a06d846 100644 --- a/app/models/build_list.rb +++ b/app/models/build_list.rb @@ -131,9 +131,8 @@ class BuildList < ActiveRecord::Base HUMAN_STATUSES.freeze scope :recent, -> { order(updated_at: :desc) } - scope :for_extra_build_lists, ->(ids, current_ability, save_to_platform) { - s = all - s = s.where(id: ids).published_container.accessible_by(current_ability, :read) + scope :for_extra_build_lists, ->(ids, save_to_platform) { + s = where(id: ids, container_status: BuildList::BUILD_PUBLISHED) s = s.where(save_to_platform_id: save_to_platform.id) if save_to_platform && save_to_platform.main? s } @@ -725,17 +724,13 @@ class BuildList < ActiveRecord::Base save end - def current_ability - @current_ability ||= Ability.new(user) - end - def prepare_extra_repositories if save_to_platform && save_to_platform.main? self.extra_repositories = nil else - self.extra_repositories = Repository.joins(:platform). + self.extra_repositories = PlatformPolicy::Scope.new(user, Repository.joins(:platform)).show. where(id: extra_repositories, platforms: {platform_type: 'personal'}). - accessible_by(current_ability, :read).pluck('repositories.id') + pluck('repositories.id') end end @@ -745,7 +740,8 @@ class BuildList < ActiveRecord::Base extra_build_lists.flatten! end return if extra_build_lists.blank? - bls = BuildList.for_extra_build_lists(extra_build_lists, current_ability, save_to_platform) + bls = BuildListPolicy::Scope.new(user, BuildList).read. + for_extra_build_lists(extra_build_lists, save_to_platform) if save_to_platform if save_to_platform.distrib_type == 'rhel' bls = bls.where(' diff --git a/app/models/build_list/filter.rb b/app/models/build_list/filter.rb index c35d672b1..a17c52773 100644 --- a/app/models/build_list/filter.rb +++ b/app/models/build_list/filter.rb @@ -3,8 +3,8 @@ class BuildList::Filter attr_reader :options - def initialize(project, user, current_ability, options = {}) - @project, @user, @current_ability = project, user, current_ability + def initialize(project, user, options = {}) + @project, @user = project, user set_options(options) end @@ -14,12 +14,19 @@ class BuildList::Filter if @options[:id] build_lists = build_lists.where(id: @options[:id]) else + build_lists = + case @options[:ownership] + when 'owned' + BuildListPolicy::Scope.new(@user, build_lists).owned + when 'related' + BuildListPolicy::Scope.new(@user, build_lists).related + else + BuildListPolicy::Scope.new(@user, build_lists).everything + end build_lists = build_lists.scoped_to_new_core(@options[:new_core] == '0' ? nil : true) if @options[:new_core].present? if @options[:mass_build_id] build_lists = build_lists.by_mass_build(@options[:mass_build_id] == '-1' ? nil : @options[:mass_build_id]) end - build_lists = build_lists.accessible_by(@current_ability, @options[:ownership].to_sym) if @options[:ownership] - build_lists = build_lists.for_status(@options[:status]) .scoped_to_arch(@options[:arch_id]) .scoped_to_save_platform(@options[:save_to_platform_id]) diff --git a/app/models/collaborator.rb b/app/models/collaborator.rb index bf14ad59e..3c9ca4a49 100644 --- a/app/models/collaborator.rb +++ b/app/models/collaborator.rb @@ -38,6 +38,7 @@ class Collaborator end def initialize(args = {}) + return false if args.blank? args.to_options! acc_options = args.select{ |(k, v)| k.in? [:actor, :project, :relation] } acc_options.each_pair do |name, value| diff --git a/app/models/comment.rb b/app/models/comment.rb index 9dc237047..8b0f1d269 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -134,7 +134,6 @@ class Comment < ActiveRecord::Base def self.create_link_on_issues_from_item item, commits = nil linker = item.user - current_ability = Ability.new(linker) case when item.is_a?(GitHook) @@ -155,7 +154,7 @@ class Comment < ActiveRecord::Base elements.each do |element| element[1].scan(ISSUES_REGEX).each do |hash| - issue = Issue.find_by_hash_tag hash, current_ability, item.project + issue = Issue.find_by_hash_tag hash, linker, item.project next unless issue # dont create link to the same issue next if opts[:created_from_issue_id] == issue.id diff --git a/app/models/concerns/feed/issue.rb b/app/models/concerns/feed/issue.rb index f57f0fce0..8a814b2e8 100644 --- a/app/models/concerns/feed/issue.rb +++ b/app/models/concerns/feed/issue.rb @@ -5,7 +5,7 @@ module Feed::Issue after_commit :new_issue_notifications, on: :create after_commit :send_assign_notifications, on: :create, if: ->(i) { i.assignee } - after_update -> { send_assign_notifications(:update) } + after_update :send_assign_notifications after_commit :send_hooks, on: :create after_update -> { send_hooks(:update) }, if: ->(i) { i.previous_changes['status'].present? } @@ -37,8 +37,10 @@ module Feed::Issue ::Comment.create_link_on_issues_from_item(self) end - def send_assign_notifications(action = :create) - if(action == :create && assignee_id) || previous_changes['assignee_id'].present? + def send_assign_notifications + return if @skip_assign_notifications + @skip_assign_notifications = true + if assignee_id && assignee_id_changed? if assignee.notifier.issue_assign && assignee.notifier.can_notify UserMailer.issue_assign_notification(self, assignee).deliver end @@ -57,7 +59,7 @@ module Feed::Issue ) end # dont remove outdated issues link - ::Comment.create_link_on_issues_from_item(self) if previous_changes['title'].present? || previous_changes['body'].present? + ::Comment.create_link_on_issues_from_item(self) if title_changed? || body_changed? end def send_hooks(action = :create) diff --git a/app/models/concerns/flash_notify/finders.rb b/app/models/concerns/flash_notify/finders.rb new file mode 100644 index 000000000..14f6e5bd7 --- /dev/null +++ b/app/models/concerns/flash_notify/finders.rb @@ -0,0 +1,33 @@ +# Private: Finders of all sorts: methods to find FlashNotify records, methods to find +# other records which belong to given FlashNotify. +# +# This module gets included into FlashNotify. +module FlashNotify::Finders + extend ActiveSupport::Concern + + included do + scope :published, -> { where(published: true) } + + after_commit :clear_caches + after_touch :clear_caches + end + + module ClassMethods + + # Public: Get cached first published FlashNotify record. + # + # Returns FlashNotify record or nil. + def published_first_cached + Rails.cache.fetch('FlashNotify.published.first') do + published.first + end + end + end + + protected + + # Private: after_commit and after_touch hook which clears find_cached cache. + def clear_caches + Rails.cache.delete('FlashNotify.published.first') + end +end diff --git a/app/models/concerns/platform/finders.rb b/app/models/concerns/platform/finders.rb new file mode 100644 index 000000000..6dad8841d --- /dev/null +++ b/app/models/concerns/platform/finders.rb @@ -0,0 +1,50 @@ +# Private: Finders of all sorts: methods to find Platform records, methods to find +# other records which belong to given Platform. +# +# This module gets included into Platform. +module Platform::Finders + extend ActiveSupport::Concern + + included do + + scope :search_order, -> { order(:name) } + scope :search, -> (q) { where("#{table_name}.name ILIKE ?", "%#{q.to_s.strip}%") } + scope :by_visibilities, -> (v) { where(visibility: v) } + scope :opened, -> { where(visibility: Platform::VISIBILITY_OPEN) } + scope :hidden, -> { where(visibility: Platform::VISIBILITY_HIDDEN) } + scope :by_type, -> (type) { where(platform_type: type) if type.present? } + scope :main, -> { by_type(Platform::TYPE_MAIN) } + scope :personal, -> { by_type(Platform::TYPE_PERSONAL) } + scope :waiting_for_regeneration, -> { where(status: Platform::WAITING_FOR_REGENERATION) } + + after_commit :clear_caches + after_touch :clear_caches + end + + module ClassMethods + + # Public: Get cached Platform record by ID or name. + # + # platform_id - ID or Name (Numeric/String) + # + # Returns Platform record. + # Raises ActiveRecord::RecordNotFound if nothing was found. + def find_cached(platform_id) + Rails.cache.fetch(['Platform.find', platform_id]) do + find(platform_id) + end + end + end + + protected + + # Private: after_commit and after_touch hook which clears find_cached cache. + def clear_caches + Rails.cache.delete(['Platform.find', id]) + Rails.cache.delete(['Platform.find', name]) + + if chg = previous_changes["name"] + Rails.cache.delete(['Platform.find', chg.first]) + end + end +end diff --git a/app/models/concerns/project/finders.rb b/app/models/concerns/project/finders.rb new file mode 100644 index 000000000..a2654cdbf --- /dev/null +++ b/app/models/concerns/project/finders.rb @@ -0,0 +1,71 @@ +# Private: Finders of all sorts: methods to find Project records, methods to find +# other records which belong to given Project. +# +# This module gets included into Project. +module Project::Finders + extend ActiveSupport::Concern + + included do + + scope :recent, -> { order(:name) } + scope :search_order, -> { order('CHAR_LENGTH(projects.name) ASC') } + scope :search, ->(q) { + q = q.to_s.strip + by_name("%#{q}%").search_order if q.present? + } + scope :by_name, ->(name) { where('projects.name ILIKE ?', name) if name.present? } + scope :by_owner, ->(name) { where('projects.owner_uname ILIKE ?', "%#{name}%") if name.present? } + scope :by_owner_and_name, ->(*params) { + term = params.map(&:strip).join('/').downcase + where("lower(concat(owner_uname, '/', name)) ILIKE ?", "%#{term}%") if term.present? + } + scope :by_visibilities, ->(v) { where(visibility: v) } + scope :opened, -> { where(visibility: 'open') } + scope :package, -> { where(is_package: true) } + scope :addable_to_repository, ->(repository_id) { + where('projects.id NOT IN ( + SELECT ptr.project_id + FROM project_to_repositories AS ptr + WHERE ptr.repository_id = ?)', repository_id) + } + scope :by_owners, ->(group_owner_ids, user_owner_ids) { + where("(projects.owner_id in (?) AND projects.owner_type = 'Group') OR + (projects.owner_id in (?) AND projects.owner_type = 'User')", group_owner_ids, user_owner_ids) + } + + scope :project_aliases, ->(project) { + where.not(id: project.id). + where('alias_from_id IN (:ids) OR id IN (:ids)', { ids: [project.alias_from_id, project.id].compact }) + } + + after_commit :clear_caches + after_touch :clear_caches + end + + module ClassMethods + + # Public: Get cached Project record by owner and name. + # + # Returns Project record. + # Raises ActiveRecord::RecordNotFound if nothing was found. + def find_by_owner_and_name(first, last = nil) + arr = first.try(:split, '/') || [] + arr = (arr << last).compact + return nil if arr.length != 2 + Rails.cache.fetch(['Project.find_by_owner_and_name', arr.first, arr.last]) do + find_by(owner_uname: arr.first, name: arr.last) + end || by_owner_and_name(*arr).first + end + + def find_by_owner_and_name!(first, last = nil) + find_by_owner_and_name(first, last) or raise ActiveRecord::RecordNotFound + end + end + + protected + + # Private: after_commit and after_touch hook which clears find_cached cache. + def clear_caches + Rails.cache.delete(['Project.find_by_owner_and_name', owner_uname, name]) + end +end diff --git a/app/models/flash_notify.rb b/app/models/flash_notify.rb index cfb569297..521ec9556 100644 --- a/app/models/flash_notify.rb +++ b/app/models/flash_notify.rb @@ -1,15 +1,13 @@ require 'digest/md5' class FlashNotify < ActiveRecord::Base - # attr_accessible :title, :body + include FlashNotify::Finders STATUSES = %w[error success info] validates :status, inclusion: {in: STATUSES} validates :body_ru, :body_en, :status, presence: true - scope :published, -> { where(published: true) } - attr_accessible :body_ru, :body_en, :status, :published def hash_id diff --git a/app/models/issue.rb b/app/models/issue.rb index cbae81eda..83b88c2ad 100644 --- a/app/models/issue.rb +++ b/app/models/issue.rb @@ -104,14 +104,14 @@ class Issue < ActiveRecord::Base recipients end - def self.find_by_hash_tag(hash_tag, current_ability, project) + def self.find_by_hash_tag(hash_tag, current_user, project) hash_tag =~ HASH_TAG_REGEXP owner_uname = Regexp.last_match[1].presence || Regexp.last_match[2].presence || project.owner.uname project_name = Regexp.last_match[1] ? Regexp.last_match[2] : project.name serial_id = Regexp.last_match[3] project = Project.find_by_owner_and_name(owner_uname.chomp('/'), project_name) return nil unless project - return nil unless current_ability.can? :show, project + return nil unless ProjectPolicy.new(current_user, project).show? project.issues.where(serial_id: serial_id).first end diff --git a/app/models/mass_build.rb b/app/models/mass_build.rb index 322522d79..af0fd83ed 100644 --- a/app/models/mass_build.rb +++ b/app/models/mass_build.rb @@ -90,8 +90,6 @@ class MassBuild < ActiveRecord::Base return unless start # later with resque arches_list = arch_names ? Arch.where(name: arch_names.split(', ')) : Arch.all - current_ability = Ability.new(user) - projects_list.lines.each do |name| next if name.blank? name.chomp!; name.strip! @@ -100,7 +98,7 @@ class MassBuild < ActiveRecord::Base begin return if self.reload.stop_build # Ensures that user has rights to create a build_list - next unless current_ability.can?(:write, project) + next unless ProjectPolicy.new(user, project).write? increase_rt = increase_release_tag? arches_list.each do |arch| rep_id = (project.repository_ids & save_to_platform.repository_ids).first diff --git a/app/models/platform.rb b/app/models/platform.rb index dcddaa29f..1ef32ed4d 100644 --- a/app/models/platform.rb +++ b/app/models/platform.rb @@ -8,6 +8,7 @@ class Platform < ActiveRecord::Base include EventLoggable include EmptyMetadata include DefaultBranchable + include Platform::Finders self.per_page = 20 @@ -96,16 +97,6 @@ class Platform < ActiveRecord::Base after_create -> { symlink_directory unless hidden? } after_destroy -> { remove_symlink_directory unless hidden? } - scope :search_order, -> { order(:name) } - scope :search, -> (q) { where("#{table_name}.name ILIKE ?", "%#{q.to_s.strip}%") } - scope :by_visibilities, -> (v) { where(visibility: v) } - scope :opened, -> { where(visibility: VISIBILITY_OPEN) } - scope :hidden, -> { where(visibility: VISIBILITY_HIDDEN) } - scope :by_type, -> (type) { where(platform_type: type) if type.present? } - scope :main, -> { by_type(TYPE_MAIN) } - scope :personal, -> { by_type(TYPE_PERSONAL) } - scope :waiting_for_regeneration, -> { where(status: WAITING_FOR_REGENERATION) } - accepts_nested_attributes_for :platform_arch_settings, allow_destroy: true attr_accessible :name, :distrib_type, @@ -281,8 +272,7 @@ class Platform < ActiveRecord::Base return false if token.blank? return true if platform.tokens.by_active.where(authentication_token: token).exists? user = User.find_by(authentication_token: token) - current_ability = Ability.new(user) - user && current_ability.can?(:show, platform) ? true : false + !!(user && PlatformPolicy.new(user, platform).show?) end end @@ -302,10 +292,9 @@ class Platform < ActiveRecord::Base Platform.main.where(automatic_metadata_regeneration: value).each(&:regenerate) end - def self.availables_main_platforms(user, ability = nil) + def self.availables_main_platforms(user) p_ids = Rails.cache.fetch([:availables_main_platforms, user], expires_in: 10.minutes) do - ability ||= Ability.new user - Platform.main.accessible_by(ability, :show).joins(:repositories). + PlatformPolicy::Scope.new(user, Platform).show.main.joins(:repositories). where('repositories.id IS NOT NULL').uniq.pluck(:id) end Platform.preload(:repositories).where(id: p_ids).order(:name) diff --git a/app/models/project.rb b/app/models/project.rb index 506a455ce..40d283564 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -8,6 +8,7 @@ class Project < ActiveRecord::Base include UrlHelper include EventLoggable include Project::DefaultBranch + include Project::Finders VISIBILITIES = ['open', 'hidden'] MAX_OWN_PROJECTS = 32000 @@ -67,37 +68,6 @@ class Project < ActiveRecord::Base :autostart_status attr_readonly :owner_id, :owner_type - scope :recent, -> { order(:name) } - scope :search_order, -> { order('CHAR_LENGTH(projects.name) ASC') } - scope :search, ->(q) { - q = q.to_s.strip - by_name("%#{q}%").search_order if q.present? - } - scope :by_name, ->(name) { where('projects.name ILIKE ?', name) if name.present? } - scope :by_owner, ->(name) { where('projects.owner_uname ILIKE ?', "%#{name}%") if name.present? } - scope :by_owner_and_name, ->(*params) { - term = params.map(&:strip).join('/').downcase - where("lower(concat(owner_uname, '/', name)) ILIKE ?", "%#{term}%") if term.present? - } - scope :by_visibilities, ->(v) { where(visibility: v) } - scope :opened, -> { where(visibility: 'open') } - scope :package, -> { where(is_package: true) } - scope :addable_to_repository, ->(repository_id) { - where('projects.id NOT IN ( - SELECT ptr.project_id - FROM project_to_repositories AS ptr - WHERE ptr.repository_id = ?)', repository_id) - } - scope :by_owners, ->(group_owner_ids, user_owner_ids) { - where("(projects.owner_id in (?) AND projects.owner_type = 'Group') OR - (projects.owner_id in (?) AND projects.owner_type = 'User')", group_owner_ids, user_owner_ids) - } - - scope :project_aliases, ->(project) { - where.not(id: project.id). - where('alias_from_id IN (:ids) OR id IN (:ids)', { ids: [project.alias_from_id, project.id].compact }) - } - before_validation :truncate_name, on: :create before_save -> { self.owner_uname = owner.uname if owner_uname.blank? || owner_id_changed? || owner_type_changed? } before_create :set_maintainer @@ -106,19 +76,6 @@ class Project < ActiveRecord::Base attr_accessor :url, :srpms_list, :mass_import, :add_to_repository_id - class << self - def find_by_owner_and_name(first, last = nil) - arr = first.try(:split, '/') || [] - arr = (arr << last).compact - return nil if arr.length != 2 - where(owner_uname: arr.first, name: arr.last).first || by_owner_and_name(*arr).first - end - - def find_by_owner_and_name!(first, last = nil) - find_by_owner_and_name(first, last) or raise ActiveRecord::RecordNotFound - end - end - def init_mass_import Project.perform_later :low, :run_mass_import, url, srpms_list, visibility, owner, add_to_repository_id end diff --git a/app/models/repository.rb b/app/models/repository.rb index 950f1eb94..f627beb25 100644 --- a/app/models/repository.rb +++ b/app/models/repository.rb @@ -75,14 +75,13 @@ class Repository < ActiveRecord::Base later :clone_relations, loner: true, queue: :low def add_projects(list, user) - current_ability = Ability.new(user) list.lines.each do |line| begin line.chomp!; line.strip! owner, name = line.split('/') next if owner.blank? || name.blank? - project = Project.where(owner_uname: owner, name: name).accessible_by(current_ability, :read).first + project = ProjectPolicy::Scope.new(user, Project).read.where(owner_uname: owner, name: name).first projects << project if project rescue RuntimeError, Exception end diff --git a/app/models/search.rb b/app/models/search.rb index ae7fcd2ff..3e62d1bba 100644 --- a/app/models/search.rb +++ b/app/models/search.rb @@ -1,4 +1,4 @@ -class Search < Struct.new(:query, :ability, :paginate_params) +class Search < Struct.new(:query, :user, :paginate_params) include ActiveModel::Conversion extend ActiveModel::Naming @@ -18,11 +18,12 @@ class Search < Struct.new(:query, :ability, :paginate_params) if type == 'users' User.opened else - type.classify.constantize.accessible_by(ability, :show) + klass = type.classify.constantize + "#{klass}Policy::Scope".constantize.new(user, klass).show end scope.search(query). search_order. paginate(paginate_params) end -end \ No newline at end of file +end diff --git a/app/models/subscribe.rb b/app/models/subscribe.rb index 3c08e8393..5b00693de 100644 --- a/app/models/subscribe.rb +++ b/app/models/subscribe.rb @@ -4,6 +4,7 @@ class Subscribe < ActiveRecord::Base belongs_to :project attr_accessible :status, :user_id + validates :user, presence: true def commit_subscribe? subscribeable_type == 'Grit::Commit' diff --git a/app/models/user.rb b/app/models/user.rb index a7d89fe1a..741435659 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -161,8 +161,7 @@ class User < Avatar if target.is_a? Project assigned_issues.where(project_id: target.id).update_all(assignee_id: nil) else - ability = Ability.new self - project_ids = Project.accessible_by(ability, :membered).uniq.pluck(:id) + project_ids = ProjectPolicy::Scope.new(self, Project).membered.uniq.pluck(:id) issues = assigned_issues issues = issues.where('project_id not in (?)', project_ids) if project_ids.present? @@ -181,8 +180,13 @@ class User < Avatar gr = gr.where('groups.id != ?', target.owner.id) # exclude target owner group from users group list end + + if target.class == Group + roles += target.actors.where(actor_id: self.id, actor_type: 'User') # user is member of a target group + else + roles += rel.where(actor_id: gr.pluck('DISTINCT groups.id'), actor_type: 'Group') # user group is member + end roles += rel.where(actor_id: self.id, actor_type: 'User') # user is member - roles += rel.where(actor_id: gr.pluck('DISTINCT groups.id'), actor_type: 'Group') # user group is member roles.map(&:role).uniq end diff --git a/app/policies/advisory_policy.rb b/app/policies/advisory_policy.rb new file mode 100644 index 000000000..8b6bfed93 --- /dev/null +++ b/app/policies/advisory_policy.rb @@ -0,0 +1,14 @@ +class AdvisoryPolicy < ApplicationPolicy + + def index? + true + end + alias_method :search?, :index? + alias_method :show?, :index? + + def create? + !user.guest? + end + alias_method :update?, :create? + +end diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb new file mode 100644 index 000000000..572e95848 --- /dev/null +++ b/app/policies/application_policy.rb @@ -0,0 +1,178 @@ +class ApplicationPolicy + attr_reader :user, :record + + def initialize(user, record) + # raise Pundit::NotAuthorizedError, 'must be logged in' unless user + @user = user || User.new + @record = record + end + + BASIC_ACTIONS = %i(index? show? create? update? destroy? destroy_all?) + + def index? + false + end + + def show? + false + end + + def new? + create? + end + + def edit? + update? + end + + def update? + false + end + + def create? + false + end + + def destroy? + false + end + + def permitted_attributes + [] + end + + class Scope + attr_reader :user, :scope + + def initialize(user, scope) + @user = user + @scope = scope + end + + def resolve + scope + end + end + + # Public: Get user's group ids. + # + # Returns the Array of group ids. + def user_group_ids + Rails.cache.fetch(['ApplicationPolicy#user_group_ids', user]) do + user.group_ids + end + end + + protected + + # Public: Check if provided user is the current user. + # + # Returns true if it is, false otherwise. + def current_user?(u) + u == user + end + + # Public: Check if provided user is guest. + # + # Returns true if he is, false otherwise. + def is_guest? + user.new_record? + end + + # Public: Check if provided user is user. + # + # Returns true if he is, false otherwise. + def is_user? + user.persisted? + end + + # Public: Check if provided user is tester. + # + # Returns true if he is, false otherwise. + def is_tester? + user.role == 'tester' + end + + # Public: Check if provided user is system. + # + # Returns true if he is, false otherwise. + def is_system? + user.role == 'system' + end + + # Public: Check if provided user is admin. + # + # Returns true if he is, false otherwise. + def is_admin? + user.role == 'admin' + end + + # Public: Check if provided user is banned. + # + # Returns true if he is, false otherwise. + def is_banned? + user.role == 'banned' + end + + # Private: Check if provided user is at least record admin. + # + # Returns true if he is, false otherwise. + def local_admin?(r = record) + owner?(r) || best_role(r) == 'admin' + end + + # Private: Check if provided user is at least record reader. + # + # Returns true if he is, false otherwise. + def local_reader?(r = record) + owner?(r) || %w(reader writer admin).include?(best_role(r)) + end + + # Private: Check if provided user is at least record writer. + # + # Returns true if he is, false otherwise. + def local_writer?(r = record) + owner?(r) || %w(writer admin).include?(best_role(r)) + end + + # Private: Check if provided user is record owner. + # + # Returns true if he is, false otherwise. + def owner?(r = record) + ( + !r.try(:owner_type) && r.owner_id == user.id + ) || ( + r.try(:owner_type) == 'User' && r.owner_id == user.id + ) || ( + r.try(:owner_type) == 'Group' && user_own_group_ids.include?(r.owner_id) + ) + end + + # Private: Get the best role of user for record. + # + # Returns the String role or nil. + def best_role(r = record) + Rails.cache.fetch(['ApplicationPolicy#best_role', r, user]) do + user.best_role(r) + end + end + + # Public: Get own user's group ids. + # + # Returns the Array of own group ids. + def user_own_group_ids + Rails.cache.fetch(['ApplicationPolicy#user_own_group_ids', user]) do + user.own_group_ids + end + end + + # Public: Get user's platform ids. + # + # Returns the Array of platform ids. + def user_platform_ids + Rails.cache.fetch(['ApplicationPolicy#user_platform_ids', user]) do + user.repositories.pluck(:platform_id) + end + end + +end diff --git a/app/policies/arch_policy.rb b/app/policies/arch_policy.rb new file mode 100644 index 000000000..d6722560a --- /dev/null +++ b/app/policies/arch_policy.rb @@ -0,0 +1,6 @@ +class ArchPolicy < ApplicationPolicy + + def index? + true + end +end diff --git a/app/policies/build_list_policy.rb b/app/policies/build_list_policy.rb new file mode 100644 index 000000000..b72117196 --- /dev/null +++ b/app/policies/build_list_policy.rb @@ -0,0 +1,129 @@ +class BuildListPolicy < ApplicationPolicy + + def index? + true + end + + def show? + record.user_id == user.id || ProjectPolicy.new(user, record.project).show? + end + alias_method :read?, :show? + alias_method :log?, :show? + alias_method :everything?, :show? + alias_method :owned?, :show? + alias_method :everything?, :show? + alias_method :list?, :show? + + def create? + return false unless record.project.is_package + return false unless ProjectPolicy.new(user, record.project).write? + record.build_for_platform.blank? || PlatformPolicy.new(user, record.build_for_platform).show? + end + alias_method :rerun_tests?, :create? + + def dependent_projects? + record.save_to_platform.main? && create? + end + + def publish_into_testing? + return false unless record.new_core? + return false unless record.can_publish_into_testing? + create? || ( record.save_to_platform.main? && publish? ) + end + + def publish? + return false unless record.new_core? + return false unless record.can_publish? + if record.build_published? + local_admin?(record.save_to_platform) || record.save_to_repository.members.exists?(id: user.id) + else + record.save_to_repository.publish_without_qa ? + ProjectPolicy.new(user, record.project).write? : local_admin?(record.save_to_platform) + end + end + + def create_container? + return false unless record.new_core? + ProjectPolicy.new(user, record.project).write? || local_admin?(record.save_to_platform) + end + + def reject_publish? + record.save_to_repository.publish_without_qa ? + ProjectPolicy.new(user, record.project).write? : local_admin?(record.save_to_platform) + end + + def cancel? + ProjectPolicy.new(user, record.project).write? + end + + class Scope < Scope + + def read + scope.joins(:project).where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids } + ( + build_lists.user_id = :user_id + ) OR ( + projects.visibility = 'open' + ) OR ( + projects.owner_type = 'User' AND projects.owner_id = :user_id + ) OR ( + projects.owner_type = 'Group' AND projects.owner_id IN (:user_group_ids) + ) OR ( + projects.id = ANY ( + ARRAY ( + SELECT target_id + FROM relations + INNER JOIN projects ON projects.id = relations.target_id + WHERE relations.target_type = 'Project' AND + ( + projects.owner_type = 'User' AND projects.owner_id != :user_id OR + projects.owner_type = 'Group' AND projects.owner_id NOT IN (:user_group_ids) + ) AND ( + relations.actor_type = 'User' AND relations.actor_id = :user_id OR + relations.actor_type = 'Group' AND relations.actor_id IN (:user_group_ids) + ) + ) + ) + ) + SQL + end + alias_method :everything, :read + + def related + scope.joins(:project).where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids } + ( + build_lists.user_id = :user_id + ) OR ( + projects.owner_type = 'User' AND projects.owner_id = :user_id + ) OR ( + projects.owner_type = 'Group' AND projects.owner_id IN (:user_group_ids) + ) OR ( + projects.id = ANY ( + ARRAY ( + SELECT target_id + FROM relations + INNER JOIN projects ON projects.id = relations.target_id + WHERE relations.target_type = 'Project' AND + ( + projects.owner_type = 'User' AND projects.owner_id != :user_id OR + projects.owner_type = 'Group' AND projects.owner_id NOT IN (:user_group_ids) + ) AND ( + relations.actor_type = 'User' AND relations.actor_id = :user_id OR + relations.actor_type = 'Group' AND relations.actor_id IN (:user_group_ids) + ) + ) + ) + ) + SQL + end + + def owned + scope.joins(:project).where(user_id: policy.user) + end + + def policy + @policy ||= Pundit.policy!(user, :build_list) + end + end + +end diff --git a/app/policies/comment_policy.rb b/app/policies/comment_policy.rb new file mode 100644 index 000000000..38cd43661 --- /dev/null +++ b/app/policies/comment_policy.rb @@ -0,0 +1,13 @@ +class CommentPolicy < ApplicationPolicy + + def create? + !user.guest? && ProjectPolicy.new(user, record.project).show? + end + alias_method :new_line?, :create? + + def update? + is_admin? || record.user_id == user.id || local_admin?(record.project) + end + alias_method :destroy?, :update? + +end diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb new file mode 100644 index 000000000..1ad775675 --- /dev/null +++ b/app/policies/group_policy.rb @@ -0,0 +1,41 @@ +class GroupPolicy < ApplicationPolicy + + def index? + !user.guest? + end + alias_method :create?, :index? + alias_method :remove_user?, :index? + + def show? + true + end + + def reader? + !user.guest? && ( is_admin? || local_reader? ) + end + + def write? + !user.guest? && ( is_admin? || owner? || local_writer? ) + end + + def update? + !user.guest? && ( is_admin? || owner? || local_admin? ) + end + alias_method :add_member?, :update? + alias_method :manage_members?, :update? + alias_method :members?, :update? + alias_method :remove_member?, :update? + alias_method :remove_members?, :update? + alias_method :update_member?, :update? + + def destroy? + !user.guest? && ( is_admin? || owner? ) + end + + class Scope < Scope + def show + scope + end + end + +end diff --git a/app/policies/hook_policy.rb b/app/policies/hook_policy.rb new file mode 100644 index 000000000..4c017c8ec --- /dev/null +++ b/app/policies/hook_policy.rb @@ -0,0 +1,11 @@ +class HookPolicy < ApplicationPolicy + + def show? + ProjectPolicy.new(user, record.project).update? + end + alias_method :read?, :show? + alias_method :create?, :show? + alias_method :destroy?, :show? + alias_method :update?, :show? + +end diff --git a/app/policies/issue_policy.rb b/app/policies/issue_policy.rb new file mode 100644 index 000000000..6ac43e6e7 --- /dev/null +++ b/app/policies/issue_policy.rb @@ -0,0 +1,20 @@ +class IssuePolicy < ApplicationPolicy + + def index? + # record.project.has_issues? + true + end + + def show? + return false unless record.project.has_issues? + ProjectPolicy.new(user, record.project).show? + end + alias_method :create?, :show? + alias_method :read?, :show? + + def update? + return false if user.guest? + is_admin? || record.user_id == user.id || local_admin?(record.project) + end + +end diff --git a/app/policies/key_pair_policy.rb b/app/policies/key_pair_policy.rb new file mode 100644 index 000000000..d7ed34f40 --- /dev/null +++ b/app/policies/key_pair_policy.rb @@ -0,0 +1,9 @@ +class KeyPairPolicy < ApplicationPolicy + + def create? + return false unless record.repository + is_admin? || local_admin?(record.repository.platform) + end + alias_method :destroy?, :create? + +end diff --git a/app/policies/mass_build_policy.rb b/app/policies/mass_build_policy.rb new file mode 100644 index 000000000..2255fcd23 --- /dev/null +++ b/app/policies/mass_build_policy.rb @@ -0,0 +1,18 @@ +class MassBuildPolicy < ApplicationPolicy + + def show? + is_admin? || PlatformPolicy.new(user, record.save_to_platform).show? + end + alias_method :read?, :show? + alias_method :get_list?, :show? + + def create? + is_admin? || owner?(record.save_to_platform) || local_admin?(record.save_to_platform) + end + alias_method :publish?, :create? + + def cancel? + !record.stop_build && create? + end + +end diff --git a/app/policies/platform_policy.rb b/app/policies/platform_policy.rb new file mode 100644 index 000000000..d333b2557 --- /dev/null +++ b/app/policies/platform_policy.rb @@ -0,0 +1,134 @@ +class PlatformPolicy < ApplicationPolicy + + def index? + !user.guest? + end + + def allowed? + true + end + alias_method :platforms_for_build?, :allowed? + + def show? + return true if is_admin? + return true unless record.hidden? + return true if record.owner == user + owner? || local_reader? || user_platform_ids.include?(record.id) + end + alias_method :advisories?, :show? + alias_method :owned?, :show? + alias_method :read?, :show? + alias_method :related?, :show? + + def members? + return true if is_admin? + return true unless record.hidden? + return true if record.owner == user + owner? || local_reader? + end + + def create? + is_admin? + end + + def update? + is_admin? || owner? + end + alias_method :change_visibility?, :update? + + def destroy? + record.main? && ( is_admin? || owner? ) + end + + def local_admin_manage? + is_admin? || owner? || local_admin? + end + alias_method :add_project?, :local_admin_manage? + alias_method :remove_file?, :local_admin_manage? + + def clone? + record.main? && is_admin? + end + alias_method :make_clone?, :clone? + + def add_member? + record.main? && ( is_admin? || owner? || local_admin? ) + end + alias_method :regenerate_metadata?, :add_member? + alias_method :remove_member?, :add_member? + alias_method :remove_members?, :add_member? + + def clear? + record.personal? && ( is_admin? || owner? ) + end + + class Scope < Scope + + def related + scope.where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids, platform_ids: related_platform_ids } + ( + platforms.id IN (:platform_ids) + ) OR ( + platforms.owner_type = 'User' AND platforms.owner_id = :user_id + ) OR ( + platforms.owner_type = 'Group' AND platforms.owner_id IN (:user_group_ids) + ) OR ( + platforms.id = ANY ( + ARRAY ( + SELECT target_id + FROM relations + INNER JOIN platforms ON platforms.id = relations.target_id + WHERE relations.target_type = 'Platform' AND + ( + platforms.owner_type = 'User' AND platforms.owner_id != :user_id + ) AND ( + relations.actor_type = 'User' AND relations.actor_id = :user_id + ) + ) + ) + ) + SQL + end + + def show + scope.where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids, platform_ids: related_platform_ids, visibility: Platform::VISIBILITY_OPEN } + ( + platforms.visibility = :visibility + ) OR ( + platforms.id IN (:platform_ids) + ) OR ( + platforms.owner_type = 'User' AND platforms.owner_id = :user_id + ) OR ( + platforms.owner_type = 'Group' AND platforms.owner_id IN (:user_group_ids) + ) OR ( + platforms.id = ANY ( + ARRAY ( + SELECT target_id + FROM relations + INNER JOIN platforms ON platforms.id = relations.target_id + WHERE relations.target_type = 'Platform' AND + ( + platforms.owner_type = 'User' AND platforms.owner_id != :user_id + ) AND ( + relations.actor_type = 'User' AND relations.actor_id = :user_id + ) + ) + ) + ) + SQL + end + + protected + + def policy + @policy ||= Pundit.policy!(user, :platform) + end + + def related_platform_ids + Rails.cache.fetch(['PlatformPolicy::Scope#related_platform_ids', policy.user]) do + policy.user.repositories.pluck(:platform_id) + end + end + end + +end diff --git a/app/policies/product_build_list_policy.rb b/app/policies/product_build_list_policy.rb new file mode 100644 index 000000000..24b35114c --- /dev/null +++ b/app/policies/product_build_list_policy.rb @@ -0,0 +1,27 @@ +class ProductBuildListPolicy < ApplicationPolicy + + def index? + true + end + + def show? + is_admin? || ProductPolicy.new(user, record.product).show? + end + alias_method :log?, :show? + alias_method :read?, :show? + + def create? + return false unless record.project && record.product + is_admin? || ProjectPolicy.new(user, record.project).write? || ProductPolicy.new(user, record.product).update? + end + alias_method :cancel?, :create? + + def update? + is_admin? || ProductPolicy.new(user, record.product).update? + end + + def destroy? + is_admin? || ProductPolicy.new(user, record.product).destroy? + end + +end diff --git a/app/policies/product_policy.rb b/app/policies/product_policy.rb new file mode 100644 index 000000000..86120b9ee --- /dev/null +++ b/app/policies/product_policy.rb @@ -0,0 +1,20 @@ +class ProductPolicy < ApplicationPolicy + + def index? + record.platform.main? + end + + def show? + is_admin? || PlatformPolicy.new(user, record.platform).show? + end + alias_method :read?, :show? + + def create? + return false unless record.platform + is_admin? || record.platform.main? && ( owner?(record.platform) || local_admin?(record.platform) ) + end + alias_method :clone?, :create? + alias_method :destroy?, :create? + alias_method :update?, :create? + +end diff --git a/app/policies/project_policy.rb b/app/policies/project_policy.rb new file mode 100644 index 000000000..15134685d --- /dev/null +++ b/app/policies/project_policy.rb @@ -0,0 +1,148 @@ +class ProjectPolicy < ApplicationPolicy + + def index? + !user.guest? + end + alias_method :autocomplete_project?, :index? + alias_method :remove_user?, :index? + alias_method :preview?, :index? + + def show? + return true if is_admin? + return true if record.public? + return true if record.owner == user + return true if record.owner.is_a?(Group) && user_group_ids.include?(record.owner_id) + local_reader? + end + alias_method :read?, :show? + alias_method :archive?, :show? + alias_method :get_id?, :show? + alias_method :refs_list?, :show? + + def fork? + !user.guest? && show? + end + + def create? + return false if user.guest? + return true if is_admin? + record.is_a?(Symbol) || owner_policy.write? + end + + def update? + return false if user.guest? + is_admin? || owner? || local_admin? + end + alias_method :add_member?, :update? + alias_method :alias?, :update? + alias_method :autocomplete_maintainers?, :update? + alias_method :manage_collaborators?, :update? + alias_method :members?, :update? + alias_method :remove_member?, :update? + alias_method :remove_members?, :update? + alias_method :schedule?, :update? + alias_method :sections?, :update? + alias_method :update_member?, :update? + + def destroy? + return false if user.guest? + is_admin? || owner? || record.owner.is_a?(Group) && record.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin') + end + + def mass_import? + return false if user.guest? + is_admin? || user.platforms.main.find{ |p| local_admin?(p) }.present? + end + + def run_mass_import? + return true if is_admin? + return false unless owner_policy.write? + repo = Repository.find(record.add_to_repository_id) + repo.platform.main? && PlatformPolicy.new(user, repo.platform).add_project? + end + + # for grack + def write? + return false if user.guest? + is_admin? || owner? || local_writer? + end + + def possible_forks + true + end + + class Scope < Scope + + def membered + scope.where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids } + ( + projects.owner_type = 'User' AND projects.owner_id = :user_id + ) OR ( + projects.owner_type = 'Group' AND projects.owner_id IN (:user_group_ids) + ) OR ( + projects.id = ANY ( + ARRAY ( + SELECT target_id + FROM relations + INNER JOIN projects ON projects.id = relations.target_id + WHERE relations.target_type = 'Project' AND + ( + projects.owner_type = 'User' AND projects.owner_id != :user_id OR + projects.owner_type = 'Group' AND projects.owner_id NOT IN (:user_group_ids) + ) AND ( + relations.actor_type = 'User' AND relations.actor_id = :user_id OR + relations.actor_type = 'Group' AND relations.actor_id IN (:user_group_ids) + ) + ) + ) + ) + SQL + end + + def read + scope.where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids } + ( + projects.visibility = 'open' + ) OR ( + projects.owner_type = 'User' AND projects.owner_id = :user_id + ) OR ( + projects.owner_type = 'Group' AND projects.owner_id IN (:user_group_ids) + ) OR ( + projects.id = ANY ( + ARRAY ( + SELECT target_id + FROM relations + INNER JOIN projects ON projects.id = relations.target_id + WHERE relations.target_type = 'Project' AND + ( + projects.owner_type = 'User' AND projects.owner_id != :user_id OR + projects.owner_type = 'Group' AND projects.owner_id NOT IN (:user_group_ids) + ) AND ( + relations.actor_type = 'User' AND relations.actor_id = :user_id OR + relations.actor_type = 'Group' AND relations.actor_id IN (:user_group_ids) + ) + ) + ) + ) + SQL + end + alias_method :show, :read + + protected + + def policy + @policy ||= Pundit.policy!(user, :project) + end + end + + private + + def owner_policy + if record.owner.is_a?(User) + UserPolicy.new(user, record.owner) + else + GroupPolicy.new(user, record.owner) + end + end + +end diff --git a/app/policies/pull_request_policy.rb b/app/policies/pull_request_policy.rb new file mode 100644 index 000000000..9a53ecb4f --- /dev/null +++ b/app/policies/pull_request_policy.rb @@ -0,0 +1,25 @@ +class PullRequestPolicy < ApplicationPolicy + + def index? + true + end + + def show? + is_admin? || ProjectPolicy.new(user, record.to_project).show? + end + alias_method :read?, :show? + alias_method :commits?, :show? + alias_method :files?, :show? + alias_method :create?, :show? + + def update? + return false if user.guest? + is_admin? || record.user_id == user.id || local_writer?(record.to_project) + end + + def merge? + return false if user.guest? + is_admin? || local_writer?(record.to_project) + end + +end diff --git a/app/policies/repository_policy.rb b/app/policies/repository_policy.rb new file mode 100644 index 000000000..2835f6671 --- /dev/null +++ b/app/policies/repository_policy.rb @@ -0,0 +1,68 @@ +class RepositoryPolicy < ApplicationPolicy + + def show? + is_admin? || PlatformPolicy.new(user, record.platform).show? + end + alias_method :projects?, :show? + alias_method :projects_list?, :show? + alias_method :read?, :show? + + def reader? + is_admin? || local_reader?(record.platform) + end + + def write? + is_admin? || local_writer?(record.platform) + end + + def update? + is_admin? || local_admin?(record.platform) + end + alias_method :manage_members?, :update? + alias_method :regenerate_metadata?, :update? + alias_method :signatures?, :update? + + def create? + return false if record.platform.personal? && record.name == 'main' + is_admin? || owner?(record.platform) || local_admin?(record.platform) + end + alias_method :destroy?, :create? + + def packages? + record.platform.main? && ( is_admin? || local_admin?(record.platform) ) + end + alias_method :remove_member?, :packages? + alias_method :remove_members?, :packages? + alias_method :add_member?, :packages? + alias_method :sync_lock_file?, :packages? + + def add_project? + is_admin? || local_admin?(record.platform) || repository_user_ids.include?(user.id) + end + alias_method :remove_project?, :add_project? + + def settings? + is_admin? || owner?(record.platform) || local_admin?(record.platform) + end + + def key_pair? + user.system? + end + + def add_repo_lock_file? + is_admin? || user.system? || ( record.platform.main? && local_admin?(record.platform) ) + end + alias_method :remove_repo_lock_file?, :add_repo_lock_file? + +private + + # Public: Get user ids of repository. + # + # Returns the Set of user ids. + def repository_user_ids + Rails.cache.fetch(['RepositoryPolicy#repository_user_ids', record]) do + Set.new record.member_ids + end + end + +end diff --git a/app/policies/search_policy.rb b/app/policies/search_policy.rb new file mode 100644 index 000000000..d19f89d8b --- /dev/null +++ b/app/policies/search_policy.rb @@ -0,0 +1,7 @@ +class SearchPolicy < ApplicationPolicy + + def index? + APP_CONFIG['anonymous_access'] || !user.guest? + end + +end diff --git a/app/policies/statistic_policy.rb b/app/policies/statistic_policy.rb new file mode 100644 index 000000000..3cf1e3d19 --- /dev/null +++ b/app/policies/statistic_policy.rb @@ -0,0 +1,7 @@ +class StatisticPolicy < ApplicationPolicy + + def index? + true + end + +end diff --git a/app/policies/subscribe_policy.rb b/app/policies/subscribe_policy.rb new file mode 100644 index 000000000..67d3debf3 --- /dev/null +++ b/app/policies/subscribe_policy.rb @@ -0,0 +1,14 @@ +class SubscribePolicy < ApplicationPolicy + + def create? + return false if user.guest? + return true if record.subscribeable.is_a?(Grit::Commit) + !record.subscribeable.subscribes.exists?(user_id: user.id) + end + + def destroy? + return false if user.guest? + return true if record.subscribeable.is_a?(Grit::Commit) + record.subscribeable.subscribes.exists?(user_id: user.id) + end +end diff --git a/app/policies/token_policy.rb b/app/policies/token_policy.rb new file mode 100644 index 000000000..23ace1dc8 --- /dev/null +++ b/app/policies/token_policy.rb @@ -0,0 +1,11 @@ +class TokenPolicy < ApplicationPolicy + + def show? + # local_admin?(record.subject) + is_admin? || owner?(record.subject) || local_admin?(record.subject) + end + alias_method :create?, :show? + alias_method :read?, :show? + alias_method :withdraw?, :show? + +end diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb new file mode 100644 index 000000000..2b4a9467a --- /dev/null +++ b/app/policies/user_policy.rb @@ -0,0 +1,20 @@ +class UserPolicy < ApplicationPolicy + + def show? + true + end + + def update? + is_admin? || record == user + end + alias_method :notifiers?, :update? + alias_method :show_current_user?, :update? + alias_method :write?, :update? + + class Scope < Scope + def show + scope + end + end + +end diff --git a/app/presenters/comment_presenter.rb b/app/presenters/comment_presenter.rb index 00b433b30..05851c26b 100644 --- a/app/presenters/comment_presenter.rb +++ b/app/presenters/comment_presenter.rb @@ -60,12 +60,12 @@ class CommentPresenter < ApplicationPresenter res = [ link_to(content_tag(:i, nil, class: 'fa fa-link'), link_to_comment, class: klass).html_safe ] - if controller.can? :update, @comment + if controller.policy(@comment).update? res << link_to(content_tag(:i, nil, class: 'fa fa-edit'), "#update-comment#{comment.id}", 'ng-click' => "commentsCtrl.toggleEditForm(#{comment_id})" ).html_safe end - if controller.can? :destroy, @comment + if controller.policy(@comment).destroy? res << link_to(content_tag(:i, nil, class: 'fa fa-close'), '', 'ng-click' => "commentsCtrl.remove(#{comment_id})").html_safe diff --git a/app/views/admin/_register_requests/index.html.haml b/app/views/admin/_register_requests/index.html.haml index f23a77182..ef9ab59d6 100644 --- a/app/views/admin/_register_requests/index.html.haml +++ b/app/views/admin/_register_requests/index.html.haml @@ -25,9 +25,9 @@ %td= request.created_at %td - links = [] - - if can? :approve, request + - if policy(request).approve? - links << link_to(t("layout.approve"), approve_admin_register_request_path(request)) - - if can? :reject, request + - if policy(request).reject? - links << link_to(t("layout.reject"), reject_admin_register_request_path(request)) - if request.token - links << link_to('Link', new_user_registration_url(invitation_token: request.token)) diff --git a/app/views/admin/_users/_sidebar.html.haml b/app/views/admin/_users/_sidebar.html.haml index 59b4f85b9..39af53acc 100644 --- a/app/views/admin/_users/_sidebar.html.haml +++ b/app/views/admin/_users/_sidebar.html.haml @@ -3,7 +3,7 @@ .bordered = link_to t("layout.users.list_header"), admin_users_path, class: 'button' .bordered - - if can? :create, User.new + - if policy(:user).create? = link_to t("layout.users.new"), new_admin_user_path(system: @filter == 'system'), class: 'button' %h3= t("layout.users.filter_header") %table diff --git a/app/views/admin/_users/_users_ajax.json.jbuilder b/app/views/admin/_users/_users_ajax.json.jbuilder index b82fae736..5343f88cd 100644 --- a/app/views/admin/_users/_users_ajax.json.jbuilder +++ b/app/views/admin/_users/_users_ajax.json.jbuilder @@ -1,14 +1,14 @@ users = @users.map do |user| link_block = [ - (link_to t('layout.edit'), edit_admin_user_path(user) if can?(:edit, user) && !@system_list), - (link_to t('layout.users.reset_token'), reset_auth_token_admin_user_path(user), method: :put, data: { confirm: t('layout.users.confirm_reset_token') } if can?(:edit, user) && @system_list), - (link_to t('layout.delete'), admin_user_path(user), method: :delete, data: { confirm: t('layout.users.confirm_delete') } if can? :destroy, user) + (link_to t('layout.edit'), edit_admin_user_path(user) if policy(user).edit? && !