diff --git a/spec/factories/private_user_factory.rb b/spec/factories/private_user_factory.rb new file mode 100644 index 000000000..11d379b5b --- /dev/null +++ b/spec/factories/private_user_factory.rb @@ -0,0 +1,6 @@ +Factory.define(:private_user) do |p| + p.login { Factory.next(:string) } + p.password { Factory.next(:string) } + p.association :platform, :factory => :platform + p.association :user, :factory => :user +end \ No newline at end of file diff --git a/spec/factories/repository_factory.rb b/spec/factories/repository_factory.rb index 8b7a92d05..152e7203d 100644 --- a/spec/factories/repository_factory.rb +++ b/spec/factories/repository_factory.rb @@ -3,4 +3,15 @@ Factory.define(:repository) do |p| p.unixname { Factory.next(:unixname) } p.association :platform, :factory => :platform p.association :owner, :factory => :user +end + +Factory.define(:personal_repository, :class => Repository) do |p| + p.name { Factory.next(:string) } + p.unixname { Factory.next(:unixname) } + p.association :platform, :factory => :platform + p.association :owner, :factory => :user + + p.after_create { |rep| + rep.platform.platform_type = 'personal' + } end \ No newline at end of file diff --git a/spec/models/cancan_spec.rb b/spec/models/cancan_spec.rb index 941997b89..36ced3a91 100644 --- a/spec/models/cancan_spec.rb +++ b/spec/models/cancan_spec.rb @@ -18,7 +18,7 @@ end describe CanCan do let(:personal_platform) { Factory(:platform, :platform_type => 'personal') } - let(:personal_repository) { Factory(:repository, :platform_type => 'personal') } + let(:personal_repository) { Factory(:personal_repository) } let(:open_platform) { Factory(:platform, :visibility => 'open') } let(:hidden_platform) { Factory(:platform, :visibility => 'hidden') } @@ -39,11 +39,9 @@ describe CanCan do it 'should not be able to destroy personal repositories' do @ability.should_not be_able_to(:destroy, personal_repository) end - end context 'Site guest' do - before(:each) do guest_create end @@ -69,40 +67,183 @@ describe CanCan do it 'should be able to register new user' do @ability.should be_able_to(:create, User) end - end - context 'Project collaborators' do + context 'Site user' do + before(:each) do + user_create + end - before(:each) do - user_create - end + [Platform, User, Repository].each do |model_name| + it "should not be able to create #{ model_name.to_s }" do + @ability.should be_able_to(:read, model_name) + end + end - context 'with read rights' do - before(:each) do - @project = Factory(:project) - @project.relations.create!(:object_id => @user.id, :object_type => 'User', :role => 'read') - open_platform.relations.create!(:object_id => @user.id, :object_type => 'User', :role => 'read') - end + it "shoud be able to read another user object" do + admin_create + @ability.should be_able_to(:read, @admin) + end - it 'should be able to read project' do - @ability.should be_able_to(:read, @project) - end + it "shoud be able to read index AutoBuildList" do + @ability.should be_able_to(:index, AutoBuildList) + end - it 'should be able to read project' do - @ability.should be_able_to(:read, open_platform) - end - end - - context 'with write rights' do - end + it "shoud be able to read open projects" do + @project = Factory(:project, :visibility => 'open') + @ability.should be_able_to(:read, @project) + end - context 'with admin rights' do - before(:each) do - @project = Factory(:project, :owner => @user) - end - end + it "shoud be able to create project" do + @ability.should be_able_to(:create, Project) + end + + context "private users relations" do + before(:each) do + @private_user = Factory(:private_user) + @private_user.platform.update_attribute(:owner, @user) + end + + [:read, :create].each do |action| + it "should be able to #{ action } PrivateUser" do + @ability.should be_able_to(action, @private_user) + end + end + end + + context 'as project collaborator' do + before(:each) do + @project = Factory(:project) + end + + context 'with read rights' do + before(:each) do + @project.relations.create!(:object_id => @user.id, :object_type => 'User', :role => 'read') + end + + it 'should be able to read project' do + @ability.should be_able_to(:read, @project) + end + + it 'should be able to read project' do + @ability.should be_able_to(:read, open_platform) + end + end + + context 'with write rights' do + before(:each) do + @project.relations.create!(:object_id => @user.id, :object_type => 'User', :role => 'write') + end + + [:read, :update, :process_build, :build].each do |action| + it "should be able to #{ action } project" do + @ability.should be_able_to(action, @project) + end + end + end + + context 'with admin rights' do + before(:each) do + @project.relations.create!(:object_id => @user.id, :object_type => 'User', :role => 'admin') + end + + [:read, :update, :process_build, :build].each do |action| + it "should be able to #{ action } project" do + @ability.should be_able_to(action, @project) + end + end + + it "should be able to manage collaborators of project" do + @ability.should be_able_to(:manage_collaborators, @project) + end + end + + context 'with owner rights' do + before(:each) do + @project.update_attribute(:owner, @user) + end + + [:read, :update, :process_build, :build, :destroy].each do |action| + it "should be able to #{ action } project" do + @ability.should be_able_to(action, @project) + end + end + end + + end + + context 'platform relations' do + before(:each) do + @platform = Factory(:platform) + end + + context 'with owner rights' do + before(:each) do + @platform.update_attribute(:owner, @user) + end + + it 'should be able to manage platform' do + @ability.should be_able_to(:manage, @platform) + end + end + + context 'with read rights' do + before(:each) do + @platform.relations.create!(:object_id => @user.id, :object_type => 'User', :role => 'read') + end + + it "should be able to read platform" do + @ability.should be_able_to(:read, @platform) + end + end + end + + context 'repository relations' do + before(:each) do + @repository = Factory(:repository) + end + + context 'with owner rights' do + before(:each) do + @repository.update_attribute(:owner, @user) + end + + [:manage, :add_project, :remove_project, :change_visibility, :settings].each do |action| + it 'should be able to #{ action } repository' do + @ability.should be_able_to(action, @repository) + end + end + end + + context 'with read rights' do + before(:each) do + @repository.relations.create!(:object_id => @user.id, :object_type => 'User', :role => 'read') + end + + it "should be able to read repository" do + @ability.should be_able_to(:read, @repository) + end + end + end + + context 'build list relations' do + before(:each) do + @project = Factory(:project) + @project.relations.create!(:object_id => @user.id, :object_type => 'User', :role => 'read') + @build_list = Factory(:build_list, :project => @project) + end + + it 'should be able to publish build list with SUCCESS status' do + @build_list.status = BuildServer::SUCCESS + @ability.should be_able_to(:publish, @build_list) + end + + it 'should not be able to publish build list with another status' do + @build_list.status = BuildServer::BUILD_ERROR + @ability.should_not be_able_to(:publish, @build_list) + end + end + end - end end \ No newline at end of file