diff --git a/app/controllers/api/v1/issues_controller.rb b/app/controllers/api/v1/issues_controller.rb new file mode 100644 index 000000000..6f0986a87 --- /dev/null +++ b/app/controllers/api/v1/issues_controller.rb @@ -0,0 +1,108 @@ +# -*- encoding : utf-8 -*- +class Api::V1::IssuesController < Api::V1::BaseController + respond_to :json + + before_filter :authenticate_user! + skip_before_filter :authenticate_user!, :only => [:show] if APP_CONFIG['anonymous_access'] + + load_and_authorize_resource :group, :only => :group_index + load_resource :project + load_and_authorize_resource :issue, :through => :project, :find_by => :serial_id, :only => [:show, :update, :destroy, :create, :index] + + def index + @issues = @project.issues + render_issues_list + end + + def all_index + project_ids = get_all_project_ids Project.accessible_by(current_ability, :membered).uniq.pluck(:id) + @issues = Issue.where('issues.project_id IN (?)', project_ids) + render_issues_list + end + + def user_index + project_ids = get_all_project_ids current_user.projects.select('distinct projects.id').pluck(:id) + @issues = Issue.where('issues.project_id IN (?)', project_ids) + render_issues_list + end + + def group_index + project_ids = @group.projects.select('distinct projects.id').pluck(:id) + @issues = Issue.where(:project_id => project_ids) + render_issues_list + end + + def show + respond_with @issue + end + + def create + @issue.user = current_user + create_subject @issue + end + + def update + update_subject @issue + end + + def destroy + destroy_subject @issue + end + + private + + def render_issues_list + @issues = @issues.includes(:user, :assignee, :labels).without_pull_requests + if params[:status] == 'closed' + @issues = @issues.closed + else + @issues = @issues.opened + end + + if action_name == 'index' && params[:assignee].present? + case params[:assignee] + when 'none' + @issues = @issues.where(:assigned_id => nil) + when '*' + @issues = @issues.where('assigned_id IS NOT NULL') + else + @issues = @issues.where('assignees_issues.uname = ?', params[:assignee]) + end + end + + if %w[all_index user_index group_index].include?(action_name) + case params[:filter] + when 'created' + @issues = @issues.where(:user_id => current_user) + when 'all' + else + @issues = @issues.where(:assignee_id => current_user) + end + else + @issues.where('users.uname = ?', params[:creator]) if params[:creator].present? + end + + if params[:labels].present? + labels = params[:labels].split(',').map {|e| e.strip}.select {|e| e.present?} + @issues = @issues.where('labels.name IN (?)', labels) + end + + sort = params[:sort] == 'updated' ? 'issues.updated_at' : 'issues.created_at' + direction = params[:direction] == 'asc' ? 'ASC' : 'DESC' + @issues = @issues.order("#{sort} #{direction}") + + @issues = @issues.where('created_at >= to_timestamp(?)', params[:since]) if params[:since] =~ /\A\d+\z/ + @issues.paginate(paginate_params) + respond_with @issues + end + + def get_all_project_ids default_project_ids + project_ids = [] + if ['created', 'all'].include? params[:filter] + # add own issues + project_ids = Project.accessible_by(current_ability, :show).joins(:issues). + where(:issues => {:user_id => current_user.id}).uniq.pluck('projects.id') + end + project_ids |= default_project_ids + end +end diff --git a/app/models/collaborator.rb b/app/models/collaborator.rb index 8b1f1b412..ee9d73421 100644 --- a/app/models/collaborator.rb +++ b/app/models/collaborator.rb @@ -110,6 +110,7 @@ class Collaborator def destroy relation.try(:destroy) + @actor.check_assigned_issues @project end def attributes diff --git a/app/models/relation.rb b/app/models/relation.rb index 2ce5d0fa4..58c54b277 100644 --- a/app/models/relation.rb +++ b/app/models/relation.rb @@ -34,7 +34,11 @@ class Relation < ActiveRecord::Base def self.remove_member(member, target) return false if target.respond_to?(:owner) && target.owner == member - Relation.by_actor(member).by_target(target).each{|r| r.destroy} + res = Relation.by_actor(member).by_target(target).each{|r| r.destroy} + if member.is_a?(User) && ['Project', 'Group'].include?