@system_list), + (link_to t('layout.users.reset_token'), reset_auth_token_admin_user_path(user), method: :put, data: { confirm: t('layout.users.confirm_reset_token') } if policy(user).edit? && @system_list), + (link_to t('layout.delete'), admin_user_path(user), method: :delete, data: { confirm: t('layout.users.confirm_delete') } if policy(user).destroy? ].compact.join(' | ').html_safe if !@system_list [ user.name, - (can?(:read, user) ? link_to(user.uname, user) : user.uname), + (policy(user).read? ? link_to(user.uname, user) : user.uname), user.email, user.created_at.to_date, content_tag(:span, user.role, style: user.access_locked? ? 'background: #FEDEDE' : ''), diff --git a/app/views/devise/shared/_links.haml b/app/views/devise/shared/_links.haml index a5bf50157..f9ee42292 100644 --- a/app/views/devise/shared/_links.haml +++ b/app/views/devise/shared/_links.haml @@ -2,7 +2,7 @@ = link_to t("layout.devise.shared_links.sign_in"), new_session_path(resource_name), class: "text_button_padding link_button" - if devise_mapping.registerable? && controller_name != 'registrations' =# link_to t("layout.devise.shared_links.sign_up"), new_registration_path(resource_name), class: "text_button_padding link_button" - = link_to t("layout.devise.shared_links.sign_up"), new_register_request_path, class: "text_button_padding link_button" # to prereg form + = link_to t("layout.devise.shared_links.sign_up"), new_user_registration_path, class: "text_button_padding link_button" # to prereg form - if devise_mapping.recoverable? && controller_name != 'passwords' = link_to t("layout.devise.shared_links.forgot_password"), new_password_path(resource_name), class: "text_button_padding link_button" - if devise_mapping.confirmable? && controller_name != 'confirmations' diff --git a/app/views/groups/base/_submenu.html.slim b/app/views/groups/base/_submenu.html.slim index 413d632b1..0f147e1a0 100644 --- a/app/views/groups/base/_submenu.html.slim +++ b/app/views/groups/base/_submenu.html.slim @@ -15,9 +15,9 @@ / Collect the nav links, forms, and other content for toggling #submenu-navbar-collapse.collapse.navbar-collapse ul.nav.navbar-nav.left-border - - if can? :edit, @group + - if policy(@group).update? li class=('active' if act == :edit && contr == :profile) = link_to t('layout.groups.edit'), edit_group_path(@group) - - if can? :manage_members, @group + - if policy(@group).manage_members? li class=('active' if act == :index && contr == :members) = link_to t('layout.groups.edit_members'), group_members_path(@group) diff --git a/app/views/groups/profile/edit.html.slim b/app/views/groups/profile/edit.html.slim index d21589b1e..b60062b27 100644 --- a/app/views/groups/profile/edit.html.slim +++ b/app/views/groups/profile/edit.html.slim @@ -13,7 +13,7 @@ = render 'form', f: f - - if can? :destroy, @group + - if policy(@group).destroy? .row hr .alert.alert-danger @@ -23,19 +23,3 @@ method: :delete, data: { confirm: t("layout.groups.confirm_delete") }, class: 'btn btn-danger' - - -/ = form_for @group, url: profile_group_path(@group) do |f| -/ = render "form", f: f - -/ .hr -/ .groups-profile= image_tag('code.png') -/ .groups-profile= link_to t("layout.groups.public_profile"), @group -/ .both -/ .hr -/ .leftside= t("layout.groups.delete_warning") -/ .rightside -/ = link_to t("layout.delete"), profile_group_path(@group), method: :delete, data: { confirm: t("layout.groups.confirm_delete") }, class: 'button' if can? :destroy, @group -/ .both - -/ - content_for :sidebar, render('sidebar') diff --git a/app/views/groups/profile/show.html.slim b/app/views/groups/profile/show.html.slim index 637a25975..5f94992ce 100644 --- a/app/views/groups/profile/show.html.slim +++ b/app/views/groups/profile/show.html.slim @@ -33,4 +33,3 @@ hr p => image_tag avatar_url(member, :micro), alt: member.uname, height: size, width: size = link_to member.uname.truncate(20), member - diff --git a/app/views/layouts/_notifies.html.haml b/app/views/layouts/_notifies.html.haml index b4dce69a8..8a039b690 100644 --- a/app/views/layouts/_notifies.html.haml +++ b/app/views/layouts/_notifies.html.haml @@ -1,6 +1,6 @@ - if current_user || APP_CONFIG['anonymous_access'] .flash_notify - - if (flash_notify = FlashNotify.published.first) && flash_notify.should_show?(cookies[:flash_notify_hash]) + - if (flash_notify = FlashNotify.published_first_cached) && flash_notify.should_show?(cookies[:flash_notify_hash]) .alert{class: "alert-#{flash_notify.status}"} = flash_notify.body(I18n.locale).html_safe %a.close#close-alert{:'data-dismiss'=>"alert", href: "#"} × diff --git a/app/views/layouts/application.html.slim b/app/views/layouts/application.html.slim index 2ae30e727..9e7d383f9 100644 --- a/app/views/layouts/application.html.slim +++ b/app/views/layouts/application.html.slim @@ -16,7 +16,7 @@ html == yield :submenu if content_for?(:submenu) - if current_user || APP_CONFIG['anonymous_access'] - - if (flash_notify = FlashNotify.published.first) && flash_notify.should_show?(cookies[:flash_notify_hash]) + - if (flash_notify = FlashNotify.published_first_cached) && flash_notify.should_show?(cookies[:flash_notify_hash]) javascript: var FLASH_HASH_ID = "#{flash_notify.hash_id}"; .notify.alert.alert-dismissable.text-center class=alert_class(flash_notify.status) diff --git a/app/views/layouts/menu/_new_bottom.html.haml b/app/views/layouts/menu/_new_bottom.html.haml index cdf6ba926..89f530a15 100644 --- a/app/views/layouts/menu/_new_bottom.html.haml +++ b/app/views/layouts/menu/_new_bottom.html.haml @@ -13,7 +13,7 @@ %li= link_to t('bottom_menu.support'), contact_url %li · %li= link_to t('bottom_menu.developer_api'), t('bottom_menu.developer_api_url') - -if pr = Project.find_by_owner_and_name('abf/abf-ideas') + - if pr = Project.find_by_owner_and_name('abf/abf-ideas') %li · %li= link_to t('bottom_menu.abf_ideas'), project_issues_url(pr) %li · diff --git a/app/views/layouts/menu/_new_top.html.slim b/app/views/layouts/menu/_new_top.html.slim index 9ed905655..39bd5a36c 100644 --- a/app/views/layouts/menu/_new_top.html.slim +++ b/app/views/layouts/menu/_new_top.html.slim @@ -12,7 +12,7 @@ nav.navbar.navbar-inverse.top_menu role = "navigation" #top-menu-navbar-collapse.collapse.navbar-collapse ul.nav.navbar-nav - (collection = t 'top_menu').each do |base, title| - - if can? :index, base.to_s.classify.constantize + - if policy(base).index? li class=top_menu_class(base) a href=send("#{base}_path") i.fa.hidden-sm class=top_menu_icon(base) @@ -50,7 +50,7 @@ nav.navbar.navbar-inverse.top_menu role = "navigation" li= link_to t('layout.logout'), destroy_user_session_path, method: :delete - else ul.nav.navbar-nav - li= link_to t('layout.devise.shared_links.sign_up'), new_register_request_path + li= link_to t('layout.devise.shared_links.sign_up'), new_user_registration_path li= link_to t('layout.devise.shared_links.sign_in'), new_user_session_path / /.navbar-collapse / /.container-fluid diff --git a/app/views/layouts/menu/_top.html.haml b/app/views/layouts/menu/_top.html.haml index 936e7a767..d3cbaddf0 100644 --- a/app/views/layouts/menu/_top.html.haml +++ b/app/views/layouts/menu/_top.html.haml @@ -1,7 +1,7 @@ - namespace = which_menu == 'admins_menu' ? 'admin_' : '' %ul - (collection = t which_menu).each do |base, title| - - if can? :index, base.to_s.classify.constantize + - if policy(base).index? %li= link_to title, send(:"#{namespace}#{base}_path"), class: top_menu_class(base) - if current_user.try(:admin?) and which_menu == 'top_menu' %li= link_to t('admins_menu_header'), admin_root_path, class: top_menu_class('admin') \ No newline at end of file diff --git a/app/views/platforms/base/_submenu.html.slim b/app/views/platforms/base/_submenu.html.slim index e7f61fba9..3e6567457 100644 --- a/app/views/platforms/base/_submenu.html.slim +++ b/app/views/platforms/base/_submenu.html.slim @@ -22,24 +22,24 @@ = link_to t("layout.repositories.list_header"), platform_repositories_path(@platform) li class=('active' if contr == :contents) = link_to t('layout.platforms.contents'), platform_contents_path(@platform) - - if can? :show, @platform + - if policy(@platform).show? li class=('active' if act == :index && contr == :maintainers) = link_to t("layout.platforms.maintainers"), platform_maintainers_path(@platform) li class=('active' if contr == :mass_builds) = link_to t("layout.platforms.mass_build"), platform_mass_builds_path(@platform) - - if can? :read, @platform.products.build + - if policy(@platform.products.build).show? li class=('active' if contr == :products) = link_to t("layout.products.list_header"), platform_products_path(@platform) - - if can? :advisories, @platform + - if policy(@platform.advisories.build).show? li class=('active' if contr == :platforms && act == :advisories) = link_to t("layout.advisories.list_header"), advisories_platform_path(@platform) - - if can? :update, @platform + - if policy(@platform).update? li class=('active' if act == :edit && contr == :platforms) = link_to t("platform_menu.settings"), edit_platform_path(@platform) - - if can? :members, @platform + - if policy(@platform).local_admin_manage? li class=('active' if act == :members && contr == :platforms) = link_to t("layout.platforms.members"), members_platform_path(@platform) - - if can? :edit, @platform + - if policy(@platform).edit? li class=('active' if contr == :key_pairs) = link_to t("layout.key_pairs.header"), platform_key_pairs_path(@platform) li class=('active' if contr == :tokens) diff --git a/app/views/platforms/contents/index.html.slim b/app/views/platforms/contents/index.html.slim index 5b3ff1ca1..bf96cd23a 100644 --- a/app/views/platforms/contents/index.html.slim +++ b/app/views/platforms/contents/index.html.slim @@ -32,7 +32,7 @@ li.active[ ng-repeat='fold in folders' ng-show='$last && !$first' ] {{fold.name}} .clearfix - - can_remove = can? :remove_file, @platform + - can_remove = policy(@platform).remove_file? table.table ng-hide='processing' tbody diff --git a/app/views/platforms/key_pairs/_list.html.slim b/app/views/platforms/key_pairs/_list.html.slim index 42ba9a3a5..2c4889ed1 100644 --- a/app/views/platforms/key_pairs/_list.html.slim +++ b/app/views/platforms/key_pairs/_list.html.slim @@ -13,6 +13,6 @@ table.table.table-striped td= repository.key_pair.key_id td= link_to repository.key_pair.user.fullname, user_path(repository.key_pair.user) td.buttons - - if can? :destroy, repository.key_pair + - if policy(repository.key_pair).destroy? = link_to platform_key_pair_path(@platform, repository.key_pair), method: :delete, data: { confirm: t("layout.key_pairs.confirm_delete") } do span.glyphicon.glyphicon-remove diff --git a/app/views/platforms/key_pairs/index.html.slim b/app/views/platforms/key_pairs/index.html.slim index e7713dbaf..9a5d0fe24 100644 --- a/app/views/platforms/key_pairs/index.html.slim +++ b/app/views/platforms/key_pairs/index.html.slim @@ -3,7 +3,7 @@ .container.col-md-offset-2.col-md-8 .row - - if can? :edit, @platform + - if policy(@platform).edit? = render 'new' hr = render 'list' diff --git a/app/views/platforms/mass_builds/index.html.slim b/app/views/platforms/mass_builds/index.html.slim index 793c2dc7f..23c234def 100644 --- a/app/views/platforms/mass_builds/index.html.slim +++ b/app/views/platforms/mass_builds/index.html.slim @@ -2,7 +2,7 @@ .col-xs-12.col-md-10.col-md-offset-1 .row - - if can? :create, @platform.mass_builds.build + - if policy(@platform.mass_builds.build).create? a.btn.btn-primary href=new_platform_mass_build_path(@platform) = t('layout.mass_builds.new') hr diff --git a/app/views/platforms/mass_builds/show.html.slim b/app/views/platforms/mass_builds/show.html.slim index 718eb0d6f..7826a5866 100644 --- a/app/views/platforms/mass_builds/show.html.slim +++ b/app/views/platforms/mass_builds/show.html.slim @@ -128,7 +128,7 @@ = link_to_list @platform, @mass_build, 'success_builds_list' .buttons_block - - if can?(:publish, @mass_build) + - if policy(@mass_build).publish? - unless @mass_build.auto_publish_status == BuildList::AUTO_PUBLISH_STATUS_DEFAULT = link_to t('layout.mass_builds.publish_success'), publish_platform_mass_build_path(@platform, @mass_build.id), @@ -142,14 +142,14 @@ data: { confirm: t("layout.confirm") }, class: 'btn btn-warning' hr - - if can?(:cancel, @mass_build) + - if policy(@mass_build).cancel? = link_to t('layout.cancel'), cancel_platform_mass_build_path(@platform, @mass_build.id), method: :post, class: 'btn btn-danger', data: { confirm: t('layout.mass_builds.cancel_confirm') } hr - - if can? :create, @mass_build + - if policy(@mass_build).create? = link_to t('layout.mass_builds.recreate'), new_platform_mass_build_path(@platform, mass_build_id: @mass_build.id), class: 'btn btn-primary' diff --git a/app/views/platforms/platforms/_form.html.slim b/app/views/platforms/platforms/_form.html.slim index ead035381..b0c99a688 100644 --- a/app/views/platforms/platforms/_form.html.slim +++ b/app/views/platforms/platforms/_form.html.slim @@ -26,7 +26,7 @@ - if %w(edit update).include? controller.action_name - - if can? :change_visibility, @platform + - if policy(@platform).change_visibility? dl.dl-horizontal dt = t('activerecord.attributes.platform.visibility') diff --git a/app/views/platforms/platforms/edit.html.slim b/app/views/platforms/platforms/edit.html.slim index dcc4aebcd..f5420457f 100644 --- a/app/views/platforms/platforms/edit.html.slim +++ b/app/views/platforms/platforms/edit.html.slim @@ -8,7 +8,7 @@ hr .row - - if can? :regenerate_metadata, @platform + - if policy(@platform).regenerate_metadata? h4= t('layout.platforms.metadata') table.table @@ -43,7 +43,7 @@ class: 'btn btn-xs btn-warning' - - if can? :destroy, @platform + - if policy(@platform).destroy? hr p = t("layout.platforms.delete_warning") @@ -53,7 +53,7 @@ data: { confirm: t("layout.platforms.confirm_delete") }, class: 'btn btn-danger' - - if can? :clear, @platform + - if policy(@platform).clear? p = t("layout.repositories.clear_warning") = link_to t("layout.repositories.clear"), diff --git a/app/views/platforms/platforms/index.html.slim b/app/views/platforms/platforms/index.html.slim index 5bef8ba1c..a35dbd503 100644 --- a/app/views/platforms/platforms/index.html.slim +++ b/app/views/platforms/platforms/index.html.slim @@ -1,7 +1,9 @@ - set_meta_tags title: t('layout.platforms.list_header') .row ng-controller='PlatformsCtrl' .col-md-6.col-md-offset-3 ng-cloak=true - = link_to t('layout.platforms.new'), new_platform_path, class: 'btn btn-primary' if can? :create, Platform + - if policy(:platform).create? + a.btn.btn-primary href=new_platform_path + = t('layout.platforms.new') table.table.table-hover.offset10 thead tr diff --git a/app/views/platforms/platforms/show.html.slim b/app/views/platforms/platforms/show.html.slim index 7aac56657..1bcd2904e 100644 --- a/app/views/platforms/platforms/show.html.slim +++ b/app/views/platforms/platforms/show.html.slim @@ -47,7 +47,7 @@ b= t('layout.platforms.distrib_type') .col-md-8= @platform.distrib_type - - if can? :clone, @platform + - if policy(@platform).clone? .row .col-md-4 .col-md-8 diff --git a/app/views/platforms/product_build_lists/_product_build_list.html.slim b/app/views/platforms/product_build_lists/_product_build_list.html.slim index 2ff11f57e..0b615548b 100644 --- a/app/views/platforms/product_build_lists/_product_build_list.html.slim +++ b/app/views/platforms/product_build_lists/_product_build_list.html.slim @@ -13,7 +13,7 @@ tr a href=platform_product_path(platform, product) = pbl.product.name td.text-center - - if can?(:destroy, pbl) && pbl.can_destroy? + - if policy(pbl).destroy? && pbl.can_destroy? = link_to platform_product_product_build_list_path(platform, product, pbl), method: :delete, data: { confirm: t('layout.confirm') } do span.glyphicon.glyphicon-remove diff --git a/app/views/platforms/product_build_lists/show.html.slim b/app/views/platforms/product_build_lists/show.html.slim index c022d25f5..3218d143d 100644 --- a/app/views/platforms/product_build_lists/show.html.slim +++ b/app/views/platforms/product_build_lists/show.html.slim @@ -94,7 +94,7 @@ .col-md-6 | {{pbl.notified_at}} - - if can?(:update, pbl) + - if policy(pbl).update? .row ng-show="pbl.status == #{ ProductBuildList::BUILD_COMPLETED }" .col-md-6 b @@ -114,7 +114,7 @@ .row hr - - if can?(:cancel, pbl) + - if policy(pbl).cancel? a.btn.btn-warning[ href=cancel_platform_product_product_build_list_path(pbl.product.platform, pbl.product, pbl) data-method = 'put' @@ -123,7 +123,7 @@ = t('layout.build_lists.cancel') |   - - if can?(:destroy, pbl) + - if policy(pbl).destroy? a.btn.btn-danger[ href=platform_product_product_build_list_path(pbl.product.platform, pbl.product, pbl) data-method = 'delete' diff --git a/app/views/platforms/products/_list.html.slim b/app/views/platforms/products/_list.html.slim index 4c6b0d921..561ba13eb 100644 --- a/app/views/platforms/products/_list.html.slim +++ b/app/views/platforms/products/_list.html.slim @@ -9,7 +9,7 @@ table.table.table-striped td = link_to product.name, platform_product_path(@platform, product) td - - if can? :destroy, product + - if policy(product).destroy? a[href = platform_product_path(@platform, product) data-method = 'delete' data-confirm = t('layout.products.confirm_delete') ] diff --git a/app/views/platforms/products/index.html.slim b/app/views/platforms/products/index.html.slim index 4261eb9b8..71b025715 100644 --- a/app/views/platforms/products/index.html.slim +++ b/app/views/platforms/products/index.html.slim @@ -5,7 +5,7 @@ .container.col-md-offset-2.col-md-8 .row - - if can? :create, @platform.products.build + - if policy(@platform.products.build).create? a.btn.btn-primary href=new_platform_product_path(@platform) = t('layout.products.new') hr diff --git a/app/views/platforms/products/show.html.slim b/app/views/platforms/products/show.html.slim index 415006abd..20b7d8b6b 100644 --- a/app/views/platforms/products/show.html.slim +++ b/app/views/platforms/products/show.html.slim @@ -17,17 +17,17 @@ p= @product.description - - if can? :update, @product + - if policy(@product).update? a.btn.btn-primary href=edit_platform_product_path(@platform, @product) = t('layout.edit') |   - - if can? :destroy, @product + - if policy(@product).destroy? a.btn.btn-danger[ href = platform_product_path(@platform, @product) data-method = 'delete' data-confirm = t('layout.products.confirm_delete') ] = t('layout.delete') |   - - if can?(:create, @product.product_build_lists.build) + - if policy(@product.product_build_lists.build).create? a.btn.btn-primary href=new_platform_product_product_build_list_path(@platform, @product) = t('layout.products.build') diff --git a/app/views/platforms/repositories/_project.json.jbuilder b/app/views/platforms/repositories/_project.json.jbuilder index 021a2c3d5..a43373ddc 100644 --- a/app/views/platforms/repositories/_project.json.jbuilder +++ b/app/views/platforms/repositories/_project.json.jbuilder @@ -6,7 +6,7 @@ json.projects @projects do |project| json.path project_path(project.name_with_owner) json.name project.name_with_owner json.description truncate(project.description || '', length: 60).gsub(/\n|\r|\t/, ' ') - if can? :remove_project, @repository + if policy(@repository).remove_project? json.remove_path remove_project_platform_repository_path(@platform, @repository, project_id: project.id) end end diff --git a/app/views/platforms/repositories/edit.html.slim b/app/views/platforms/repositories/edit.html.slim index 19d31a8bb..c8bc77d46 100644 --- a/app/views/platforms/repositories/edit.html.slim +++ b/app/views/platforms/repositories/edit.html.slim @@ -15,7 +15,7 @@ = render "form", f: f hr - - if can?(:update, @repository) + - if policy(@repository).update? .row h3= t('layout.repositories.extra_actions') diff --git a/app/views/platforms/repositories/index.html.slim b/app/views/platforms/repositories/index.html.slim index 12e67b471..43b041d16 100644 --- a/app/views/platforms/repositories/index.html.slim +++ b/app/views/platforms/repositories/index.html.slim @@ -9,7 +9,7 @@ = render 'submenu' if params[:platform_id] .container.col-md-offset-2.col-md-8 - - if can? :create, @platform.repositories.build + - if policy(@platform.repositories.build).create? .row a.btn.btn-primary href=new_platform_repository_path(@platform) = t("layout.repositories.new") diff --git a/app/views/platforms/repositories/show.html.slim b/app/views/platforms/repositories/show.html.slim index 026c12387..cbc8236ce 100644 --- a/app/views/platforms/repositories/show.html.slim +++ b/app/views/platforms/repositories/show.html.slim @@ -16,20 +16,20 @@ p= @repository.description .row - - if can? :update, @repository + - if policy(@repository).update? a.btn.btn-primary href=edit_platform_repository_path(@platform, @repository) = t("layout.edit") |   - - if can? :destroy, @repository + - if policy(@repository).destroy? = link_to t('layout.delete'), platform_repository_path(@platform, @repository), method: 'delete', class: 'btn btn-danger', data: { confirm: t("layout.repositories.confirm_delete") } .row hr h3= t("layout.projects.list_header") - - if can? :add_project, @repository + - if policy(@repository).add_project? a.btn.btn-primary href=add_project_platform_repository_path(@platform, @repository) = t('layout.projects.add') |   - - if can? :remove_project, @repository + - if policy(@repository).remove_project? a.btn.btn-primary href=remove_project_platform_repository_path(@platform, @repository) = t('layout.repositories.mass_delete') .row diff --git a/app/views/projects/base/_repo_block.html.slim b/app/views/projects/base/_repo_block.html.slim index 8b9bf7b5a..060f2777c 100644 --- a/app/views/projects/base/_repo_block.html.slim +++ b/app/views/projects/base/_repo_block.html.slim @@ -44,7 +44,7 @@ div[ role = 'navigation' ng-controller = 'ProjectRepoBlockController' ng-cloak = i.fa.fa-clipboard.fa-lg .navbar-text.navbar-left - = can?(:write, project) ? t("layout.read_write_access") : t("layout.read_access") + = policy(project).write? ? t("layout.read_write_access") : t("layout.read_access") .navbar-right== render 'branch_select', project: project if act != :tags diff --git a/app/views/projects/base/_settings_menu.html.slim b/app/views/projects/base/_settings_menu.html.slim index 41df1223d..22dcb9203 100644 --- a/app/views/projects/base/_settings_menu.html.slim +++ b/app/views/projects/base/_settings_menu.html.slim @@ -2,13 +2,13 @@ - contr = controller_name.to_sym ul.nav.nav-tabs.nav-justified.boffset10[ role = 'tablist' ] - - if can? :edit, @project + - if policy(@project).edit? li[ class = "#{(act == :edit && contr == :projects) ? 'active' : ''}" ] = link_to t("layout.projects.edit"), edit_project_path(@project) li[ class = "#{(act == :sections && contr == :projects) ? 'active' : ''}" ] = link_to t("layout.projects.sections"), sections_project_path(@project) li[ class = "#{(contr == :hooks) ? 'active' : ''}" ] = link_to t("layout.projects.hooks"), project_hooks_path(@project) - - if can? :manage_collaborators, @project + - if policy(@project).manage_collaborators? li[ class = "#{(act == :index && contr == :collaborators) ? 'active' : ''}" ] = link_to t("layout.projects.edit_collaborators"), project_collaborators_path(@project) diff --git a/app/views/projects/base/_submenu.html.slim b/app/views/projects/base/_submenu.html.slim index b24883a28..42587cb65 100644 --- a/app/views/projects/base/_submenu.html.slim +++ b/app/views/projects/base/_submenu.html.slim @@ -31,7 +31,7 @@ a href=tree_path(@project, treeish) i.fa.fa-files-o> = t('project_menu.code') - - if @project.is_package and can?(:read, @project => BuildList) + - if @project.is_package li class=('active' if contr == :build_lists) a href=project_build_lists_path(@project) i.fa.fa-cogs> @@ -51,7 +51,7 @@ = link_to t('project_menu.wiki'), project_wiki_index_path(@project) / li / = link_to t('project_menu.readme'), '#' #pending - - if can? :update, @project + - if policy(@project).update? li class=('active' if act.in?(%i[edit update sections]) && contr == :projects) a href=edit_project_path(@project) i.fa.fa-cog> diff --git a/app/views/projects/build_lists/_buttons.html.slim b/app/views/projects/build_lists/_buttons.html.slim index 29aca4494..ee5a6045c 100644 --- a/app/views/projects/build_lists/_buttons.html.slim +++ b/app/views/projects/build_lists/_buttons.html.slim @@ -1,4 +1,4 @@ -- if can?(:cancel, build_list) +- if policy(build_list).cancel? = link_to t("layout.build_lists.cancel"), cancel_build_list_path(build_list), method: :put, @@ -31,7 +31,7 @@ class: 'btn btn-primary roffset5 boffset5', 'ng-show' => 'build_list.can_publish_into_testing' -- if can?(:reject_publish, build_list) +- if policy(build_list).reject_publish? = link_to t('layout.reject_publish'), reject_publish_build_list_path(build_list), method: :put, @@ -39,7 +39,7 @@ class: 'btn btn-primary roffset5 boffset5', 'ng-show' => 'build_list.can_reject_publish' -- if can?(:rerun_tests, build_list) +- if policy(build_list).rerun_tests? = link_to t('layout.build_lists.rerun_tests'), rerun_tests_build_list_path(build_list), method: :put, @@ -47,7 +47,7 @@ class: 'btn btn-primary roffset5 boffset5', 'ng-show' => "build_list.status == #{BuildList::TESTS_FAILED} || build_list.status == #{BuildList::SUCCESS}" -- if can?(:create_container, build_list) +- if policy(build_list).create_container? = link_to t('layout.build_lists.create_container'), create_container_build_list_path(build_list), method: :put, @@ -55,7 +55,7 @@ class: 'btn btn-primary roffset5 boffset5', 'ng-show' => 'build_list.can_create_container' -- if can? :create, build_list +- if policy(build_list).create? = link_to t('layout.build_lists.recreate_build_list'), new_project_build_list_path(build_list.project, build_list_id: build_list.id), class: 'btn btn-primary roffset5 boffset5' diff --git a/app/views/projects/build_lists/index.html.slim b/app/views/projects/build_lists/index.html.slim index 0319034ec..f90a10da5 100644 --- a/app/views/projects/build_lists/index.html.slim +++ b/app/views/projects/build_lists/index.html.slim @@ -3,7 +3,7 @@ .row.offset10 ng-controller = 'BuildListsController' ng-init = 'init()' ng-cloak = true = hidden_field_tag :name_with_owner, @project.try(:name_with_owner) .col-lg-2.col-sm-12 - -if @project and can?(:create, @project.build_lists.build) + -if @project && policy(@project.build_lists.build).create? button.btn.btn-primary.btn-block[ id = 'filter_new_build' type = 'button' diff --git a/app/views/projects/build_lists/show.json.jbuilder b/app/views/projects/build_lists/show.json.jbuilder index fcf8fb9d6..7ad4e9fd6 100644 --- a/app/views/projects/build_lists/show.json.jbuilder +++ b/app/views/projects/build_lists/show.json.jbuilder @@ -12,8 +12,8 @@ json.build_list do json.updated_at_utc @build_list.updated_at.strftime('%Y-%m-%d %H:%M:%S UTC') - json.can_publish can?(:publish, @build_list) - json.can_publish_into_testing can?(:publish_into_testing, @build_list) && @build_list.can_publish_into_testing? + json.can_publish policy(@build_list).publish? + json.can_publish_into_testing policy(@build_list).publish_into_testing? && @build_list.can_publish_into_testing? json.can_cancel @build_list.can_cancel? json.can_create_container @build_list.can_create_container? json.can_reject_publish @build_list.can_reject_publish? diff --git a/app/views/projects/git/base/_choose_fork.html.slim b/app/views/projects/git/base/_choose_fork.html.slim index 716762cc4..146525514 100644 --- a/app/views/projects/git/base/_choose_fork.html.slim +++ b/app/views/projects/git/base/_choose_fork.html.slim @@ -15,7 +15,7 @@ class: 'btn btn-primary center-block', 'data-loading-text' => t('layout.processing'), id: 'create_fork' - - if can? :alias, @project + - if policy(@project).alias? = form_for @project, url: alias_project_path(@project), html: { class: :form, multipart: true, method: :post } do |f| = hidden_field_tag :group, owner.id if owner.class == Group = hidden_field_tag :fork_name, name, name: 'fork_name' diff --git a/app/views/projects/git/base/_fork.html.slim b/app/views/projects/git/base/_fork.html.slim index 797a970f9..230abf5e8 100644 --- a/app/views/projects/git/base/_fork.html.slim +++ b/app/views/projects/git/base/_fork.html.slim @@ -1,12 +1,12 @@ = hidden_field_tag :possible_forks_path, possible_forks_project_path(@project) -- if can? :write, @project +- if policy(@project).write? .pull-right.roffset5 a.btn.btn-primary href=new_project_pull_request_path(@project, treeish: @treeish) i.fa.fa-upload> = t('projects.pull_requests.show.pull') -- if can? :fork, @project +- if policy(@project).fork? .pull-right#fork-and-edit.roffset5 a.btn.btn-primary href='#' data-toggle='modal' data-target='#forkModal' i.fa.fa-code-fork> @@ -26,7 +26,7 @@ .modal-body = render 'forks', owner: current_user, name: @project.name -- if @project.is_package && can?(:create, @project.build_lists.new) +- if @project.is_package && policy(@project.build_lists.new).create? .pull-right.roffset5 - params = { build_list: { project_version: @treeish}} a.btn.btn-primary href=new_project_build_list_path(@project, params) diff --git a/app/views/projects/git/blobs/_top.html.haml b/app/views/projects/git/blobs/_top.html.haml index 1595d0e6e..3dbb4ee5b 100644 --- a/app/views/projects/git/blobs/_top.html.haml +++ b/app/views/projects/git/blobs/_top.html.haml @@ -6,7 +6,7 @@ \| = number_to_human_size @blob.size .pull-right - - if @blob.render_as == :text && can?(:write, @project) && @branch.present? + - if @blob.render_as == :text && policy(@project).write? && @branch.present? = link_to "Edit", edit_blob_path(@project, @treeish, @path) \| - if @blob.render_as == :text && params[:action] != 'show' diff --git a/app/views/projects/git/trees/_branches.html.slim b/app/views/projects/git/trees/_branches.html.slim index 421c3c00d..e6468f6bb 100644 --- a/app/views/projects/git/trees/_branches.html.slim +++ b/app/views/projects/git/trees/_branches.html.slim @@ -18,7 +18,7 @@ strong[] {{branch.ref}} td ul.list-inline.pull-right.boffset_auto - - if can?(:write, @project) + - if policy(@project).write? li ng-hide = 'branch.ref == current_ref || branch.ui_container' a href = '' ng-confirm-click = t('layout.confirm') confirmed-click = 'destroy(branch)' = t('layout.projects.delete_branch') diff --git a/app/views/projects/git/trees/_show.html.haml b/app/views/projects/git/trees/_show.html.haml index 77940e436..380a67938 100644 --- a/app/views/projects/git/trees/_show.html.haml +++ b/app/views/projects/git/trees/_show.html.haml @@ -3,7 +3,8 @@ 'ng-init' => "init('#{@project.name_with_owner}', '#{@treeish}', '#{@path}')" } .files .pull-left= render 'whereami' - .pull-right= render 'fork' + - if policy(@project).fork? + .pull-right= render 'fork' .clearfix %table.table.table-hover %thead diff --git a/app/views/projects/issues/_choose_assignee.html.slim b/app/views/projects/issues/_choose_assignee.html.slim index a3b8f8f76..a30e786fb 100644 --- a/app/views/projects/issues/_choose_assignee.html.slim +++ b/app/views/projects/issues/_choose_assignee.html.slim @@ -1,6 +1,6 @@ == render 'projects/issues/user_container' --if can?(:write, @project) +- if policy(@project).write? .col-md-8 .panel.panel-info ng-show = 'issueCtrl.toggle_manage_assignee' .panel-heading diff --git a/app/views/projects/issues/_header.html.slim b/app/views/projects/issues/_header.html.slim index f33dd2c42..2c04de9d2 100644 --- a/app/views/projects/issues/_header.html.slim +++ b/app/views/projects/issues/_header.html.slim @@ -5,7 +5,7 @@ .panel-body .pull-left.roffset5 = image_tag(avatar_url(@issue.user, :medium), alt: 'avatar') if @issue.user - - if can? :update, @issue + - if policy(@issue).update? .pull-right a href='#' i.fa.fa-edit ng-click='issueCtrl.edit = true' @@ -30,7 +30,7 @@ hr == render "projects/comments/add", project: @project, commentable: @issue -- if can?(:update, @issue) +- if policy(@issue).update? .offset10 ng-show = 'issueCtrl.edit' h3= t('layout.issues.edit_header') diff --git a/app/views/projects/issues/_index_sidebar.html.slim b/app/views/projects/issues/_index_sidebar.html.slim index 110fe1067..522d162b5 100644 --- a/app/views/projects/issues/_index_sidebar.html.slim +++ b/app/views/projects/issues/_index_sidebar.html.slim @@ -14,12 +14,12 @@ ul.nav.nav-pills.nav-stacked = "{{'#{kind}.filter.#{kind_filter}' | i18n}}" - if params[:kind] == 'issues' - - if can? :new, @project.issues.new + - if policy(@project.issues.new).new? hr = link_to t('layout.issues.new'), new_project_issue_path(@project), class: 'btn btn-primary' hr = render 'filter_labels', project: @project - - if can? :write, @project + - if policy(@project).write? = render 'manage_labels', project: @project diff --git a/app/views/projects/issues/_select_labels.html.slim b/app/views/projects/issues/_select_labels.html.slim index 657408f0c..cbfccc220 100644 --- a/app/views/projects/issues/_select_labels.html.slim +++ b/app/views/projects/issues/_select_labels.html.slim @@ -3,7 +3,7 @@ h4 i.fa.fa-spinner.fa-spin.pull-right ng-show = 'issueCtrl.processing_issue_labels' ul.nav.nav-pills.nav-stacked li[ role = 'presentation' ng-repeat = 'label in issueCtrl.labels' ] - - if can?(:write, @project) + - if policy(@project).write? a[ ng-click = 'issueCtrl.toggleLabel(label)' ng-style = 'label.style' ] .label-flag[ ng-style = 'label.default_style' diff --git a/app/views/projects/issues/_status_sidebar.html.slim b/app/views/projects/issues/_status_sidebar.html.slim index 053410b14..dba13003d 100644 --- a/app/views/projects/issues/_status_sidebar.html.slim +++ b/app/views/projects/issues/_status_sidebar.html.slim @@ -2,7 +2,7 @@ h3 => "#{t('activerecord.attributes.issue.status')}:" - if @issue.persisted? - - can_manage = can?(:update, @issue) + - can_manage = policy(@issue).update? - if can_manage button.btn[ ng-class = 'issueCtrl.issue_status_class' ng-click = 'issueCtrl.updateStatus()' diff --git a/app/views/projects/issues/_user_container.html.slim b/app/views/projects/issues/_user_container.html.slim index 5105c42a9..f316ecab0 100644 --- a/app/views/projects/issues/_user_container.html.slim +++ b/app/views/projects/issues/_user_container.html.slim @@ -7,7 +7,7 @@ span[ ng-hide = 'issueCtrl.assignee.id' ]= t('layout.issues.no_one_is_assigned') - -if can?(:write, @project) + - if policy(@project).write? input.hidden name = 'issue[assignee_id]' ng-value = 'issueCtrl.assignee.id' a< href = '' i [ class = 'fa fa-share-square-o boffset10' diff --git a/app/views/projects/issues/new.html.slim b/app/views/projects/issues/new.html.slim index 360dbab5f..bb62c07ff 100644 --- a/app/views/projects/issues/new.html.slim +++ b/app/views/projects/issues/new.html.slim @@ -4,7 +4,7 @@ .col-xs-12.col-md-10.col-md-offset-1 ng-controller = 'IssueController as issueCtrl' ng-cloak = true = simple_form_for @issue, url: project_issues_path(@project) do |f| .row - - can_write = can?(:write, @project) + - can_write = policy(@project).write? - if can_write .col-md-3.col-sm-4.offset10 == render 'select_labels' diff --git a/app/views/projects/issues/show.html.slim b/app/views/projects/issues/show.html.slim index 5d766f402..9e427c183 100644 --- a/app/views/projects/issues/show.html.slim +++ b/app/views/projects/issues/show.html.slim @@ -11,7 +11,7 @@ .row .col-md-3.col-sm-4.offset10 == render 'status_sidebar' - - if can?(:write, @project) + - if policy(@project).write? = simple_form_for @issue, url: project_issue_path(@project, @issue) do |f| == render 'select_labels' == render 'manage_labels' diff --git a/app/views/projects/projects/_filters.html.haml b/app/views/projects/projects/_filters.html.haml index 9448d947d..c0b230c66 100644 --- a/app/views/projects/projects/_filters.html.haml +++ b/app/views/projects/projects/_filters.html.haml @@ -1,10 +1,10 @@ - if current_user %input.form-control{ name: 'search', size: '30', type: 'text', 'ng-model' => 'search', placeholder: t('layout.find_project'), 'ng-change' => 'getProjects()' } - - if can?(:create, Project) + - if policy(:project).create? %hr.offset10 %p= link_to t('layout.projects.new'), new_project_path, class: 'btn btn-primary' - - if can?(:mass_import, Project) + - if policy(:project).mass_import? %p= link_to t('layout.projects.mass_import'), mass_import_projects_path, class: 'btn btn-primary' %hr.offset10 %h3=t('layout.relations.filters') diff --git a/app/views/projects/projects/edit.html.slim b/app/views/projects/projects/edit.html.slim index 6089156f4..ca3048d6e 100644 --- a/app/views/projects/projects/edit.html.slim +++ b/app/views/projects/projects/edit.html.slim @@ -18,6 +18,7 @@ hr.col-sm-12 .col-sm-9.col-sm-offset-3 => t("layout.projects.delete_warning") - = link_to t("layout.delete"), project_path(@project), method: :delete, - data: { confirm: t("layout.projects.confirm_delete") }, - class: 'btn btn-danger' if can? :destroy, @project + - if policy(@project).destroy? + = link_to t("layout.delete"), project_path(@project), method: :delete, + data: { confirm: t("layout.projects.confirm_delete") }, + class: 'btn btn-danger' diff --git a/app/views/projects/pull_requests/_status.html.slim b/app/views/projects/pull_requests/_status.html.slim index 68c77ac44..f829f5a27 100644 --- a/app/views/projects/pull_requests/_status.html.slim +++ b/app/views/projects/pull_requests/_status.html.slim @@ -1,4 +1,4 @@ -- if can?(:merge, @pull) +- if policy(@pull).merge? button.btn.btn-primary[ href = '' ng-click = 'pullCtrl.merge()' ng-show = "pullCtrl.pull.status == 'ready'" ] = t 'projects.pull_requests.ready' @@ -28,7 +28,7 @@ h5 ng-show = '!pullCtrl.pull.mergeable' span am-time-ago='pullCtrl.pull.closed_at' | ) -- if !@pull.cross_pull? && can?(:write, @project) +- if !@pull.cross_pull? && policy(@project).write? div[ ng-init = "pullCtrl.getBranch('#{@pull.from_ref}')" ng-show = "pullCtrl.pull.status == 'closed' || pullCtrl.pull.status == 'merged'" ] button.btn.btn-primary[ href = '' @@ -41,7 +41,7 @@ h5 ng-show = '!pullCtrl.pull.mergeable' = t 'layout.projects.restore_branch' .clearfix --if can? :update, @pull +- if policy(@pull).update? button.btn.btn-primary.pull-right[ href = '' ng-click = 'pullCtrl.reopen()' ng-show = "pullCtrl.pull.status == 'closed'" ] diff --git a/app/views/projects/subscribes/_subscribe_status.html.slim b/app/views/projects/subscribes/_subscribe_status.html.slim index 76fbc8f84..169bbad6f 100644 --- a/app/views/projects/subscribes/_subscribe_status.html.slim +++ b/app/views/projects/subscribes/_subscribe_status.html.slim @@ -1,6 +1,6 @@ - if Comment.issue_comment?(commentable.class) - is_subscribed = commentable.subscribes.exists?(user_id: current_user.id) - - subscribe_path = is_subscribed ? project_issue_subscribe_path(project, commentable, current_user.id) : project_issue_subscribes_path(project, commentable) + - subscribe_path = is_subscribed ? project_issue_unsubscribe_path(project, commentable) : project_issue_subscribe_path(project, commentable) - else Comment.commit_comment?(commentable.class) - is_subscribed = Subscribe.subscribed_to_commit?(project, current_user, commentable) - subscribe_path = is_subscribed ? unsubscribe_commit_path(project, commentable) : subscribe_commit_path(project, commentable) diff --git a/app/views/projects/wiki/_page.html.slim b/app/views/projects/wiki/_page.html.slim index efbfcc72b..5488dcbe1 100644 --- a/app/views/projects/wiki/_page.html.slim +++ b/app/views/projects/wiki/_page.html.slim @@ -14,6 +14,6 @@ b> = user_link_by_user User.where(email: author_email).first = datetime_moment date, tag: :span - - unless action_name == 'preview' or cannot? :write, @project + - unless action_name == 'preview' || !policy(@project).update? a.btn.btn-danger href=project_wiki_path(@project, escaped_name) data-method='delete' data-confirm=t('layout.confirm') - = t("wiki.delete_page") \ No newline at end of file + = t("wiki.delete_page") diff --git a/app/views/projects/wiki/compare.html.slim b/app/views/projects/wiki/compare.html.slim index 8eb5314bd..a94c5ca65 100644 --- a/app/views/projects/wiki/compare.html.slim +++ b/app/views/projects/wiki/compare.html.slim @@ -17,11 +17,11 @@ = t('wiki.wiki_history') .col-md-6.offset10 = simple_form_for :project, url: revert_path(@project, @versions.first[0..6], (@versions.size == 1) ? 'prev' : @versions.last[0..6], @name) do |f| - - if can? :read, @project + - if policy(@project).read? a.btn.btn-primary> href=(@name ? history_project_wiki_path(@project, escaped_name) : history_project_wiki_index_path(@project)) = t('wiki.back_to_history') - - if can? :write, @project + - if policy(@project).write? = f.button :submit, t("wiki.revert_page#{action_name == 'revert' ? '' : 's'}") hr diff --git a/app/views/projects/wiki/edit.html.slim b/app/views/projects/wiki/edit.html.slim index 0ad772b5a..b004ca9c4 100644 --- a/app/views/projects/wiki/edit.html.slim +++ b/app/views/projects/wiki/edit.html.slim @@ -13,7 +13,7 @@ h3 => t('wiki.editing_page') strong= @page.name - - if can? :read, @project + - if policy(@project).read? .col-md-4.offset10 a.btn.btn-primary> href=view_path(@project, escaped_name) = t('wiki.view_page') diff --git a/app/views/projects/wiki/git.html.slim b/app/views/projects/wiki/git.html.slim index 33c1b6495..8b1913164 100644 --- a/app/views/projects/wiki/git.html.slim +++ b/app/views/projects/wiki/git.html.slim @@ -18,7 +18,7 @@ a.navbar-link i.fa.fa-clipboard.fa-lg .navbar-text.navbar-left - = can?(:write, @project) ? t("layout.read_write_access") : t("layout.read_access") + = policy(@project).write? ? t("layout.read_write_access") : t("layout.read_access") == render 'git_access_message' diff --git a/app/views/projects/wiki/pages.html.slim b/app/views/projects/wiki/pages.html.slim index c1e7af4b6..6c784af6b 100644 --- a/app/views/projects/wiki/pages.html.slim +++ b/app/views/projects/wiki/pages.html.slim @@ -6,7 +6,7 @@ .col-md-2.col-md-offset-1 == render 'sidebar' .col-md-8 - - if can? :write, @project + - if policy(@project).write? a.btn.btn-primary href=new_project_wiki_path(@project) = t("wiki.new_page") hr diff --git a/app/views/projects/wiki/search.html.slim b/app/views/projects/wiki/search.html.slim index 1610ab3eb..093f363c8 100644 --- a/app/views/projects/wiki/search.html.slim +++ b/app/views/projects/wiki/search.html.slim @@ -13,7 +13,7 @@ - @st_query = capture do strong= @query = raw t("wiki.search_results_for", query: @st_query) - - if can? :read, @project + - if policy(@project).read? .col-md-2.offset10 a.btn.btn-primary href=project_wiki_index_path(@project) = t('wiki.home') diff --git a/app/views/projects/wiki/show.html.slim b/app/views/projects/wiki/show.html.slim index ddfaf1246..7f9c397c3 100644 --- a/app/views/projects/wiki/show.html.slim +++ b/app/views/projects/wiki/show.html.slim @@ -19,7 +19,7 @@ - if @editable a.btn.btn-primary> href=edit_project_wiki_path(@project, escaped_name) = t('wiki.edit_page') - - if can? :write, @project + - if policy(@project).write? a.btn.btn-primary href=new_project_wiki_path(@project) = t('wiki.new_page') hr diff --git a/app/views/shared/_feed_message.html.slim b/app/views/shared/_feed_message.html.slim index 18d7a5f7f..5d6f174a3 100644 --- a/app/views/shared/_feed_message.html.slim +++ b/app/views/shared/_feed_message.html.slim @@ -1,4 +1,4 @@ --if !presenter.is_reference_to_issue || can?(:show, presenter.reference_project) +-if !presenter.is_reference_to_issue || policy(presenter.reference_project).show? .panel.panel-default[ id = (presenter.comment_id? ? presenter.comment_anchor : '') ] .panel-body .pull-left.roffset5 diff --git a/app/views/shared/_members_table.html.slim b/app/views/shared/_members_table.html.slim index 36429e1d9..f8ba19ff2 100644 --- a/app/views/shared/_members_table.html.slim +++ b/app/views/shared/_members_table.html.slim @@ -3,11 +3,11 @@ table.table.table-striped thead tr - - if can? :remove_members, editable_object + - if policy(editable_object).remove_members? th th = t("layout.collaborators.members") - - if can? :remove_members, editable_object + - if policy(editable_object).remove_members? - if update_roles_path th.buttons.text-center colspan=3 = t("layout.collaborators.roles") @@ -18,7 +18,7 @@ - actors ||= editable_object.actors - members.each do |user| tr - - if can? :remove_members, editable_object + - if policy(editable_object).remove_members? td = check_box_tag "members[]", user.id td @@ -26,7 +26,7 @@ = image_tag avatar_url(user), size: '30x30' |   = link_to user.fullname, user_path(user) - - if can? :remove_members, editable_object + - if policy(editable_object).remove_members? - if update_roles_path - actor = actors.find{ |a| a.actor_id == user.id } - Relation::ROLES.each_with_index do |role, i| @@ -52,10 +52,10 @@ span.glyphicon.glyphicon-remove |   - - if can? :remove_members, editable_object + - if policy(editable_object).remove_members? = submit_tag t('layout.delete'), class: 'btn btn-danger', data: {'disable-with' => t('layout.processing')} -- if can? :add_member, editable_object +- if policy(editable_object).add_member? hr = simple_form_for :user, url: add_member_path, diff --git a/config/initializers/active_admin.rb b/config/initializers/active_admin.rb index 41a9ef41c..069c53509 100644 --- a/config/initializers/active_admin.rb +++ b/config/initializers/active_admin.rb @@ -84,6 +84,8 @@ end # Block admin access to non-admin-users. ActiveAdmin::BaseController.class_eval do + skip_after_action :verify_authorized + # include ActionController::Caching::Sweeping protected def check_admin_role diff --git a/config/routes.rb b/config/routes.rb index cf5d28b50..eb17da98b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -253,7 +253,7 @@ Rosa::Application.routes.draw do put :reset_auth_token end end - resources :register_requests, only: [:new, :create], format: /ru|en/ #view support only two languages + #resources :register_requests, only: [:new, :create], format: /ru|en/ #view support only two languages get '/allowed' => 'users#allowed' get '/check' => 'users#check' @@ -324,7 +324,8 @@ Rosa::Application.routes.draw do end resources :issues, except: [:destroy, :edit] do resources :comments, only: [:edit, :create, :update, :destroy] - resources :subscribes, only: [:create, :destroy] + post '/subscribe' => "subscribes#create", as: :subscribe + delete '/unsubscribe' => "subscribes#destroy", as: :unsubscribe collection do post :create_label get :search_collaborators diff --git a/lib/plugins/grack/auth.rb b/lib/plugins/grack/auth.rb index 79eb318a0..857ac2776 100644 --- a/lib/plugins/grack/auth.rb +++ b/lib/plugins/grack/auth.rb @@ -12,7 +12,7 @@ module Grack return ::Rack::Auth::Basic.new(@app) do |u, p| user = User.auth_by_token_or_login_pass(u, p) and - ability = ::Ability.new(user) and ability.can?