(target.class.name) + member.check_assigned_issues target + end + res end protected diff --git a/app/models/user.rb b/app/models/user.rb index 71854e991..b7d9a498b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -28,6 +28,7 @@ class User < Avatar has_many :own_projects, :as => :owner, :class_name => 'Project', :dependent => :destroy has_many :own_groups, :foreign_key => :owner_id, :class_name => 'Group', :dependent => :destroy has_many :own_platforms, :as => :owner, :class_name => 'Platform', :dependent => :destroy + has_many :assigned_issues, :foreign_key => :assignee_id, :class_name => 'Issue', :dependent => :nullify has_many :key_pairs has_many :ssh_keys, :dependent => :destroy @@ -141,6 +142,19 @@ class User < Avatar raise "unknown user #{self.uname} roles #{roles}" end + def check_assigned_issues target + if target.is_a? Project + assigned_issues.where(:project_id => target.id).update_all(:assignee_id => nil) + else + ability = Ability.new self + project_ids = Project.accessible_by(ability, :membered).uniq.pluck(:id) + + issues = assigned_issues + issues = issues.where('project_id not in (?)', project_ids) if project_ids.present? + issues.update_all(:assignee_id => nil) + end + end + protected def target_roles target diff --git a/app/views/api/v1/issues/_issue.json.jbuilder b/app/views/api/v1/issues/_issue.json.jbuilder new file mode 100644 index 000000000..7db24740b --- /dev/null +++ b/app/views/api/v1/issues/_issue.json.jbuilder @@ -0,0 +1,11 @@ +json.number issue.serial_id +json.(issue, :title, :status) +json.labels issue.labels do |json_labels, label| + json.partial! 'label', :label => label, :json => json_labels +end +json.assignee do |json_assignee| + json.partial! 'api/v1/shared/member', :member => issue.assignee, :tag => json_assignee +end if issue.assignee + +json.url api_v1_project_issue_path(issue.project.id, issue.serial_id, :format => :json) + diff --git a/app/views/api/v1/issues/_label.json.jbuilder b/app/views/api/v1/issues/_label.json.jbuilder new file mode 100644 index 000000000..fdee26e0d --- /dev/null +++ b/app/views/api/v1/issues/_label.json.jbuilder @@ -0,0 +1 @@ +json.(label, :name, :color) diff --git a/app/views/api/v1/issues/index.json.jbuilder b/app/views/api/v1/issues/index.json.jbuilder new file mode 100644 index 000000000..85e2ffb00 --- /dev/null +++ b/app/views/api/v1/issues/index.json.jbuilder @@ -0,0 +1,11 @@ +json.issues @issues do |json, issue| + json.partial! 'issue', :issue => issue, :json => json + json.issue issue.body + json.partial! 'api/v1/shared/owner', :owner => issue.user + json.closed_at issue.closed_at.to_i + json.closed_by do |json_user| + json.partial! 'api/v1/shared/member', :member => issue.closer, :tag => json_user + end if issue.closer + json.created_at issue.created_at.to_i + json.updated_at issue.updated_at.to_i +end diff --git a/app/views/api/v1/issues/show.json.jbuilder b/app/views/api/v1/issues/show.json.jbuilder new file mode 100644 index 000000000..4cff5fbb7 --- /dev/null +++ b/app/views/api/v1/issues/show.json.jbuilder @@ -0,0 +1,11 @@ +json.issue do |json| + json.partial! 'issue', :issue => @issue, :json => json + json.issue @issue.body + json.partial! 'api/v1/shared/owner', :owner => @issue.user + json.closed_at @issue.closed_at.to_i + json.closed_by do |json_user| + json.partial! 'api/v1/shared/member', :member => @issue.closer, :tag => json_user + end if @issue.closer + json.created_at @issue.created_at.to_i + json.updated_at @issue.updated_at.to_i +end diff --git a/config/routes.rb b/config/routes.rb index d1fa562ed..aa52742d1 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -58,6 +58,7 @@ Rosa::Application.routes.draw do put :update_member } resources :build_lists, :only => :index + resources :issues, :only => [:index, :create, :show, :update] end resources :users, :only => [:show] get 'user' => 'users#show_current_user' @@ -65,6 +66,7 @@ Rosa::Application.routes.draw do member { get :notifiers put :notifiers + get '/issues' => 'issues#user_index' } end resources :groups, :only => [:index, :show, :update, :create, :destroy] do @@ -73,6 +75,7 @@ Rosa::Application.routes.draw do put :add_member delete :remove_member put :update_member + get '/issues' => 'issues#group_index' } end resources :products, :only => [:show, :update, :create, :destroy] do @@ -82,6 +85,7 @@ Rosa::Application.routes.draw do put :cancel, :on => :member end #resources :ssh_keys, :only => [:index, :create, :destroy] + get 'issues' => 'issues#all_index' end end diff --git a/db/migrate/20130417162427_add_user_index_to_issue.rb b/db/migrate/20130417162427_add_user_index_to_issue.rb new file mode 100644 index 000000000..b11c42283 --- /dev/null +++ b/db/migrate/20130417162427_add_user_index_to_issue.rb @@ -0,0 +1,5 @@ +class AddUserIndexToIssue < ActiveRecord::Migration + def change + add_index :issues, :user_id + end +end diff --git a/db/schema.rb b/db/schema.rb index 17a79f624..9e5d7c535 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20130328112110) do +ActiveRecord::Schema.define(:version => 20130417162427) do create_table "activity_feeds", :force => true do |t| t.integer "user_id", :null => false @@ -219,6 +219,7 @@ ActiveRecord::Schema.define(:version => 20130328112110) do end add_index "issues", ["project_id", "serial_id"], :name => "index_issues_on_project_id_and_serial_id", :unique => true + add_index "issues", ["user_id"], :name => "index_issues_on_user_id" create_table "key_pairs", :force => true do |t| t.text "public", :null => false diff --git a/spec/controllers/api/v1/issues_controller_spec.rb b/spec/controllers/api/v1/issues_controller_spec.rb new file mode 100644 index 000000000..95082856a --- /dev/null +++ b/spec/controllers/api/v1/issues_controller_spec.rb @@ -0,0 +1,181 @@ +# -*- encoding : utf-8 -*- +require 'spec_helper' + +describe Api::V1::IssuesController do + before(:all) do + stub_symlink_methods + stub_redis + any_instance_of(Project, :versions => ['v1.0', 'v2.0']) + + @issue = FactoryGirl.create(:issue) + @project = @issue.project + + @membered_issue = FactoryGirl.create(:issue) + @membered_project = @membered_issue.project + @membered_project.relations.create(:role => 'reader', :actor => @issue.user) + + @open_issue = FactoryGirl.create(:issue) + @open_project = @open_issue.project + + @own_hidden_project = FactoryGirl.create(:project, :owner => @issue.user) + @own_hidden_project.update_column :visibility, 'hidden' + @own_hidden_issue = FactoryGirl.create(:issue, :project => @own_hidden_project, :assignee => @issue.user) + + @hidden_issue = FactoryGirl.create(:issue) + @hidden_project = @hidden_issue.project + @hidden_project.update_column :visibility, 'hidden' + + @create_params = {:issue => {:title => 'title', :body => 'body'}, :project_id => @project.id, :format => :json} + @update_params = {:issue => {:title => 'new title'}, :project_id => @project.id, :id => @issue.serial_id, :format => :json} + end + + context 'read and accessible abilities' do + context 'for user' do + before(:each) do + http_login(@issue.user) + end + + it 'can show issue in own project' do + get :show, :project_id => @project.id, :id => @issue.serial_id, :format => :json + response.should be_success + end + + it 'can show issue in open project' do + get :show, :project_id => @open_project.id, :id => @open_issue.serial_id, :format => :json + response.should be_success + end + + it 'can show issue in own hidden project' do + get :show, :project_id => @own_hidden_project.id, :id => @own_hidden_issue.serial_id, :format => :json + response.should be_success + end + + it 'cant show issue in hidden project' do + get :show, :project_id => @hidden_project.id, :id => @hidden_issue.serial_id, :format => :json + response.status.should == 403 + end + + it 'should return three issues' do + get :all_index, :filter => 'all', :format => :json + assigns[:issues].should include(@issue) + assigns[:issues].should include(@own_hidden_issue) + assigns[:issues].should include(@membered_issue) + end + + it 'should return only assigned issue' do + http_login(@issue.user) + get :user_index, :format => :json + assigns[:issues].should include(@own_hidden_issue) + assigns[:issues].count.should == 1 + end + end + + context 'for anonymous user' do + it 'can show issue in open project', :anonymous_access => true do + get :show, :project_id => @project.id, :id => @issue.serial_id, :format => :json + response.should be_success + end + + it 'cant show issue in hidden project', :anonymous_access => true do + get :show, :project_id => @hidden_project.id, :id => @hidden_issue.serial_id, :format => :json + response.status.should == 403 + end + + it 'should not return any issues' do + get :all_index, :filter => 'all', :format => :json + response.status.should == 401 + end + end + end + + context 'create accessibility' do + context 'for