(action, project) and + ability = ProjectPolicy.new(user, project).send("#{action}?") and ENV['GL_ID'] = "user-#{user.id}" and ENV['GL_REPO_NAME'] = project.path end.call(env) unless project.public? && read? # need auth diff --git a/spec/controllers/advisories_controller_spec.rb b/spec/controllers/advisories_controller_spec.rb index d41c8b41e..9ebbaa467 100644 --- a/spec/controllers/advisories_controller_spec.rb +++ b/spec/controllers/advisories_controller_spec.rb @@ -4,7 +4,7 @@ describe AdvisoriesController, type: :controller do context 'for all' do it "should be able to perform search action" do get :search - response.should_not redirect_to(forbidden_path) + expect(response).to_not redirect_to(forbidden_path) end end -end \ No newline at end of file +end diff --git a/spec/controllers/api/v1/advisories_controller_spec.rb b/spec/controllers/api/v1/advisories_controller_spec.rb index a8365d609..54dda6864 100644 --- a/spec/controllers/api/v1/advisories_controller_spec.rb +++ b/spec/controllers/api/v1/advisories_controller_spec.rb @@ -3,12 +3,12 @@ require 'spec_helper' shared_examples_for 'api advisories user with show rights' do it 'should be able to perform show action' do get :show, id: @advisory.advisory_id, format: :json - response.should be_success + expect(response).to be_success end it 'should be able to perform index action' do get :index, format: :json - response.should be_success + expect(response).to be_success end end @@ -17,15 +17,14 @@ shared_examples_for 'api advisories user with admin rights' do let(:params) {{ build_list_id: @build_list.id, advisory: { description: 'test' }, format: :json }} it 'should be able to perform create action' do post :create, params - response.should be_success + expect(response).to be_success end it 'ensures that advisory has been created' do - lambda { post :create, params }.should change{ Advisory.count }.by(1) + expect { post :create, params }.to change(Advisory, :count).by(1) end it 'ensures that build_list has been associated with advisory' do post :create, params - @build_list.reload - @build_list.advisory.should_not be_nil + expect(@build_list.reload.advisory).to_not be_nil end end @@ -33,15 +32,14 @@ shared_examples_for 'api advisories user with admin rights' do let(:params) {{ id: @advisory.advisory_id, build_list_id: @build_list.id, format: :json }} it 'should be able to perform update action' do put :update, params - response.should be_success + expect(response).to be_success end it 'ensures that advisory has not been created' do - lambda { put :update, params }.should_not change{ Advisory.count } + expect { put :update, params }.to_not change(Advisory, :count) end it 'ensures that build_list has been associated with advisory' do put :update, params - @build_list.reload - @build_list.advisory.should_not be_nil + expect(@build_list.reload.advisory).to_not be_nil end end end @@ -51,15 +49,14 @@ shared_examples_for 'api advisories user without admin rights' do let(:params) {{ build_list_id: @build_list.id, advisory: { description: 'test' }, format: :json }} it 'should not be able to perform create action' do post :create, params - response.should_not be_success + expect(response).to_not be_success end it 'ensures that advisory has not been created' do - lambda { post :create, params }.should_not change{ Advisory.count } + expect { post :create, params }.to_not change(Advisory, :count) end it 'ensures that build_list has not been associated with advisory' do post :create, params - @build_list.reload - @build_list.advisory.should be_nil + expect(@build_list.reload.advisory).to be_nil end end @@ -67,15 +64,14 @@ shared_examples_for 'api advisories user without admin rights' do let(:params) {{ id: @advisory.advisory_id, build_list_id: @build_list.id, format: :json }} it 'should not be able to perform update action' do put :update, params - response.should_not be_success + expect(response).to_not be_success end it 'ensures that advisory has not been created' do - lambda { put :update, params }.should_not change{ Advisory.count } + expect { put :update, params }.to_not change(Advisory, :count) end it 'ensures that build_list has not been associated with advisory' do put :update, params - @build_list.reload - @build_list.advisory.should be_nil + expect(@build_list.reload.advisory).to be_nil end end end @@ -86,10 +82,9 @@ describe Api::V1::AdvisoriesController, type: :controller do stub_symlink_methods @advisory = FactoryGirl.create(:advisory) - @build_list = FactoryGirl.create(:build_list) + @build_list = FactoryGirl.create(:build_list, status: BuildList::BUILD_PUBLISHED) @build_list.save_to_platform.update_column(:released, true) @build_list.save_to_repository.update_column(:publish_without_qa, false) - @build_list.update_column(:status, BuildList::BUILD_PUBLISHED) end context 'for guest' do @@ -100,12 +95,12 @@ describe Api::V1::AdvisoriesController, type: :controller do it 'should not be able to perform show action', :anonymous_access => false do get :show, id: @advisory.advisory_id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'should not be able to perform index action', :anonymous_access => false do get :index, format: :json - response.should_not be_success + expect(response).to_not be_success end it_should_behave_like 'api advisories user without admin rights' end diff --git a/spec/controllers/api/v1/arches_controller_spec.rb b/spec/controllers/api/v1/arches_controller_spec.rb index a47ba7c94..254675aba 100644 --- a/spec/controllers/api/v1/arches_controller_spec.rb +++ b/spec/controllers/api/v1/arches_controller_spec.rb @@ -7,12 +7,12 @@ describe Api::V1::ArchesController, type: :controller do context 'for guest' do it "should be able to perform index action", :anonymous_access => true do get :index, format: :json - should render_template(:index) + expect(response).to render_template(:index) end it 'should be able to perform get_id action', :anonymous_access => false do get :index, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end end @@ -24,7 +24,7 @@ describe Api::V1::ArchesController, type: :controller do it "should be able to perform index action" do get :index, format: :json - should render_template(:index) + expect(response).to render_template(:index) end end end diff --git a/spec/controllers/api/v1/build_lists_controller_spec.rb b/spec/controllers/api/v1/build_lists_controller_spec.rb index b05b4534b..a5240acf5 100644 --- a/spec/controllers/api/v1/build_lists_controller_spec.rb +++ b/spec/controllers/api/v1/build_lists_controller_spec.rb @@ -3,94 +3,93 @@ require 'spec_helper' shared_examples_for 'show build list via api' do it 'should be able to perform show action' do get :show, @show_params - response.should render_template("api/v1/build_lists/show") + expect(response).to render_template("api/v1/build_lists/show") end it 'should be able to perform index action' do get :index, format: :json - response.should render_template("api/v1/build_lists/index") + expect(response).to render_template("api/v1/build_lists/index") end end shared_examples_for 'not show build list via api' do it 'should not be able to perform show action' do get :show, @show_params - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end pending 'should not be able to perform index action' do get :index, format: :json - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end end shared_examples_for 'create build list via api' do it 'should create one more build list' do - lambda { post :create, @create_params }.should change{ BuildList.count }.by(1) + expect { post :create, @create_params }.to change(BuildList, :count).by(1) end it 'should return 200 response code' do post :create, @create_params - response.should be_success + expect(response).to be_success end it 'should save correct commit_hash for branch based build' do post :create, @create_params - #@project.build_lists.last.commit_hash.should == @project.repo.commits('master').last.id - @project.build_lists.last.commit_hash.should == @params[:commit_hash] + expect(@project.build_lists.last.commit_hash).to eq @params[:commit_hash] end it 'should save correct commit_hash for tag based build' do system("cd #{@project.repo.path} && git tag 4.7.5.3") # TODO REDO through grit post :create, @create_params - #@project.build_lists.last.commit_hash.should == @project.repo.commits('4.7.5.3').last.id - @project.build_lists.last.commit_hash.should == @params[:commit_hash] + expect(@project.build_lists.last.commit_hash).to eq @params[:commit_hash] end it 'should not create without existing commit hash in project' do - lambda{ post :create, @create_params.deep_merge(build_list: {commit_hash: 'wrong'})}.should change{@project.build_lists.count}.by(0) + expect { + post :create, @create_params.deep_merge(build_list: {commit_hash: 'wrong'}) + }.to change{@project.build_lists.count}.by(0) end it 'should not create without existing arch' do - lambda{ post :create, @create_params.deep_merge(build_list: {arch_id: -1})}.should change{@project.build_lists.count}.by(0) + expect { + post :create, @create_params.deep_merge(build_list: {arch_id: -1}) + }.to change{@project.build_lists.count}.by(0) end it 'should not create without existing save_to_platform' do - lambda{ + expect { post :create, @create_params.deep_merge(build_list: {save_to_platform_id: -1, save_to_repository_id: -1}) - }.should change{@project.build_lists.count}.by(0) + }.to change{@project.build_lists.count}.by(0) end it 'should not create without existing save_to_repository' do - lambda{ post :create, @create_params.deep_merge(build_list: {save_to_repository_id: -1})}.should change{@project.build_lists.count}.by(0) + expect { + post :create, @create_params.deep_merge(build_list: {save_to_repository_id: -1}) + }.to change{@project.build_lists.count}.by(0) end end shared_examples_for 'not create build list via api' do - before { - #@project.update_attributes({repositories: @platform.repositories}) - #test_git_commit(@project) - } - it 'should not be able to perform create action' do post :create, @create_params - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it 'should not create one more build list' do - lambda { post :create, @create_params }.should change{ BuildList.count }.by(0) + expect { post :create, @create_params }.to change(BuildList, :count).by(0) end it 'should return 403 response code' do post :create, @create_params - response.status.should == 403 + expect(response.status).to eq 403 end end shared_examples_for 'validation error via build list api' do |message| it 'should return 422 response code and correct json error message' do - expect(response.status).to eq(422) + expect(response.status).to eq 422 expect(response.body).to eq({ build_list: {id: nil, message: message} }.to_json) end end @@ -208,15 +207,15 @@ describe Api::V1::BuildListsController, type: :controller do do_create_container end it "should return correct json message" do - response.body.should == { build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.create_container_success')} }.to_json + expect(response.body).to eq({ build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.create_container_success')} }.to_json) end it 'should return 200 response code' do - response.should be_success + expect(response).to be_success end it "should create container" do - @build_list.reload.container_status.should == BuildList::BUILD_PUBLISH + expect(@build_list.reload.container_status).to eq BuildList::BUILD_PUBLISH end end @@ -229,7 +228,7 @@ describe Api::V1::BuildListsController, type: :controller do it_should_behave_like 'validation error via build list api', I18n.t('layout.build_lists.create_container_fail') it "should not create container" do - @build_list.reload.container_status.should == BuildList::WAITING_FOR_RESPONSE + expect(@build_list.reload.container_status).to eq BuildList::WAITING_FOR_RESPONSE end end end @@ -241,11 +240,11 @@ describe Api::V1::BuildListsController, type: :controller do end it "should return access violation message" do - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it "should not create container" do - @build_list.reload.container_status.should == BuildList::WAITING_FOR_RESPONSE + expect(@build_list.reload.container_status).to eq BuildList::WAITING_FOR_RESPONSE end end end @@ -266,15 +265,15 @@ describe Api::V1::BuildListsController, type: :controller do do_publish_into_testing end it "should return correct json message" do - response.body.should == { build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.publish_success')} }.to_json + expect(response.body).to eq({ build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.publish_success')} }.to_json) end it 'should return 200 response code' do - response.should be_success + expect(response).to be_success end it "should change status of build list" do - @build_list.reload.status.should == BuildList::BUILD_PUBLISH_INTO_TESTING + expect(@build_list.reload.status).to eq BuildList::BUILD_PUBLISH_INTO_TESTING end end @@ -285,15 +284,15 @@ describe Api::V1::BuildListsController, type: :controller do end it "should return correct json message" do - response.body.should == { build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.publish_success')} }.to_json + expect(response.body).to eq({ build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.publish_success')} }.to_json) end it 'should return 200 response code' do - response.should be_success + expect(response).to be_success end it "should change status of build list" do - @build_list.reload.status.should == BuildList::BUILD_PUBLISH_INTO_TESTING + expect(@build_list.reload.status).to eq BuildList::BUILD_PUBLISH_INTO_TESTING end end @@ -304,11 +303,11 @@ describe Api::V1::BuildListsController, type: :controller do end it "should return access violation message" do - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it "should not change status of build list" do - @build_list.reload.status.should == BuildList::BUILD_CANCELED + expect(@build_list.reload.status).to eq BuildList::BUILD_CANCELED end end @@ -323,15 +322,15 @@ describe Api::V1::BuildListsController, type: :controller do end it 'should not be able to perform create action' do - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it 'should return 403 response code' do - response.status.should == 403 + expect(response.status).to eq 403 end it "should not change status of build list" do - @build_list.reload.status.should == BuildList::BUILD_PUBLISHED_INTO_TESTING + expect(@build_list.reload.status).to eq BuildList::BUILD_PUBLISHED_INTO_TESTING end end @@ -341,11 +340,11 @@ describe Api::V1::BuildListsController, type: :controller do do_publish_into_testing end it "should return access violation message" do - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it "should not change status of build list" do - @build_list.reload.status.should == BuildList::FAILED_PUBLISH_INTO_TESTING + expect(@build_list.reload.status).to eq BuildList::FAILED_PUBLISH_INTO_TESTING end end end @@ -367,15 +366,15 @@ describe Api::V1::BuildListsController, type: :controller do do_publish end it "should return correct json message" do - response.body.should == { build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.publish_success')} }.to_json + expect(response.body).to eq({ build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.publish_success')} }.to_json) end it 'should return 200 response code' do - response.should be_success + expect(response).to be_success end it "should change status of build list" do - @build_list.reload.status.should == BuildList::BUILD_PUBLISH + expect(@build_list.reload.status).to eq BuildList::BUILD_PUBLISH end end @@ -386,15 +385,15 @@ describe Api::V1::BuildListsController, type: :controller do end it "should return correct json message" do - response.body.should == { build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.publish_success')} }.to_json + expect(response.body).to eq({ build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.publish_success')} }.to_json) end it 'should return 200 response code' do - response.should be_success + expect(response).to be_success end it "should change status of build list" do - @build_list.reload.status.should == BuildList::BUILD_PUBLISH + expect(@build_list.reload.status).to eq BuildList::BUILD_PUBLISH end end @@ -405,11 +404,11 @@ describe Api::V1::BuildListsController, type: :controller do end it "should return access violation message" do - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it "should not change status of build list" do - @build_list.reload.status.should == BuildList::BUILD_CANCELED + expect(@build_list.reload.status).to eq BuildList::BUILD_CANCELED end end @@ -420,11 +419,11 @@ describe Api::V1::BuildListsController, type: :controller do do_publish end it "should return access violation message" do - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it "should not change status of build list" do - @build_list.reload.status.should == BuildList::FAILED_PUBLISH + expect(@build_list.reload.status).to eq BuildList::FAILED_PUBLISH end end end @@ -438,15 +437,15 @@ describe Api::V1::BuildListsController, type: :controller do end it 'should not be able to perform create action' do - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it 'should return 403 response code' do - response.status.should == 403 + expect(response.status).to eq 403 end it "should not change status of build list" do - @build_list.reload.status.should == BuildList::BUILD_PUBLISHED + expect(@build_list.reload.status).to eq BuildList::BUILD_PUBLISHED end end @@ -456,11 +455,11 @@ describe Api::V1::BuildListsController, type: :controller do do_publish end it "should return access violation message" do - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it "should not change status of build list" do - @build_list.reload.status.should == BuildList::FAILED_PUBLISH + expect(@build_list.reload.status).to eq BuildList::FAILED_PUBLISH end end end @@ -486,15 +485,15 @@ describe Api::V1::BuildListsController, type: :controller do context "if it has :success status" do it "should return correct json message" do - response.body.should == { build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.reject_publish_success')} }.to_json + expect(response.body).to eq({ build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.reject_publish_success')} }.to_json) end it 'should return 200 response code' do - response.should be_success + expect(response).to be_success end it "should reject publish build list" do - @build_list.reload.status.should == BuildList::REJECTED_PUBLISH + expect(@build_list.reload.status).to eq BuildList::REJECTED_PUBLISH end end @@ -507,7 +506,7 @@ describe Api::V1::BuildListsController, type: :controller do it_should_behave_like 'validation error via build list api', I18n.t('layout.build_lists.reject_publish_fail') it "should not change status of build list" do - @build_list.reload.status.should == BuildList::BUILD_CANCELED + expect(@build_list.reload.status).to eq BuildList::BUILD_CANCELED end end end @@ -520,12 +519,12 @@ describe Api::V1::BuildListsController, type: :controller do end it "should return access violation message" do - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it "should not change status of build list" do do_reject_publish - @build_list.reload.status.should == BuildList::SUCCESS + expect(@build_list.reload.status).to eq BuildList::SUCCESS end end @@ -540,12 +539,12 @@ describe Api::V1::BuildListsController, type: :controller do end it "should return access violation message" do - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end it "should not change status of build list" do do_reject_publish - @build_list.reload.status.should == BuildList::SUCCESS + expect(@build_list.reload.status).to eq BuildList::SUCCESS end end @@ -560,15 +559,15 @@ describe Api::V1::BuildListsController, type: :controller do end it "should return correct json message" do - response.body.should == { build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.reject_publish_success')} }.to_json + expect(response.body).to eq({ build_list: {id: @build_list.id, message: I18n.t('layout.build_lists.reject_publish_success')} }.to_json) end it 'should return 200 response code' do - response.should be_success + expect(response).to be_success end it "should reject publish build list" do - @build_list.reload.status.should == BuildList::REJECTED_PUBLISH + expect(@build_list.reload.status).to eq BuildList::REJECTED_PUBLISH end end end @@ -724,32 +723,30 @@ describe Api::V1::BuildListsController, type: :controller do context 'for guest' do it 'should be able to perform index action', anonymous_access: true do get :index, format: :json - response.should be_success + expect(response).to be_success end it 'should not be able to perform index action', anonymous_access: false do get :index, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end end context 'for all build lists' do - before { - http_login(@user) - } + before { http_login(@user) } it 'should be able to perform index action' do get :index, format: :json - response.should be_success + expect(response).to be_success end it 'should show only accessible build_lists' do get :index, filter: { ownership: 'index' }, format: :json - assigns(:build_lists).should include(@build_list1) - assigns(:build_lists).should_not include(@build_list2) - assigns(:build_lists).should include(@build_list3) - assigns(:build_lists).should include(@build_list4) - assigns(:build_lists).count.should eq 7 + expect(assigns(:build_lists)).to include(@build_list1) + expect(assigns(:build_lists)).to_not include(@build_list2) + expect(assigns(:build_lists)).to include(@build_list3) + expect(assigns(:build_lists)).to include(@build_list4) + expect(assigns(:build_lists).count).to eq 7 end end @@ -760,16 +757,16 @@ describe Api::V1::BuildListsController, type: :controller do it 'should filter by id' do get :index, filter: {id: @filter_build_list1.id, project_name: 'fdsfdf', any_other_field: 'do not matter'}, format: :json - assigns[:build_lists].should include(@filter_build_list1) - assigns[:build_lists].should_not include(@filter_build_list2) - assigns[:build_lists].should_not include(@filter_build_list3) + expect(assigns[:build_lists]).to include(@filter_build_list1) + expect(assigns[:build_lists]).to_not include(@filter_build_list2) + expect(assigns[:build_lists]).to_not include(@filter_build_list3) end it 'should filter by project_name' do get :index, filter: {project_name: @filter_build_list2.project.name, ownership: 'index'}, format: :json - assigns[:build_lists].should_not include(@filter_build_list1) - assigns[:build_lists].should include(@filter_build_list2) - assigns[:build_lists].should_not include(@filter_build_list3) + expect(assigns[:build_lists]).to_not include(@filter_build_list1) + expect(assigns[:build_lists]).to include(@filter_build_list2) + expect(assigns[:build_lists]).to_not include(@filter_build_list3) end it 'should filter by project_name and start_date' do @@ -777,10 +774,10 @@ describe Api::V1::BuildListsController, type: :controller do :"updated_at_start(1i)" => @filter_build_list3.updated_at.year.to_s, :"updated_at_start(2i)" => @filter_build_list3.updated_at.month.to_s, :"updated_at_start(3i)" => @filter_build_list3.updated_at.day.to_s}, format: :json - assigns[:build_lists].should_not include(@filter_build_list1) - assigns[:build_lists].should_not include(@filter_build_list2) - assigns[:build_lists].should include(@filter_build_list3) - assigns[:build_lists].should_not include(@filter_build_list4) + expect(assigns[:build_lists]).to_not include(@filter_build_list1) + expect(assigns[:build_lists]).to_not include(@filter_build_list2) + expect(assigns[:build_lists]).to include(@filter_build_list3) + expect(assigns[:build_lists]).to_not include(@filter_build_list4) end end diff --git a/spec/controllers/api/v1/groups_controller_spec.rb b/spec/controllers/api/v1/groups_controller_spec.rb index f83e5ef27..340041fb4 100644 --- a/spec/controllers/api/v1/groups_controller_spec.rb +++ b/spec/controllers/api/v1/groups_controller_spec.rb @@ -3,7 +3,7 @@ require 'spec_helper' shared_examples_for 'api group user with reader rights' do it 'should be able to perform members action' do get :members, id: @group.id, format: :json - response.should be_success + expect(response).to be_success end it_should_behave_like 'api group user with show rights' end @@ -11,19 +11,19 @@ end shared_examples_for 'api group user with show rights' do it 'should be able to perform show action' do get :show, id: @group.id, format: :json - response.should be_success + expect(response).to be_success end it 'should be able to perform index action' do get :index, format: :json - response.should be_success + expect(response).to be_success end end shared_examples_for 'api group user without reader rights' do it 'should not be able to perform members action' do get :members, id: @group.id, format: :json - response.should_not be_success + expect(response).to_not be_success end end @@ -35,11 +35,11 @@ shared_examples_for 'api group user with admin rights' do end it 'should be able to perform update action' do - response.should be_success + expect(response).to be_success end it 'ensures that group has been updated' do @group.reload - @group.description.should == 'new description' + expect(@group.description).to eq 'new description' end end @@ -50,10 +50,10 @@ shared_examples_for 'api group user with admin rights' do end it 'should be able to perform add_member action' do - response.should be_success + expect(response).to be_success end it 'ensures that new member has been added to group' do - @group.members.should include(member) + expect(@group.members).to include(member) end end @@ -65,10 +65,10 @@ shared_examples_for 'api group user with admin rights' do end it 'should be able to perform remove_member action' do - response.should be_success + expect(response).to be_success end it 'ensures that member has been removed from group' do - @group.members.should_not include(member) + expect(@group.members).to_not include(member) end end @@ -80,11 +80,11 @@ shared_examples_for 'api group user with admin rights' do end it 'should be able to perform update_member action' do - response.should be_success + expect(response).to be_success end it 'ensures that member role has been updated in group' do - @group.actors.where(actor_id: member, actor_type: 'User').first. - role.should == 'reader' + role = @group.actors.where(actor_id: member, actor_type: 'User').first.role + expect(role).to eq 'reader' end end end @@ -93,10 +93,12 @@ shared_examples_for 'api group user with owner rights' do context 'api group user with destroy rights' do it 'should be able to perform destroy action' do delete :destroy, id: @group.id, format: :json - response.should be_success + expect(response).to be_success end it 'ensures that group has been destroyed' do - lambda { delete :destroy, id: @group.id, format: :json }.should change{ Group.count }.by(-1) + expect do + delete :destroy, id: @group.id, format: :json + end.to change(Group, :count).by(-1) end end end @@ -110,11 +112,11 @@ shared_examples_for 'api group user without admin rights' do end it 'should not be able to perform update_member action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that member role has not been updated in group' do - @group.actors.where(actor_id: member, actor_type: 'User').first. - role.should_not == 'reader' + role = @group.actors.where(actor_id: member, actor_type: 'User').first.role + expect(role).to_not eq 'reader' end end @@ -124,11 +126,10 @@ shared_examples_for 'api group user without admin rights' do end it 'should not be able to perform update action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that platform has not been updated' do - @group.reload - @group.description.should_not == 'new description' + expect(@group.reload.description).to_not eq 'new description' end end @@ -139,10 +140,10 @@ shared_examples_for 'api group user without admin rights' do end it 'should not be able to perform add_member action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that new member has not been added to group' do - @group.members.should_not include(member) + expect(@group.members).to_not include(member) end end @@ -154,10 +155,10 @@ shared_examples_for 'api group user without admin rights' do end it 'should be able to perform update action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that member has not been removed from group' do - @group.members.should include(member) + expect(@group.members).to include(member) end end @@ -167,10 +168,12 @@ shared_examples_for 'api group user without owner rights' do context 'api group user without destroy rights' do it 'should not be able to perform destroy action' do delete :destroy, id: @group.id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'ensures that group has not been destroyed' do - lambda { delete :destroy, id: @group.id, format: :json }.should_not change{ Group.count } + expect do + delete :destroy, id: @group.id, format: :json + end.to_not change(Group, :count) end end end @@ -187,27 +190,29 @@ describe Api::V1::GroupsController, type: :controller do it "should not be able to perform index action" do get :index, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end it "should not be able to perform show action", :anonymous_access => false do get :show, id: @group.id, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end it "should be able to perform show action", :anonymous_access => true do get :show, id: @group.id, format: :json - response.should be_success + expect(response).to be_success end context 'api group user without create rights' do let(:params) { {group: {uname: 'test_uname'}} } it 'should not be able to perform create action' do post :create, params, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'ensures that group has not been created' do - lambda { post :create, params, format: :json }.should_not change{ Group.count } + expect do + post :create, params, format: :json + end.to_not change(Group, :count) end end diff --git a/spec/controllers/api/v1/maintainers_controller_spec.rb b/spec/controllers/api/v1/maintainers_controller_spec.rb index ba843f348..ef6111183 100644 --- a/spec/controllers/api/v1/maintainers_controller_spec.rb +++ b/spec/controllers/api/v1/maintainers_controller_spec.rb @@ -3,19 +3,19 @@ require 'spec_helper' shared_examples_for 'api maintainers user with reader rights' do it 'should be able to perform index action' do get :index, platform_id: package.platform_id, format: :json - should render_template(:index) + expect(response).to render_template(:index) end it 'loads all of the maintainers into @maintainers' do get :index, platform_id: package.platform_id, format: :json expect(assigns(:maintainers).count).to eq 2 - assigns(:maintainers).should include(package, package2) + expect(assigns :maintainers).to include(package, package2) end it 'loads all of the maintainers into @maintainers when search by name' do get :index, platform_id: package.platform_id, package_name: 'package1', format: :json expect(assigns(:maintainers).count).to eq 1 - assigns(:maintainers).should include(package) + expect(assigns :maintainers).to include(package) end end @@ -35,7 +35,7 @@ describe Api::V1::MaintainersController, type: :controller do else it 'should not be able to perform index action', :anonymous_access => false do get :index, platform_id: package.platform_id, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end end end diff --git a/spec/controllers/api/v1/platforms_controller_spec.rb b/spec/controllers/api/v1/platforms_controller_spec.rb index f392491a3..1558a678a 100644 --- a/spec/controllers/api/v1/platforms_controller_spec.rb +++ b/spec/controllers/api/v1/platforms_controller_spec.rb @@ -5,12 +5,12 @@ shared_examples_for 'api platform user with reader rights' do it 'should be able to perform index action' do get :index, format: :json - response.should render_template(:index) + expect(response).to render_template(:index) end it 'should be able to perform members action' do get :members, id: @platform.id, format: :json - response.should render_template(:members) + expect(response).to render_template(:members) end end @@ -23,28 +23,31 @@ shared_examples_for 'api platform user with owner rights' do end it 'should be able to perform update action' do - response.should be_success + expect(response).to be_success end it 'ensures that platform has been updated' do - @platform.reload - @platform.description.should == 'new description' + expect(@platform.reload.description).to eq 'new description' end end context 'api platform user with destroy rights for main platforms only' do it 'should be able to perform destroy action for main platform' do delete :destroy, id: @platform.id, format: :json - response.should be_success + expect(response).to be_success end it 'ensures that main platform has been destroyed' do - lambda { delete :destroy, id: @platform.id, format: :json }.should change{ Platform.count }.by(-1) + expect do + delete :destroy, id: @platform.id, format: :json + end.to change(Platform, :count).by(-1) end it 'should not be able to perform destroy action for personal platform' do delete :destroy, id: @personal_platform.id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'ensures that personal platform has not been destroyed' do - lambda { delete :destroy, id: @personal_platform.id, format: :json }.should change{ Platform.count }.by(0) + expect do + delete :destroy, id: @personal_platform.id, format: :json + end.to_not change(Platform, :count) end end end @@ -56,28 +59,31 @@ shared_examples_for 'api platform user without owner rights' do end it 'should not be able to perform update action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that platform has not been updated' do - @platform.reload - @platform.description.should_not == 'new description' + expect(@platform.reload.description).to_not eq 'new description' end end context 'api platform user without destroy rights' do it 'should not be able to perform destroy action for main platform' do delete :destroy, id: @platform.id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'ensures that main platform has not been destroyed' do - lambda { delete :destroy, id: @platform.id, format: :json }.should_not change{ Platform.count } + expect do + delete :destroy, id: @platform.id, format: :json + end.to_not change(Platform, :count) end it 'should not be able to perform destroy action for personal platform' do delete :destroy, id: @personal_platform.id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'ensures that personal platform has not been destroyed' do - lambda { delete :destroy, id: @personal_platform.id, format: :json }.should_not change{ Platform.count } + expect do + delete :destroy, id: @personal_platform.id, format: :json + end.to_not change(Platform, :count) end end @@ -92,10 +98,10 @@ shared_examples_for 'api platform user with member rights' do end it 'should be able to perform add_member action' do - response.should be_success + expect(response).to be_success end it 'ensures that new member has been added to platform' do - @platform.members.should include(member) + expect(@platform.members).to include(member) end end @@ -107,10 +113,10 @@ shared_examples_for 'api platform user with member rights' do end it 'should be able to perform remove_member action' do - response.should be_success + expect(response).to be_success end it 'ensures that member has been removed from platform' do - @platform.members.should_not include(member) + expect(@platform.members).to_not include(member) end end @@ -125,10 +131,10 @@ shared_examples_for 'api platform user without member rights' do end it 'should not be able to perform add_member action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that new member has not been added to platform' do - @platform.members.should_not include(member) + expect(@platform.members).to_not include(member) end end @@ -140,10 +146,10 @@ shared_examples_for 'api platform user without member rights' do end it 'should be able to perform update action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that member has not been removed from platform' do - @platform.members.should include(member) + expect(@platform.members).to include(member) end end @@ -153,11 +159,11 @@ shared_examples_for 'api platform user without global admin rights' do context 'should not be able to perform clear action' do it 'for personal platform' do put :clear, id: @personal_platform.id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'for main platform' do put :clear, id: @platform.id, format: :json - response.should_not be_success + expect(response).to_not be_success end end @@ -165,10 +171,12 @@ shared_examples_for 'api platform user without global admin rights' do context "api platform user without #{action} rights" do it "should not be able to perform #{action} action" do post action, clone_or_create_params - response.should_not be_success + expect(response).to_not be_success end it "ensures that platform has not been #{action}d" do - lambda { post action, clone_or_create_params }.should change{ Platform.count }.by(0) + expect do + post action, clone_or_create_params + end.to_not change(Platform, :count) end end end @@ -190,7 +198,7 @@ shared_examples_for 'api platform user without reader rights for hidden platform [:show, :members].each do |action| it "should not be able to perform #{ action } action" do get action, id: @platform.id, format: :json - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end end end @@ -198,12 +206,12 @@ end shared_examples_for "api platform user with show rights" do it 'should be able to perform show action' do get :show, id: @platform.id, format: :json - response.should render_template(:show) + expect(response).to render_template(:show) end it 'should be able to perform platforms_for_build action' do get :platforms_for_build, format: :json - response.should render_template(:index) + expect(response).to render_template(:index) end end @@ -225,23 +233,23 @@ describe Api::V1::PlatformsController, type: :controller do it "should not be able to perform index action" do get :index, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end it "should not be able to perform platforms_for_build action", :anonymous_access => false do get :platforms_for_build, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end it "should not be able to perform show action", :anonymous_access => false do get :show, id: @platform, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end it 'should be able to perform members action', :anonymous_access => true do get :members, id: @platform.id, format: :json - response.should render_template(:members) + expect(response).to render_template(:members) end it_should_behave_like 'api platform user with show rights' if APP_CONFIG['anonymous_access'] @@ -254,17 +262,17 @@ describe Api::V1::PlatformsController, type: :controller do context 'perform allowed action' do it 'ensures that status 200 if platform empty' do get :allowed - response.status.should == 200 + expect(response).to be_success end it 'ensures that status 403 if platform does not exist' do get :allowed, path: "/rosa-server/repository/SRPMS/base/release/repodata/" - response.status.should == 403 + expect(response.status).to eq 403 end it 'ensures that status 200 if platform open' do get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/" - response.status.should == 200 + expect(response).to be_success end context 'for hidden platform' do @@ -272,44 +280,44 @@ describe Api::V1::PlatformsController, type: :controller do it 'ensures that status 403 if no token' do get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/" - response.status.should == 403 + expect(response.status).to eq 403 end it 'ensures that status 403 if no token and a lot of "/"' do get :allowed, path: "///#{@platform.name}///repository/SRPMS/base/release/repodata/" - response.status.should == 403 + expect(response.status).to eq 403 end it 'ensures that status 200 if token correct and a lot of "/"' do token = FactoryGirl.create(:platform_token, subject: @platform) http_login token.authentication_token, '' get :allowed, path: "///#{@platform.name}///repository/SRPMS/base/release/repodata/" - response.status.should == 200 + expect(response).to be_success end it 'ensures that status 403 on access to root of platform if no token' do get :allowed, path: "///#{@platform.name}" - response.status.should == 403 + expect(response.status).to eq 403 end it 'ensures that status 200 on access to root of platform if token correct' do token = FactoryGirl.create(:platform_token, subject: @platform) http_login token.authentication_token, '' get :allowed, path: "///#{@platform.name}" - response.status.should == 200 + expect(response).to be_success end it 'ensures that status 403 if wrong token' do http_login 'KuKu', '' get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/" - response.status.should == 403 + expect(response.status).to eq 403 end it 'ensures that status 200 if token correct' do token = FactoryGirl.create(:platform_token, subject: @platform) http_login token.authentication_token, '' get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/" - response.status.should == 200 + expect(response).to be_success end it 'ensures that status 403 if token correct but blocked' do @@ -317,20 +325,20 @@ describe Api::V1::PlatformsController, type: :controller do token.block http_login token.authentication_token, '' get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/" - response.status.should == 403 + expect(response.status).to eq 403 end it 'ensures that status 200 if user token correct and user has ability to read platform' do http_login @platform.owner.authentication_token, '' get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/" - response.status.should == 200 + expect(response).to be_success end it 'ensures that status 403 if user token correct but user has no ability to read platform' do user = FactoryGirl.create(:user) http_login user.authentication_token, '' get :allowed, path: "/#{@platform.name}/repository/SRPMS/base/release/repodata/" - response.status.should == 403 + expect(response.status).to eq 403 end end end @@ -353,10 +361,12 @@ describe Api::V1::PlatformsController, type: :controller do it "should be able to perform #{action} action" do post action, clone_or_create_params - response.should be_success + expect(response).to be_success end it "ensures that platform has been #{action}d" do - lambda { post action, clone_or_create_params }.should change{ Platform.count }.by(1) + expect do + post action, clone_or_create_params + end.to change(Platform, :count).by(1) end end end @@ -389,8 +399,8 @@ describe Api::V1::PlatformsController, type: :controller do %w(main personal).each do |type| it "ensures that filter by type = #{type} returns true result" do get :index, format: :json, type: type - JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }. - uniq.should == [type] + types = JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.uniq + expect(types).to eq [type] end end end @@ -415,9 +425,9 @@ describe Api::V1::PlatformsController, type: :controller do render_views %w(main personal).each do |type| it "ensures that filter by type = #{type} returns true result" do - get :index, format: :json, type: "#{type}" - JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }. - uniq.should == ["#{type}"] + get :index, format: :json, type: type + types = JSON.parse(response.body)['platforms'].map{ |p| p['platform_type'] }.uniq + expect(types).to eq [type] end end end @@ -425,7 +435,7 @@ describe Api::V1::PlatformsController, type: :controller do it 'should not be able to perform members action for hidden platform' do @platform.update_column(:visibility, 'hidden') get :members, id: @platform.id, format: :json - response.status.should == 403 + expect(response.status).to eq 403 end it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights for hidden platform' diff --git a/spec/controllers/api/v1/product_build_lists_controller.rb b/spec/controllers/api/v1/product_build_lists_controller.rb index 205af598b..9f55a77ad 100644 --- a/spec/controllers/api/v1/product_build_lists_controller.rb +++ b/spec/controllers/api/v1/product_build_lists_controller.rb @@ -3,29 +3,29 @@ require 'spec_helper' shared_examples_for 'api user without reader rights' do it 'should not be able to perform show action', :anonymous_access => false do get :show, id: @product_build_list.id, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end it 'should be able to perform show action' do get :show, id: @product_build_list.id, format: :json - response.should be_success + expect(response).to be_success end - it 'should be able to perform show action for the personal platform' do + it 'should not be able to perform show action for the hidden platform' do @product_build_list.product.platform.update_column :visibility, 'hidden' get :show, id: @product_build_list.id, format: :json - response.should be_success + expect(response).to_not be_success end it 'should not be able to perform create action' do post :create, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end [:update, :destroy].each do |action| it "should not be able to perform #{action} action" do put action, id: @product_build_list.id, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end end end @@ -33,24 +33,25 @@ end shared_examples_for 'api user with reader rights' do it 'should be able to perform show action' do get :show, id: @product_build_list.id, format: :json - response.should be_success + expect(response).to be_success end it 'should be able to perform show action for the hidden main platform' do + allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true) @product_build_list.product.platform.update_column :visibility, 'hidden' get :show, id: @product_build_list.id, format: :json - response.should be_success # because main platform + expect(response).to be_success end it 'should not be able to perform create action' do post :create, format: :json - response.status.should == 403 + expect(response.status).to eq 403 end [:update, :destroy].each do |action| it "should not be able to perform #{action} action" do put action, id: @product_build_list.id, format: :json - response.status.should == 403 + expect(response.status).to eq 403 end end end @@ -68,52 +69,56 @@ shared_examples_for 'api user with admin rights' do it 'should be able to perform show action' do get :show, id: @product_build_list.id, format: :json - response.should be_success + expect(response).to be_success end it 'should be able to perform show action for the hidden platform' do @product_build_list.product.platform.update_column :visibility, 'hidden' get :show, id: @product_build_list.id, format: :json - response.should be_success + expect(response).to be_success end it 'should be able to perform create action' do post :create, @create_params, format: :json - response.should be_success + expect(response).to be_success end it 'ensures that product has been created' do - lambda { post :create, @create_params, format: :json }.should change{ ProductBuildList.count }.by(1) + expect do + post :create, @create_params, format: :json + end.to change(ProductBuildList, :count).by(1) end it "should be able to perform destroy action" do put :destroy, id: @product_build_list.id, format: :json - response.should be_success + expect(response).to be_success end it "ensures that product has been destroyed" do - lambda { put :destroy, id: @product_build_list.id, format: :json }.should change{ ProductBuildList.count }.by(-1) + expect do + put :destroy, id: @product_build_list.id, format: :json + end.to change(ProductBuildList, :count).by(-1) end it "should be able to perform update action" do put :update, @update_params.merge(id: @product_build_list.id), format: :json - response.should be_success + expect(response).to be_success end it "ensures that only not_delete field of product build list has been updated" do put :update, @update_params.merge(id: @product_build_list.id), format: :json - @product_build_list.reload.time_living.should == 150*60 # in seconds - @product_build_list.not_delete.should be_truthy + expect(@product_build_list.reload.time_living).to eq 150*60 # in seconds + expect(@product_build_list.not_delete).to be_truthy end it 'ensures that return correct answer for wrong creating action' do post :create, format: :json - response.status.should == 403 # Maybe 422? + expect(response.status).to eq 403 # Maybe 422? end end describe Api::V1::ProductBuildListsController, type: :controller do - before(:each) do + before do stub_symlink_methods FactoryGirl.create(:arch, name: 'x86_64') @@ -126,7 +131,7 @@ describe Api::V1::ProductBuildListsController, type: :controller do end context 'for user' do - before(:each) do + before do http_login(@another_user) end @@ -136,4 +141,4 @@ describe Api::V1::ProductBuildListsController, type: :controller do context 'for platform admin' do it_should_behave_like 'api user with admin rights' end -end \ No newline at end of file +end diff --git a/spec/controllers/api/v1/products_controller_spec.rb b/spec/controllers/api/v1/products_controller_spec.rb index 28f80e0e9..07532687b 100644 --- a/spec/controllers/api/v1/products_controller_spec.rb +++ b/spec/controllers/api/v1/products_controller_spec.rb @@ -3,29 +3,29 @@ require 'spec_helper' shared_examples_for 'api user without reader rights' do it 'should not be able to perform show action', :anonymous_access => false do get :show, id: @product.id, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end it 'should be able to perform show action', :anonymous_access => true do get :show, id: @product.id, format: :json - response.should be_success + expect(response).to be_success end it 'should not be able to perform show action for the hidden platform', :anonymous_access => true do @product.platform.update_column :visibility, 'hidden' get :show, id: @product.id, format: :json - response.status.should == 403 + expect(response.status).to eq 403 end it 'should not be able to perform create action' do post :create, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end [:update, :destroy].each do |action| it "should not be able to perform #{action} action" do put action, id: @product.id, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end end end @@ -33,24 +33,25 @@ end shared_examples_for 'api user with reader rights' do it 'should be able to perform show action' do get :show, id: @product.id, format: :json - response.should be_success + expect(response).to be_success end it 'should be able to perform show action for the hidden main platform' do + allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true) @product.platform.update_column :visibility, 'hidden' get :show, id: @product.id, format: :json - response.should be_success # because main platform + expect(response).to be_success # because main platform end it 'should not be able to perform create action' do post :create, format: :json - response.status.should == 403 + expect(response.status).to eq 403 end [:update, :destroy].each do |action| it "should not be able to perform #{action} action" do put action, id: @product.id, format: :json - response.status.should == 403 + expect(response.status).to eq 403 end end end @@ -66,56 +67,60 @@ shared_examples_for 'api user with admin rights' do it 'should be able to perform show action' do get :show, id: @product.id, format: :json - response.should be_success + expect(response).to be_success end it 'should be able to perform show action for the hidden platform' do @product.platform.update_column :visibility, 'hidden' get :show, id: @product.id, format: :json - response.should be_success + expect(response).to be_success end it 'should be able to perform create action' do post :create, @create_params, format: :json - response.should be_success + expect(response).to be_success end it 'ensures that product has been created' do - lambda { post :create, @create_params, format: :json }.should change{ Product.count }.by(1) + expect do + post :create, @create_params, format: :json + end.to change(Product, :count).by(1) end [:update, :destroy].each do |action| it "should be able to perform #{action} action" do put action, id: @product.id, format: :json - response.should be_success + expect(response).to be_success end end it "ensures that product has been destroyed" do - lambda { put :destroy, id: @product.id, format: :json }.should change{ Product.count }.by(-1) + expect do + put :destroy, id: @product.id, format: :json + end.to change(Product, :count).by(-1) end it "ensures that product has been updated" do put :update, @update_params.merge(id: @product.id), format: :json - @product.reload.name.should == 'pro2' - @product.reload.time_living.should == 250*60 # in seconds + expect(@product.reload.name).to eq 'pro2' + expect(@product.reload.time_living).to eq 250*60 # in seconds end it 'ensures that return correct answer for wrong creating action' do post :create, format: :json - response.status.should == 403 # Maybe 422? + expect(response.status).to eq 403 # Maybe 422? end #[:update, :destroy].each do |action| # it "ensures that return correct answer for wrong #{action} action" do # put action, id: nil, format: :json - # response.status.should == 404 + # expect(response.status).to eq 404 # end #end end describe Api::V1::ProductsController, type: :controller do - before(:each) do + before do stub_symlink_methods @product = FactoryGirl.create(:product) @@ -124,12 +129,10 @@ describe Api::V1::ProductsController, type: :controller do context 'for guest' do it_should_behave_like 'api user without reader rights' - - end context 'for user' do - before(:each) do + before do http_login(@another_user) end diff --git a/spec/controllers/api/v1/projects_controller_spec.rb b/spec/controllers/api/v1/projects_controller_spec.rb index 6f00747a2..5424eca2a 100644 --- a/spec/controllers/api/v1/projects_controller_spec.rb +++ b/spec/controllers/api/v1/projects_controller_spec.rb @@ -21,56 +21,61 @@ shared_examples_for "api projects user without reader rights for hidden project" end shared_examples_for "api projects user without show rights" do - it "should show access violation instead of project data" do + it "to show access violation instead of project data" do get :show, id: @project.id, format: :json - response.should_not be_success + expect(response).to_not be_success end - it "should show access violation instead of project refs_list" do + it "to show access violation instead of project refs_list" do get :refs_list, id: @project.id, format: :json - response.should_not be_success + expect(response).to_not be_success end - it "should access violation instead of project data by get_id" do + it "to access violation instead of project data by get_id" do get :get_id, name: @project.name, owner: @project.owner_uname, format: :json - response.should_not be_success + expect(response).to_not be_success end - it "should show access violation instead of project members data" do + it "to show access violation instead of project members data" do get :members, id: @project.id, format: :json - response.should_not be_success + expect(response).to_not be_success end end shared_examples_for 'api projects user without fork rights' do - it 'should not be able to perform fork action' do + it 'to not be able to perform fork action' do post :fork, id: @project.id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'ensures that project has not been forked' do - lambda { post :fork, id: @project.id, format: :json }.should_not change{ Project.count } + expect do + post :fork, id: @project.id, format: :json + end.to_not change(Project, :count) end end shared_examples_for 'api projects user with fork rights' do - it 'should be able to perform fork action' do + it 'to be able to perform fork action' do post :fork, id: @project.id, format: :json - response.should be_success + expect(response).to be_success end it 'ensures that project has been forked' do - lambda { post :fork, id: @project.id, format: :json }.should change{ Project.count }.by(1) + expect do + post :fork, id: @project.id, format: :json + end.to change(Project, :count).by(1) end - it 'should be able to perform fork action with different name' do + it 'to be able to perform fork action with different name' do post :fork, id: @project.id, fork_name: (@project.name + '_forked'), format: :json - response.should be_success + expect(response).to be_success end it 'ensures that project has been forked' do new_name = @project.name + '_forked' - lambda { post :fork, id: @project.id, fork_name: new_name, format: :json }.should - change{ Project.where(name: new_name).count }.by(1) + expect do + post :fork, id: @project.id, fork_name: new_name, format: :json + end.to change{ Project.where(name: new_name).count }.by(1) end end @@ -85,44 +90,44 @@ shared_examples_for 'api projects user without fork rights for hidden project' d end shared_examples_for "api projects user with show rights" do - it "should show project data" do + it "to show project data" do get :show, id: @project.id, format: :json - render_template(:show) + expect(response).to render_template(:show) end - it "should show refs_list of project" do + it "to show refs_list of project" do get :refs_list, id: @project.id, format: :json - render_template(:refs_list) + expect(response).to render_template(:refs_list) end context 'project find by get_id' do - it "should find project by name and owner name" do + it "to find project by name and owner name" do @project.reload get :get_id, name: @project.name, owner: @project.owner_uname, format: :json - assigns[:project].id.should == @project.id + expect(assigns[:project].id).to eq @project.id end - it "should not find project by non existing name and owner name" do + it "to not find project by non existing name and owner name" do get :get_id, name: 'NONE_EXISTING_NAME', owner: @project.owner_uname, format: :json - assigns[:project].should be_blank + expect(assigns :project).to be_blank end - it "should render 404 for non existing name and owner name" do + it "to render 404 for non existing name and owner name" do get :get_id, name: 'NONE_EXISTING_NAME', owner: @project.owner_uname, format: :json - response.body.should == {status: 404, message: I18n.t("flash.404_message")}.to_json + expect(response.body).to eq({status: 404, message: I18n.t("flash.404_message")}.to_json) end end end shared_examples_for 'api projects user with admin rights' do - it "should be able to perform members action" do + it "to be able to perform members action" do get :members, id: @project.id, format: :json - response.should be_success + expect(response).to be_success end - it 'should not set a wrong maintainer_id' do + it 'to not set a wrong maintainer_id' do put :update, project: { maintainer_id: -1 }, id: @project.id, format: :json - response.should_not be_success + expect(response).to_not be_success end context 'api project user with update rights' do @@ -130,12 +135,11 @@ shared_examples_for 'api projects user with admin rights' do put :update, project: { description: 'new description' }, id: @project.id, format: :json end - it 'should be able to perform update action' do - response.should be_success + it 'to be able to perform update action' do + expect(response).to be_success end it 'ensures that description has been updated' do - @project.reload - @project.description.should == 'new description' + expect(@project.reload.description).to eq 'new description' end end @@ -145,11 +149,11 @@ shared_examples_for 'api projects user with admin rights' do put :add_member, member_id: member.id, type: 'User', role: 'admin', id: @project.id, format: :json end - it 'should be able to perform add_member action' do - response.should be_success + it 'to be able to perform add_member action' do + expect(response).to be_success end it 'ensures that new member has been added to project' do - @project.members.should include(member) + expect(@project.members).to include(member) end end @@ -160,11 +164,11 @@ shared_examples_for 'api projects user with admin rights' do delete :remove_member, member_id: member.id, type: 'User', id: @project.id, format: :json end - it 'should be able to perform remove_member action' do - response.should be_success + it 'to be able to perform remove_member action' do + expect(response).to be_success end it 'ensures that member has been removed from project' do - @project.members.should_not include(member) + expect(@project.members).to_not include(member) end end @@ -175,21 +179,21 @@ shared_examples_for 'api projects user with admin rights' do put :update_member, member_id: member.id, type: 'User', role: 'reader', id: @project.id, format: :json end - it 'should be able to perform update_member action' do - response.should be_success + it 'to be able to perform update_member action' do + expect(response).to be_success end it 'ensures that member role has been updated in project' do - @project.relations.by_actor(member).first. - role.should == 'reader' + role = @project.relations.by_actor(member).first.role + expect(role).to eq 'reader' end end end shared_examples_for 'api projects user without admin rights' do - it "should not be able to perform members action" do + it "to not be able to perform members action" do get :members, id: @project.id, format: :json - response.should_not be_success + expect(response).to_not be_success end context 'api project user without update_member rights' do @@ -199,12 +203,12 @@ shared_examples_for 'api projects user without admin rights' do put :update_member, member_id: member.id, type: 'User', role: 'reader', id: @project.id, format: :json end - it 'should not be able to perform update_member action' do - response.should_not be_success + it 'to not be able to perform update_member action' do + expect(response).to_not be_success end it 'ensures that member role has not been updated in project' do - @project.relations.by_actor(member).first. - role.should_not == 'reader' + role = @project.relations.by_actor(member).first.role + expect(role).to_not eq 'reader' end end @@ -213,12 +217,11 @@ shared_examples_for 'api projects user without admin rights' do put :update, project: {description: 'new description'}, id: @project.id, format: :json end - it 'should not be able to perform update action' do - response.should_not be_success + it 'to not be able to perform update action' do + expect(response).to_not be_success end it 'ensures that project has not been updated' do - @project.reload - @project.description.should_not == 'new description' + expect(@project.reload.description).to_not eq 'new description' end end @@ -228,11 +231,11 @@ shared_examples_for 'api projects user without admin rights' do put :add_member, member_id: member.id, type: 'User', role: 'admin', id: @project.id, format: :json end - it 'should not be able to perform add_member action' do - response.should_not be_success + it 'to not be able to perform add_member action' do + expect(response).to_not be_success end it 'ensures that new member has not been added to project' do - @project.members.should_not include(member) + expect(@project.members).to_not include(member) end end @@ -243,35 +246,39 @@ shared_examples_for 'api projects user without admin rights' do delete :remove_member, member_id: member.id, type: 'User', id: @project.id, format: :json end - it 'should be able to perform update action' do - response.should_not be_success + it 'to be able to perform update action' do + expect(response).to_not be_success end it 'ensures that member has not been removed from project' do - @project.members.should include(member) + expect(@project.members).to include(member) end end end shared_examples_for 'api projects user with owner rights' do context 'api project user with destroy rights' do - it 'should be able to perform destroy action' do + it 'to be able to perform destroy action' do delete :destroy, id: @project.id, format: :json - response.should be_success + expect(response).to be_success end it 'ensures that project has been destroyed' do - lambda { delete :destroy, id: @project.id, format: :json }.should change{ Project.count }.by(-1) + expect do + delete :destroy, id: @project.id, format: :json + end.to change(Project, :count).by(-1) end end end shared_examples_for 'api projects user without owner rights' do context 'api project user with destroy rights' do - it 'should not be able to perform destroy action' do + it 'to not be able to perform destroy action' do delete :destroy, id: @project.id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'ensures that project has not been destroyed' do - lambda { delete :destroy, id: @project.id, format: :json }.should_not change{ Project.count } + expect do + delete :destroy, id: @project.id, format: :json + end.to_not change(Project, :count) end end end @@ -289,9 +296,9 @@ describe Api::V1::ProjectsController, type: :controller do context 'for guest' do [:index, :members].each do |action| - it "should not be able to perform #{action} action" do + it "to not be able to perform #{action} action" do get action, id: @project.id, format: :json - response.should_not be_success + expect(response).to_not be_success end end @@ -313,31 +320,37 @@ describe Api::V1::ProjectsController, type: :controller do http_login(@user) end - it 'should be able to perform index action' do + it 'to be able to perform index action' do get :index, format: :json - response.should be_success + expect(response).to be_success end context 'api project user with create rights' do let(:params) { {project: {name: 'test_name', owner_id: @user.id, owner_type: 'User', visibility: 'open'}, format: :json} } - it 'should be able to perform create action' do + it 'to be able to perform create action' do post :create, params, format: :json - response.should be_success + expect(response).to be_success end it 'ensures that project has been created' do - lambda { post :create, params }.should change{ Project.count }.by(1) + expect do + post :create, params + end.to change(Project, :count).by(1) end - it 'writer group should be able to create project for their group' do + it 'writer group to be able to create project for their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'writer') - lambda { post :create, params.deep_merge({project: {owner_type: 'Group', owner_id: group.id}})}.should change{ Project.count }.by(1) + expect do + post :create, params.deep_merge({project: {owner_type: 'Group', owner_id: group.id}}) + end.to change(Project, :count).by(1) end - it 'reader group should not be able to create project for their group' do + it 'reader group to not be able to create project for their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'reader') - lambda { post :create, params.deep_merge({project: {owner_type: 'Group', owner_id: group.id}})}.should change{ Project.count }.by(0) + expect do + post :create, params.deep_merge({project: {owner_type: 'Group', owner_id: group.id}}) + end.to_not change(Project, :count) end end @@ -349,34 +362,40 @@ describe Api::V1::ProjectsController, type: :controller do it_should_behave_like 'api projects user without owner rights' context 'group writer' do - it 'should be able to fork project to their group' do + it 'to be able to fork project to their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'writer') - lambda {post :fork, id: @project.id, group_id: group.id}.should change{ Project.count }.by(1) + expect do + post :fork, id: @project.id, group_id: group.id, format: :json + end.to change(Project, :count).by(1) end - it 'should be able to fork project with different name to their group' do + it 'to be able to fork project with different name to their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'writer') new_name = @project.name + '_forked' - lambda { post :fork, id: @project.id, group_id: group.id, fork_name: new_name }.should - change { Project.where(name: new_name).count }.by(1) + expect do + post :fork, id: @project.id, group_id: group.id, fork_name: new_name, format: :json + end.to change { Project.where(name: new_name).count }.by(1) end end context 'group reader' do - it 'should not be able to fork project to their group' do + it 'to not be able to fork project to their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'reader') - lambda {post :fork, id: @project.id, group_id: group.id, format: :json}.should change{ Project.count }.by(0) + expect do + post :fork, id: @project.id, group_id: group.id, format: :json + end.to_not change(Project, :count) end - it 'should not be able to fork project with different name to their group' do + it 'to not be able to fork project with different name to their group' do group = FactoryGirl.create(:group) new_name = @project.name + '_forked' create_actor_relation(group, @user, 'reader') - lambda { post :fork, id: @project.id, group_id: group.id, fork_name: new_name }.should - change{ Project.where(name: new_name.count) }.by(0) + expect do + post :fork, id: @project.id, group_id: group.id, fork_name: new_name, format: :json + end.to_not change{ Project.where(name: new_name).count } end end end diff --git a/spec/controllers/api/v1/pull_requests_controller.rb b/spec/controllers/api/v1/pull_requests_controller_spec.rb similarity index 69% rename from spec/controllers/api/v1/pull_requests_controller.rb rename to spec/controllers/api/v1/pull_requests_controller_spec.rb index b7dd40fb6..73e8b74de 100644 --- a/spec/controllers/api/v1/pull_requests_controller.rb +++ b/spec/controllers/api/v1/pull_requests_controller_spec.rb @@ -1,15 +1,15 @@ require 'spec_helper' def create_pull to_ref, from_ref, owner, project = @project - pull = project.pull_requests.new issue_attributes: {title: 'test', body: 'testing'} + pull = project.pull_requests.build issue_attributes: {title: 'test', body: 'testing'} pull.issue.user, pull.issue.project = owner, pull.to_project pull.to_ref, pull.from_ref, pull.from_project = to_ref, from_ref, project pull.save; pull.check - pull + pull.reload end describe Api::V1::PullRequestsController, type: :controller do - before(:all) do + before do stub_symlink_methods @project = FactoryGirl.create(:project_with_commit) @@ -43,117 +43,117 @@ describe Api::V1::PullRequestsController, type: :controller do context 'read and accessible abilities' do context 'for user' do - before(:each) do + before do http_login(@project.owner) end it 'can show pull request in own project' do get :show, project_id: @project.id, id: @pull.serial_id, format: :json - response.should be_success + expect(response).to be_success end it 'should render right template for show action' do get :show, project_id: @project.id, id: @pull.serial_id, format: :json - response.should render_template('api/v1/pull_requests/show') + expect(response).to render_template('api/v1/pull_requests/show') end it 'can show pull request in open project' do get :show, project_id: @another_project.id, id: @another_pull.serial_id, format: :json - response.should be_success + expect(response).to be_success end it 'can show pull request in own hidden project' do get :show, project_id: @own_hidden_project.id, id: @own_hidden_pull.serial_id, format: :json - response.should be_success + expect(response).to be_success end it 'cant show pull request in hidden project' do get :show, project_id: @hidden_project.id, id: @hidden_pull.serial_id, format: :json - response.status.should == 403 + expect(response.status).to eq 403 end it 'should return three pull requests' do get :all_index, filter: 'all', format: :json - assigns[:pulls].should include(@pull) - assigns[:pulls].should include(@own_hidden_pull) - assigns[:pulls].should include(@membered_pull) + expect(assigns[:pulls]).to include(@pull) + expect(assigns[:pulls]).to include(@own_hidden_pull) + expect(assigns[:pulls]).to include(@membered_pull) end it 'should render right template for all index action' do get :all_index, format: :json - response.should render_template('api/v1/pull_requests/index') + expect(response).to render_template('api/v1/pull_requests/index') end it 'should return only assigned pull request' do get :user_index, format: :json - assigns[:pulls].should include(@own_hidden_pull) + expect(assigns[:pulls]).to include(@own_hidden_pull) expect(assigns[:pulls].count).to eq 1 end it 'should render right template for user index action' do get :user_index, format: :json - response.should render_template('api/v1/pull_requests/index') + expect(response).to render_template('api/v1/pull_requests/index') end %w(commits files).each do |action| it "can show pull request #{action} in own project" do get action, project_id: @project.id, id: @pull.serial_id, format: :json - response.should be_success + expect(response).to be_success end it "should render right template for commits action" do get action, project_id: @project.id, id: @pull.serial_id, format: :json - response.should render_template("api/v1/pull_requests/#{action}") + expect(response).to render_template("api/v1/pull_requests/#{action}") end it "can't show pull request #{action} in hidden project" do get action, project_id: @hidden_project.id, id: @hidden_pull.serial_id, format: :json - response.should_not be_success + expect(response).to_not be_success end end it 'should return 404' do get :show, project_id: @project.id, id: 999999, format: :json - response.status.should == 404 + expect(response.status).to eq 404 end it 'should redirect to issue page' do get :show, project_id: @project.id, id: @issue.serial_id, format: :json - response.should redirect_to(api_v1_project_issue_path(@project.id, @issue.serial_id)) + expect(response).to redirect_to(api_v1_project_issue_path(@project.id, @issue.serial_id)) end end context 'for anonymous user' do it 'can show pull request in open project', anonymous_access: true do get :show, project_id: @project.id, id: @pull.serial_id, format: :json - response.should be_success + expect(response).to be_success end it 'cant show pull request in hidden project', anonymous_access: true do @project.update_column :visibility, 'hidden' get :show, project_id: @project.id, id: @pull.serial_id, format: :json - response.status.should == 403 + expect(response.status).to eq 403 end it 'should not return any pull requests' do get :all_index, filter: 'all', format: :json - response.status.should == 401 + expect(response.status).to eq 401 end %w(commits files).each do |action| it "can show pull request #{action} in project", anonymous_access: true do get action, project_id: @project.id, id: @pull.serial_id, format: :json - response.should be_success + expect(response).to be_success end it "should render right template for commits action", anonymous_access: true do get action, project_id: @project.id, id: @pull.serial_id, format: :json - response.should render_template("api/v1/pull_requests/#{action}") + expect(response).to render_template("api/v1/pull_requests/#{action}") end it "can't show pull request #{action} in hidden project", anonymous_access: true do get action, project_id: @hidden_project.id, id: @hidden_pull.serial_id, format: :json - response.should_not be_success + expect(response).to_not be_success end end end @@ -166,33 +166,41 @@ describe Api::V1::PullRequestsController, type: :controller do end it 'can create pull request in own project' do - lambda { post :create, @create_params }.should change{ PullRequest.count }.by(1) + expect do + post :create, @create_params + end.to change(PullRequest, :count).by(1) end it 'can create pull request in own hidden project' do - lambda { post :create, @create_params.merge(project_id: @own_hidden_project.id) }.should - change{ PullRequest.count }.by(1) + expect do + post :create, @create_params.merge(project_id: @own_hidden_project.id) + end.to change(PullRequest, :count).by(1) end it 'can create pull request in open project' do - lambda { post :create, @create_params.merge(project_id: @another_project.id) }.should - change{ PullRequest.count }.by(1) + expect do + post :create, @create_params.merge(project_id: @another_project.id) + end.to change(PullRequest, :count).by(1) end it 'cant create pull request in hidden project' do - lambda { post :create, @create_params.merge(project_id: @hidden_project.id) }.should - change{ PullRequest.count }.by(0) + expect do + post :create, @create_params.merge(project_id: @hidden_project.id) + end.to_not change(PullRequest, :count) end end context 'for anonymous user' do it 'cant create pull request in project', anonymous_access: true do - lambda { post :create, @create_params }.should change{ PullRequest.count }.by(0) + expect do + post :create, @create_params + end.to_not change(PullRequest, :count) end it 'cant create pull request in hidden project', anonymous_access: true do - lambda { post :create, @create_params.merge(project_id: @hidden_project.id) }.should - change{ PullRequest.count }.by(0) + expect do + post :create, @create_params.merge(project_id: @hidden_project.id) + end.to_not change(PullRequest, :count) end end end @@ -205,76 +213,76 @@ describe Api::V1::PullRequestsController, type: :controller do it 'can update pull request in own project' do put :update, @update_params - @pull.reload.title.should == 'new title' + expect(@pull.reload.title).to eq 'new title' end it 'can update pull request in own hidden project' do put :update, @update_params.merge(project_id: @own_hidden_project.id, id: @own_hidden_pull.serial_id) - @own_hidden_pull.reload.title.should == 'new title' + expect(@own_hidden_pull.reload.title).to eq 'new title' end it 'cant update pull request in open project' do put :update, @update_params.merge(project_id: @another_project.id, id: @another_pull.serial_id) - @another_pull.reload.title.should_not == 'new title' + expect(@another_pull.reload.title).to_not eq 'new title' end it 'cant update pull request in hidden project' do put :update, @update_params.merge(project_id: @hidden_project.id, id: @hidden_pull.serial_id) - @hidden_pull.reload.title.should_not == 'title' + expect(@hidden_pull.reload.title).to_not eq 'title' end it 'can merge pull request in own project' do put :merge, project_id: @project.id, id: @pull.serial_id, format: :json - @pull.reload.status.should == 'merged' - response.should be_success + expect(@pull.reload.status).to eq 'merged' + expect(response).to be_success end it 'can merge pull request in own hidden project' do put :merge, project_id: @own_hidden_project.id, id: @own_hidden_pull.serial_id, format: :json - @own_hidden_pull.reload.status.should == 'merged' - response.should be_success + expect(@own_hidden_pull.reload.status).to eq 'merged' + expect(response).to be_success end it 'cant merge pull request in open project' do put :merge, project_id: @another_project.id, id: @another_pull.serial_id, format: :json - @another_pull.reload.status.should == 'ready' - response.status.should == 403 + expect(@another_pull.reload.status).to eq 'ready' + expect(response.status).to eq 403 end it 'cant merge pull request in hidden project' do put :merge, project_id: @hidden_project.id, id: @hidden_pull.serial_id, format: :json - @hidden_pull.reload.status.should == 'ready' - response.status.should == 403 + expect(@hidden_pull.reload.status).to eq 'ready' + expect(response.status).to eq 403 end end context 'for anonymous user' do it 'cant update pull request in project', anonymous_access: true do put :update, @update_params - response.status.should == 401 + expect(response.status).to eq 401 end it 'cant update pull request in hidden project', anonymous_access: true do put :update, @update_params.merge(project_id: @hidden_project.id, id: @hidden_pull.serial_id) - response.status.should == 401 + expect(response.status).to eq 401 end it 'cant merge pull request in open project' do put :merge, project_id: @another_project.id, id: @another_pull.serial_id, format: :json - @another_pull.reload.status.should == 'ready' - response.status.should == 401 + expect(@another_pull.reload.status).to eq 'ready' + expect(response.status).to eq 401 end it 'cant merge pull request in hidden project' do put :merge, project_id: @hidden_project.id, id: @hidden_pull.serial_id, format: :json - @hidden_pull.reload.status.should == 'ready' - response.status.should == 401 + expect(@hidden_pull.reload.status).to eq 'ready' + expect(response.status).to eq 401 end end end context 'send email messages' do - before(:each) do + before do @project_reader = FactoryGirl.create :user create_relation(@project, @project_reader, 'reader') @project_admin = FactoryGirl.create :user @@ -288,36 +296,32 @@ describe Api::V1::PullRequestsController, type: :controller do it 'should send two email messages to project admins' do post :create, @create_params - @project.pull_requests.last.issue.send(:new_issue_notifications) - @project.pull_requests.last.issue.send(:send_assign_notifications) - ActionMailer::Base.deliveries.count.should == 2 + # @project.pull_requests.last.issue.send(:new_issue_notifications) + # @project.pull_requests.last.issue.send(:send_assign_notifications) + expect(ActionMailer::Base.deliveries.count).to eq 2 end it 'should send two email messages to admins and one to assignee' do post :create, @create_params.deep_merge(pull_request: {assignee_id: @project_reader.id}) - @project.pull_requests.last.issue.send(:new_issue_notifications) - @project.pull_requests.last.issue.send(:send_assign_notifications) - ActionMailer::Base.deliveries.count.should == 3 + # @project.pull_requests.last.issue.send(:new_issue_notifications) + # @project.pull_requests.last.issue.send(:send_assign_notifications) + expect(ActionMailer::Base.deliveries.count).to eq 3 end it 'should send email message to new assignee' do http_login(@project_admin) put :update, @update_params.deep_merge(pull_request: {assignee_id: @project_reader.id}) - @project.pull_requests.last.issue.send(:send_assign_notifications) - ActionMailer::Base.deliveries.count.should == 1 + # @project.pull_requests.last.issue.send(:send_assign_notifications) + expect(ActionMailer::Base.deliveries.count).to eq 1 end it 'should not duplicate email message' do post :create, @create_params.deep_merge(pull_request: {assignee_id: @project_admin.id}) - @project.pull_requests.last.issue.send(:new_issue_notifications) - @project.pull_requests.last.issue.send(:send_assign_notifications) - ActionMailer::Base.deliveries.count.should == 2 # send only to admins - ActionMailer::Base.deliveries.first.to != ActionMailer::Base.deliveries.last.to + # @project.pull_requests.last.issue.send(:new_issue_notifications) + # @project.pull_requests.last.issue.send(:send_assign_notifications) + expect(ActionMailer::Base.deliveries.count).to eq 2 # send only to admins + expect(ActionMailer::Base.deliveries.first.to).to_not eq ActionMailer::Base.deliveries.last.to end end - after(:all) do - User.destroy_all - Platform.destroy_all - end end diff --git a/spec/controllers/api/v1/repositories_controller_spec.rb b/spec/controllers/api/v1/repositories_controller_spec.rb index affb09590..e0fe0bbce 100644 --- a/spec/controllers/api/v1/repositories_controller_spec.rb +++ b/spec/controllers/api/v1/repositories_controller_spec.rb @@ -15,14 +15,14 @@ end shared_examples_for 'api repository user without packages rights' do it 'should not be able to perform packages action' do get :packages, id: @repository.id, format: :csv - response.should_not be_success + expect(response).to_not be_success end end shared_examples_for 'api repository user with packages rights' do it 'should be able to perform packages action' do get :packages, id: @repository.id, format: :csv - response.should be_success + expect(response).to be_success end end @@ -37,25 +37,25 @@ end shared_examples_for "api repository user with show rights" do it 'should be able to perform show action' do get :show, id: @repository.id, format: :json - response.should render_template(:show) + expect(response).to render_template(:show) end it 'should be able to perform projects action' do get :projects, id: @repository.id, format: :json - response.should render_template(:projects) + expect(response).to render_template(:projects) end end shared_examples_for "api repository user without show rights" do it 'should not be able to perform show action' do get :show, id: @repository.id, format: :json - response.body.should == {"message" => "Access violation to this page!"}.to_json + expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json) end end shared_examples_for "api repository user without key_pair rights" do it 'should not be able to perform key_pair action' do get :key_pair, id: @repository.id, format: :json - response.should_not be_success + expect(response).to_not be_success end end @@ -67,11 +67,10 @@ shared_examples_for 'api repository user with writer rights' do end it 'should be able to perform update action' do - response.should be_success + expect(response).to be_success end it 'ensures that repository has been updated' do - @repository.reload - @repository.description.should == 'new description' + expect(@repository.reload.description).to eq 'new description' end end @@ -79,7 +78,7 @@ shared_examples_for 'api repository user with writer rights' do [:add_repo_lock_file, :remove_repo_lock_file].each do |action| it "should be able to perform #{action} action" do put action, id: @repository.id, format: :json - response.should be_success + expect(response).to be_success end end end @@ -91,10 +90,10 @@ shared_examples_for 'api repository user with writer rights' do end it 'should be able to perform add_member action' do - response.should be_success + expect(response).to be_success end it 'ensures that new member has been added to repository' do - @repository.members.should include(member) + expect(@repository.members).to include(member) end end @@ -106,39 +105,48 @@ shared_examples_for 'api repository user with writer rights' do end it 'should be able to perform remove_member action' do - response.should be_success + expect(response).to be_success end it 'ensures that member has been removed from repository' do - @repository.members.should_not include(member) + expect(@repository.members).to_not include(member) end end context 'api repository user with destroy rights' do it 'should be able to perform destroy action for main platform' do delete :destroy, id: @repository.id, format: :json - response.should be_success + expect(response).to be_success end it 'ensures that repository of main platform has been destroyed' do - lambda { delete :destroy, id: @repository.id, format: :json }.should change{ Repository.count }.by(-1) + expect do + delete :destroy, id: @repository.id, format: :json + end.to change(Repository, :count).by(-1) end context 'repository with name "main" of personal platform' do # hook for "ActiveRecord::ActiveRecordError: name is marked as readonly" - before { Repository.where(id: @personal_repository.id).update_all("name = 'main'") } + before do + Repository.where(id: @personal_repository).update_all(name: 'main') + end + it 'should not be able to perform destroy action' do delete :destroy, id: @personal_repository.id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'ensures that repository has not been destroyed' do - lambda { delete :destroy, id: @personal_repository.id, format: :json }.should_not change{ Repository.count } + expect do + delete :destroy, id: @personal_repository.id, format: :json + end.to_not change(Repository, :count) end end it 'should be able to perform destroy action for repository with name not "main" of personal platform' do delete :destroy, id: @personal_repository.id, format: :json - response.should be_success + expect(response).to be_success end it 'ensures that repository with name not "main" of personal platform has been destroyed' do - lambda { delete :destroy, id: @personal_repository.id, format: :json }.should change{ Repository.count }.by(-1) + expect do + delete :destroy, id: @personal_repository.id, format: :json + end.to change(Repository, :count).by(-1) end end @@ -148,10 +156,10 @@ shared_examples_for 'api repository user with writer rights' do put :signatures, id: @repository.id, repository: {public: kp.public, secret: kp.secret}, format: :json end it 'should be able to perform signatures action' do - response.should be_success + expect(response).to be_success end it 'ensures that signatures has been updated' do - @repository.key_pair.should_not be_nil + expect(@repository.key_pair).to_not be_nil end end @@ -162,10 +170,10 @@ shared_examples_for 'api repository user with project manage rights' do context 'api repository user with add_project rights' do before { put :add_project, id: @repository.id, project_id: @project.id, format: :json } it 'should be able to perform add_project action' do - response.should be_success + expect(response).to be_success end it 'ensures that project has been added to repository' do - @repository.projects.should include(@project) + expect(@repository.projects).to include(@project) end end @@ -175,11 +183,10 @@ shared_examples_for 'api repository user with project manage rights' do delete :remove_project, id: @repository.id, project_id: @project.id, format: :json end it 'should be able to perform remove_project action' do - response.should be_success + expect(response).to be_success end it 'ensures that project has been removed from repository' do - @repository.reload - @repository.projects.should_not include(@project) + expect(@repository.reload.projects).to_not include(@project) end end @@ -193,11 +200,10 @@ shared_examples_for 'api repository user without writer rights' do end it 'should not be able to perform update action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that repository has not been updated' do - @repository.reload - @repository.description.should_not == 'new description' + expect(@repository.reload.description).to_not eq 'new description' end end @@ -205,7 +211,7 @@ shared_examples_for 'api repository user without writer rights' do [:add_repo_lock_file, :remove_repo_lock_file].each do |action| it "should not be able to perform #{action} action" do put action, id: @repository.id, format: :json - response.should_not be_success + expect(response).to_not be_success end end end @@ -217,10 +223,10 @@ shared_examples_for 'api repository user without writer rights' do end it 'should not be able to perform add_member action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that new member has not been added to repository' do - @repository.members.should_not include(member) + expect(@repository.members).to_not include(member) end end @@ -232,27 +238,31 @@ shared_examples_for 'api repository user without writer rights' do end it 'should be able to perform update action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that member has not been removed from repository' do - @repository.members.should include(member) + expect(@repository.members).to include(member) end end context 'api repository user without destroy rights' do it 'should not be able to perform destroy action for repository of main platform' do delete :destroy, id: @repository.id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'ensures that repository of main platform has not been destroyed' do - lambda { delete :destroy, id: @repository.id, format: :json }.should_not change{ Repository.count } + expect do + delete :destroy, id: @repository.id, format: :json + end.to_not change(Repository, :count) end it 'should not be able to perform destroy action for repository of personal platform' do delete :destroy, id: @personal_repository.id, format: :json - response.should_not be_success + expect(response).to_not be_success end it 'ensures that repository of personal platform has not been destroyed' do - lambda { delete :destroy, id: @personal_repository.id, format: :json }.should_not change{ Repository.count } + expect do + delete :destroy, id: @personal_repository.id, format: :json + end.to_not change(Repository, :count) end end @@ -262,10 +272,10 @@ shared_examples_for 'api repository user without writer rights' do put :signatures, id: @repository.id, repository: {public: kp.public, secret: kp.secret}, format: :json end it 'should not be able to perform signatures action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that signatures has not been updated' do - @repository.key_pair.should be_nil + expect(@repository.key_pair).to be_nil end end @@ -275,10 +285,10 @@ shared_examples_for 'api repository user without project manage rights' do context 'api repository user without add_project rights' do before { put :add_project, id: @repository.id, project_id: @project.id, format: :json } it 'should not be able to perform add_project action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that project has not been added to repository' do - @repository.projects.should_not include(@project) + expect(@repository.projects).to_not include(@project) end end @@ -288,11 +298,10 @@ shared_examples_for 'api repository user without project manage rights' do delete :remove_project, id: @repository.id, project_id: @project.id, format: :json end it 'should not be able to perform remove_project action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that project has not been removed from repository' do - @repository.reload - @repository.projects.should include(@project) + expect(@repository.reload.projects).to include(@project) end end end @@ -312,7 +321,7 @@ describe Api::V1::RepositoriesController, type: :controller do context 'for guest' do it "should not be able to perform show action", :anonymous_access => false do get :show, id: @repository.id, format: :json - response.status.should == 401 + expect(response.status).to eq 401 end if APP_CONFIG['anonymous_access'] @@ -326,7 +335,7 @@ describe Api::V1::RepositoriesController, type: :controller do it 'should not be able to perform projects action', anonymous_access: false do get :projects, id: @repository.id, format: :json - response.should_not be_success + expect(response).to_not be_success end end @@ -400,13 +409,13 @@ describe Api::V1::RepositoriesController, type: :controller do it 'should be able to perform key_pair action when repository has not keys' do get :key_pair, id: @repository.id, format: :json - response.should be_success + expect(response).to be_success end it 'should be able to perform key_pair action when repository has keys' do FactoryGirl.create(:key_pair, repository: @repository) get :key_pair, id: @repository.id, format: :json - response.should be_success + expect(response).to be_success end end diff --git a/spec/controllers/api/v1/search_controller_spec.rb b/spec/controllers/api/v1/search_controller_spec.rb index f39966e74..0827be047 100644 --- a/spec/controllers/api/v1/search_controller_spec.rb +++ b/spec/controllers/api/v1/search_controller_spec.rb @@ -3,14 +3,14 @@ require 'spec_helper' shared_examples_for 'able search with api' do it 'should be able to search' do get :index, format: :json - response.should be_success - response.should render_template(:index) + expect(response).to be_success + expect(response).to render_template(:index) end end shared_examples_for 'not able search with api' do it 'should not be able to search' do get :index, format: :json - response.code.should eq('401') + expect(response.code).to eq('401') end end diff --git a/spec/controllers/api/v1/users_controller_spec.rb b/spec/controllers/api/v1/users_controller_spec.rb index 273465572..b238628fc 100644 --- a/spec/controllers/api/v1/users_controller_spec.rb +++ b/spec/controllers/api/v1/users_controller_spec.rb @@ -12,39 +12,35 @@ describe Api::V1::UsersController, type: :controller do [:show_current_user, :notifiers].each do |action| it "should not be able to perform #{ action } action for a current user" do get action, format: :json - response.should_not be_success + expect(response).to_not be_success end end it 'should be able to perform show action for a single user', :anonymous_access => true do get :show, id: @user.id, format: :json - response.should render_template(:show) + expect(response).to render_template(:show) end it 'should not be able to perform show action for a single user', :anonymous_access => false do get :show, id: @user.id, format: :json - response.should_not be_success + expect(response).to_not be_success end context 'should not be able to perform update action for a current user' do - before do - put :update, user: { company: 'test_company' }, format: :json - end - it { response.should_not be_success } it 'ensures that user has not been updated' do - @user.reload - @user.company.should_not == 'test_company' + put :update, user: { company: 'test_company' }, format: :json + expect(response).to_not be_success + expect(@user.reload.company).to_not eq 'test_company' end end context 'should not be able to perform notifiers action for a current user' do before do - put :notifiers, notifiers: { can_notify: false }, format: :json end - it { response.should_not be_success } it 'ensures that user notification settings have not been updated' do - @user.reload - @user.notifier.can_notify.should be_truthy + put :notifiers, notifiers: { can_notify: false }, format: :json + expect(response).to_not be_success + expect(@user.reload.notifier.can_notify).to be_truthy end end @@ -58,34 +54,28 @@ describe Api::V1::UsersController, type: :controller do [:show_current_user, :notifiers].each do |action| it "should be able to perform #{ action } action for a current user" do get action, format: :json - response.should be_success + expect(response).to be_success end end it 'should be able to perform show action for a single user' do get :show, id: @user.id, format: :json - response.should render_template(:show) + expect(response).to render_template(:show) end context 'should be able to perform update action for a current user' do - before do - put :update, user: { company: 'test_company' }, format: :json - end - it { response.should be_success } it 'ensures that user has been updated' do - @user.reload - @user.company.should == 'test_company' + put :update, user: { company: 'test_company' }, format: :json + expect(response).to be_success + expect(@user.reload.company).to eq 'test_company' end end context 'should be able to perform notifiers action for a current user' do - before do - put :notifiers, notifiers: {can_notify: false }, format: :json - end - it { response.should be_success } it 'ensures that user notification settings have been updated' do - @user.reload - @user.notifier.can_notify.should be_falsy + put :notifiers, notifiers: {can_notify: false }, format: :json + expect(response).to be_success + expect(@user.reload.notifier.can_notify).to be_falsy end end diff --git a/spec/controllers/autocompletes_controller_spec.rb b/spec/controllers/autocompletes_controller_spec.rb index b4c0bba85..ad380aa44 100644 --- a/spec/controllers/autocompletes_controller_spec.rb +++ b/spec/controllers/autocompletes_controller_spec.rb @@ -11,12 +11,12 @@ describe AutocompletesController, type: :controller do it 'should be able to perform autocomplete_user_or_group action' do get :autocomplete_user_or_group - response.should be_success + expect(response).to be_success end it 'should be able to perform autocomplete_user_uname action' do get :autocomplete_user_uname - response.should be_success + expect(response).to be_success end context 'autocomplete_extra_build_list' do @@ -26,13 +26,13 @@ describe AutocompletesController, type: :controller do it 'no data when build_list without container' do get :autocomplete_extra_build_list, params - response.body.should == '[]' + expect(response.body).to eq '[]' end it 'shows data when build_list with container' do build_list.update_column(:container_status, BuildList::BUILD_PUBLISHED) get :autocomplete_extra_build_list, params - response.body.should_not == '[]' + expect(response.body).to_not eq '[]' end end @@ -47,13 +47,13 @@ describe AutocompletesController, type: :controller do it 'no data when repository of main platform' do get :autocomplete_extra_repositories, params - response.body.should == '[]' + expect(response.body).to eq '[]' end it 'shows data when repository of personal platform' do Platform.update_all(platform_type: 'personal') get :autocomplete_extra_repositories, params - response.body.should_not == '[]' + expect(response.body).to_not