user' do + before(:each) do + http_login(@issue.user) + @count = Issue.count + end + + it 'can create issue in own project' do + post :create, @create_params + Issue.count.should == @count+1 + end + + it 'can create issue in own hidden project' do + post :create, @create_params.merge(:project_id => @own_hidden_project.id) + Issue.count.should == @count+1 + end + + it 'can create issue in open project' do + post :create, @create_params.merge(:project_id => @open_project.id) + Issue.count.should == @count+1 + end + + it 'cant create issue in hidden project' do + post :create, @create_params.merge(:project_id => @hidden_project.id) + Issue.count.should == @count + end + end + + context 'for anonymous user' do + before(:each) do + @count = Issue.count + end + it 'cant create issue in project', :anonymous_access => true do + post :create, @create_params + Issue.count.should == @count + end + + it 'cant create issue in hidden project', :anonymous_access => true do + post :create, @create_params.merge(:project_id => @hidden_project.id) + Issue.count.should == @count + end + end + end + + context 'update accessibility' do + context 'for user' do + before(:each) do + http_login(@issue.user) + end + + it 'can update issue in own project' do + put :update, @update_params + @issue.reload.title.should == 'new title' + end + + it 'can update issue in own hidden project' do + put :update, @update_params.merge(:project_id => @own_hidden_project.id, :id => @own_hidden_issue.serial_id) + @own_hidden_issue.reload.title.should == 'new title' + end + + it 'cant update issue in open project' do + put :update, @update_params.merge(:project_id => @open_project.id, :id => @open_issue.serial_id) + @open_issue.reload.title.should_not == 'new title' + end + + it 'cant update issue in hidden project' do + put :update, @update_params.merge(:project_id => @hidden_project.id, :id => @hidden_issue.serial_id) + @hidden_issue.reload.title.should_not == 'title' + end + end + + context 'for anonymous user' do + before(:each) do + @count = Issue.count + end + it 'cant update issue in project', :anonymous_access => true do + put :update, @update_params + response.status.should == 401 + end + + it 'cant update issue in hidden project', :anonymous_access => true do + put :update, @update_params.merge(:project_id => @hidden_project.id, :id => @hidden_issue.serial_id) + response.status.should == 401 + end + end + end + after(:all) do + User.destroy_all + Platform.destroy_all + end +end diff --git a/spec/models/issue_spec.rb b/spec/models/issue_spec.rb index 79c605b94..1777fcc92 100644 --- a/spec/models/issue_spec.rb +++ b/spec/models/issue_spec.rb @@ -41,8 +41,8 @@ describe Issue do @project = FactoryGirl.create(:project, :owner => @user) @group = FactoryGirl.create(:group) - reader = FactoryGirl.create :user - @group.actors.create(:actor_type => 'User', :actor_id => reader.id, :role => 'reader') + @reader = FactoryGirl.create :user + @group.actors.create(:actor_type => 'User', :actor_id => @reader.id, :role => 'reader') end it 'should send an e-mail to all members of the admin group' do @@ -65,6 +65,32 @@ describe Issue do create_issue(@stranger) ActionMailer::Base.deliveries.count.should == 1 # 1 project owner end + + it 'should reset issue assignee after remove him from group' do + @project.relations.create!(:actor_type => 'Group', :actor_id => @group.id, :role => 'reader') + create_issue(@group.owner) + @issue.update_column :assignee_id, @reader.id + @group.remove_member @reader + @issue.reload.assignee_id.should == nil + end + + it 'should not reset issue assignee' do + @project.relations.create!(:actor_type => 'Group', :actor_id => @group.id, :role => 'reader') + @project.relations.create!(:actor_type => 'User', :actor_id => @reader.id, :role => 'reader') + create_issue(@group.owner) + @issue.update_column :assignee_id, @reader.id + @group.remove_member @reader + @issue.reload.assignee_id.should == @reader.id + end + + it 'should reset issue assignee after remove him from project' do + @project.relations.create!(:actor_type => 'User', :actor_id => @reader.id, :role => 'reader') + create_issue(@reader) + @issue.update_column :assignee_id, @reader.id + @project.remove_member @reader # via api + @issue.reload.assignee_id.should == nil + end + end context 'Group project' do