eq '[]' end end @@ -73,7 +73,7 @@ describe AutocompletesController, type: :controller do ].each do |action| it "should not be able to perform #{action} action" do get action - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end diff --git a/spec/controllers/groups/members_controller_spec.rb b/spec/controllers/groups/members_controller_spec.rb index 27f8f03af..f1341f466 100644 --- a/spec/controllers/groups/members_controller_spec.rb +++ b/spec/controllers/groups/members_controller_spec.rb @@ -15,20 +15,20 @@ describe Groups::MembersController, type: :controller do context 'for owner user' do it 'should add member to group' do post :add, @add_params - response.should redirect_to(group_members_path(@group)) - Relation.by_target(@group).by_actor(@another_user).count.should eql(1) + expect(response).to redirect_to(group_members_path(@group)) + expect(Relation.by_target(@group).by_actor(@another_user).count).to eq 1 end it 'should add reader member to group' do post :add, @add_params - Relation.by_target(@group).by_actor(@another_user).first.role.should eql('reader') - response.should redirect_to(group_members_path(@group)) + expect(Relation.by_target(@group).by_actor(@another_user).first.role).to eq 'reader' + expect(response).to redirect_to(group_members_path(@group)) end it 'should not remove self from group' do post :remove, @remove_params - Relation.by_target(@group).by_actor(@user).first.role.should eql('admin') - response.should redirect_to(group_members_path(@group)) + expect(Relation.by_target(@group).by_actor(@user).first.role).to eq 'admin' + expect(response).to redirect_to(group_members_path(@group)) end end @@ -41,27 +41,26 @@ describe Groups::MembersController, type: :controller do it 'should add member to group' do post :add, @add_params - response.should redirect_to(group_members_path(@group)) - Relation.by_target(@group).by_actor(@another_user).count.should eql(1) - response.should redirect_to(group_members_path(@group)) + expect(Relation.by_target(@group).by_actor(@another_user).count).to eq 1 + expect(response).to redirect_to(group_members_path(@group)) end it 'should add reader member to group' do post :add, @add_params - Relation.by_target(@group).by_actor(@another_user).first.role.should eql('reader') - response.should redirect_to(group_members_path(@group)) + expect(Relation.by_target(@group).by_actor(@another_user).first.role).to eq 'reader' + expect(response).to redirect_to(group_members_path(@group)) end it 'should not remove owner from group' do post :remove, @remove_params - Relation.by_target(@group).by_actor(@user).first.role.should eql('admin') - response.should redirect_to(group_members_path(@group)) + expect(Relation.by_target(@group).by_actor(@user).first.role).to eq 'admin' + expect(response).to redirect_to(group_members_path(@group)) end it 'should not set read role to owner group' do post :update, @update_params - Relation.by_target(@group).by_actor(@user).first.role.should eql('admin') - response.should redirect_to(forbidden_path) + expect(Relation.by_target(@group).by_actor(@user).first.role).to eq 'admin' + expect(response).to redirect_to(forbidden_path) end end @@ -74,22 +73,22 @@ describe Groups::MembersController, type: :controller do it 'should not add member to group' do post :add, @add_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should add reader member to group' do post :add, @add_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not remove owner from group' do post :remove, @remove_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not set read role to owner group' do post :update, @update_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end end @@ -100,22 +99,22 @@ describe Groups::MembersController, type: :controller do it 'should not add member to group' do post :add, @add_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should add reader member to group' do post :add, @add_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not remove owner from group' do post :remove, @remove_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not set read role to owner group' do post :update, @update_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end end end diff --git a/spec/controllers/groups/profile_controller_spec.rb b/spec/controllers/groups/profile_controller_spec.rb index 62e13ff10..c03204d3b 100644 --- a/spec/controllers/groups/profile_controller_spec.rb +++ b/spec/controllers/groups/profile_controller_spec.rb @@ -3,55 +3,51 @@ require 'spec_helper' shared_examples_for 'group user with project show rights' do it 'should be able to perform show action' do get :show, uname: @group.uname - response.should render_template(:show) + expect(response).to render_template(:show) end end shared_examples_for 'group user without update rights' do it 'should be not able to perform update action' do put :update, {id: @group}.merge(@update_params) - response.should redirect_to(forbidden_path) - end - - it 'should not be able to update group data' do - put :update, id: @group, group: {description: 'new description'} - @group.reload.description.should_not == 'new description' + expect(response).to redirect_to(forbidden_path) + expect(@group.reload.description).to_not eq 'grp2' end end shared_examples_for 'group user without destroy rights' do it 'should not be able to destroy group' do delete :destroy, id: @group - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not change groups count after destroy action' do - lambda { delete :destroy, id: @group }.should change{ Group.count }.by(0) + expect do + delete :destroy, id: @group + end.to_not change(Group, :count) end end shared_examples_for 'group admin' do it_should_behave_like 'no group user' - it 'should be able to update group data' do - put :update, id: @group, group: {description: 'new description'} - @group.reload.description.should == 'new description' - end - it 'should be able to perform update action' do put :update, {id: @group}.merge(@update_params) - response.should redirect_to(group_path(@group)) + expect(response).to redirect_to(group_path(@group)) + expect(@group.reload.description).to eq 'grp2' end end shared_examples_for 'no group user' do it 'should be able to perform create action' do post :create, @create_params - response.should redirect_to(group_path(Group.last)) + expect(response).to redirect_to(group_path(Group.last)) end it 'should change objects count on create' do - lambda { post :create, @create_params }.should change{ Group.count }.by(1) + expect do + post :create, @create_params + end.to change(Group, :count).by(1) end end @@ -60,11 +56,13 @@ shared_examples_for 'group owner' do it 'should be able to destroy group' do delete :destroy, id: @group - response.should redirect_to(groups_path) + expect(response).to redirect_to(groups_path) end it 'should change groups count after destroy action' do - lambda { delete :destroy, id: @group }.should change{ Group.count }.by(-1) + expect do + delete :destroy, id: @group + end.to change(Group, :count).by(-1) end end @@ -84,23 +82,23 @@ describe Groups::ProfileController, type: :controller do else it 'should not be able to perform show action' do get :show, id: @group - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end it 'should not be able to perform index action' do get :index - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it 'should not be able to perform update action' do put :update, {id: @group}.merge(@update_params) - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it 'should not be able to perform create action' do post :create, @create_params - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end @@ -116,12 +114,12 @@ describe Groups::ProfileController, type: :controller do it 'should be able to perform index action' do get :index - response.should render_template(:index) + expect(response).to render_template(:index) end it 'should be able to perform update action' do put :update, {id: @group}.merge(@update_params) - response.should redirect_to(group_path(@group)) + expect(response).to redirect_to(group_path(@group)) end end @@ -161,11 +159,13 @@ describe Groups::ProfileController, type: :controller do it "should remove user from groups" do delete :remove_user, id: @group - response.should redirect_to(groups_path) + expect(response).to redirect_to(groups_path) end it "should change relations count" do - lambda { delete :remove_user, id: @group }.should change{ Relation.count }.by(-1) + expect do + delete :remove_user, id: @group + end.to change(Relation, :count).by(-1) end it_should_behave_like 'group user with project show rights' diff --git a/spec/controllers/platforms/contents_controller_spec.rb b/spec/controllers/platforms/contents_controller_spec.rb index ae5949fc3..09fe5361d 100644 --- a/spec/controllers/platforms/contents_controller_spec.rb +++ b/spec/controllers/platforms/contents_controller_spec.rb @@ -4,7 +4,7 @@ shared_examples_for 'content platform user without show rights for hidden platfo it 'should not be able to perform index action' do @platform.update_column(:visibility, 'hidden') get :index, platform_id: @platform - response.should_not be_success + expect(response).to_not be_success end end @@ -12,31 +12,31 @@ shared_examples_for 'content platform user with show rights for hidden platform' it 'should be able to perform index action' do @platform.update_column(:visibility, 'hidden') get :index, platform_id: @platform - response.should be_success + expect(response).to be_success end end shared_examples_for 'content platform user with show rights' do it 'should be able to perform index action for main platform' do get :index, platform_id: @platform - response.should be_success + expect(response).to be_success end it 'should be able to perform index action for personal platform' do get :index, platform_id: @personal_platform - response.should be_success + expect(response).to be_success end end shared_examples_for 'content platform user without member rights' do it 'should not be able to perform remove_file action for main platform' do get :remove_file, platform_id: @platform, path: '/test' - response.should_not be_success + expect(response).to_not be_success end it 'should not be able to perform index remove_file for personal platform' do get :remove_file, platform_id: @personal_platform, path: '/test' - response.should_not be_success + expect(response).to_not be_success end end @@ -47,12 +47,12 @@ shared_examples_for 'content platform user with member rights' do it 'should be able to perform remove_file action for main platform' do get :remove_file, platform_id: @platform, path: '/test' - response.should be_success + expect(response).to be_success end it 'should be able to perform remove_file action for personal platform' do get :remove_file, platform_id: @personal_platform, path: '/test' - response.should be_success + expect(response).to be_success end end @@ -70,12 +70,12 @@ describe Platforms::ContentsController, type: :controller do it 'should not be able to perform index action for main platform', anonymous_access: false do get :index, platform_id: @platform - response.should_not be_success + expect(response).to_not be_success end it 'should not be able to perform index action for personal platform', anonymous_access: false do get :index, platform_id: @personal_platform - response.should_not be_success + expect(response).to_not be_success end it_should_behave_like 'content platform user with show rights' if APP_CONFIG['anonymous_access'] diff --git a/spec/controllers/platforms/key_pairs_controller_spec.rb b/spec/controllers/platforms/key_pairs_controller_spec.rb index 454f40760..cac37da66 100644 --- a/spec/controllers/platforms/key_pairs_controller_spec.rb +++ b/spec/controllers/platforms/key_pairs_controller_spec.rb @@ -7,16 +7,18 @@ end shared_examples_for 'key_pair platform owner' do it 'should be able to perform index action' do get :index, platform_id: @platform - response.should render_template(:index) + expect(response).to render_template(:index) end it 'should be able to perform create action' do post :create, @create_params - response.should redirect_to(platform_key_pairs_path(@platform)) + expect(response).to redirect_to(platform_key_pairs_path(@platform)) end it 'should create key pair into db on create action' do - lambda { post :create, @create_params }.should change{KeyPair.count}.by(1) + expect do + post :create, @create_params + end.to change(KeyPair, :count).by(1) end context "on destroy" do @@ -26,11 +28,13 @@ shared_examples_for 'key_pair platform owner' do it 'should be able to perform action' do delete :destroy, platform_id: @platform, id: @key_pair - response.should redirect_to(platform_key_pairs_path(@platform)) + expect(response).to redirect_to(platform_key_pairs_path(@platform)) end it 'should delete key pair into db' do - lambda { delete :destroy, platform_id: @platform, id: @key_pair }.should change{KeyPair.count}.by(-1) + expect do + delete :destroy, platform_id: @platform, id: @key_pair + end.to change(KeyPair, :count).by(-1) end end end @@ -38,16 +42,18 @@ end shared_examples_for 'key_pair platform reader' do it 'should be able to perform index action' do get :index, platform_id: @platform - response.should render_template(:index) + expect(response).to render_template(:index) end it 'should not be able to perform create action' do post :create, @create_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not change objects count on create success' do - lambda { post :create, @create_params }.should change{ KeyPair.count }.by(0) + expect do + post :create, @create_params + end.to_not change(KeyPair, :count) end context "on destroy" do @@ -57,11 +63,13 @@ shared_examples_for 'key_pair platform reader' do it 'should not be able to perform action' do delete :destroy, platform_id: @platform, id: @key_pair - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not change objects count on destroy success' do - lambda { delete :destroy, platform_id: @platform, id: @key_pair }.should change{KeyPair.count}.by(0) + expect do + delete :destroy, platform_id: @platform, id: @key_pair + end.to_not change(KeyPair, :count) end end end @@ -88,12 +96,14 @@ describe Platforms::KeyPairsController, type: :controller do [:index, :create].each do |action| it "should not be able to perform #{ action } action" do get action, platform_id: @platform - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end it 'should not change objects count on create success' do - lambda { post :create, @create_params }.should change{ KeyPair.count }.by(0) + expect do + post :create, @create_params + end.to_not change(KeyPair, :count) end context 'on destroy' do @@ -102,12 +112,14 @@ describe Platforms::KeyPairsController, type: :controller do end it 'should not change objects count on destroy success' do - lambda { delete :destroy, platform_id: @platform, id: @key_pair }.should change{KeyPair.count}.by(0) + expect do + delete :destroy, platform_id: @platform, id: @key_pair + end.to_not change(KeyPair, :count) end it "should not be able to perform destroy action" do delete :destroy, platform_id: @platform, id: @key_pair - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end end diff --git a/spec/controllers/platforms/maintainers_controller_spec.rb b/spec/controllers/platforms/maintainers_controller_spec.rb index 62534eced..3c6859be0 100644 --- a/spec/controllers/platforms/maintainers_controller_spec.rb +++ b/spec/controllers/platforms/maintainers_controller_spec.rb @@ -4,7 +4,7 @@ shared_examples_for 'guest user' do it "should be able to view maintainers list(index)" do get :index, platform_id: @platform.id - response.should be_success + expect(response).to be_success end end @@ -22,12 +22,12 @@ describe Platforms::MaintainersController, type: :controller do it "should be able to view maintainers list(index)", anonymous_access: true do get :index, platform_id: @platform.id - response.should be_success + expect(response).to be_success end it "should not be able to view maintainers list(index)", anonymous_access: false do get :index, platform_id: @platform.id - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end diff --git a/spec/controllers/platforms/mass_builds_controller_spec.rb b/spec/controllers/platforms/mass_builds_controller_spec.rb index 315dcd375..716328802 100644 --- a/spec/controllers/platforms/mass_builds_controller_spec.rb +++ b/spec/controllers/platforms/mass_builds_controller_spec.rb @@ -3,58 +3,60 @@ require 'spec_helper' shared_examples_for 'mass_build platform owner' do it 'should be able to perform index action' do get :index, platform_id: @platform - response.should render_template(:index) + expect(response).to render_template(:index) end it 'should be able to perform show action' do get :show, platform_id: @platform, id: @mass_build - response.should render_template(:show) + expect(response).to render_template(:show) end it 'should be able to perform new action' do get :new, platform_id: @platform - response.should render_template(:new) + expect(response).to render_template(:new) end it 'should be able to perform create action' do post :create, @create_params - response.should redirect_to(platform_mass_builds_path(@platform)) + expect(response).to redirect_to(platform_mass_builds_path(@platform)) end it 'should be able to perform cancel action' do post :cancel, platform_id: @platform, id: @mass_build - response.should redirect_to(platform_mass_builds_path(@platform)) + expect(response).to redirect_to(platform_mass_builds_path(@platform)) end it 'should change stop_build on cancel' do post :cancel, platform_id: @platform, id: @mass_build - @mass_build.reload.stop_build.should == true + expect(@mass_build.reload.stop_build).to be_truthy end it 'should be able to perform publish action' do post :publish, platform_id: @platform, id: @mass_build - response.should redirect_to(platform_mass_builds_path(@platform)) + expect(response).to redirect_to(platform_mass_builds_path(@platform)) end it 'should change build_publish on publish' do allow_any_instance_of(BuildList).to receive(:valid_branch_for_publish?).and_return(true) post :publish, platform_id: @platform, id: @mass_build - @mass_build.reload.build_publish_count.should == 1 + expect(@mass_build.reload.build_publish_count).to eq 1 end it 'should not be able to perform cancel action if stop_build is true' do @mass_build.stop_build = true; @mass_build.save post :cancel, platform_id: @platform, id: @mass_build - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should change objects count on create success' do - lambda { post :create, @create_params }.should change{ MassBuild.count }.by(1) + expect do + post :create, @create_params + end.to change(MassBuild, :count).by(1) end it 'should be able to perform get_list action' do get :get_list, platform_id: @platform, id: @mass_build, kind: 'failed_builds_list' - response.should be_success + expect(response).to be_success end end @@ -74,43 +76,45 @@ end shared_examples_for 'mass_build platform reader' do it 'should be able to perform index action' do get :index, platform_id: @platform - response.should render_template(:index) + expect(response).to render_template(:index) end it 'should be able to perform get_list action' do get :get_list, platform_id: @platform, id: @mass_build, kind: 'failed_builds_list' - response.should be_success + expect(response).to be_success end it "should not be able to perform new action" do get :new, platform_id: @platform - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it "should not be able to perform create action" do get :create, platform_id: @platform - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end [:cancel, :publish].each do |action| it "should not be able to perform #{ action } action" do get action, platform_id: @platform, id: @mass_build.id - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end end it 'should not change objects count on create success' do - lambda { post :create, @create_params }.should change{ MassBuild.count }.by(0) + expect do + post :create, @create_params + end.to_not change(MassBuild, :count) end it 'should not change stop_build on cancel' do post :cancel, platform_id: @platform, id: @mass_build - @mass_build.reload.stop_build.should == false + expect(@mass_build.reload.stop_build).to be_falsy end it 'should not change build_publish on publish' do post :publish, platform_id: @platform, id: @mass_build - @mass_build.reload.build_publish_count.should == 0 + expect(@mass_build.reload.build_publish_count).to eq 0 end end @@ -144,48 +148,50 @@ describe Platforms::MassBuildsController, type: :controller do it 'should be able to perform index action', anonymous_access: true do get :index, platform_id: @platform - response.should render_template(:index) + expect(response).to render_template(:index) end it 'should not be able to perform index action', anonymous_access: false do get :index, platform_id: @platform - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it 'should be able to perform get_list action', anonymous_access: true do get :get_list, platform_id: @platform, id: @mass_build, kind: 'failed_builds_list' - response.should be_success + expect(response).to be_success end it "should not be able to get failed builds list", anonymous_access: false do get :get_list, platform_id: @platform, id: @mass_build, kind: 'failed_builds_list' - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it "should not be able to perform new action" do get :new, platform_id: @platform - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end [:cancel, :publish, :create].each do |action| it "should not be able to perform #{action} action" do post action, platform_id: @platform, id: @mass_build - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end it 'should not change objects count on create success' do - lambda { post :create, @create_params }.should change{ MassBuild.count }.by(0) + expect do + post :create, @create_params + end.to_not change(MassBuild, :count) end it 'should not change stop_build on cancel' do post :cancel, platform_id: @platform, id: @mass_build - @mass_build.reload.stop_build.should == false + expect(@mass_build.reload.stop_build).to be_falsy end it 'should not change build_publish_count on publish' do post :publish, platform_id: @platform, id: @mass_build - @mass_build.reload.build_publish_count.should == 0 + expect(@mass_build.reload.build_publish_count).to eq 0 end end diff --git a/spec/controllers/platforms/platforms_controller_spec.rb b/spec/controllers/platforms/platforms_controller_spec.rb index b893c8a32..40b66a074 100644 --- a/spec/controllers/platforms/platforms_controller_spec.rb +++ b/spec/controllers/platforms/platforms_controller_spec.rb @@ -6,8 +6,8 @@ shared_examples_for 'platform user with reader rights' do [:members, :advisories].each do |action| it 'should be able to perform advisories action' do get action, id: @platform.id - response.should render_template(action) - response.should be_success + expect(response).to render_template(action) + expect(response).to be_success end end end @@ -20,11 +20,10 @@ shared_examples_for 'platform user with owner rights' do end it 'should be able to perform update action' do - response.should redirect_to(platform_path(@platform)) + expect(response).to redirect_to(platform_path(@platform)) end it 'ensures that platform has been updated' do - @platform.reload - @platform.description.should == 'new description' + expect(@platform.reload.description).to eq 'new description' end end @@ -35,29 +34,32 @@ shared_examples_for 'platform user with owner rights' do end it 'should be able to perform action' do - response.should redirect_to(platform_path(@platform)) + expect(response).to redirect_to(platform_path(@platform)) end it 'ensures that visibility of platform has been changed' do - @platform.reload - @platform.visibility.should_not == @visibility + expect(@platform.reload.visibility).to_not eq @visibility end end context 'platform user with destroy rights for main platforms only' do it 'should be able to perform destroy action for main platform' do delete :destroy, id: @platform.id - response.should redirect_to(platforms_path) + expect(response).to redirect_to(platforms_path) end it 'ensures that main platform has been destroyed' do - lambda { delete :destroy, id: @platform.id }.should change{ Platform.count }.by(-1) + expect do + delete :destroy, id: @platform.id + end.to change(Platform, :count).by(-1) end it 'should not be able to perform destroy action for personal platform' do delete :destroy, id: @personal_platform.id - response.should_not be_success + expect(response).to_not be_success end it 'ensures that personal platform has not been destroyed' do - lambda { delete :destroy, id: @personal_platform.id }.should change{ Platform.count }.by(0) + expect do + delete :destroy, id: @personal_platform.id + end.to_not change(Platform, :count) end end end @@ -69,11 +71,10 @@ shared_examples_for 'platform user without owner rights' do end it 'should not be able to perform update action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that platform has not been updated' do - @platform.reload - @platform.description.should_not == 'new description' + expect(@platform.reload.description).to_not eq 'new description' end end @@ -84,29 +85,32 @@ shared_examples_for 'platform user without owner rights' do end it 'should not be able to perform action' do - response.should_not be_success + expect(response).to_not be_success end it 'ensures that visibility of platform has not been changed' do - @platform.reload - @platform.visibility.should == @visibility + expect(@platform.reload.visibility).to eq @visibility end end context 'platform user without destroy rights' do it 'should not be able to perform destroy action for main platform' do delete :destroy, id: @platform.id - response.should_not be_success + expect(response).to_not be_success end it 'ensures that main platform has not been destroyed' do - lambda { delete :destroy, id: @platform.id }.should_not change{ Platform.count } + expect do + delete :destroy, id: @platform.id + end.to_not change(Platform, :count) end it 'should not be able to perform destroy action for personal platform' do delete :destroy, id: @personal_platform.id - response.should_not be_success + expect(response).to_not be_success end it 'ensures that personal platform has not been destroyed' do - lambda { delete :destroy, id: @personal_platform.id }.should_not change{ Platform.count } + expect do + delete :destroy, id: @personal_platform.id + end.to_not change(Platform, :count) end end @@ -121,10 +125,10 @@ shared_examples_for 'platform user with member rights' do end it 'should be able to perform add_member action' do - response.should redirect_to(members_platform_path(@platform)) + expect(response).to redirect_to(members_platform_path(@platform)) end it 'ensures that new member has been added to platform' do - @platform.members.should include(member) + expect(@platform.members).to include(member) end end @@ -136,10 +140,10 @@ shared_examples_for 'platform user with member rights' do end it 'should be able to perform remove_members action' do - response.should redirect_to(members_platform_path(@platform)) + expect(response).to redirect_to(members_platform_path(@platform)) end it 'ensures that member has been removed from platform' do - @platform.members.should_not include(member) + expect(@platform.members).to_not include(member) end end @@ -154,10 +158,10 @@ shared_examples_for 'platform user without member rights' do |guest = false| end it 'should not be able to perform add_member action' do - response.should redirect_to(guest ? new_user_session_path : forbidden_path) + expect(response).to redirect_to(guest ? new_user_session_path : forbidden_path) end it 'ensures that new member has not been added to platform' do - @platform.members.should_not include(member) + expect(@platform.members).to_not include(member) end end @@ -169,10 +173,10 @@ shared_examples_for 'platform user without member rights' do |guest = false| end it 'should not be able to perform remove_members action' do - response.should redirect_to(guest ? new_user_session_path : forbidden_path) + expect(response).to redirect_to(guest ? new_user_session_path : forbidden_path) end it 'ensures that member has not been removed from platform' do - @platform.members.should include(member) + expect(@platform.members).to include(member) end end @@ -182,38 +186,40 @@ shared_examples_for 'platform user without global admin rights' do context 'should not be able to perform clear action' do it 'for personal platform' do put :clear, id: @personal_platform.id - response.should_not be_success + expect(response).to_not be_success end it 'for main platform' do put :clear, id: @platform.id - response.should_not be_success + expect(response).to_not be_success end end context 'should not be able to perform clone action' do it 'for personal platform' do get :clone, id: @personal_platform.id - response.should_not be_success + expect(response).to_not be_success end it 'for main platform' do get :clone, id: @platform.id - response.should_not be_success + expect(response).to_not be_success end end it 'should not be able to perform new action' do get :new - response.should_not be_success + expect(response).to_not be_success end [:create, :make_clone].each do |action| context "platform user without #{action} rights" do it "should not be able to perform #{action} action" do post action, clone_or_create_params - response.should_not be_success + expect(response).to_not be_success end it "ensures that platform has not been #{action}d" do - lambda { post action, clone_or_create_params }.should_not change{ Platform.count } + expect do + post action, clone_or_create_params + end.to_not change(Platform, :count) end end end @@ -235,7 +241,7 @@ shared_examples_for 'platform user without reader rights for hidden platform' do [:show, :members].each do |action| it "should not be able to perform #{ action } action" do get action, id: @platform.id - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end end end @@ -243,8 +249,8 @@ end shared_examples_for 'platform user with show rights' do it 'should be able to perform show action' do get :show, id: @platform.id - response.should render_template(:show) - assigns(:platform).should eq @platform + expect(response).to render_template(:show) + expect(assigns(:platform)).to eq @platform end end @@ -263,13 +269,13 @@ describe Platforms::PlatformsController, type: :controller do it "should not be able to perform index action" do get :index - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end [:show, :members, :advisories].each do |action| it "should not be able to perform #{ action } action", anonymous_access: false do get action, id: @platform - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end @@ -293,12 +299,12 @@ describe Platforms::PlatformsController, type: :controller do it "should be able to perform new action" do get :new, id: @platform - response.should render_template(:new) + expect(response).to render_template(:new) end it "should be able to perform clone action" do get :clone, id: @platform - response.should render_template(:clone) + expect(response).to render_template(:clone) end [:make_clone, :create].each do |action| @@ -308,10 +314,12 @@ describe Platforms::PlatformsController, type: :controller do end it "should be able to perform #{action} action" do post action, clone_or_create_params - response.should redirect_to(platform_path(Platform.last)) + expect(response).to redirect_to(platform_path(Platform.last)) end it "ensures that platform has been #{action}d" do - lambda { post action, clone_or_create_params }.should change{ Platform.count }.by(1) + expect do + post action, clone_or_create_params + end.to change(Platform, :count).by(1) end end end @@ -368,7 +376,7 @@ describe Platforms::PlatformsController, type: :controller do it "should be able to perform index action" do get :index - response.should render_template(:index) + expect(response).to render_template(:index) end it_should_behave_like 'platform user with reader rights' diff --git a/spec/controllers/platforms/product_build_lists_controller_spec.rb b/spec/controllers/platforms/product_build_lists_controller_spec.rb index 121f25c35..e6198cd9f 100644 --- a/spec/controllers/platforms/product_build_lists_controller_spec.rb +++ b/spec/controllers/platforms/product_build_lists_controller_spec.rb @@ -6,7 +6,7 @@ shared_examples_for 'product build list admin' do expect { post :create, valid_attributes }.to change(ProductBuildList, :count).by(1) - response.should redirect_to([@product.platform, @product]) + expect(response).to redirect_to([@product.platform, @product]) end it "should be able to perform destroy action" do @@ -14,41 +14,41 @@ shared_examples_for 'product build list admin' do expect { delete :destroy, valid_attributes_for_destroy }.to change(ProductBuildList, :count).by(-1) - response.should redirect_to([@pbl.product.platform, @pbl.product]) + expect(response).to redirect_to([@pbl.product.platform, @pbl.product]) end it 'should be able to perform index action' do get :index - response.should render_template(:index) + expect(response).to render_template(:index) end it 'should be able to perform cancel action' do url = platform_product_product_build_list_path(@product.platform, @product, @pbl) @request.env['HTTP_REFERER'] = url put :cancel, valid_attributes_for_show - response.should redirect_to(url) + expect(response).to redirect_to(url) end it 'should be able to perform show action' do get :show, valid_attributes_for_show - response.should render_template(:show) + expect(response).to render_template(:show) end it 'should be able to perform update action' do put :update, valid_attributes_for_show.merge(product_build_list: {time_living: 100,not_delete: true}) - response.should be_success + expect(response).to be_success end it "ensures that only not_delete field of product build list has been updated" do put :update, valid_attributes_for_show.merge(product_build_list: {time_living: 100,not_delete: true}) time_living = @pbl.time_living - @pbl.reload.time_living.should == time_living - @pbl.not_delete.should be_truthy + expect(@pbl.reload.time_living).to eq time_living + expect(@pbl.not_delete).to be_truthy end it 'should be able to perform log action' do get :log, valid_attributes_for_show - response.should be_success + expect(response).to be_success end end @@ -57,8 +57,8 @@ shared_examples_for 'product build list user without admin rights' do it 'should not be able to perform create action' do expect { post :create, valid_attributes - }.to change(ProductBuildList, :count).by(0) - response.should_not be_success + }.to_not change(ProductBuildList, :count) + expect(response).to_not be_success end it 'should not be able to perform destroy action' do @@ -66,17 +66,17 @@ shared_examples_for 'product build list user without admin rights' do expect { delete :destroy, valid_attributes_for_destroy }.to change(ProductBuildList, :count).by(0) - response.should_not be_success + expect(response).to_not be_success end it 'should not be able to perform cancel action' do put :cancel, valid_attributes_for_show - response.should_not redirect_to(platform_product_product_build_list_path(@product.platform, @product, @pbl)) + expect(response).to_not redirect_to(platform_product_product_build_list_path(@product.platform, @product, @pbl)) end it 'should not be able to perform update action' do put :update, valid_attributes_for_show - response.should_not be_success + expect(response).to_not be_success end end @@ -84,17 +84,17 @@ end shared_examples_for 'product build list user' do it 'should be able to perform index action' do get :index - response.should render_template(:index) + expect(response).to render_template(:index) end it 'should be able to perform show action' do get :show, valid_attributes_for_show - response.should render_template(:show) + expect(response).to render_template(:show) end it 'should be able to perform log action' do get :log, valid_attributes_for_show - response.should be_success + expect(response).to be_success end end @@ -131,7 +131,7 @@ describe Platforms::ProductBuildListsController, type: :controller do [:index, :show, :log].each do |action| it "should not be able to perform #{action}" do get action, valid_attributes_for_show - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end end diff --git a/spec/controllers/platforms/products_controller_spec.rb b/spec/controllers/platforms/products_controller_spec.rb index 8d2183ac7..a3191e46d 100644 --- a/spec/controllers/platforms/products_controller_spec.rb +++ b/spec/controllers/platforms/products_controller_spec.rb @@ -3,20 +3,23 @@ require 'spec_helper' shared_examples_for 'admin user' do it 'should be able to create product' do - lambda { post :create, @create_params }.should change{ Product.count }.by(1) - response.should redirect_to(platform_product_path( Product.last.platform, Product.last )) + expect do + post :create, @create_params + end.to change(Product, :count).by(1) + expect(response).to redirect_to(platform_product_path( Product.last.platform, Product.last )) end it 'should be able to update product' do put :update, {id: @product.id}.merge(@update_params) - response.should redirect_to platform_product_path(@platform, @product) - @product.reload - @product.name.should eql('pro2') + expect(response).to redirect_to platform_product_path(@platform, @product) + expect(@product.reload.name).to eq 'pro2' end it 'should be able to destroy product' do - lambda { delete :destroy, id: @product.id, platform_id: @platform }.should change{ Product.count }.by(-1) - response.should redirect_to(platform_products_path(@platform)) + expect do + delete :destroy, id: @product.id, platform_id: @platform + end.to change(Product, :count).by(-1) + expect(response).to redirect_to(platform_products_path(@platform)) end end @@ -46,29 +49,29 @@ describe Platforms::ProductsController, type: :controller do [:create].each do |action| it "should not be able to perform #{ action } action" do get action, platform_id: @platform.id - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end [:new, :edit, :update, :destroy].each do |action| it "should not be able to perform #{ action } action" do get action, id: @product.id, platform_id: @platform.id - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end [:show, :index].each do |action| it "should not be able to perform #{ action } action", anonymous_access: false do get action, id: @product.id, platform_id: @platform.id - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end [:show, :index].each do |action| it "should be able to perform #{ action } action", anonymous_access: true do get action, id: @product.id, platform_id: @platform.id - response.should render_template(action) - response.should be_success + expect(response).to render_template(action) + expect(response).to be_success end end end @@ -102,18 +105,22 @@ describe Platforms::ProductsController, type: :controller do context 'for no relation user' do it 'should not be able to create product' do - lambda { post :create, @create_params }.should change{ Product.count }.by(0) - response.should redirect_to(forbidden_path) + expect do + post :create, @create_params + end.to_not change(Product, :count) + expect(response).to redirect_to(forbidden_path) end it 'should not be able to perform update action' do put :update, {id: @product.id}.merge(@update_params) - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not be able to destroy product' do - lambda { delete :destroy, id: @product.id, platform_id: @platform }.should change{ Product.count }.by(0) - response.should redirect_to(forbidden_path) + expect do + delete :destroy, id: @product.id, platform_id: @platform + end.to_not change(Product, :count) + expect(response).to redirect_to(forbidden_path) end end diff --git a/spec/controllers/platforms/repositories_controller_spec.rb b/spec/controllers/platforms/repositories_controller_spec.rb index e56a9dcaf..220128530 100644 --- a/spec/controllers/platforms/repositories_controller_spec.rb +++ b/spec/controllers/platforms/repositories_controller_spec.rb @@ -4,19 +4,19 @@ shared_examples_for 'user with change projects in repository rights' do it 'should be able to see add_project page' do get :add_project, id: @repository, platform_id: @platform - response.should render_template(:projects_list) + expect(response).to render_template(:projects_list) end it 'should be able to add project to repository' do get :add_project, id: @repository, platform_id: @platform, project_id: @project.id - response.should redirect_to(platform_repository_path(@repository.platform, @repository)) - @repository.projects.should include(@project) + expect(response).to redirect_to(platform_repository_path(@repository.platform, @repository)) + expect(@repository.projects).to include(@project) end it 'should be able to remove project from repository' do get :remove_project, id: @repository, platform_id: @platform, project_id: @project.id - response.should redirect_to(platform_repository_path(@repository.platform, @repository)) - @repository.projects.should_not include(@project) + expect(response).to redirect_to(platform_repository_path(@repository.platform, @repository)) + expect(@repository.projects).to_not include(@project) end end @@ -24,75 +24,77 @@ end shared_examples_for 'user with rights of add/remove sync_lock_file to repository' do it 'should be able to perform sync_lock_file action' do put :sync_lock_file, id: @repository, platform_id: @platform - response.should redirect_to(edit_platform_repository_path(@platform, @repository)) + expect(response).to redirect_to(edit_platform_repository_path(@platform, @repository)) end end shared_examples_for 'user without rights of add/remove sync_lock_file to repository' do it 'should not be able to perform sync_lock_file action' do put :sync_lock_file, id: @repository, platform_id: @platform - response.should redirect_to(redirect_path) + expect(response).to redirect_to(redirect_path) end end shared_examples_for 'user without change projects in repository rights' do it 'should not be able to add project to repository' do get :add_project, id: @repository, platform_id: @platform, project_id: @project.id - response.should redirect_to(redirect_path) - @repository.projects.should_not include(@project) + expect(response).to redirect_to(redirect_path) + expect(@repository.projects).to_not include(@project) end it 'should not be able to perform regenerate_metadata action' do put :regenerate_metadata, id: @repository, platform_id: @platform - response.should redirect_to(redirect_path) + expect(response).to redirect_to(redirect_path) expect(@repository.repository_statuses.count).to eq 0 end it 'should not be able to remove project from repository' do delete :remove_project, id: @repository, platform_id: @platform, project_id: @project.id - response.should redirect_to(redirect_path) - @repository.projects.should_not include(@project) + expect(response).to redirect_to(redirect_path) + expect(@repository.projects).to_not include(@project) end end shared_examples_for 'registered user or guest' do it 'should not be able to perform new action' do get :new, platform_id: @platform - response.should redirect_to(redirect_path) + expect(response).to redirect_to(redirect_path) end it 'should not be able to perform regenerate_metadata action' do put :regenerate_metadata, id: @repository, platform_id: @platform - response.should redirect_to(redirect_path) + expect(response).to redirect_to(redirect_path) expect(@repository.repository_statuses.count).to eq 0 end it 'should not be able to perform regenerate_metadata action of personal repository' do put :regenerate_metadata, id: @personal_repository, platform_id: @personal_repository.platform - response.should redirect_to(redirect_path) + expect(response).to redirect_to(redirect_path) expect(@personal_repository.repository_statuses.count).to eq 0 end it 'should not be able to perform create action' do post :create, @create_params - lambda { post :create, @create_params }.should change{ Repository.count }.by(0) - response.should redirect_to(redirect_path) + expect do + post :create, @create_params + end.to_not change(Repository, :count) + expect(response).to redirect_to(redirect_path) end it 'should not be able to perform edit action' do get :edit, id: @repository, platform_id: @platform - response.should redirect_to(redirect_path) + expect(response).to redirect_to(redirect_path) end it 'should not be able to perform update action' do put :update, id: @repository, platform_id: @platform - response.should redirect_to(redirect_path) + expect(response).to redirect_to(redirect_path) end it 'should not be able to add new member to repository' do post :add_member, id: @repository, platform_id: @platform, member_id: @another_user.id - response.should redirect_to(redirect_path) - @repository.members.should_not include(@another_user) + expect(response).to redirect_to(redirect_path) + expect(@repository.members).to_not include(@another_user) end it 'should not be able to remove members from repository' do @@ -101,37 +103,40 @@ shared_examples_for 'registered user or guest' do create_relation(@repository, another_user2, 'admin') post :remove_members, id: @repository, platform_id: @platform, members: [@another_user.id, another_user2.id] - response.should redirect_to(redirect_path) - @repository.members.should include(@another_user, another_user2) + expect(response).to redirect_to(redirect_path) + expect(@repository.members).to include(@another_user, another_user2) end it 'should not be able to destroy repository in main platform' do delete :destroy, id: @repository, platform_id: @platform - response.should redirect_to(redirect_path) - lambda { delete :destroy, id: @repository, platform_id: @platform }.should change{ Repository.count }.by(0) + expect(response).to redirect_to(redirect_path) + expect do + delete :destroy, id: @repository, platform_id: @platform + end.to_not change(Repository, :count) end it 'should not be able to destroy personal repository' do - lambda { delete :destroy, id: @personal_repository, platform_id: @personal_repository.platform} - .should change{ Repository.count }.by(0) - response.should redirect_to(redirect_path) + expect do + delete :destroy, id: @personal_repository, platform_id: @personal_repository.platform + end.to_not change(Repository, :count) + expect(response).to redirect_to(redirect_path) end end shared_examples_for 'registered user' do it 'should be able to perform index action' do get :index, platform_id: @platform - response.should render_template(:index) + expect(response).to render_template(:index) end it 'should be able to perform show action' do get :show, id: @repository, platform_id: @platform - response.should render_template(:show) + expect(response).to render_template(:show) end it 'should be able to perform projects_list action' do get :projects_list, id: @repository, platform_id: @platform, format: :json - response.should be_success + expect(response).to be_success end end @@ -143,49 +148,53 @@ shared_examples_for 'platform admin user' do it 'should be able to perform new action' do get :new, platform_id: @platform - response.should render_template(:new) + expect(response).to render_template(:new) end it 'should be able to perform regenerate_metadata action' do put :regenerate_metadata, id: @repository, platform_id: @platform - response.should redirect_to(platform_repository_path(@platform, @repository)) - @repository.repository_statuses.find_by(platform_id: @platform). - waiting_for_regeneration?.should be_truthy + expect(response).to redirect_to(platform_repository_path(@platform, @repository)) + expect(@repository.repository_statuses.find_by(platform_id: @platform). + waiting_for_regeneration?).to be_truthy end it 'should be able to perform regenerate_metadata action of personal repository' do put :regenerate_metadata, id: @personal_repository, platform_id: @personal_repository.platform, repository: { build_for_platform_id: @platform.id } - response.should redirect_to(platform_repository_path(@personal_repository.platform, @personal_repository)) - @personal_repository.repository_statuses.find_by(platform_id: @platform). - waiting_for_regeneration?.should be_truthy + expect(response).to redirect_to(platform_repository_path(@personal_repository.platform, @personal_repository)) + expect(@personal_repository.repository_statuses.find_by(platform_id: @platform). + waiting_for_regeneration?).to be_truthy end it 'should not be able to perform regenerate_metadata action of personal repository when build_for_platform does not exist' do put :regenerate_metadata, id: @personal_repository, platform_id: @personal_repository.platform - response.should render_template(file: "#{Rails.root}/public/404.html") + expect(response).to render_template(file: "#{Rails.root}/public/404.html") expect(@personal_repository.repository_statuses.count).to eq 0 end it 'should be able to create repository' do - lambda { post :create, @create_params }.should change{ Repository.count }.by(1) - response.should redirect_to(platform_repository_path(@platform, Repository.last)) + expect do + post :create, @create_params + end.to change(Repository, :count).by(1) + expect(response).to redirect_to(platform_repository_path(@platform, Repository.last)) end it 'should be able to destroy repository in main platform' do - lambda { delete :destroy, id: @repository, platform_id: @platform }.should change{ Repository.count }.by(-1) - response.should redirect_to(platform_repositories_path(@repository.platform)) + expect do + delete :destroy, id: @repository, platform_id: @platform + end.to change(Repository, :count).by(-1) + expect(response).to redirect_to(platform_repositories_path(@repository.platform)) end it 'should be able to perform edit action' do get :edit, id: @repository, platform_id: @platform - response.should render_template(:edit) + expect(response).to render_template(:edit) end it 'should be able to add new member to repository' do post :add_member, id: @repository, platform_id: @platform, member_id: @another_user.id - response.should redirect_to(edit_platform_repository_path(@repository.platform, @repository)) - @repository.members.should include(@another_user) + expect(response).to redirect_to(edit_platform_repository_path(@repository.platform, @repository)) + expect(@repository.members).to include(@another_user) end it 'should be able to remove members from repository' do @@ -194,23 +203,25 @@ shared_examples_for 'platform admin user' do create_relation(@repository, another_user2, 'admin') post :remove_members, id: @repository, platform_id: @platform, members: [@another_user.id, another_user2.id] - response.should redirect_to(edit_platform_repository_path(@repository.platform, @repository)) - @repository.members.should_not include(@another_user, another_user2) + expect(response).to redirect_to(edit_platform_repository_path(@repository.platform, @repository)) + expect(@repository.members).to_not include(@another_user, another_user2) end it 'should not be able to destroy personal repository with name "main"' do # hook for "ActiveRecord::ActiveRecordError: name is marked as readonly" Repository.where(id: @personal_repository).update_all("name = 'main'") - lambda { delete :destroy, id: @personal_repository, platform_id: @personal_repository.platform} - .should change{ Repository.count }.by(0) - # response.should redirect_to(forbidden_path) - response.should render_template(file: "#{Rails.root}/public/404.html") + expect do + delete :destroy, id: @personal_repository, platform_id: @personal_repository.platform + end.to_not change(Repository, :count) + # expect(response).to redirect_to(forbidden_path) + expect(response).to render_template(file: "#{Rails.root}/public/404.html") end it 'should be able to destroy personal repository with name not "main"' do - lambda { delete :destroy, id: @personal_repository, platform_id: @personal_repository.platform} - .should change{ Repository.count }.by(-1) - response.should redirect_to(platform_repositories_path(@personal_repository.platform)) + expect do + delete :destroy, id: @personal_repository, platform_id: @personal_repository.platform + end.to change(Repository, :count).by(-1) + expect(response).to redirect_to(platform_repositories_path(@personal_repository.platform)) end it_should_behave_like 'user with change projects in repository rights' @@ -246,17 +257,17 @@ describe Platforms::RepositoriesController, type: :controller do it "should not be able to perform show action", anonymous_access: false do get :show, id: @repository - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it "should not be able to perform index action", anonymous_access: false do get :index, platform_id: @platform - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it 'should not be able to perform projects_list action', anonymous_access: false do get :projects_list, id: @repository, platform_id: @platform, format: :json - response.response_code.should == 401 + expect(response.response_code).to eq 401 end end diff --git a/spec/controllers/platforms/tokens_controller_spec.rb b/spec/controllers/platforms/tokens_controller_spec.rb index 45b536d5b..39a996350 100644 --- a/spec/controllers/platforms/tokens_controller_spec.rb +++ b/spec/controllers/platforms/tokens_controller_spec.rb @@ -8,22 +8,24 @@ shared_examples_for 'token of platform for owner' do [:index, :new].each do |action| it "should be able to perform #{action} action" do get action, platform_id: @platform - response.should render_template(action) + expect(response).to render_template(action) end end it 'should not be able to perform show action' do get :show, platform_id: @platform, id: @platform_token - response.should render_template(:show) + expect(response).to render_template(:show) end it 'should be able to perform create action' do post :create, @create_params - response.should redirect_to(platform_tokens_path(@platform)) + expect(response).to redirect_to(platform_tokens_path(@platform)) end it 'should create key pair into db on create action' do - lambda { post :create, @create_params }.should change{Token.count}.by(1) + expect do + post :create, @create_params + end.to change(Token, :count).by(1) end end @@ -31,22 +33,24 @@ shared_examples_for 'token of platform for simple user or guest' do [:index, :new].each do |action| it "should not be able to perform #{ action } action" do get action, platform_id: @platform - response.should redirect_to(redirected_url) + expect(response).to redirect_to(redirected_url) end end it 'should not be able to perform show action' do get :show, platform_id: @platform, id: @platform_token - response.should redirect_to(redirected_url) + expect(response).to redirect_to(redirected_url) end it 'should not be able to perform show action' do post :create, @create_params - response.should redirect_to(redirected_url) + expect(response).to redirect_to(redirected_url) end it 'should not change objects count on create success' do - lambda { post :create, @create_params }.should change{ Token.count }.by(0) + expect do + post :create, @create_params + end.to_not change(Token, :count) end end diff --git a/spec/controllers/projects/build_lists_controller_spec.rb b/spec/controllers/projects/build_lists_controller_spec.rb index 66bc1cffb..ff5145ebb 100644 --- a/spec/controllers/projects/build_lists_controller_spec.rb +++ b/spec/controllers/projects/build_lists_controller_spec.rb @@ -5,24 +5,24 @@ describe Projects::BuildListsController, type: :controller do shared_examples_for 'show build list' do it 'should be able to perform show action' do get :show, @show_params - response.should be_success + expect(response).to be_success end it 'should be able to perform index action in project scope' do get :index, name_with_owner: @project.name_with_owner - response.should be_success + expect(response).to be_success end end shared_examples_for 'not show build list' do it 'should not be able to perform show action' do get :show, @show_params - response.should redirect_to(forbidden_url) + expect(response).to redirect_to(forbidden_url) end it 'should not be able to perform index action in project scope' do get :index, name_with_owner: @project.name_with_owner - response.should redirect_to(forbidden_url) + expect(response).to redirect_to(forbidden_url) end end @@ -33,31 +33,35 @@ describe Projects::BuildListsController, type: :controller do it 'should be able to perform new action' do get :new, name_with_owner: @project.name_with_owner - response.should render_template(:new) + expect(response).to render_template(:new) end it 'should be able to perform create action' do post :create, { name_with_owner: @project.name_with_owner }.merge(@create_params) - response.should redirect_to project_build_lists_path(@project) + expect(response).to redirect_to project_build_lists_path(@project) end it 'should save correct commit_hash for branch based build' do post :create, { name_with_owner: @project.name_with_owner }.merge(@create_params).deep_merge(build_list: { project_version: "master" }) - @project.build_lists.last.commit_hash.should == @project.repo.commits('master').first.id + expect(@project.build_lists.last.commit_hash).to eq @project.repo.commits('master').first.id end it 'should save correct commit_hash for tag based build' do system("cd #{@project.repo.path} && git tag 4.7.5.3") # TODO REDO through grit post :create, { name_with_owner: @project.name_with_owner }.merge(@create_params).deep_merge(build_list: { project_version: "4.7.5.3" }) - @project.build_lists.last.commit_hash.should == @project.repo.commits('4.7.5.3').first.id + expect(@project.build_lists.last.commit_hash).to eq @project.repo.commits('4.7.5.3').first.id end it 'should not be able to create with wrong project version' do - lambda{ post :create, { name_with_owner: @project.name_with_owner }.merge(@create_params).deep_merge(build_list: { project_version: "wrong", commit_hash: nil })}.should change{ @project.build_lists.count }.by(0) + expect do + post :create, { name_with_owner: @project.name_with_owner }.merge(@create_params).deep_merge(build_list: { project_version: "wrong", commit_hash: nil }) + end.to_not change{ @project.build_lists.count } end it 'should not be able to create with wrong git hash' do - lambda{ post :create, { name_with_owner: @project.name_with_owner }.merge(@create_params).deep_merge(build_list: { commit_hash: 'wrong' }) }.should change{ @project.build_lists.count }.by(0) + expect do + post :create, { name_with_owner: @project.name_with_owner }.merge(@create_params).deep_merge(build_list: { commit_hash: 'wrong' }) + end.to_not change{ @project.build_lists.count } end end @@ -68,12 +72,12 @@ describe Projects::BuildListsController, type: :controller do it 'should not be able to perform new action' do get :new, name_with_owner: @project.name_with_owner - response.should redirect_to(forbidden_url) + expect(response).to redirect_to(forbidden_url) end unless skip_new it 'should not be able to perform create action' do post :create, { name_with_owner: @project.name_with_owner }.merge(@create_params) - response.should redirect_to(forbidden_url) + expect(response).to redirect_to(forbidden_url) end end @@ -98,12 +102,12 @@ describe Projects::BuildListsController, type: :controller do context 'for guest' do it 'should be able to perform index action', anonymous_access: true do get :index - response.should be_success + expect(response).to be_success end it 'should not be able to perform index action', anonymous_access: false do get :index - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end @@ -199,11 +203,11 @@ describe Projects::BuildListsController, type: :controller do context "if it has :success status" do it 'should return 302 response code' do - response.status.should == 302 + expect(response.status).to eq 302 end it "should reject publish build list" do - @build_list.reload.status.should == BuildList::REJECTED_PUBLISH + expect(@build_list.reload.status).to eq BuildList::REJECTED_PUBLISH end end @@ -214,7 +218,7 @@ describe Projects::BuildListsController, type: :controller do end it "should not change status of build list" do - @build_list.reload.status.should == BuildList::BUILD_ERROR + expect(@build_list.reload.status).to eq BuildList::BUILD_ERROR end end end @@ -227,12 +231,12 @@ describe Projects::BuildListsController, type: :controller do end it "should redirect to forbidden page" do - response.should redirect_to(forbidden_url) + expect(response).to redirect_to(forbidden_url) end it "should not change status of build list" do do_reject_publish - @build_list.reload.status.should == BuildList::SUCCESS + expect(@build_list.reload.status).to eq BuildList::SUCCESS end end @@ -247,12 +251,12 @@ describe Projects::BuildListsController, type: :controller do end it "should redirect to forbidden page" do - response.should redirect_to(forbidden_url) + expect(response).to redirect_to(forbidden_url) end it "should not change status of build list" do do_reject_publish - @build_list.reload.status.should == BuildList::SUCCESS + expect(@build_list.reload.status).to eq BuildList::SUCCESS end end @@ -267,11 +271,11 @@ describe Projects::BuildListsController, type: :controller do end it 'should return 302 response code' do - response.status.should == 302 + expect(response.status).to eq 302 end it "should reject publish build list" do - @build_list.reload.status.should == BuildList::REJECTED_PUBLISH + expect(@build_list.reload.status).to eq BuildList::REJECTED_PUBLISH end end end @@ -293,15 +297,15 @@ describe Projects::BuildListsController, type: :controller do it 'should be able to perform index action' do get :index - response.should be_success + expect(response).to be_success end it 'should show only accessible build_lists' do - get :index, filter: {ownership: 'everything'} - assigns(:build_lists).should include(@build_list1) - assigns(:build_lists).should_not include(@build_list2) - assigns(:build_lists).should include(@build_list3) - assigns(:build_lists).should include(@build_list4) + get :index, filter: {ownership: 'everything'}, format: :json + expect(assigns(:build_lists)).to include(@build_list1) + expect(assigns(:build_lists)).to_not include(@build_list2) + expect(assigns(:build_lists)).to include(@build_list3) + expect(assigns(:build_lists)).to include(@build_list4) end end @@ -393,15 +397,15 @@ describe Projects::BuildListsController, type: :controller do it 'should be able to perform index action' do get :index - response.should be_success + expect(response).to be_success end it 'should show only accessible build_lists' do - get :index, filter: {ownership: 'everything'} - assigns(:build_lists).should include(@build_list1) - assigns(:build_lists).should_not include(@build_list2) - assigns(:build_lists).should include(@build_list3) - assigns(:build_lists).should include(@build_list4) + get :index, filter: {ownership: 'everything'}, format: :json + expect(assigns(:build_lists)).to include(@build_list1) + expect(assigns(:build_lists)).to_not include(@build_list2) + expect(assigns(:build_lists)).to include(@build_list3) + expect(assigns(:build_lists)).to include(@build_list4) end end @@ -462,26 +466,26 @@ describe Projects::BuildListsController, type: :controller do it 'should filter by id' do get :index, filter: {id: @build_list1.id, project_name: 'fdsfdf', any_other_field: 'do not matter'}, format: :json - assigns[:build_lists].should include(@build_list1) - assigns[:build_lists].should_not include(@build_list2) - assigns[:build_lists].should_not include(@build_list3) + expect(assigns[:build_lists]).to include(@build_list1) + expect(assigns[:build_lists]).to_not include(@build_list2) + expect(assigns[:build_lists]).to_not include(@build_list3) end it 'should filter by project_name' do # Project.where(id: build_list2.project.id).update_all(name: 'project_name') get :index, filter: {project_name: @build_list2.project.name, ownership: 'everything'}, format: :json - assigns[:build_lists].should_not include(@build_list1) - assigns[:build_lists].should include(@build_list2) - assigns[:build_lists].should_not include(@build_list3) + expect(assigns[:build_lists]).to_not include(@build_list1) + expect(assigns[:build_lists]).to include(@build_list2) + expect(assigns[:build_lists]).to_not include(@build_list3) end it 'should filter by project_name and update_date' do get :index, filter: {project_name: @build_list3.project.name, ownership: 'everything', "updated_at_start" => @build_list3.updated_at.strftime('%d/%m/%Y')}, format: :json - assigns[:build_lists].should_not include(@build_list1) - assigns[:build_lists].should_not include(@build_list2) - assigns[:build_lists].should include(@build_list3) - assigns[:build_lists].should_not include(@build_list4) + expect(assigns[:build_lists]).to_not include(@build_list1) + expect(assigns[:build_lists]).to_not include(@build_list2) + expect(assigns[:build_lists]).to include(@build_list3) + expect(assigns[:build_lists]).to_not include(@build_list4) end end diff --git a/spec/controllers/projects/collaborators_controller_spec.rb b/spec/controllers/projects/collaborators_controller_spec.rb index d59c686c2..3255758b8 100644 --- a/spec/controllers/projects/collaborators_controller_spec.rb +++ b/spec/controllers/projects/collaborators_controller_spec.rb @@ -34,44 +34,44 @@ end shared_examples_for 'project admin user' do it 'should be able to view collaborators list' do get :index, name_with_owner: @project.name_with_owner - response.should be_success + expect(response).to be_success end it 'should be able to perform update action' do put :update, {id: @collaborator.id}.merge(@update_params) - response.should be_success + expect(response).to be_success end it 'should add new collaborator with reader role' do post :create, @create_params.merge(collaborator: @user_params) - @project.relations.exists?(actor_type: 'User', actor_id: @another_user.id, role: 'reader').should be_truthy + expect(@project.relations.exists?(actor_type: 'User', actor_id: @another_user.id, role: 'reader')).to be true end it 'should add new group with reader role' do post :create, @create_params.merge(collaborator: @group_params) - @project.relations.exists?(actor_type: 'Group', actor_id: @group.id, role: 'reader').should be_truthy + expect(@project.relations.exists?(actor_type: 'Group', actor_id: @group.id, role: 'reader')).to be true end it 'should be able to set reader role for any user' do put :update, {id: @collaborator.id}.merge(@update_params) - @another_user.relations.exists? target_id: @project.id, target_type: 'Project', role: 'read' + expect(@collaborator.actor.relations.exists? target_id: @project.id, target_type: 'Project', role: 'reader').to be true end end shared_examples_for 'user with no rights for this project' do it 'should not be able to view collaborators list' do get :index, name_with_owner: @project.name_with_owner - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not be able to perform update action' do put :update, {id: @collaborator.id}.merge(@update_params) - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not be able to set reader role for any user' do put :update, {id: @collaborator.id}.merge(@update_params) - !@another_user.relations.exists? target_id: @project.id, target_type: 'Project', role: 'read' + expect(@another_user.relations.exists? target_id: @project.id, target_type: 'Project', role: 'reader').to be false end end @@ -84,12 +84,12 @@ describe Projects::CollaboratorsController, type: :controller do end it 'should not be able to perform index action' do get :index, name_with_owner: @project.name_with_owner - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it 'should not be able to perform update action' do put :update, {id: @collaborator.id}.merge(@update_params) - response.code.should == '401' + expect(response.code).to eq '401' end end @@ -134,4 +134,8 @@ describe Projects::CollaboratorsController, type: :controller do it_should_behave_like 'user with no rights for this project' end + + context 'for another user' do + it_should_behave_like 'user with no rights for this project' + end end diff --git a/spec/controllers/projects/comments_controller_for_commit_spec.rb b/spec/controllers/projects/comments_controller_for_commit_spec.rb index 3d60f19f3..85433c965 100644 --- a/spec/controllers/projects/comments_controller_for_commit_spec.rb +++ b/spec/controllers/projects/comments_controller_for_commit_spec.rb @@ -8,7 +8,7 @@ describe Projects::CommentsController, type: :controller do @create_params = { comment: { body: 'I am a comment!' }, name_with_owner: @project.name_with_owner, commit_id: @commit.id, format: :json } - @update_params = { comment: { body: 'updated' }, name_with_owner: @project.name_with_owner, commit_id: @commit.id } + @update_params = { comment: { body: 'updated' }, name_with_owner: @project.name_with_owner, commit_id: @commit.id, format: :json } allow_any_instance_of(Project).to receive(:versions).and_return(%w(v1.0 v2.0)) diff --git a/spec/controllers/projects/commit_subscribes_controller_spec.rb b/spec/controllers/projects/commit_subscribes_controller_spec.rb new file mode 100644 index 000000000..1abcfd5f4 --- /dev/null +++ b/spec/controllers/projects/commit_subscribes_controller_spec.rb @@ -0,0 +1,117 @@ +require 'spec_helper' + +def subscribe_to_commit + Subscribe.subscribe_to_commit(project_id: @project.id, + subscribeable_id: @commit.id.hex, + subscribeable_type: @commit.class.name, + user_id: @user.id) +end + +shared_examples_for 'can subscribe' do + it 'should be able to perform create action' do + post :create, @create_params + expect(response).to redirect_to(commit_path(@project, @commit)) + end + + it 'should create subscribe object into db' do + expect { post :create, @create_params }.to change(Subscribe, :count).by(1) + end +end + +shared_examples_for 'can not subscribe' do + it 'should not be able to perform create action' do + post :create, @create_params + expect(response).to redirect_to(commit_path(@project, @commit)) + end + + it 'should not create subscribe object into db' do + expect { post :create, @create_params }.to_not change(Subscribe, :count) + end +end + +shared_examples_for 'can unsubscribe' do + it 'should be able to perform destroy action' do + delete :destroy, @destroy_params + expect(response).to redirect_to(commit_path(@project, @commit)) + end + + it 'should reduce subscribes count' do + delete :destroy, @destroy_params + expect(Subscribe.subscribed_to_commit?(@project, @user, @commit)).to be_falsy + end +end + +shared_examples_for 'can not unsubscribe' do + it 'should not be able to perform destroy action' do + delete :destroy, @destroy_params + + expect(response).to redirect_to(commit_path(@project, @commit)) + end + + it 'should not reduce subscribes count' do + expect { delete :destroy, @destroy_params }.to_not change(Subscribe, :count) + end +end + +describe Projects::CommitSubscribesController, type: :controller do + before(:each) do + stub_symlink_methods + + @project = FactoryGirl.create(:project_with_commit) + @commit = @project.repo.commits.first + + @create_params = { commit_id: @commit.sha, name_with_owner: @project.name_with_owner } + @destroy_params = { commit_id: @commit.sha, name_with_owner: @project.name_with_owner } + + allow_any_instance_of(Project).to receive(:versions).and_return(%w(v1.0 v2.0)) + end + + context 'for global admin user' do + before(:each) do + @user = FactoryGirl.create(:admin) + set_session_for(@user) + end + + context 'subscribed' do + before(:each) { subscribe_to_commit } + it_should_behave_like 'can unsubscribe' + it_should_behave_like 'can not subscribe' + end + + context 'not subscribed' do + it_should_behave_like 'can subscribe' + end + end + + context 'for simple user' do + before(:each) do + @user = FactoryGirl.create(:user) + set_session_for(@user) + end + + context 'subscribed' do + before(:each) { subscribe_to_commit } + + it_should_behave_like 'can unsubscribe' + it_should_behave_like 'can not subscribe' + end + + context 'not subscribed' do + it_should_behave_like 'can subscribe' + end + end + + context 'for guest' do + before(:each) { set_session_for(User.new) } + + it 'should not be able to perform create action' do + post :create, @create_params + expect(response).to redirect_to(new_user_session_path) + end + + it 'should not be able to perform destroy action' do + delete :destroy, @destroy_params + expect(response).to redirect_to(new_user_session_path) + end + end +end diff --git a/spec/controllers/projects/git/git_trees_controller_spec.rb b/spec/controllers/projects/git/git_trees_controller_spec.rb index 3c6524552..39625d9a9 100644 --- a/spec/controllers/projects/git/git_trees_controller_spec.rb +++ b/spec/controllers/projects/git/git_trees_controller_spec.rb @@ -14,38 +14,38 @@ describe Projects::Git::TreesController, type: :controller do [:tags, :branches].each do |action| it "should be able to perform #{action} action with anonymous acccess", anonymous_access: true do get action, @params.merge(treeish: 'master') - response.should be_success + expect(response).to be_success end it "should not be able to perform #{action} action without anonymous acccess", anonymous_access: false do get action, @params.merge(treeish: 'master') - response.should_not be_success + expect(response).to_not be_success end end it "should be able to perform archive action with anonymous acccess", anonymous_access: true do get :archive, @params.merge(format: 'tar.gz') - response.should be_success + expect(response).to be_success end it "should not be able to perform archive action without anonymous acccess", anonymous_access: false do get :archive, @params.merge(format: 'tar.gz') - response.code.should == '401' + expect(response.code).to eq '401' end it 'should not be able to perform destroy action' do delete :destroy, @params.merge(treeish: 'master') - response.should_not be_success + expect(response).to_not be_success end it 'should not be able to perform restore_branch action' do put :restore_branch, @params.merge(treeish: 'master') - response.should_not be_success + expect(response).to_not be_success end it 'should not be able to perform create action' do post :create, @params.merge(treeish: '', from_ref: 'master', new_ref: 'master-1') - response.should_not be_success + expect(response).to_not be_success end end @@ -67,28 +67,28 @@ describe Projects::Git::TreesController, type: :controller do it 'should be able to perform archive action' do get :archive, @params.merge(format: 'tar.gz') - response.should be_success + expect(response).to be_success end it 'should not be able to perform destroy action' do delete :destroy, @params.merge(treeish: 'master') - response.should_not be_success + expect(response).to_not be_success end it 'should not be able to perform restore_branch action' do put :restore_branch, @params.merge(treeish: 'master') - response.should_not be_success + expect(response).to_not be_success end it 'should not be able to perform create action' do post :create, @params.merge(treeish: '', from_ref: 'master', new_ref: 'master-1') - response.should_not be_success + expect(response).to_not be_success end [:tags, :branches].each do |action| it "should be able to perform #{action} action" do get action, @params.merge(treeish: 'master') - response.should be_success + expect(response).to be_success end end end @@ -102,22 +102,22 @@ describe Projects::Git::TreesController, type: :controller do it 'should be able to perform destroy action' do delete :destroy, @params.merge(treeish: 'conflicts') - response.should be_success + expect(response).to be_success end it 'should not be able to perform destroy action for master branch' do delete :destroy, @params.merge(treeish: 'master') - response.should_not be_success + expect(response).to_not be_success end it 'should be able to perform restore_branch action' do put :restore_branch, @params.merge(treeish: 'master-1', sha: 'master') - response.should be_success + expect(response).to be_success end it 'should be able to perform create action' do post :create, @params.merge(treeish: '', from_ref: 'master', new_ref: 'master-1') - response.should be_success + expect(response).to be_success end end diff --git a/spec/controllers/projects/hooks_controller_spec.rb b/spec/controllers/projects/hooks_controller_spec.rb index eb39851c3..98c8064f3 100644 --- a/spec/controllers/projects/hooks_controller_spec.rb +++ b/spec/controllers/projects/hooks_controller_spec.rb @@ -3,54 +3,54 @@ require 'spec_helper' shared_examples_for 'hooks user with project admin rights' do it 'should be able to perform index action' do get :index, {name_with_owner: "#{@project.owner.uname}/#{@project.name}"} - response.should be_success + expect(response).to be_success end it 'should be able to perform new action' do get :new, { name_with_owner: @project.name_with_owner, hook: { name: 'web' }} - response.should be_success + expect(response).to be_success end it 'should be able to perform edit action' do get :new, { name_with_owner: @project.name_with_owner, id: @hook.id } - response.should be_success + expect(response).to be_success end it 'should be able to perform update action' do put :update, { name_with_owner: @project.name_with_owner, id: @hook.id }.merge(@update_params) - response.should redirect_to(project_hooks_path(@project, name: 'web')) + expect(response).to redirect_to(project_hooks_path(@project, name: 'web')) end it 'should be able to perform create action' do post :create, { name_with_owner: @project.name_with_owner }.merge(@create_params) - response.should redirect_to(project_hooks_path(@project, name: 'web')) + expect(response).to redirect_to(project_hooks_path(@project, name: 'web')) end end shared_examples_for 'hooks user without project admin rights' do it 'should not be able to perform index action' do get :index, { name_with_owner: @project.name_with_owner } - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not be able to perform new action' do get :new, { name_with_owner: @project.name_with_owner, hook: { name: 'web' }} - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not be able to perform edit action' do get :new, { name_with_owner: @project.name_with_owner, id: @hook.id } - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not be able to perform update action' do put :update, { name_with_owner: @project.name_with_owner, id: @hook.id }.merge(@update_params) - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not be able to perform create action' do post :create, { name_with_owner: @project.name_with_owner }.merge(@create_params) - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end end diff --git a/spec/controllers/projects/projects_controller_spec.rb b/spec/controllers/projects/projects_controller_spec.rb index a5b353449..7909606c5 100644 --- a/spec/controllers/projects/projects_controller_spec.rb +++ b/spec/controllers/projects/projects_controller_spec.rb @@ -4,57 +4,62 @@ shared_examples_for 'projects user with reader rights' do it 'should be able to fork project' do post :fork, name_with_owner: @project.name_with_owner - response.should redirect_to(project_path(Project.last)) + expect(response).to redirect_to(project_path(Project.last)) end it 'should be able to fork project to their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'admin') - lambda { post :fork, name_with_owner: @project.name_with_owner, - group: group.id }.should change{ Project.count }.by(1) + expect do + post :fork, name_with_owner: @project.name_with_owner, group: group.id + end.to change(Project, :count).by(1) end it 'should be able to fork project to own group' do group = FactoryGirl.create(:group, owner: @user) - lambda { post :fork, name_with_owner: @project.name_with_owner, - group: group.id }.should change{ Project.count }.by(1) + expect do + post :fork, name_with_owner: @project.name_with_owner, group: group.id + end.to change(Project, :count).by(1) end it 'should be able to fork project with different name' do post :fork, name_with_owner: @project.name_with_owner, fork_name: 'another_name' - response.should redirect_to(project_path(Project.where(name: 'another_name').last)) + expect(response).to redirect_to(project_path(Project.where(name: 'another_name').last)) end end shared_examples_for 'projects user with project admin rights' do it 'should be able to perform update action' do put :update, { name_with_owner: @project.name_with_owner }.merge(@update_params) - response.should redirect_to(project_path(@project)) + expect(response).to redirect_to(project_path(@project)) end it 'should be able to perform schedule action' do put :schedule, { name_with_owner: @project.name_with_owner }.merge(repository_id: @project.repositories.first.id) - response.should be_success + expect(response).to be_success end it 'should be able to create alias for a project' do post :alias, name_with_owner: @project.name_with_owner, fork_name: (@project.name + '_new') - response.should redirect_to(project_path(Project.last)) + expect(response).to redirect_to(project_path(Project.last)) end it 'should create alias for a project' do - lambda { post :alias, name_with_owner: @project.name_with_owner, - fork_name: (@project.name + '_new') }.should change{ Project.count }.by(1) + expect do + post :alias, name_with_owner: @project.name_with_owner, fork_name: (@project.name + '_new') + end.to change(Project, :count).by(1) end end shared_examples_for 'user with destroy rights' do it 'should be able to perform destroy action' do delete :destroy, { name_with_owner: @project.name_with_owner } - response.should redirect_to(@project.owner) + expect(response).to redirect_to(@project.owner) end it 'should change objects count on destroy' do - lambda { delete :destroy, name_with_owner: @project.name_with_owner }.should change{ Project.count }.by(-1) + expect do + delete :destroy, name_with_owner: @project.name_with_owner + end.to change(Project, :count).by(-1) end end @@ -62,57 +67,64 @@ shared_examples_for 'projects user without project admin rights' do it 'should not be able to edit project' do description = @project.description put :update, project: { description:"hack" }, name_with_owner: @project.name_with_owner - @project.reload.description.should == description - response.should redirect_to(forbidden_path) + expect(@project.reload.description).to eq description + expect(response).to redirect_to(forbidden_path) end it 'should not be able to perform schedule action' do put :schedule, { name_with_owner: @project.name_with_owner }.merge(repository_id: @project.repositories.first.id) - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not be able to edit project sections' do has_wiki, has_issues = @project.has_wiki, @project.has_issues post :sections, project: { has_wiki: !has_wiki, has_issues: !has_issues }, name_with_owner: @project.name_with_owner - @project.reload.has_wiki.should == has_wiki - @project.reload.has_issues.should == has_issues - response.should redirect_to(forbidden_path) + expect(@project.reload.has_wiki).to eq has_wiki + expect(@project.has_issues).to eq has_issues + expect(response).to redirect_to(forbidden_path) end it 'writer group should be able to fork project to their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'writer') - lambda { post :fork, name_with_owner: @project.name_with_owner, - group: group.id }.should change{ Project.count }.by(1) + expect do + post :fork, name_with_owner: @project.name_with_owner, group: group.id + end.to change(Project, :count).by(1) end it 'reader group should not be able to fork project to their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'reader') - lambda { post :fork, name_with_owner: @project.name_with_owner, - group: group.id }.should change{ Project.count }.by(0) + expect do + post :fork, name_with_owner: @project.name_with_owner, group: group.id + end.to_not change(Project, :count) end it 'writer group should be able to create project to their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'writer') - lambda {post :create, @create_params.merge(who_owns: 'group', owner_id: group.id)}.should change{ Project.count }.by(1) + expect do + post :create, @create_params.merge(who_owns: 'group', owner_id: group.id) + end.to change(Project, :count).by(1) end it 'reader group should not be able to create project to their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'reader') - lambda {post :create, @create_params.merge(who_owns: 'group', owner_id: group.id)}.should change{ Project.count }.by(0) + expect do + post :create, @create_params.merge(who_owns: 'group', owner_id: group.id) + end.to_not change(Project, :count) end it 'should not be able to create alias for a project' do post :alias, name_with_owner: @project.name_with_owner - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not create alias for a project' do - lambda { post :alias, name_with_owner: @project.name_with_owner, - fork_name: (@project.name + '_new') }.should change{ Project.count }.by(0) + expect do + post :alias, name_with_owner: @project.name_with_owner, fork_name: (@project.name + '_new') + end.to_not change(Project, :count) end end @@ -140,22 +152,22 @@ describe Projects::ProjectsController, type: :controller do it 'should not be able to perform index action' do get :index - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it 'should not be able to perform update action' do put :update, { name_with_owner: @project.name_with_owner }.merge(@update_params) - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it 'should not be able to perform schedule action' do put :schedule, { name_with_owner: @project.name_with_owner }.merge(repository_id: @project.repositories.first.id) - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it 'should not be able to perform create action' do post :create, @create_params - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end @@ -163,18 +175,20 @@ describe Projects::ProjectsController, type: :controller do it 'should be able to perform index action' do get :index - response.should render_template(:index) + expect(response).to render_template(:index) end context 'create project for myself' do it 'should be able to perform create action' do post :create, @create_params - response.should redirect_to(project_path( Project.last )) + expect(response).to redirect_to(project_path( Project.last )) end it 'should create project in the database' do - lambda { post :create, @create_params }.should change{ Project.count }.by(1) + expect do + post :create, @create_params + end.to change(Project, :count).by(1) end end @@ -183,18 +197,22 @@ describe Projects::ProjectsController, type: :controller do it 'should not be able to create project for alien group' do group = FactoryGirl.create(:group) post :create, @create_params.merge({who_owns: 'group', owner_id: group.id}) - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should be able to create project for their group' do group = FactoryGirl.create(:group) create_actor_relation(group, @user, 'admin') - lambda { post :create, @create_params.merge({who_owns: 'group', owner_id: group.id})}.should change{ Project.count }.by(1) + expect do + post :create, @create_params.merge({who_owns: 'group', owner_id: group.id}) + end.to change(Project, :count).by(1) end it 'should be able to create project for own group' do group = FactoryGirl.create(:group, owner: @user) - lambda { post :create, @create_params.merge({who_owns: 'group', owner_id: group.id})}.should change{ Project.count }.by(1) + expect do + post :create, @create_params.merge({who_owns: 'group', owner_id: group.id}) + end.to change(Project, :count).by(1) end end @@ -228,7 +246,7 @@ describe Projects::ProjectsController, type: :controller do it 'should not be able to fork own project' do post :fork, name_with_owner: @project.name_with_owner - response.should redirect_to(@project) + expect(response).to redirect_to(@project) end end @@ -257,7 +275,7 @@ describe Projects::ProjectsController, type: :controller do it 'should not be able to fork hidden project' do @project.update_attributes(visibility: 'hidden') post :fork, name_with_owner: @project.name_with_owner - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it_should_behave_like 'projects user without project admin rights' @@ -283,7 +301,7 @@ describe Projects::ProjectsController, type: :controller do it_should_behave_like 'projects user without project admin rights' it 'should has reader role to group project' do - @user.best_role(@project).should eql('reader') + expect(@user.best_role(@project)).to eq 'reader' end context 'user should has best role' do diff --git a/spec/controllers/projects/subscribes_controller_spec.rb b/spec/controllers/projects/subscribes_controller_spec.rb index a9b593bad..83f71404d 100644 --- a/spec/controllers/projects/subscribes_controller_spec.rb +++ b/spec/controllers/projects/subscribes_controller_spec.rb @@ -3,22 +3,22 @@ require 'spec_helper' shared_examples_for 'can subscribe' do it 'should be able to perform create action' do post :create, @create_params - response.should redirect_to(project_issue_path(@project, @issue)) + expect(response).to redirect_to(project_issue_path(@project, @issue)) end it 'should create subscribe object into db' do - lambda{ post :create, @create_params }.should change{ Subscribe.count }.by(1) + expect { post :create, @create_params }.to change(Subscribe, :count).by(1) end end shared_examples_for 'can not subscribe' do it 'should not be able to perform create action' do post :create, @create_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not create subscribe object into db' do - lambda{ post :create, @create_params }.should change{ Subscribe.count }.by(0) + expect { post :create, @create_params }.to_not change(Subscribe, :count) end end @@ -26,11 +26,11 @@ shared_examples_for 'can unsubscribe' do it 'should be able to perform destroy action' do delete :destroy, @destroy_params - response.should redirect_to([@project, @issue]) + expect(response).to redirect_to([@project, @issue]) end it 'should reduce subscribes count' do - lambda{ delete :destroy, @destroy_params }.should change{ Subscribe.count }.by(-1) + expect { delete :destroy, @destroy_params }.to change(Subscribe, :count).by(-1) end end @@ -38,11 +38,11 @@ shared_examples_for 'can not unsubscribe' do it 'should not be able to perform destroy action' do delete :destroy, @destroy_params - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not reduce subscribes count' do - lambda{ delete :destroy, @destroy_params }.should change{ Subscribe.count }.by(0) + expect { delete :destroy, @destroy_params }.to_not change(Subscribe, :count) end end @@ -66,7 +66,6 @@ describe Projects::SubscribesController, type: :controller do @user = FactoryGirl.create(:admin) set_session_for(@user) create_relation(@project, @user, 'admin') - @destroy_params = @destroy_params.merge({id: @user.id}) end context 'subscribed' do @@ -107,5 +106,4 @@ describe Projects::SubscribesController, type: :controller do it_should_behave_like 'can subscribe' end end - end diff --git a/spec/controllers/search_controller_spec.rb b/spec/controllers/search_controller_spec.rb index 9d359e2a9..1196b72b2 100644 --- a/spec/controllers/search_controller_spec.rb +++ b/spec/controllers/search_controller_spec.rb @@ -3,14 +3,14 @@ require 'spec_helper' shared_examples_for 'able search' do it 'should be able to search' do get :index - response.should be_success - response.should render_template(:index) + expect(response).to be_success + expect(response).to render_template(:index) end end shared_examples_for 'not able search' do it 'should not be able to search' do get :index - response.should redirect_to(controller.current_user ? forbidden_path : new_user_session_path) + expect(response).to redirect_to(controller.current_user ? forbidden_path : new_user_session_path) end end diff --git a/spec/controllers/sitemap_controller_spec.rb b/spec/controllers/sitemap_controller_spec.rb index 539a21eaa..b97193f27 100644 --- a/spec/controllers/sitemap_controller_spec.rb +++ b/spec/controllers/sitemap_controller_spec.rb @@ -5,8 +5,8 @@ describe SitemapController, type: :controller do it 'is successful' do get :robots - response.should be_success - response.should render_template('sitemap/robots') + expect(response).to be_success + expect(response).to render_template('sitemap/robots') end context 'validate robots.txt' do @@ -14,12 +14,12 @@ describe SitemapController, type: :controller do it 'ensures that Host is correct' do get :robots - response.body.should match(/^Host: http:\/\/test.host$/) + expect(response.body).to match(/^Host: http:\/\/test.host$/) end it 'ensures that Sitemap is correct' do get :robots - response.body.should match(/^Sitemap: http:\/\/test.host\/sitemap.xml.gz$/) + expect(response.body).to match(/^Sitemap: http:\/\/test.host\/sitemap.xml.gz$/) end end end @@ -28,7 +28,7 @@ describe SitemapController, type: :controller do it 'is successful' do get :show - response.should redirect_to("/sitemaps/test.host/sitemap.xml.gz") + expect(response).to redirect_to("/sitemaps/test.host/sitemap.xml.gz") end end diff --git a/spec/controllers/users/profile_controller_spec.rb b/spec/controllers/users/profile_controller_spec.rb index 8e9c3936e..2df58624b 100644 --- a/spec/controllers/users/profile_controller_spec.rb +++ b/spec/controllers/users/profile_controller_spec.rb @@ -16,11 +16,11 @@ describe Users::ProfileController, type: :controller do context 'for guest' do it 'should be able to view profile', anonymous_access: true do get :show, uname: @simple_user.uname - response.code.should eq('200') + expect(response).to be_success end it 'should not be able to perform show action', anonymous_access: false do get :show, uname: @simple_user.uname - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end end @@ -31,16 +31,16 @@ describe Users::ProfileController, type: :controller do it 'should be able to view profile' do get :show, uname: @other_user.uname - response.code.should eq('200') + expect(response).to be_success end context 'with mass assignment' do it 'should not be able to update role' do - @simple_user.should_not allow_mass_assignment_of :role + expect(@simple_user).to_not allow_mass_assignment_of :role end it 'should not be able to update other user' do - @simple_user.should_not allow_mass_assignment_of :id + expect(@simple_user).to_not allow_mass_assignment_of :id end end end diff --git a/spec/jobs/dependent_packages_job_spec.rb b/spec/jobs/dependent_packages_job_spec.rb index eed039cdc..2966539da 100644 --- a/spec/jobs/dependent_packages_job_spec.rb +++ b/spec/jobs/dependent_packages_job_spec.rb @@ -4,7 +4,6 @@ describe BuildLists::DependentPackagesJob do let(:build_list) { FactoryGirl.build(:build_list, id: 123) } let(:user) { build_list.user } let(:project) { build_list.project } - let(:ability) { double(:ability) } let(:project_ids) { [build_list.project_id] } let(:arch_ids) { [build_list.arch_id] } let(:options) { { @@ -18,14 +17,12 @@ describe BuildLists::DependentPackagesJob do before do stub_symlink_methods allow(BuildList).to receive(:find).with(123).and_return(build_list) - # BuildList::Package.stub_chain(:joins, :where, :reorder, :uniq, :pluck).and_return([project.id]) - Project.stub_chain(:where, :to_a).and_return([project]) - Arch.stub_chain(:where, :to_a).and_return([build_list.arch]) + allow(Project).to receive_message_chain(:where, :to_a).and_return([project]) + allow(Arch).to receive_message_chain(:where, :to_a).and_return([build_list.arch]) - allow(Ability).to receive(:new).and_return(ability) - allow(ability).to receive(:can?).with(:show, build_list).and_return(true) - allow(ability).to receive(:can?).with(:write, project).and_return(true) - allow(ability).to receive(:can?).with(:create, anything).and_return(true) + allow_any_instance_of(BuildListPolicy).to receive(:show?).and_return(true) + allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true) + allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(true) end subject { BuildLists::DependentPackagesJob } @@ -43,21 +40,21 @@ describe BuildLists::DependentPackagesJob do end it 'ensures that do nothing if user has no access for show of build_list' do - allow(ability).to receive(:can?).with(:show, build_list).and_return(false) + allow_any_instance_of(BuildListPolicy).to receive(:show?).and_return(false) expect do subject.perform build_list.id, user.id, project_ids, arch_ids, options end.to change(BuildList, :count).by(0) end it 'ensures that do nothing if user has no access for write of project' do - allow(ability).to receive(:can?).with(:write, project).and_return(false) + allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(false) expect do subject.perform build_list.id, user.id, project_ids, arch_ids, options end.to change(BuildList, :count).by(0) end it 'ensures that do nothing if user has no access for create of build_list' do - allow(ability).to receive(:can?).with(:create, anything).and_return(false) + allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(false) expect do subject.perform build_list.id, user.id, project_ids, arch_ids, options end.to change(BuildList, :count).by(0) diff --git a/spec/models/cancan_spec.rb b/spec/models/cancan_spec.rb index 4123718e0..58fabf1d2 100644 --- a/spec/models/cancan_spec.rb +++ b/spec/models/cancan_spec.rb @@ -1,360 +1,360 @@ -require 'spec_helper' -require "cancan/matchers" - -def admin_create - @admin = FactoryGirl.create(:admin) - @ability = Ability.new(@admin) -end - -def user_create - @user = FactoryGirl.create(:user) - @ability = Ability.new(@user) -end - -def guest_create - @ability = Ability.new(User.new) -end - -describe CanCan do - let(:open_platform) { FactoryGirl.create(:platform, visibility: 'open') } - - before(:each) do - stub_symlink_methods - end - - context 'Site admin' do - let(:personal_platform) { FactoryGirl.create(:platform, platform_type: 'personal') } - let(:personal_repository_main) { FactoryGirl.create(:personal_repository, name: 'main') } - let(:personal_repository) { FactoryGirl.create(:personal_repository) } - before(:each) do - admin_create - end - - it 'should manage all' do - #(@ability.can? :manage, :all).should be_truthy - @ability.should be_able_to(:manage, :all) - end - - it 'should not be able to destroy personal platforms' do - @ability.should_not be_able_to(:destroy, personal_platform) - end - - it 'should not be able to destroy personal repositories with name "main"' do - @ability.should_not be_able_to(:destroy, personal_repository_main) - end - it 'should be able to destroy personal repositories with name not "main"' do - @ability.should be_able_to(:destroy, personal_repository) - end - end - - context 'Site guest' do - let(:register_request) { FactoryGirl.create(:register_request) } - - before(:each) do - guest_create - end - - it 'should not be able to read open platform' do - @ability.should_not be_able_to(:read, open_platform) - end - - [:publish, :cancel, :reject_publish, :create_container].each do |action| - it "should not be able to #{ action } build list" do - @ability.should_not be_able_to(action, BuildList) - end - end - - [:mass_import, :run_mass_import].each do |action| - it "should not be able to #{ action } project" do - @ability.should_not be_able_to(action, Project) - end - end - - it 'should not be able to update register request' do - @ability.should_not be_able_to(:update, register_request) - end - - it 'should not be able to list register requests' do - @ability.should_not be_able_to(:read, register_request) - end - - it 'should not be able to destroy register requests' do - @ability.should_not be_able_to(:destroy, register_request) - end - - pending 'should be able to register new user' do # while self registration is closed - @ability.should be_able_to(:create, User) - end - end - - context 'Site user' do - before(:each) do - user_create - end - - [Platform, Repository].each do |model_name| - it "should be able to read #{model_name}" do - @ability.should be_able_to(:read, model_name) - end - end - - [:mass_import, :run_mass_import].each do |action| - it "should not be able to #{ action } project" do - @ability.should_not be_able_to(action, Project) - end - end - - it "shoud be able to show user profile" do - @ability.should be_able_to(:show, User) - end - - it "shoud be able to read another user object" do - admin_create - @ability.should be_able_to(:read, @admin) - end - - it "shoud be able to read open projects" do - @project = FactoryGirl.create(:project, visibility: 'open') - @ability.should be_able_to(:read, @project) - end - - it 'should be able to see open platform' do - @ability.should be_able_to(:show, open_platform) - end - - it "shoud be able to create project" do - @ability.should be_able_to(:create, Project) - end - - it "should not be able to manage register requests" do - @ability.should_not be_able_to(:manage, RegisterRequest) - end - - context 'as project collaborator' do - before(:each) do - @project = FactoryGirl.create(:project_with_commit) - @issue = FactoryGirl.create(:issue, project_id: @project.id) - end - - context 'with read rights' do - before(:each) do - create_relation(@project, @user, 'reader') - end - - it 'should be able to read project' do - @ability.should be_able_to(:read, @project) - end - - it 'should be able to read issue' do - @ability.should be_able_to(:read, @issue) - end - end - - context 'with writer rights' do - before(:each) do - create_relation(@project, @user, 'writer') - end - - [:read, :create, :new].each do |action| - it "should be able to #{ action } project" do - @ability.should be_able_to(action, @project) - end - end - - [:new, :create].each do |action| - it "should be able to #{action} build_list" do - @build_list = FactoryGirl.create(:build_list_with_attaching_project, project: @project) - @ability.should be_able_to(action, @build_list) - end - end - end - - context 'with admin rights' do - before(:each) do - create_relation(@project, @user, 'admin') - end - - [:read, :update].each do |action| - it "should be able to #{ action } project" do - @ability.should be_able_to(action, @project) - end - end - - [:new, :create].each do |action| - it "should be able to #{action} build_list" do - @build_list = FactoryGirl.create(:build_list_with_attaching_project, project: @project) - @ability.should be_able_to(action, @build_list) - end - end - - it "should be able to manage collaborators of project" do - @ability.should be_able_to(:manage_collaborators, @project) - end - - [:read, :create, :new, :update, :edit].each do |action| - it "should be able to #{ action } issue" do - @ability.should be_able_to(action, @issue) - end - end - end - - context 'with owner rights' do - before(:each) do - @project = FactoryGirl.create(:project_with_commit, owner: @user) - @issue = FactoryGirl.create(:issue, project_id: @project.id) - end - - [:read, :update, :destroy].each do |action| - it "should be able to #{ action } project" do - @ability.should be_able_to(action, @project) - end - end - - [:new, :create].each do |action| - it "should be able to #{action} build_list" do - @build_list = FactoryGirl.create(:build_list_with_attaching_project, project: @project) - @ability.should be_able_to(action, @build_list) - end - end - - [:read, :update, :edit].each do |action| - it "should be able to #{ action } issue" do - @ability.should be_able_to(action, @issue) - end - end - end - - context 'through group-member' do - before(:each) do - @group_member = FactoryGirl.create(:group) - create_relation(@project, @group_member, 'reader') - @group_member_ability = Ability.new(@group_member.owner) - end - - it 'should be able to read open project' do - @group_member_ability.should be_able_to(:read, @project) - end - - it 'should be able to read closed project' do - @project.update_attribute :visibility, 'hidden' - @group_member_ability.should be_able_to(:read, @project) - end - - it 'should include hidden project in list' do - @project.update_attribute :visibility, 'hidden' - Project.accessible_by(@group_member_ability, :show).where(projects: {id: @project.id}).count.should == 1 - end - end - end - - context 'platform relations' do - before(:each) do - @platform = FactoryGirl.create(:platform) - end - - context 'with owner rights' do - before(:each) do - @platform.owner = @user - @platform.save - @ability = Ability.new(@user) - end - - [:mass_import, :run_mass_import].each do |action| - it "should be able to #{ action } project" do - @ability.should be_able_to(action, Project) - end - end - - [:read, :update, :destroy, :change_visibility].each do |action| - it "should be able to #{action} platform" do - @ability.should be_able_to(action, @platform) - end - end - end - - context 'with read rights' do - before(:each) do - create_relation(@platform, @user, 'reader') - @ability = Ability.new(@user) - end - - [:mass_import, :run_mass_import].each do |action| - it "should not be able to #{ action } project" do - @ability.should_not be_able_to(action, Project) - end - end - - it "should be able to read platform" do - @ability.should be_able_to(:read, @platform) - end - end - end - - context 'repository relations' do - before(:each) do - @repository = FactoryGirl.create(:repository) - end - - context 'with owner rights' do - before(:each) do - @repository.platform.owner = @user - @repository.platform.save - end - - [:read, :create, :update, :destroy, :add_project, :remove_project, :settings].each do |action| - it "should be able to #{action} repository" do - @ability.should be_able_to(action, @repository) - end - end - end - - context 'with read rights' do - before(:each) do - create_relation(@repository.platform, @user, 'reader') - end - - it "should be able to read repository" do - @ability.should be_able_to(:read, @repository) - end - end - end # 'repository relations' - - context 'product build list relations' do - let(:product_build_list) { FactoryGirl.create(:product_build_list) } - - before { FactoryGirl.create(:arch, name: 'x86_64') } - - context 'with platform admin rights' do - before do - product_build_list.product.platform.owner = @user - product_build_list.product.platform.save - end - - [:read, :create, :update, :destroy, :log, :cancel].each do |action| - it "should be able to #{action} product build list" do - @ability.should be_able_to(action, product_build_list) - end - end - end - - context 'with project writer rights' do - before do - create_relation(product_build_list.project, @user, 'writer') - end - - [:read, :create, :log, :cancel].each do |action| - it "should be able to #{action} product build list" do - @ability.should be_able_to(action, product_build_list) - end - end - - [:update, :destroy].each do |action| - it "should not be able to #{action} product build list" do - @ability.should_not be_able_to(action, product_build_list) - end - end - end - end # 'product build list relations' - - end # 'Site user' -end +# require 'spec_helper' +# require "cancan/matchers" +# +# def admin_create +# @admin = FactoryGirl.create(:admin) +# @ability = Ability.new(@admin) +# end +# +# def user_create +# @user = FactoryGirl.create(:user) +# @ability = Ability.new(@user) +# end +# +# def guest_create +# @ability = Ability.new(User.new) +# end +# +# describe CanCan do +# let(:open_platform) { FactoryGirl.create(:platform, visibility: 'open') } +# +# before(:each) do +# stub_symlink_methods +# end +# +# context 'Site admin' do +# let(:personal_platform) { FactoryGirl.create(:platform, platform_type: 'personal') } +# let(:personal_repository_main) { FactoryGirl.create(:personal_repository, name: 'main') } +# let(:personal_repository) { FactoryGirl.create(:personal_repository) } +# before(:each) do +# admin_create +# end +# +# it 'should manage all' do +# #(@ability.can? :manage, :all).should be_truthy +# @ability.should be_able_to(:manage, :all) +# end +# +# it 'should not be able to destroy personal platforms' do +# @ability.should_not be_able_to(:destroy, personal_platform) +# end +# +# it 'should not be able to destroy personal repositories with name "main"' do +# @ability.should_not be_able_to(:destroy, personal_repository_main) +# end +# it 'should be able to destroy personal repositories with name not "main"' do +# @ability.should be_able_to(:destroy, personal_repository) +# end +# end +# +# context 'Site guest' do +# let(:register_request) { FactoryGirl.create(:register_request) } +# +# before(:each) do +# guest_create +# end +# +# it 'should not be able to read open platform' do +# @ability.should_not be_able_to(:read, open_platform) +# end +# +# [:publish, :cancel, :reject_publish, :create_container].each do |action| +# it "should not be able to #{ action } build list" do +# @ability.should_not be_able_to(action, BuildList) +# end +# end +# +# [:mass_import, :run_mass_import].each do |action| +# it "should not be able to #{ action } project" do +# @ability.should_not be_able_to(action, Project) +# end +# end +# +# it 'should not be able to update register request' do +# @ability.should_not be_able_to(:update, register_request) +# end +# +# it 'should not be able to list register requests' do +# @ability.should_not be_able_to(:read, register_request) +# end +# +# it 'should not be able to destroy register requests' do +# @ability.should_not be_able_to(:destroy, register_request) +# end +# +# pending 'should be able to register new user' do # while self registration is closed +# @ability.should be_able_to(:create, User) +# end +# end +# +# context 'Site user' do +# before(:each) do +# user_create +# end +# +# [Platform, Repository].each do |model_name| +# it "should be able to read #{model_name}" do +# @ability.should be_able_to(:read, model_name) +# end +# end +# +# [:mass_import, :run_mass_import].each do |action| +# it "should not be able to #{ action } project" do +# @ability.should_not be_able_to(action, Project) +# end +# end +# +# it "shoud be able to show user profile" do +# @ability.should be_able_to(:show, User) +# end +# +# it "shoud be able to read another user object" do +# admin_create +# @ability.should be_able_to(:read, @admin) +# end +# +# it "shoud be able to read open projects" do +# @project = FactoryGirl.create(:project, visibility: 'open') +# @ability.should be_able_to(:read, @project) +# end +# +# it 'should be able to see open platform' do +# @ability.should be_able_to(:show, open_platform) +# end +# +# it "shoud be able to create project" do +# @ability.should be_able_to(:create, Project) +# end +# +# it "should not be able to manage register requests" do +# @ability.should_not be_able_to(:manage, RegisterRequest) +# end +# +# context 'as project collaborator' do +# before(:each) do +# @project = FactoryGirl.create(:project_with_commit) +# @issue = FactoryGirl.create(:issue, project_id: @project.id) +# end +# +# context 'with read rights' do +# before(:each) do +# create_relation(@project, @user, 'reader') +# end +# +# it 'should be able to read project' do +# @ability.should be_able_to(:read, @project) +# end +# +# it 'should be able to read issue' do +# @ability.should be_able_to(:read, @issue) +# end +# end +# +# context 'with writer rights' do +# before(:each) do +# create_relation(@project, @user, 'writer') +# end +# +# [:read, :create, :new].each do |action| +# it "should be able to #{ action } project" do +# @ability.should be_able_to(action, @project) +# end +# end +# +# [:new, :create].each do |action| +# it "should be able to #{action} build_list" do +# @build_list = FactoryGirl.create(:build_list_with_attaching_project, project: @project) +# @ability.should be_able_to(action, @build_list) +# end +# end +# end +# +# context 'with admin rights' do +# before(:each) do +# create_relation(@project, @user, 'admin') +# end +# +# [:read, :update].each do |action| +# it "should be able to #{ action } project" do +# @ability.should be_able_to(action, @project) +# end +# end +# +# [:new, :create].each do |action| +# it "should be able to #{action} build_list" do +# @build_list = FactoryGirl.create(:build_list_with_attaching_project, project: @project) +# @ability.should be_able_to(action, @build_list) +# end +# end +# +# it "should be able to manage collaborators of project" do +# @ability.should be_able_to(:manage_collaborators, @project) +# end +# +# [:read, :create, :new, :update, :edit].each do |action| +# it "should be able to #{ action } issue" do +# @ability.should be_able_to(action, @issue) +# end +# end +# end +# +# context 'with owner rights' do +# before(:each) do +# @project = FactoryGirl.create(:project_with_commit, owner: @user) +# @issue = FactoryGirl.create(:issue, project_id: @project.id) +# end +# +# [:read, :update, :destroy].each do |action| +# it "should be able to #{ action } project" do +# @ability.should be_able_to(action, @project) +# end +# end +# +# [:new, :create].each do |action| +# it "should be able to #{action} build_list" do +# @build_list = FactoryGirl.create(:build_list_with_attaching_project, project: @project) +# @ability.should be_able_to(action, @build_list) +# end +# end +# +# [:read, :update, :edit].each do |action| +# it "should be able to #{ action } issue" do +# @ability.should be_able_to(action, @issue) +# end +# end +# end +# +# context 'through group-member' do +# before(:each) do +# @group_member = FactoryGirl.create(:group) +# create_relation(@project, @group_member, 'reader') +# @group_member_ability = Ability.new(@group_member.owner) +# end +# +# it 'should be able to read open project' do +# @group_member_ability.should be_able_to(:read, @project) +# end +# +# it 'should be able to read closed project' do +# @project.update_attribute :visibility, 'hidden' +# @group_member_ability.should be_able_to(:read, @project) +# end +# +# it 'should include hidden project in list' do +# @project.update_attribute :visibility, 'hidden' +# Project.accessible_by(@group_member_ability, :show).where(projects: {id: @project.id}).count.should == 1 +# end +# end +# end +# +# context 'platform relations' do +# before(:each) do +# @platform = FactoryGirl.create(:platform) +# end +# +# context 'with owner rights' do +# before(:each) do +# @platform.owner = @user +# @platform.save +# @ability = Ability.new(@user) +# end +# +# [:mass_import, :run_mass_import].each do |action| +# it "should be able to #{ action } project" do +# @ability.should be_able_to(action, Project) +# end +# end +# +# [:read, :update, :destroy, :change_visibility].each do |action| +# it "should be able to #{action} platform" do +# @ability.should be_able_to(action, @platform) +# end +# end +# end +# +# context 'with read rights' do +# before(:each) do +# create_relation(@platform, @user, 'reader') +# @ability = Ability.new(@user) +# end +# +# [:mass_import, :run_mass_import].each do |action| +# it "should not be able to #{ action } project" do +# @ability.should_not be_able_to(action, Project) +# end +# end +# +# it "should be able to read platform" do +# @ability.should be_able_to(:read, @platform) +# end +# end +# end +# +# context 'repository relations' do +# before(:each) do +# @repository = FactoryGirl.create(:repository) +# end +# +# context 'with owner rights' do +# before(:each) do +# @repository.platform.owner = @user +# @repository.platform.save +# end +# +# [:read, :create, :update, :destroy, :add_project, :remove_project, :settings].each do |action| +# it "should be able to #{action} repository" do +# @ability.should be_able_to(action, @repository) +# end +# end +# end +# +# context 'with read rights' do +# before(:each) do +# create_relation(@repository.platform, @user, 'reader') +# end +# +# it "should be able to read repository" do +# @ability.should be_able_to(:read, @repository) +# end +# end +# end # 'repository relations' +# +# context 'product build list relations' do +# let(:product_build_list) { FactoryGirl.create(:product_build_list) } +# +# before { FactoryGirl.create(:arch, name: 'x86_64') } +# +# context 'with platform admin rights' do +# before do +# product_build_list.product.platform.owner = @user +# product_build_list.product.platform.save +# end +# +# [:read, :create, :update, :destroy, :log, :cancel].each do |action| +# it "should be able to #{action} product build list" do +# @ability.should be_able_to(action, product_build_list) +# end +# end +# end +# +# context 'with project writer rights' do +# before do +# create_relation(product_build_list.project, @user, 'writer') +# end +# +# [:read, :create, :log, :cancel].each do |action| +# it "should be able to #{action} product build list" do +# @ability.should be_able_to(action, product_build_list) +# end +# end +# +# [:update, :destroy].each do |action| +# it "should not be able to #{action} product build list" do +# @ability.should_not be_able_to(action, product_build_list) +# end +# end +# end +# end # 'product build list relations' +# +# end # 'Site user' +# end diff --git a/spec/models/comment_for_commit_spec.rb b/spec/models/comment_for_commit_spec.rb index 7b920e395..b8df9cad8 100644 --- a/spec/models/comment_for_commit_spec.rb +++ b/spec/models/comment_for_commit_spec.rb @@ -1,5 +1,4 @@ require 'spec_helper' -require "cancan/matchers" def create_comment user FactoryGirl.create(:comment, user: user, commentable: @commit, project: @project) @@ -10,8 +9,6 @@ def create_comment_in_commit commit, project, body end def set_comments_data_for_commit - @ability = Ability.new(@user) - @project = FactoryGirl.create(:project_with_commit, owner: @user) @commit = @project.repo.commits.first @@ -39,20 +36,6 @@ end describe Comment do before { stub_symlink_methods } - context 'for global admin user' do - before(:each) do - @user = FactoryGirl.create(:admin) - @stranger = FactoryGirl.create(:user) - - set_comments_data_for_commit - end - - it_should_behave_like 'user with create comment ability (for model)' - it_should_behave_like 'user with update own comment ability (for model)' - it_should_behave_like 'user with update stranger comment ability (for model)' - it_should_behave_like 'user with destroy comment ability (for model)' - it_should_behave_like 'user with destroy stranger comment ability (for model)' - end context 'for project admin user' do before do @@ -61,16 +44,9 @@ describe Comment do set_comments_data_for_commit @admin = FactoryGirl.create(:user) - @ability = Ability.new(@admin) create_relation(@project, @admin, 'admin') end - it_should_behave_like 'user with create comment ability (for model)' - it_should_behave_like 'user with update own comment ability (for model)' - it_should_behave_like 'user with update stranger comment ability (for model)' - it_should_behave_like 'user with destroy comment ability (for model)' - it_should_behave_like 'user with destroy stranger comment ability (for model)' - it 'should send an e-mail by default settings' do should_send_email(commentor: @stranger, receiver: @user) end @@ -130,12 +106,6 @@ describe Comment do @project.save end - it_should_behave_like 'user with create comment ability (for model)' - it_should_behave_like 'user with update own comment ability (for model)' - it_should_behave_like 'user with update stranger comment ability (for model)' - it_should_behave_like 'user with destroy comment ability (for model)' - it_should_behave_like 'user with destroy stranger comment ability (for model)' - context 'for default enabled settings' do it 'should send an e-mail by default settings' do should_send_email(commentor: @stranger, receiver: @project.owner) @@ -202,16 +172,9 @@ describe Comment do @stranger = FactoryGirl.create(:user) set_comments_data_for_commit @comment = create_comment(@simple) - @ability = Ability.new(@simple) Subscribe.unsubscribe_from_commit @subscribe_params.merge(user_id: [@stranger.id, @project.owner.id]) end - it_should_behave_like 'user with create comment ability (for model)' - it_should_behave_like 'user with update own comment ability (for model)' - it_should_behave_like 'user without update stranger comment ability (for model)' - it_should_behave_like 'user with destroy comment ability (for model)' - it_should_behave_like 'user without destroy stranger comment ability (for model)' - context 'for default enabled settings' do it 'should send an e-mail' do should_send_email(commentor: @stranger, receiver: @simple) @@ -278,47 +241,59 @@ describe Comment do it 'should create automatic comment' do create_comment_in_commit(@commit, @project, "test link to ##{@issue.serial_id}; [##{@second_issue.serial_id}]") - Comment.where(automatic: true, commentable_type: 'Issue', - commentable_id: @second_issue.id, - created_from_commit_hash: @commit.id.hex).count.should == 1 + expect( + Comment.where(automatic: true, commentable_type: 'Issue', + commentable_id: @second_issue.id, + created_from_commit_hash: @commit.id.hex).count + ).to eq(1) end it 'should create automatic comment in the another project issue' do body = "[#{@another_project.name_with_owner}##{@issue_in_another_project.serial_id}]" create_comment_in_commit(@commit, @project, body) - Comment.where(automatic: true, commentable_type: 'Issue', - commentable_id: @issue_in_another_project.id, - created_from_commit_hash: @commit.id.hex).count.should == 1 + expect( + Comment.where(automatic: true, commentable_type: 'Issue', + commentable_id: @issue_in_another_project.id, + created_from_commit_hash: @commit.id.hex).count + ).to eq(1) end it 'should create automatic comment in the same name project issue' do body = "[#{@same_name_project.owner.uname}##{@issue_in_same_name_project.serial_id}]" create_comment_in_commit(@commit, @project, body) - Comment.where(automatic: true, commentable_type: 'Issue', - commentable_id: @issue_in_same_name_project.id, - created_from_commit_hash: @commit.id.hex).count.should == 1 + expect( + Comment.where(automatic: true, commentable_type: 'Issue', + commentable_id: @issue_in_same_name_project.id, + created_from_commit_hash: @commit.id.hex).count + ).to eq(1) end it 'should not create duplicate automatic comment' do create_comment_in_commit(@commit, @project, "test link to [##{@second_issue.serial_id}]") create_comment_in_commit(@commit, @project, "test duplicate link to [##{@second_issue.serial_id}]") - Comment.where(automatic: true, commentable_type: 'Issue', + expect( + Comment.where(automatic: true, commentable_type: 'Issue', commentable_id: @second_issue.id, - created_from_commit_hash: @commit.id.hex).count.should == 1 + created_from_commit_hash: @commit.id.hex).count + ).to eq(1) end it 'should not create duplicate automatic comment from one' do create_comment_in_commit(@commit, @project, "test link to [##{@second_issue.serial_id}]; ##{@second_issue.serial_id}") - Comment.where(automatic: true, commentable_type: 'Issue', - commentable_id: @second_issue.id, - created_from_commit_hash: @commit.id.hex).count.should == 1 + expect( + Comment.where(automatic: true, commentable_type: 'Issue', + commentable_id: @second_issue.id, + created_from_commit_hash: @commit.id.hex).count + ).to eq(1) end it 'should create two automatic comment' do body = "test ##{@second_issue.serial_id}" + " && [#{@another_project.name_with_owner}##{@issue_in_another_project.serial_id}]" create_comment_in_commit(@commit, @project, body) - Comment.where(automatic: true, - created_from_commit_hash: @commit.id.hex).count.should == 2 + expect( + Comment.where(automatic: true, + created_from_commit_hash: @commit.id.hex).count + ).to eq(2) end end end diff --git a/spec/models/comment_spec.rb b/spec/models/comment_spec.rb index c18a45446..b163e8918 100644 --- a/spec/models/comment_spec.rb +++ b/spec/models/comment_spec.rb @@ -1,9 +1,6 @@ require 'spec_helper' -require "cancan/matchers" def set_commentable_data - @ability = Ability.new(@user) - @project = FactoryGirl.create(:project) @issue = FactoryGirl.create(:issue, project_id: @project.id, user: @user) @@ -19,87 +16,18 @@ end describe Comment do before { stub_symlink_methods } - context 'for global admin user' do - before(:each) do - @user = FactoryGirl.create(:admin) - @stranger = FactoryGirl.create(:user) - - set_commentable_data - end - - it_should_behave_like 'user with create comment ability (for model)' - it_should_behave_like 'user with update own comment ability (for model)' - it_should_behave_like 'user with update stranger comment ability (for model)' - it_should_behave_like 'user with destroy comment ability (for model)' - it_should_behave_like 'user with destroy stranger comment ability (for model)' - end - - context 'for project admin user' do - before(:each) do - @user = FactoryGirl.create(:user) - @stranger = FactoryGirl.create(:user) - - set_commentable_data - create_relation(@project, @user, 'admin') - end - - it_should_behave_like 'user with create comment ability (for model)' - it_should_behave_like 'user with update own comment ability (for model)' - it_should_behave_like 'user with update stranger comment ability (for model)' - it_should_behave_like 'user with destroy comment ability (for model)' - it_should_behave_like 'user with destroy stranger comment ability (for model)' - - pending "sends an e-mail" do - ActionMailer::Base.deliveries.last.to.include?(@stranger.email).should == true - end - end - - context 'for project owner user' do - before(:each) do - @user = FactoryGirl.create(:user) - @stranger = FactoryGirl.create(:user) - - set_commentable_data - - @project.owner = @user - @project.save - create_relation(@project, @user, 'admin') - end - - it_should_behave_like 'user with create comment ability (for model)' - it_should_behave_like 'user with update own comment ability (for model)' - it_should_behave_like 'user with update stranger comment ability (for model)' - it_should_behave_like 'user with destroy comment ability (for model)' - it_should_behave_like 'user with destroy stranger comment ability (for model)' - end context 'for simple user' do before(:each) do @user = FactoryGirl.create(:user) @stranger = FactoryGirl.create(:user) - set_commentable_data end - it_should_behave_like 'user with create comment ability (for model)' - it_should_behave_like 'user with update own comment ability (for model)' - it_should_behave_like 'user without update stranger comment ability (for model)' - it_should_behave_like 'user with destroy comment ability (for model)' - it_should_behave_like 'user without destroy stranger comment ability (for model)' - context 'with mass assignment' do it 'should not be able to update commentable' do @comment.update_attributes({commentable_type: 'Grit::Commit', commentable_id: 0}) - @comment.reload.commentable_id.should eql @issue.id - @comment.reload.commentable_type.should eql @issue.class.name - end - - it 'should not be able to update owner' do - @comment.should_not allow_mass_assignment_of :user_id - end - - it 'should not be able to update project' do - @comment.should_not allow_mass_assignment_of :project_id + expect(@comment.reload.commentable).to eq(@issue) end end @@ -117,80 +45,89 @@ describe Comment do it 'should create automatic comment' do create_comment_in_issue(@issue, "test link to ##{@issue.serial_id}; [##{@second_issue.serial_id}]") - Comment.where(automatic: true, commentable_type: 'Issue', - commentable_id: @second_issue.id, - created_from_issue_id: @issue.id).count.should == 1 + expect( + Comment.where(automatic: true, commentable_type: 'Issue', + commentable_id: @second_issue.id, + created_from_issue_id: @issue.id).count + ).to eq(1) end it 'should not create automatic comment to the same issue' do create_comment_in_issue(@issue, "test link to ##{@issue.serial_id}; [##{@second_issue.serial_id}]") - Comment.where(automatic: true, - created_from_issue_id: @issue.id).count.should == 1 + expect( + Comment.where(automatic: true, + created_from_issue_id: @issue.id).count + ).to eq(1) end it 'should create automatic comment in the another project issue' do body = "[#{@another_project.name_with_owner}##{@issue_in_another_project.serial_id}]" create_comment_in_issue(@issue, body) - Comment.where(automatic: true, commentable_type: 'Issue', - commentable_id: @issue_in_another_project.id, - created_from_issue_id: @issue.id).count.should == 1 + expect( + Comment.where(automatic: true, commentable_type: 'Issue', + commentable_id: @issue_in_another_project.id, + created_from_issue_id: @issue.id).count + ).to eq(1) end it 'should create automatic comment in the same name project issue' do body = "[#{@same_name_project.owner.uname}##{@issue_in_same_name_project.serial_id}]" create_comment_in_issue(@issue, body) - Comment.where(automatic: true, commentable_type: 'Issue', - commentable_id: @issue_in_same_name_project.id, - created_from_issue_id: @issue.id).count.should == 1 + expect( + Comment.where(automatic: true, commentable_type: 'Issue', + commentable_id: @issue_in_same_name_project.id, + created_from_issue_id: @issue.id).count + ).to eq(1) end it 'should not create duplicate automatic comment' do create_comment_in_issue(@issue, "test link to [##{@second_issue.serial_id}]") create_comment_in_issue(@issue, "test duplicate link to [##{@second_issue.serial_id}]") - Comment.where(automatic: true, commentable_type: 'Issue', - commentable_id: @second_issue.id, - created_from_issue_id: @issue.id).count.should == 1 + expect( + Comment.where(automatic: true, commentable_type: 'Issue', + commentable_id: @second_issue.id, + created_from_issue_id: @issue.id).count + ).to eq(1) end it 'should not create duplicate automatic comment from one' do create_comment_in_issue(@issue, "test link to [##{@second_issue.serial_id}]; ##{@second_issue.serial_id}") - Comment.where(automatic: true, commentable_type: 'Issue', - commentable_id: @second_issue.id, - created_from_issue_id: @issue.id).count.should == 1 + expect( + Comment.where(automatic: true, commentable_type: 'Issue', + commentable_id: @second_issue.id, + created_from_issue_id: @issue.id).count + ).to eq(1) end it 'should create two automatic comment' do body = "test ##{@second_issue.serial_id}" + - " && [#{@another_project.name_with_owner}##{@issue_in_another_project.serial_id}]" + " && [#{@another_project.name_with_owner}##{@issue_in_another_project.serial_id}]" create_comment_in_issue(@issue, body) - Comment.where(automatic: true, - created_from_issue_id: @issue.id).count.should == 2 + expect(Comment.where(automatic: true, + created_from_issue_id: @issue.id).count).to eq(2) end it 'should create automatic comment by issue title' do issue = FactoryGirl.create(:issue, project: @project, user: @user, title: "link to ##{@issue.serial_id}") expect(Comment.where(automatic: true, - created_from_issue_id: issue.id).count).to eq 1 + created_from_issue_id: issue.id).count).to eq(1) end it 'should create automatic comment from issue body' do issue = FactoryGirl.create(:issue, project: @project, user: @user, body: "link to ##{@issue.serial_id}") - Comment.where(automatic: true, - created_from_issue_id: issue.id).count.should == 1 + expect(Comment.where(automatic: true, + created_from_issue_id: issue.id).count).to eq(1) end it 'should create only one automatic comment from issue title and body' do issue = FactoryGirl.create(:issue, project: @project, user: @user, title: "link to ##{@issue.serial_id} in title", :body => "link to ##{@issue.serial_id} in body") - Comment.where(automatic: true, - created_from_issue_id: issue.id).count.should == 1 + expect(Comment.where(automatic: true, + created_from_issue_id: issue.id).count).to eq(1) end - - - end end end diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index a93cf59dd..19e2ae953 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -1,100 +1,28 @@ require 'spec_helper' -require "cancan/matchers" describe Group do before(:each) do stub_symlink_methods @group = FactoryGirl.create(:group) - @ability = Ability.new(User.new) end - context 'for guest' do - [:read, :update, :destroy, :manage_members].each do |action| - it "should not be able to #{action} group" do - @ability.should_not be_able_to(action, @group) - end - end - end - - context 'for global admin' do - before(:each) do - @admin = FactoryGirl.create(:admin) - @ability = Ability.new(@admin) - end - - [:read, :update, :destroy, :manage_members].each do |action| - it "should be able to #{action} group" do - @ability.should be_able_to(action, @group) - end - end - end - - context 'for group admin' do + context 'with mass assignment' do before(:each) do @user = FactoryGirl.create(:user) @another_user = FactoryGirl.create(:user) - create_actor_relation(@group, @user, 'admin') - @ability = Ability.new(@user) end - [:read, :update, :manage_members].each do |action| - it "should be able to #{action} group" do - @ability.should be_able_to(action, @group) - end + it 'should not be able to update uname' do + @group.should_not allow_mass_assignment_of uname: 'new_uname' end - it "should not be able to destroy group" do - @ability.should_not be_able_to(:destroy, @group) - end - - context 'with mass assignment' do - it 'should not be able to update uname' do - @group.should_not allow_mass_assignment_of uname: 'new_uname' - end - - it 'should not be able to update owner' do - @group.should_not allow_mass_assignment_of owner_type: 'User', owner_id: @another_user.id - end + it 'should not be able to update owner' do + @group.should_not allow_mass_assignment_of owner_type: 'User', owner_id: @another_user.id end end - context 'for group owner' do - before(:each) do - @user = FactoryGirl.create(:user) - - @group.owner = @user - @group.save - - create_actor_relation(@group, @user, 'admin') - @ability = Ability.new(@user) - end - - [:read, :update, :destroy, :manage_members].each do |action| - it "should be able to #{action} group" do - @ability.should be_able_to(action, @group) - end - end + it 'uname validation' do + g = FactoryGirl.build(:group, uname: "How do you do...\nmy_group") + expect(g.valid?).to be_falsy end - - context 'for group reader and writer user' do - before(:each) do - @user = FactoryGirl.create(:user) - create_actor_relation(@group, @user, 'reader') - @ability = Ability.new(@user) - end - - [:read].each do |action| - it "should be able to #{action} group" do - @ability.should be_able_to(action, @group) - end - end - - [:update, :destroy, :manage_members].each do |action| - it "should not be able to #{action} group" do - @ability.should_not be_able_to(action, @group) - end - end - end - - it {should_not allow_value("How do you do...\nmy_group").for(:uname)} end diff --git a/spec/models/issue_spec.rb b/spec/models/issue_spec.rb index 40ea8396c..71135d163 100644 --- a/spec/models/issue_spec.rb +++ b/spec/models/issue_spec.rb @@ -53,8 +53,8 @@ describe Issue do it 'should create automatic comment after updating another issue body' do create_issue(@user) another_issue = FactoryGirl.create(:issue, project: @project) + another_issue = Issue.find another_issue.id another_issue.update_attribute(:title, "[##{@issue.serial_id}]") - another_issue.send(:send_assign_notifications) Comment.where(automatic: true, commentable_type: 'Issue', created_from_issue_id: another_issue.id).count.should == 1 @@ -63,8 +63,9 @@ describe Issue do it 'should send email message to new assignee' do create_issue(@user) ActionMailer::Base.deliveries = [] + @issue = Issue.find @issue.id @issue.update_attribute :assignee_id, @user.id - @issue.send(:send_assign_notifications, :update) + ActionMailer::Base.deliveries.count.should == 1 end end diff --git a/spec/models/product_build_list_spec.rb b/spec/models/product_build_list_spec.rb index c1fd50fd5..6014d66e0 100644 --- a/spec/models/product_build_list_spec.rb +++ b/spec/models/product_build_list_spec.rb @@ -35,14 +35,4 @@ describe ProductBuildList do it { is_expected.to allow_mass_assignment_of(:status) } it { is_expected.to allow_mass_assignment_of(:base_url) } end - - # see app/ability.rb - # can :read, ProductBuildList#, product: {platform: {visibility: 'open'}} # double nested hash don't work - it 'should generate correct sql to get product build lists' do - FactoryGirl.create(:arch, name: 'x86_64') - FactoryGirl.create(:product_build_list) - user = FactoryGirl.create(:user) - ability = Ability.new user - expect(ProductBuildList.accessible_by(ability).count).to eq 1 - end end diff --git a/spec/models/pull_request_spec.rb b/spec/models/pull_request_spec.rb index 069125dbf..80d9a807e 100644 --- a/spec/models/pull_request_spec.rb +++ b/spec/models/pull_request_spec.rb @@ -1,8 +1,6 @@ require 'spec_helper' def set_data_for_pull - @ability = Ability.new(@user) - @project = FactoryGirl.create(:project_with_commit, owner: @user) @clone_path = File.join(APP_CONFIG['root_path'], 'repo_clone', @project.id.to_s) @@ -37,86 +35,94 @@ describe PullRequest do @pull.check @project.update_attributes(name: "#{@project.name}-new") @pull.reload - Dir.exists?(@pull.path).should be_truthy + expect(Dir.exists? @pull.path).to be_truthy end it 'master should merge with non_conflicts branch' do @pull.check - @pull.status.should == 'ready' + expect(@pull.status).to eq('ready') end it 'master should not merge with conflicts branch' do @pull.from_ref = 'conflicts' @pull.check - @pull.status.should == 'blocked' + expect(@pull.status).to eq('blocked') end it 'should already merged when already up-to-date branches' do @pull.from_ref = 'master' @pull.check - @pull.status.should == 'merged' + expect(@pull.status).to eq('merged') end context 'for other head project' do it 'master should merge with non_conflicts branch' do @other_pull.check - @other_pull.status.should == 'ready' + expect(@other_pull.status).to eq('ready') end it 'master should not merge with conflicts branch' do @other_pull.from_ref = 'conflicts' @other_pull.check - @other_pull.status.should == 'blocked' + expect(@other_pull.status).to eq('blocked') end it 'should already merged when already up-to-date branches' do @other_pull.from_ref = 'master' @other_pull.check - @other_pull.status.should == 'merged' + expect(@other_pull.status).to eq('merged') end end it "should not create same pull" do - @same_pull = @project.pull_requests.new(issue_attributes: {title: 'same', body: 'testing'}) - @same_pull.issue.user, @same_pull.issue.project = @user, @same_pull.to_project - @same_pull.to_ref = 'master' - @same_pull.from_project, @same_pull.from_ref = @project, 'non_conflicts' - @same_pull.save - @project.pull_requests.joins(:issue).where(issues: {title: @same_pull.title}).count.should == 0 + expect { + @same_pull = @project.pull_requests.new(issue_attributes: {title: 'same', body: 'testing'}) + @same_pull.issue.user, @same_pull.issue.project = @user, @same_pull.to_project + @same_pull.to_ref = 'master' + @same_pull.from_project, @same_pull.from_ref = @project, 'non_conflicts' + @same_pull.save + }.to change { PullRequest.count }.by(0) + #expect(@project.pull_requests.joins(:issue).where(issues: {title: @same_pull.title}).count).to == 0 end it "should not create pull with wrong base ref" do - @wrong_pull = @project.pull_requests.new(issue_attributes: {title: 'wrong base', body: 'testing'}) - @wrong_pull.issue.user, @wrong_pull.issue.project = @user, @wrong_pull.to_project - @wrong_pull.to_ref = 'wrong' - @wrong_pull.from_project, @wrong_pull.from_ref = @project, 'non_conflicts' - @wrong_pull.save - @project.pull_requests.joins(:issue).where(issues: {title: @wrong_pull.title}).count.should == 0 + expect { + @wrong_pull = @project.pull_requests.new(issue_attributes: {title: 'wrong base', body: 'testing'}) + @wrong_pull.issue.user, @wrong_pull.issue.project = @user, @wrong_pull.to_project + @wrong_pull.to_ref = 'wrong' + @wrong_pull.from_project, @wrong_pull.from_ref = @project, 'non_conflicts' + @wrong_pull.save + }.to change { PullRequest.count }.by(0) end it "should not create pull with wrong head ref" do - @wrong_pull = @project.pull_requests.new(issue_attributes: {title: 'wrong head', body: 'testing'}) - @wrong_pull.issue.user, @wrong_pull.issue.project = @user, @wrong_pull.to_project - @wrong_pull.to_ref = 'master' - @wrong_pull.from_project, @wrong_pull.from_ref = @project, 'wrong' - @wrong_pull.save - @project.pull_requests.joins(:issue).where(issues: {title: @wrong_pull.title}).count.should == 0 + expect { + @wrong_pull = @project.pull_requests.new(issue_attributes: {title: 'wrong head', body: 'testing'}) + @wrong_pull.issue.user, @wrong_pull.issue.project = @user, @wrong_pull.to_project + @wrong_pull.to_ref = 'master' + @wrong_pull.from_project, @wrong_pull.from_ref = @project, 'wrong' + @wrong_pull.save + }.to change { PullRequest.count }.by(0) end it "should create pull with tag" do - system("cd #{@project.path} && git tag 4.7.5.3 $(git rev-parse #{@pull.from_ref})") # TODO REDO through grit - @pull = @project.pull_requests.new(issue_attributes: {title: 'tag', body: 'testing'}) - @pull.issue.user, @pull.issue.project = @user, @pull.to_project - @pull.to_ref = 'master' - @pull.from_project, @pull.from_ref = @project, '4.7.5.3' - @pull.save - @project.pull_requests.joins(:issue).where(issues: {title: @pull.title}).count.should == 1 + expect { + system("cd #{@project.path} && git tag 4.7.5.3 $(git rev-parse #{@pull.from_ref})") # TODO REDO through grit + @pull = @project.pull_requests.new(issue_attributes: {title: 'tag', body: 'testing'}) + @pull.issue.user, @pull.issue.project = @user, @pull.to_project + @pull.to_ref = 'master' + @pull.from_project, @pull.from_ref = @project, '4.7.5.3' + @pull.save + }.to change { @project.pull_requests.count }.by(1) end it "should close pull when deleting from branch" do - system("cd #{@project.path} && git branch -D #{@pull.from_branch}") - @pull.check - @project.pull_requests.joins(:issue).where(issues: {title: @pull.title, status: 'closed'}).count.should == 1 + expect { + system("cd #{@project.path} && git branch -D #{@pull.from_branch}") + @pull.check + }.to change { + @project.pull_requests.joins(:issue).where(issues: {title: @pull.title, status: 'closed'}).count + }.by(1) end end diff --git a/spec/models/subscribe_spec.rb b/spec/models/subscribe_spec.rb index 263d142c3..cacf7b9ba 100644 --- a/spec/models/subscribe_spec.rb +++ b/spec/models/subscribe_spec.rb @@ -1,78 +1,19 @@ require 'spec_helper' -require "cancan/matchers" - -def set_testable_data - @ability = Ability.new(@user) - - @project = FactoryGirl.create(:project) - @issue = FactoryGirl.create(:issue, project_id: @project.id) - - allow_any_instance_of(Project).to receive(:versions).and_return(%w(v1.0 v2.0)) -end describe Subscribe do - before { stub_symlink_methods } - context 'for global admin user' do - before(:each) do - @user = FactoryGirl.create(:admin) - @stranger = FactoryGirl.create(:user) + before(:each) { stub_symlink_methods } - set_testable_data + context 'validates that subscribe contains user' do + + it 'when subscribe contains user' do + s = FactoryGirl.build(:subscribe) + expect(s.valid?).to be_truthy end - it 'should create subscribe' do - @ability.should be_able_to(:create, FactoryGirl.build(:subscribe, subscribeable: @issue, user: @user)) - end - - context 'destroy' do - before(:each) do - @subscribe = FactoryGirl.create(:subscribe, subscribeable: @issue, user: @user) - @stranger_subscribe = FactoryGirl.create(:subscribe, subscribeable: @issue, user: @stranger) - end - - context 'own subscribe' do - it 'should destroy subscribe' do - @ability.should be_able_to(:destroy, @subscribe) - end - end - - context 'stranger subscribe' do - it 'should not destroy subscribe' do - @ability.should_not be_able_to(:destroy, @stranger_subscribe) - end - end - end - end - - context 'for simple user' do - before(:each) do - @user = FactoryGirl.create(:user) - @stranger = FactoryGirl.create(:user) - - set_testable_data - end - - it 'should create subscribe' do - @ability.should be_able_to(:create, FactoryGirl.build(:subscribe, subscribeable: @issue, user: @user)) - end - - context 'destroy' do - before(:each) do - @subscribe = FactoryGirl.create(:subscribe, subscribeable: @issue, user: @user) - @stranger_subscribe = FactoryGirl.create(:subscribe, subscribeable: @issue, user: @stranger) - end - - context 'own subscribe' do - it 'should destroy subscribe' do - @ability.should be_able_to(:destroy, @subscribe) - end - end - - context 'stranger subscribe' do - it 'should not destroy subscribe' do - @ability.should_not be_able_to(:destroy, @stranger_subscribe) - end - end + it 'when subscribe does not contains user' do + s = FactoryGirl.build(:subscribe) + s.user = nil + expect(s.valid?).to be_falsy end end end diff --git a/spec/policies/advisory_policy_spec.rb b/spec/policies/advisory_policy_spec.rb new file mode 100644 index 000000000..766ae822f --- /dev/null +++ b/spec/policies/advisory_policy_spec.rb @@ -0,0 +1,31 @@ +require 'spec_helper' + +RSpec.describe AdvisoryPolicy, type: :policy do + let(:advisory) { FactoryGirl.build(:advisory) } + subject { described_class } + + %i(index? search? show?).each do |perm| + permissions perm do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, advisory) + end + + it "grants access to user" do + expect(subject).to permit(FactoryGirl.create(:user), advisory) + end + end + end + + %i(create? update?).each do |perm| + permissions perm do + it "denies access to anonymous user" do + expect(subject).not_to permit(User.new, advisory) + end + + it "grants access to user" do + expect(subject).to permit(FactoryGirl.create(:user), advisory) + end + end + end + +end diff --git a/spec/policies/arch_policy_spec.rb b/spec/policies/arch_policy_spec.rb new file mode 100644 index 000000000..b071d0be5 --- /dev/null +++ b/spec/policies/arch_policy_spec.rb @@ -0,0 +1,17 @@ +require 'spec_helper' + +RSpec.describe ArchPolicy, type: :policy do + let(:arch) { FactoryGirl.build(:arch) } + subject { described_class } + + permissions :index? do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, arch) + end + + it "grants access to user" do + expect(subject).to permit(FactoryGirl.create(:user), arch) + end + end + +end diff --git a/spec/policies/build_list_policy_spec.rb b/spec/policies/build_list_policy_spec.rb new file mode 100644 index 000000000..70ee752ee --- /dev/null +++ b/spec/policies/build_list_policy_spec.rb @@ -0,0 +1,263 @@ +require 'spec_helper' + +RSpec.describe BuildListPolicy, type: :policy do + let(:build_list) { FactoryGirl.build(:build_list) } + subject { described_class } + + permissions :index? do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, build_list) + end + + it "grants access to user" do + expect(subject).to permit(FactoryGirl.create(:user), build_list) + end + end + + %i(show? read? log? everything? owned? everything? list?).each do |perm| + permissions perm do + it "grants access for creator" do + expect(subject).to permit(build_list.user, build_list) + end + + it "grants access if user can read project" do + allow_any_instance_of(ProjectPolicy).to receive(:show?).and_return(true) + expect(subject).to permit(User.new, build_list) + end + + it "denies access if user can not read project" do + allow_any_instance_of(ProjectPolicy).to receive(:show?).and_return(false) + expect(subject).to_not permit(User.new, build_list) + end + end + end + + %i(create? rerun_tests?).each do |perm| + permissions perm do + before do + allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true) + allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true) + end + + it "grants access to user" do + expect(subject).to permit(FactoryGirl.build(:user), build_list) + end + + it "denies access if project is not a package" do + build_list.project.is_package = false + expect(subject).to_not permit(User.new, build_list) + end + + it "denies access if user can not write to project" do + allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(false) + expect(subject).to_not permit(User.new, build_list) + end + + it "denies access if user can not read platform" do + allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(false) + expect(subject).to_not permit(User.new, build_list) + end + end + end + + permissions :dependent_projects? do + before do + allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(true) + end + + it "grants access to user" do + expect(subject).to permit(User.new, build_list) + end + + it "denies access if user can not to create build list" do + allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(false) + expect(subject).to_not permit(User.new, build_list) + end + + it "denies access if save_to_platform is not main" do + allow(build_list.save_to_platform).to receive(:main?).and_return(false) + expect(subject).to_not permit(User.new, build_list) + end + end + + permissions :publish_into_testing? do + before do + allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(true) + allow_any_instance_of(BuildListPolicy).to receive(:publish?).and_return(true) + allow(build_list).to receive(:can_publish_into_testing?).and_return(true) + end + + it "grants access to user" do + expect(subject).to permit(User.new, build_list) + end + + it "grants access if user can not to create but can publish build list" do + allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(false) + expect(subject).to permit(User.new, build_list) + end + + it "denies access if build is from old core" do + build_list.new_core = false + expect(subject).to_not permit(User.new, build_list) + end + + it "denies access if build can not be published" do + allow(build_list).to receive(:can_publish_into_testing?).and_return(false) + expect(subject).to_not permit(User.new, build_list) + end + + it "denies access if user can not to create and publish build list" do + allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(false) + allow_any_instance_of(BuildListPolicy).to receive(:publish?).and_return(false) + expect(subject).to_not permit(User.new, build_list) + end + + context 'for personal platform' do + before do + allow(build_list.save_to_platform).to receive(:main?).and_return(false) + end + + it "grants access to user" do + expect(subject).to permit(User.new, build_list) + end + + it "denies access if user can not to create but can publish build list" do + allow_any_instance_of(BuildListPolicy).to receive(:create?).and_return(false) + expect(subject).to_not permit(User.new, build_list) + end + end + end + + permissions :publish? do + before do + allow(build_list).to receive(:can_publish?).and_return(true) + end + + context 'build published' do + before do + allow(build_list).to receive(:build_published?).and_return(true) + end + + it "denies access to user" do + expect(subject).to_not permit(User.new, build_list) + end + + it "grants access to admin of platform" do + allow_any_instance_of(BuildListPolicy).to receive(:local_admin?). + with(build_list.save_to_platform).and_return(true) + expect(subject).to permit(User.new, build_list) + end + + it "grants access to member of repository" do + allow(build_list.save_to_repository).to receive_message_chain(:members, :exists?).and_return(true) + expect(subject).to permit(User.new, build_list) + end + end + + context 'build not published' do + it "denies access to user" do + expect(subject).to_not permit(User.new, build_list) + end + + it "grants access to admin of platform if publish_without_qa is disabled" do + build_list.save_to_repository.publish_without_qa = false + allow_any_instance_of(BuildListPolicy).to receive(:local_admin?). + with(build_list.save_to_platform).and_return(true) + + expect(subject).to permit(User.new, build_list) + end + + it "grants access if user can write to project" do + allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true) + expect(subject).to permit(User.new, build_list) + end + end + end + + permissions :create_container? do + it "denies access to user" do + expect(subject).to_not permit(User.new, build_list) + end + + context 'user can write to project' do + before do + allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true) + end + + it "grants access to user" do + expect(subject).to permit(User.new, build_list) + end + + it "denies access if build is from old core" do + build_list.new_core = false + expect(subject).to_not permit(User.new, build_list) + end + end + + context 'user admin of platform' do + before do + allow_any_instance_of(BuildListPolicy).to receive(:local_admin?). + with(build_list.save_to_platform).and_return(true) + end + + it "grants access to user" do + expect(subject).to permit(User.new, build_list) + end + + it "denies access if build is from old core" do + build_list.new_core = false + expect(subject).to_not permit(User.new, build_list) + end + end + end + + permissions :reject_publish? do + it "denies access to user" do + expect(subject).to_not permit(User.new, build_list) + end + + it "grants access if user can write to project" do + allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true) + expect(subject).to permit(User.new, build_list) + end + + it "denies access to admin of platform" do + allow_any_instance_of(BuildListPolicy).to receive(:local_admin?). + with(build_list.save_to_platform).and_return(true) + expect(subject).to_not permit(User.new, build_list) + end + + context 'publish_without_qa is disabled' do + before do + build_list.save_to_repository.publish_without_qa = false + end + + it "denies access to user" do + expect(subject).to_not permit(User.new, build_list) + end + + it "denies access if user can write to project" do + allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true) + expect(subject).to_not permit(User.new, build_list) + end + + it "grants access to admin of platform" do + allow_any_instance_of(BuildListPolicy).to receive(:local_admin?). + with(build_list.save_to_platform).and_return(true) + expect(subject).to permit(User.new, build_list) + end + end + end + + permissions :cancel? do + it "denies access to user" do + expect(subject).to_not permit(User.new, build_list) + end + + it "grants access if user can write to project" do + allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true) + expect(subject).to permit(User.new, build_list) + end + end + +end diff --git a/spec/policies/comment_policy_spec.rb b/spec/policies/comment_policy_spec.rb new file mode 100644 index 000000000..4787b6866 --- /dev/null +++ b/spec/policies/comment_policy_spec.rb @@ -0,0 +1,47 @@ +require 'spec_helper' + +RSpec.describe CommentPolicy, type: :policy do + let(:comment) { FactoryGirl.build(:comment) } + subject { described_class } + + %i(create? new_line?).each do |perm| + permissions perm do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, comment) + end + + it "denies access if user can not read a project" do + allow_any_instance_of(ProjectPolicy).to receive(:show?).and_return(false) + expect(subject).to_not permit(FactoryGirl.create(:user), comment) + end + + it "grants access if user can read a project" do + allow_any_instance_of(ProjectPolicy).to receive(:show?).and_return(true) + expect(subject).to permit(FactoryGirl.create(:user), comment) + end + end + end + + %i(update? destroy?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, comment) + end + + it "grants access for creator" do + expect(subject).to permit(comment.user, comment) + end + + it "grants access for admin of project" do + allow_any_instance_of(CommentPolicy).to receive(:local_admin?). + with(comment.project).and_return(true) + expect(subject).to permit(User.new, comment) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), comment) + end + end + end + +end diff --git a/spec/policies/group_policy_spec.rb b/spec/policies/group_policy_spec.rb new file mode 100644 index 000000000..587207d8d --- /dev/null +++ b/spec/policies/group_policy_spec.rb @@ -0,0 +1,107 @@ +require 'spec_helper' + +RSpec.describe GroupPolicy, type: :policy do + let(:group) { FactoryGirl.build(:group) } + let(:user) { FactoryGirl.create(:user) } + subject { described_class } + + + %i(index? create? remove_user?).each do |perm| + permissions perm do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, group) + end + + it "grants access to user" do + expect(subject).to permit(user, group) + end + end + end + + permissions :show? do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, group) + end + end + + permissions :reader? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, group) + end + + it "denies access to user" do + expect(subject).to_not permit(user, group) + end + + it "grants access to group reader" do + allow_any_instance_of(GroupPolicy).to receive(:local_reader?).and_return(true) + expect(subject).to permit(user, group) + end + end + + permissions :write? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, group) + end + + it "denies access to user" do + expect(subject).to_not permit(user, group) + end + + it "grants access to group writer" do + allow_any_instance_of(GroupPolicy).to receive(:local_writer?).and_return(true) + expect(subject).to permit(user, group) + end + end + + %i(update? add_member? manage_members? members? remove_member? remove_members? update_member?).each do |perm| + permissions perm do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, group) + end + + it "denies access to user" do + expect(subject).to_not permit(user, group) + end + + it "grants access to group owner" do + group.save! + expect(subject).to permit(group.owner, group) + end + + it "grants access to group admin" do + allow_any_instance_of(GroupPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to permit(user, group) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), group) + end + end + end + + permissions :destroy? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, group) + end + + it "denies access to user" do + expect(subject).to_not permit(user, group) + end + + it "denies access to group admin" do + allow_any_instance_of(GroupPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to_not permit(user, group) + end + + it "grants access to group owner" do + group.save! + expect(subject).to permit(group.owner, group) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), group) + end + end + +end diff --git a/spec/policies/hook_policy_spec.rb b/spec/policies/hook_policy_spec.rb new file mode 100644 index 000000000..dc98c2dd7 --- /dev/null +++ b/spec/policies/hook_policy_spec.rb @@ -0,0 +1,25 @@ +require 'spec_helper' + +RSpec.describe HookPolicy, type: :policy do + let(:hook) { FactoryGirl.build(:hook) } + subject { described_class } + + %i(show? read? create? destroy? update?).each do |perm| + permissions perm do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, hook) + end + + it "denies access if user can not update a project" do + allow_any_instance_of(ProjectPolicy).to receive(:update?).and_return(false) + expect(subject).to_not permit(User.new, hook) + end + + it "grants access if user can update a project" do + allow_any_instance_of(ProjectPolicy).to receive(:update?).and_return(true) + expect(subject).to permit(User.new, hook) + end + end + end + +end diff --git a/spec/policies/issue_policy_spec.rb b/spec/policies/issue_policy_spec.rb new file mode 100644 index 000000000..00690c80f --- /dev/null +++ b/spec/policies/issue_policy_spec.rb @@ -0,0 +1,63 @@ +require 'spec_helper' + +RSpec.describe IssuePolicy, type: :policy do + let(:issue) { FactoryGirl.build(:issue) } + let(:user) { FactoryGirl.create(:user) } + subject { described_class } + + permissions :index? do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, issue) + end + end + + %i(show? create? read?).each do |perm| + permissions perm do + it "denies access if user can not read a project" do + allow_any_instance_of(ProjectPolicy).to receive(:show?).and_return(false) + expect(subject).to_not permit(User.new, issue) + end + + context "user can read a project" do + before do + allow_any_instance_of(ProjectPolicy).to receive(:show?).and_return(true) + end + + it "grants access" do + expect(subject).to permit(User.new, issue) + end + + it "denies access if project issues are disabled" do + issue.project.has_issues = false + expect(subject).to_not permit(User.new, issue) + end + end + + end + end + + permissions :update? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, issue) + end + + it "denies access to user" do + expect(subject).to_not permit(user, issue) + end + + it "grants access to project admin" do + allow_any_instance_of(IssuePolicy).to receive(:local_admin?).with(issue.project).and_return(true) + expect(subject).to permit(user, issue) + end + + it "grants access to issue owner" do + issue.save! + expect(subject).to permit(issue.user, issue) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), issue) + end + end + +end diff --git a/spec/policies/key_pair_policy_spec.rb b/spec/policies/key_pair_policy_spec.rb new file mode 100644 index 000000000..879d45e19 --- /dev/null +++ b/spec/policies/key_pair_policy_spec.rb @@ -0,0 +1,25 @@ +require 'spec_helper' + +RSpec.describe KeyPairPolicy, type: :policy do + let(:key_pair) { FactoryGirl.build(:key_pair) } + subject { described_class } + + %i(create? destroy?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, key_pair) + end + + it "grants access for admin of platform" do + allow_any_instance_of(KeyPairPolicy).to receive(:local_admin?). + with(key_pair.repository.platform).and_return(true) + expect(subject).to permit(User.new, key_pair) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), key_pair) + end + end + end + +end diff --git a/spec/policies/mass_build_policy_spec.rb b/spec/policies/mass_build_policy_spec.rb new file mode 100644 index 000000000..c113854a6 --- /dev/null +++ b/spec/policies/mass_build_policy_spec.rb @@ -0,0 +1,74 @@ +require 'spec_helper' + +RSpec.describe MassBuildPolicy, type: :policy do + let(:mass_build) { FactoryGirl.build(:mass_build) } + subject { described_class } + + %i(show? read? get_list?).each do |perm| + permissions perm do + it "denies access if user can not show a platform" do + allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(false) + expect(subject).to_not permit(User.new, mass_build) + end + + it "grants access if user can show a platform" do + allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true) + expect(subject).to permit(User.new, mass_build) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), mass_build) + end + end + end + + %i(create? publish?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, mass_build) + end + + it "grants access for admin of platform" do + allow_any_instance_of(MassBuildPolicy).to receive(:local_admin?). + with(mass_build.save_to_platform).and_return(true) + expect(subject).to permit(User.new, mass_build) + end + + it "grants access for owner of platform" do + allow_any_instance_of(MassBuildPolicy).to receive(:owner?). + with(mass_build.save_to_platform).and_return(true) + expect(subject).to permit(User.new, mass_build) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), mass_build) + end + end + end + + permissions :cancel? do + before do + mass_build.stop_build = false + end + + it "denies access to user" do + expect(subject).to_not permit(User.new, mass_build) + end + + context 'user can create mass build' do + before do + allow_any_instance_of(MassBuildPolicy).to receive(:create?).and_return(true) + end + + it "grants access to user" do + expect(subject).to permit(User.new, mass_build) + end + + it "denies access to user if mass build has been stopped" do + mass_build.stop_build = true + expect(subject).to_not permit(User.new, mass_build) + end + end + end + +end diff --git a/spec/policies/platform_policy_spec.rb b/spec/policies/platform_policy_spec.rb new file mode 100644 index 000000000..2ee3cacd8 --- /dev/null +++ b/spec/policies/platform_policy_spec.rb @@ -0,0 +1,264 @@ +require 'spec_helper' + +RSpec.describe PlatformPolicy, type: :policy do + let(:platform) { FactoryGirl.build(:platform) } + subject { described_class } + + permissions :index? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, :platform) + end + + it "grants access to user" do + expect(subject).to permit(FactoryGirl.create(:user), :platform) + end + end + + + %i(allowed? platforms_for_build?).each do |perm| + permissions perm do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, :platform) + end + end + end + + %i(show? advisories? owned? read? related?).each do |perm| + permissions perm do + context 'open platform' do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, platform) + end + end + + context 'hidden platform' do + before do + platform.visibility = Platform::VISIBILITY_HIDDEN + end + + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for reader of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:local_reader?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for reader of repository" do + allow_any_instance_of(PlatformPolicy).to receive(:user_platform_ids).and_return([platform.id]) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + end + end + end + + permissions :members? do + context 'open platform' do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, platform) + end + end + + context 'hidden platform' do + before do + platform.visibility = Platform::VISIBILITY_HIDDEN + end + + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for reader of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:local_reader?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + end + end + + permissions :create? do + it "denies access to user" do + expect(subject).to_not permit(User.new, :platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), :platform) + end + end + + permissions :update? do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + end + + permissions :destroy? do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + + context 'personal platform' do + let(:platform) { FactoryGirl.build(:personal_platform) } + + it "denies access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to_not permit(User.new, platform) + end + + it "denies access for to global admin" do + expect(subject).to_not permit(FactoryGirl.build(:admin), platform) + end + end + end + + %i(local_admin_manage? add_project? remove_file?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for admin of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + end + end + + %i(clone? make_clone?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + + context 'personal platform' do + let(:platform) { FactoryGirl.build(:personal_platform) } + + it "denies access for to global admin" do + expect(subject).to_not permit(FactoryGirl.build(:admin), platform) + end + end + end + end + + %i(add_member? regenerate_metadata? remove_member? remove_members?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for admin of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + + context 'personal platform' do + let(:platform) { FactoryGirl.build(:personal_platform) } + + it "denies access for admin of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to_not permit(User.new, platform) + end + + it "denies access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to_not permit(User.new, platform) + end + + it "denies access for to global admin" do + expect(subject).to_not permit(FactoryGirl.build(:admin), platform) + end + end + end + end + + permissions :clear? do + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "denies access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to_not permit(User.new, platform) + end + + it "denies access for to global admin" do + expect(subject).to_not permit(FactoryGirl.build(:admin), platform) + end + + context 'personal platform' do + let(:platform) { FactoryGirl.build(:personal_platform) } + + it "denies access to user" do + expect(subject).to_not permit(User.new, platform) + end + + it "grants access for owner of platform" do + allow_any_instance_of(PlatformPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, platform) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), platform) + end + end + end + +end diff --git a/spec/policies/product_build_list_policy_spec.rb b/spec/policies/product_build_list_policy_spec.rb new file mode 100644 index 000000000..8d2f0b6a1 --- /dev/null +++ b/spec/policies/product_build_list_policy_spec.rb @@ -0,0 +1,83 @@ +require 'spec_helper' + +RSpec.describe ProductBuildListPolicy, type: :policy do + let(:pbl) { FactoryGirl.build(:product_build_list) } + subject { described_class } + + permissions :index? do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, pbl) + end + end + + %i(show? log? read?).each do |perm| + permissions perm do + it "denies access to user if user can not show a product" do + allow_any_instance_of(ProductPolicy).to receive(:show?).and_return(false) + expect(subject).not_to permit(User.new, pbl) + end + + it "grants access if user can show a product" do + allow_any_instance_of(ProductPolicy).to receive(:show?).and_return(true) + expect(subject).to permit(User.new, pbl) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), pbl) + end + end + end + + %i(create? cancel?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).not_to permit(User.new, pbl) + end + + it "grants access if user can write to project" do + allow_any_instance_of(ProjectPolicy).to receive(:write?).and_return(true) + expect(subject).to permit(User.new, pbl) + end + + it "grants access if user can update a product" do + allow_any_instance_of(ProductPolicy).to receive(:update?).and_return(true) + expect(subject).to permit(User.new, pbl) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), pbl) + end + end + end + + permissions :update? do + it "denies access to user" do + expect(subject).not_to permit(User.new, pbl) + end + + it "grants access if user can update a product" do + allow_any_instance_of(ProductPolicy).to receive(:update?).and_return(true) + expect(subject).to permit(User.new, pbl) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), pbl) + end + end + + permissions :destroy? do + it "denies access to user" do + expect(subject).not_to permit(User.new, pbl) + end + + it "grants access if user can destroy a product" do + allow_any_instance_of(ProductPolicy).to receive(:destroy?).and_return(true) + expect(subject).to permit(User.new, pbl) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), pbl) + end + end + +end diff --git a/spec/policies/product_policy_spec.rb b/spec/policies/product_policy_spec.rb new file mode 100644 index 000000000..f81857fdc --- /dev/null +++ b/spec/policies/product_policy_spec.rb @@ -0,0 +1,85 @@ +require 'spec_helper' + +RSpec.describe ProductPolicy, type: :policy do + let(:product) { FactoryGirl.build(:product) } + subject { described_class } + + permissions :index? do + it "grants access to user" do + expect(subject).to permit(User.new, product) + end + + context 'personal platform' do + let(:platform) { FactoryGirl.build(:personal_platform) } + before do + product.platform = platform + end + + it "denies access to user" do + expect(subject).to_not permit(User.new, product) + end + end + end + + %i(show? read?).each do |perm| + permissions perm do + it "denies access to user if user can not show a platform" do + allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(false) + expect(subject).not_to permit(User.new, product) + end + + it "grants access if user can show a platform" do + allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true) + expect(subject).to permit(User.new, product) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), product) + end + end + end + + %i(create? clone? destroy? update?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).not_to permit(User.new, product) + end + + it "grants access for admin of platform" do + allow_any_instance_of(ProductPolicy).to receive(:local_admin?). + with(product.platform).and_return(true) + expect(subject).to permit(User.new, product) + end + + it "grants access for owner of platform" do + allow_any_instance_of(ProductPolicy).to receive(:owner?). + with(product.platform).and_return(true) + expect(subject).to permit(User.new, product) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), product) + end + + context 'personal platform' do + let(:platform) { FactoryGirl.build(:personal_platform) } + before do + product.platform = platform + end + + it "denies access for admin of platform" do + allow_any_instance_of(ProductPolicy).to receive(:local_admin?). + with(product.platform).and_return(true) + expect(subject).not_to permit(User.new, product) + end + + it "denies access for owner of platform" do + allow_any_instance_of(ProductPolicy).to receive(:owner?). + with(product.platform).and_return(true) + expect(subject).not_to permit(User.new, product) + end + end + end + end + +end diff --git a/spec/policies/project_policy_spec.rb b/spec/policies/project_policy_spec.rb new file mode 100644 index 000000000..1cfdd5ac2 --- /dev/null +++ b/spec/policies/project_policy_spec.rb @@ -0,0 +1,255 @@ +require 'spec_helper' + +RSpec.describe ProjectPolicy, type: :policy do + let(:project) { FactoryGirl.build(:project) } + let(:user) { FactoryGirl.create(:user) } + subject { described_class } + + + permissions :index? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, :project) + end + + it "grants access to user" do + expect(subject).to permit(user, :project) + end + end + + %i(show? read? archive? get_id? refs_list?).each do |perm| + permissions perm do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, project) + end + + context 'hidden project' do + before do + project.visibility = 'hidden' + end + + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, project) + end + + it "grants access for owner of project" do + expect(subject).to permit(project.owner, project) + end + + it "grants access for member of project owner group" do + project = FactoryGirl.build(:group_project) + allow_any_instance_of(ProjectPolicy).to receive(:user_group_ids).and_return([project.owner_id]) + expect(subject).to permit(User.new, project) + end + + it "grants access for reader of project" do + allow_any_instance_of(ProjectPolicy).to receive(:local_reader?).and_return(true) + expect(subject).to permit(User.new, project) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), project) + end + end + end + end + + permissions :fork? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, project) + end + + it "grants access to user" do + expect(subject).to permit(user, project) + end + + context 'hidden project' do + before do + project.visibility = 'hidden' + end + + it "grants access for owner of project" do + expect(subject).to permit(project.owner, project) + end + + it "grants access for member of project owner group" do + project = FactoryGirl.build(:group_project) + allow_any_instance_of(ProjectPolicy).to receive(:user_group_ids).and_return([project.owner_id]) + expect(subject).to permit(user, project) + end + + it "grants access for reader of project" do + allow_any_instance_of(ProjectPolicy).to receive(:local_reader?).and_return(true) + expect(subject).to permit(user, project) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), project) + end + end + end + + permissions :create? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, project) + end + + it "denies access if user can not write to owner" do + allow_any_instance_of(UserPolicy).to receive(:write?).and_return(false) + expect(subject).to_not permit(user, project) + end + + it "grants access if user can write to owner" do + allow_any_instance_of(UserPolicy).to receive(:write?).and_return(true) + expect(subject).to permit(user, project) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), project) + end + end + + %i( + add_member? + alias? + autocomplete_maintainers? + manage_collaborators? + members? + remove_member? + remove_members? + schedule? + sections? + update? + update_member? + ).each do |perm| + permissions perm do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, project) + end + + it "denies access to user" do + expect(subject).to_not permit(user, project) + end + + it "grants access for owner of project" do + expect(subject).to permit(project.owner, project) + end + + it "grants access for admin of project" do + allow_any_instance_of(ProjectPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to permit(user, project) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), project) + end + end + end + + permissions :destroy? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, project) + end + + it "denies access to user" do + expect(subject).to_not permit(user, project) + end + + it "grants access for owner of project" do + expect(subject).to permit(project.owner, project) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), project) + end + + context 'owner is group' do + let(:project) { FactoryGirl.create(:group_project) } + before do + project.owner.add_member user, 'admin' + end + + it "grants access for admin of project owner group" do + expect(subject).to permit(user, project) + end + end + end + + permissions :mass_import? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, project) + end + + it "denies access to user" do + expect(subject).to_not permit(user, project) + end + + it "grants access for admin of main platform" do + platform = FactoryGirl.create(:platform) + platform.add_member user, 'admin' + expect(subject).to permit(user, project) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), project) + end + end + + permissions :run_mass_import? do + let(:repository) { FactoryGirl.create(:repository) } + before do + project.add_to_repository_id = repository.id + end + + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, project) + end + + it "denies access to user" do + expect(subject).to_not permit(user, project) + end + + context 'user can add projects to platform and can write to owner' do + before do + allow_any_instance_of(UserPolicy).to receive(:write?).and_return(true) + allow_any_instance_of(PlatformPolicy).to receive(:add_project?).and_return(true) + end + + it "grants access to user" do + expect(subject).to permit(user, project) + end + + it "denies access to user for personal platform" do + allow_any_instance_of(Platform).to receive(:main?).and_return(false) + expect(subject).to_not permit(user, project) + end + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), project) + end + end + + permissions :write? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, project) + end + + it "denies access to user" do + expect(subject).to_not permit(user, project) + end + + it "grants access for owner of project" do + expect(subject).to permit(project.owner, project) + end + + it "grants access for writer of project" do + allow_any_instance_of(ProjectPolicy).to receive(:local_writer?).and_return(true) + expect(subject).to permit(user, project) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), project) + end + end + +end diff --git a/spec/policies/pull_request_policy_spec.rb b/spec/policies/pull_request_policy_spec.rb new file mode 100644 index 000000000..40462bd02 --- /dev/null +++ b/spec/policies/pull_request_policy_spec.rb @@ -0,0 +1,80 @@ +require 'spec_helper' + +RSpec.describe PullRequestPolicy, type: :policy do + let(:pull_request) { FactoryGirl.build(:pull_request) } + let(:user) { FactoryGirl.create(:user) } + subject { described_class } + + permissions :index? do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, pull_request) + end + end + + %i(show? read? commits? files? create?).each do |perm| + permissions perm do + it "denies access if user can not read a project" do + allow_any_instance_of(ProjectPolicy).to receive(:show?).and_return(false) + expect(subject).to_not permit(User.new, pull_request) + end + + context "user can read a project" do + before do + allow_any_instance_of(ProjectPolicy).to receive(:show?).and_return(true) + end + + it "grants access" do + expect(subject).to permit(User.new, pull_request) + end + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), pull_request) + end + end + end + + permissions :update? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, pull_request) + end + + it "denies access to user" do + expect(subject).to_not permit(user, pull_request) + end + + it "grants access for writer of project" do + allow_any_instance_of(PullRequestPolicy).to receive(:local_writer?).and_return(true) + expect(subject).to permit(user, pull_request) + end + + it "grants access to issue owner" do + pull_request.user.save! + expect(subject).to permit(pull_request.user, pull_request) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), pull_request) + end + end + + permissions :merge? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, pull_request) + end + + it "denies access to user" do + expect(subject).to_not permit(user, pull_request) + end + + it "grants access for writer of project" do + allow_any_instance_of(PullRequestPolicy).to receive(:local_writer?).and_return(true) + expect(subject).to permit(user, pull_request) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.create(:admin), pull_request) + end + end + +end diff --git a/spec/policies/repository_policy_spec.rb b/spec/policies/repository_policy_spec.rb new file mode 100644 index 000000000..76d7d9c17 --- /dev/null +++ b/spec/policies/repository_policy_spec.rb @@ -0,0 +1,205 @@ +require 'spec_helper' + +RSpec.describe RepositoryPolicy, type: :policy do + let(:repository) { FactoryGirl.build(:repository) } + subject { described_class } + + %i(show? projects? projects_list? read?).each do |perm| + permissions perm do + it "denies access if user can not show a platform" do + allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(false) + expect(subject).to_not permit(User.new, repository) + end + + it "grants access if user can show a platform" do + allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true) + expect(subject).to permit(User.new, repository) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), repository) + end + end + end + + permissions :reader? do + it "denies access to user" do + expect(subject).to_not permit(User.new, repository) + end + + it "grants access for reader of platform" do + allow_any_instance_of(RepositoryPolicy).to receive(:local_reader?). + with(repository.platform).and_return(true) + expect(subject).to permit(User.new, repository) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), repository) + end + end + + permissions :write? do + it "denies access to user" do + expect(subject).to_not permit(User.new, repository) + end + + it "grants access for writer of platform" do + allow_any_instance_of(RepositoryPolicy).to receive(:local_writer?). + with(repository.platform).and_return(true) + expect(subject).to permit(User.new, repository) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), repository) + end + end + + %i(update? manage_members? regenerate_metadata? signatures?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, repository) + end + + it "grants access for admin of platform" do + allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?). + with(repository.platform).and_return(true) + expect(subject).to permit(User.new, repository) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), repository) + end + end + end + + %i(create? destroy?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, repository) + end + + it "grants access for admin of platform" do + allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?). + with(repository.platform).and_return(true) + expect(subject).to permit(User.new, repository) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), repository) + end + + it "denies access for personal platform and repository with 'main' name" do + repository.platform = FactoryGirl.build(:personal_platform) + repository.name = 'main' + expect(subject).to_not permit(FactoryGirl.build(:admin), repository) + end + end + end + + %i(packages? remove_member? remove_members? add_member? sync_lock_file?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, repository) + end + + it "grants access for admin of platform" do + allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?). + with(repository.platform).and_return(true) + expect(subject).to permit(User.new, repository) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), repository) + end + + it "denies access for personal platform" do + repository.platform = FactoryGirl.build(:personal_platform) + expect(subject).to_not permit(FactoryGirl.build(:admin), repository) + end + end + end + + %i(add_project? remove_project?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, repository) + end + + it "grants access for admin of platform" do + allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?). + with(repository.platform).and_return(true) + expect(subject).to permit(User.new, repository) + end + + it "grants access for member of repository" do + user = FactoryGirl.build(:user, id: 123) + allow_any_instance_of(RepositoryPolicy).to receive(:repository_user_ids).and_return([123]) + expect(subject).to permit(user, repository) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), repository) + end + end + end + + permissions :settings? do + it "denies access to user" do + expect(subject).to_not permit(User.new, repository) + end + + it "grants access for admin of platform" do + allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?). + with(repository.platform).and_return(true) + expect(subject).to permit(User.new, repository) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), repository) + end + end + + permissions :key_pair? do + it "denies access to user" do + expect(subject).to_not permit(User.new, repository) + end + + it "denies access for to global admin" do + expect(subject).to_not permit(FactoryGirl.build(:admin), repository) + end + + it "grants access to system user" do + expect(subject).to permit(FactoryGirl.build(:user, role: 'system'), repository) + end + end + + %i(add_repo_lock_file? remove_repo_lock_file?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, repository) + end + + it "grants access for admin of platform" do + allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?). + with(repository.platform).and_return(true) + expect(subject).to permit(User.new, repository) + end + + it "denies access for admin of personal platform" do + allow(repository.platform).to receive(:main?).and_return(false) + allow_any_instance_of(RepositoryPolicy).to receive(:local_admin?). + with(repository.platform).and_return(true) + expect(subject).to_not permit(User.new, repository) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), repository) + end + + it "grants access to system user" do + expect(subject).to permit(FactoryGirl.build(:user, role: 'system'), repository) + end + end + end + +end diff --git a/spec/policies/statistic_policy_spec.rb b/spec/policies/statistic_policy_spec.rb new file mode 100644 index 000000000..0c0fd2d22 --- /dev/null +++ b/spec/policies/statistic_policy_spec.rb @@ -0,0 +1,12 @@ +require 'spec_helper' + +RSpec.describe StatisticPolicy, type: :policy do + subject { described_class } + + permissions :index? do + it "grants access to user" do + expect(subject).to permit(User.new, :statistic) + end + end + +end diff --git a/spec/policies/subscribe_policy_spec.rb b/spec/policies/subscribe_policy_spec.rb new file mode 100644 index 000000000..4fcff1167 --- /dev/null +++ b/spec/policies/subscribe_policy_spec.rb @@ -0,0 +1,35 @@ +require 'spec_helper' + +RSpec.describe SubscribePolicy, type: :policy do + let(:subscribe) { FactoryGirl.create(:subscribe) } + subject { described_class } + + permissions :create? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, subscribe) + end + + it "grants access to user" do + expect(subject).to permit(FactoryGirl.create(:user), subscribe) + end + + it "denies access if user already subscribed" do + expect(subject).to_not permit(subscribe.user, subscribe) + end + end + + permissions :destroy? do + it "denies access to anonymous user" do + expect(subject).to_not permit(User.new, subscribe) + end + + it "denies access to user" do + expect(subject).to_not permit(FactoryGirl.create(:user), subscribe) + end + + it "grants access if user already subscribed" do + expect(subject).to permit(subscribe.user, subscribe) + end + end + +end diff --git a/spec/policies/token_policy_spec.rb b/spec/policies/token_policy_spec.rb new file mode 100644 index 000000000..012c0e644 --- /dev/null +++ b/spec/policies/token_policy_spec.rb @@ -0,0 +1,29 @@ +require 'spec_helper' + +RSpec.describe TokenPolicy, type: :policy do + let(:token) { FactoryGirl.build(:platform_token) } + subject { described_class } + + %i(show? create? read? withdraw?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, token) + end + + it "grants access to owner of platform" do + allow_any_instance_of(TokenPolicy).to receive(:owner?).and_return(true) + expect(subject).to permit(User.new, token) + end + + it "grants access to admin of platform" do + allow_any_instance_of(TokenPolicy).to receive(:local_admin?).and_return(true) + expect(subject).to permit(User.new, token) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), token) + end + end + end + +end diff --git a/spec/policies/user_policy_spec.rb b/spec/policies/user_policy_spec.rb new file mode 100644 index 000000000..73ed53c97 --- /dev/null +++ b/spec/policies/user_policy_spec.rb @@ -0,0 +1,30 @@ +require 'spec_helper' + +RSpec.describe UserPolicy, type: :policy do + let(:user) { FactoryGirl.build(:user) } + subject { described_class } + + + permissions :show? do + it "grants access to anonymous user" do + expect(subject).to permit(User.new, user) + end + end + + %i(update? notifiers? show_current_user? write?).each do |perm| + permissions perm do + it "denies access to user" do + expect(subject).to_not permit(User.new, user) + end + + it "grants access for himself" do + expect(subject).to permit(user, user) + end + + it "grants access for to global admin" do + expect(subject).to permit(FactoryGirl.build(:admin), user) + end + end + end + +end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index a61e17058..fcf0b5993 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -3,6 +3,7 @@ ENV["RAILS_ENV"] ||= 'test' require File.expand_path("../../config/environment", __FILE__) require 'rspec/rails' require 'webmock/rspec' +require 'pundit/rspec' # Requires supporting ruby files with custom matchers and macros, etc, # in spec/support/ and its subdirectories. @@ -40,6 +41,7 @@ RSpec.configure do |config| config.before(:all) { init_test_root } config.after(:all) { clear_test_root } config.before { stub_redis } + config.before(type: :policy) { stub_symlink_methods } end def set_session_for(user=nil) diff --git a/spec/support/shared_examples/admin_examples.rb b/spec/support/shared_examples/admin_examples.rb index 4e8535a41..9463f9c61 100644 --- a/spec/support/shared_examples/admin_examples.rb +++ b/spec/support/shared_examples/admin_examples.rb @@ -2,21 +2,21 @@ shared_examples_for 'an admin controller' do it 'redirects to login when accessed unauthorised' do get :index - response.should redirect_to(new_user_session_path) + expect(response).to redirect_to(new_user_session_path) end it 'raises a 404 for non-admin users' do user = User.first || FactoryGirl.create(:user) sign_in user get :index - response.should render_template(file: "#{Rails.root}/public/404.html") + expect(response).to render_template(file: "#{Rails.root}/public/404.html") end it 'is successful for admin users' do user = FactoryGirl.create(:admin) sign_in user get :index - response.should be_success + expect(response).to be_success end -end \ No newline at end of file +end diff --git a/spec/support/shared_examples/comments.rb b/spec/support/shared_examples/comments.rb index 455a6d24e..5840fdd24 100644 --- a/spec/support/shared_examples/comments.rb +++ b/spec/support/shared_examples/comments.rb @@ -1,100 +1,69 @@ -shared_examples_for 'user with create comment ability (for model)' do - it 'should create comment' do - @ability.should be_able_to(:create, @comment) - end -end -shared_examples_for 'user with update own comment ability (for model)' do - it 'should update comment' do - @ability.should be_able_to(:update, @comment) - end -end -shared_examples_for 'user with update stranger comment ability (for model)' do - it 'should update stranger comment' do - @ability.should be_able_to(:update, @stranger_comment) - end -end -shared_examples_for 'user with destroy comment ability (for model)' do - it 'should destroy own comment' do - @ability.should be_able_to(:destroy, @comment) - end -end -shared_examples_for 'user with destroy stranger comment ability (for model)' do - it 'should destroy stranger comment' do - @ability.should be_able_to(:destroy, @stranger_comment) - end -end - -shared_examples_for 'user without update stranger comment ability (for model)' do - it 'should not update stranger comment' do - @ability.should_not be_able_to(:update, @stranger_comment) - end -end -shared_examples_for 'user without destroy stranger comment ability (for model)' do - it 'should not destroy stranger comment' do - @ability.should_not be_able_to(:destroy, @stranger_comment) - end -end - shared_examples_for 'user with create comment ability' do it 'should be able to perform create action' do post :create, @create_params - response.should be_success #redirect_to(@return_path+"#comment#{Comment.last.id}") + expect(response).to be_success #redirect_to(@return_path+"#comment#{Comment.last.id}") end it 'should create comment in the database' do - lambda{ post :create, @create_params }.should change{ Comment.count }.by(1) + expect { + post :create, @create_params + }.to change(Comment, :count).by(1) end end shared_examples_for 'user with update own comment ability' do it 'should be able to perform update action' do put :update, {id: @own_comment.id}.merge(@update_params) - response.status.should == 200 + expect(response).to be_success end it 'should update subscribe body' do put :update, {id: @own_comment.id}.merge(@update_params) - @own_comment.reload.body.should == 'updated' + expect(@own_comment.reload.body).to eq 'updated' end end shared_examples_for 'user with update stranger comment ability' do it 'should be able to perform update action' do put :update, {id: @comment.id}.merge(@update_params) - response.status.should == 200 + expect(response).to be_success end it 'should update comment body' do put :update, {id: @comment.id}.merge(@update_params) - @comment.reload.body.should == 'updated' + expect(@comment.reload.body).to eq 'updated' end end shared_examples_for 'user without update stranger comment ability' do it 'should not be able to perform update action' do put :update, {id: @comment.id}.merge(@update_params) - response.should redirect_to(forbidden_path) + expect(response).to redirect_to(forbidden_path) end it 'should not update comment body' do put :update, {id: @comment.id}.merge(@update_params) - @comment.reload.body.should_not == 'updated' + expect(@comment.reload.body).to_not eq 'updated' end end shared_examples_for 'user with destroy comment ability' do it 'should be able to perform destroy action' do - delete :destroy, {id: @comment.id}.merge(@path) - response.should be_success #redirect_to(@return_path) + delete :destroy, {id: @comment.id, format: :json}.merge(@path) + expect(response).to be_success #redirect_to(@return_path) end it 'should delete comment from database' do - lambda{ delete :destroy, {id: @comment.id}.merge(@path)}.should change{ Comment.count }.by(-1) + expect do + delete :destroy, {id: @comment.id, format: :json}.merge(@path) + end.to change(Comment, :count).by(-1) end end shared_examples_for 'user without destroy comment ability' do it 'should not be able to perform destroy action' do - delete :destroy, {id: @comment.id}.merge(@path) - response.should redirect_to(forbidden_path) + delete :destroy, {id: @comment.id, format: :json}.merge(@path) + expect(response).to redirect_to(forbidden_path) end it 'should not delete comment from database' do - lambda{ delete :destroy, {id: @comment.id}.merge(@path)}.should change{ Issue.count }.by(0) + expect do + delete :destroy, {id: @comment.id, format: :json}.merge(@path) + end.to_not change(Issue, :count) end end