[refs #861] add more specs

2013-02-04 20:12:10 +06:00 · 2013-02-04 20:12:10 +06:00 · a1e1a3dcfd
parent bbe892aaa7
commit a1e1a3dcfd
1 changed files with 53 additions and 0 deletions
--- a/spec/controllers/api/v1/products_controller_spec.rb
+++ b/spec/controllers/api/v1/products_controller_spec.rb
@ -7,6 +7,11 @@ shared_examples_for 'api user without reader rights' do
    response.status.should == 401
  end

+  it 'should be able to perform show action' do
+    get :show, :id => @product.id, :format => :json
+    response.should be_success
+  end
+
  it 'should not be able to perform show action for the hidden platform' do
    @product.platform.update_column :visibility, 'hidden'
    get :show, :id => @product.id, :format => :json
@ -26,6 +31,31 @@ shared_examples_for 'api user without reader rights' do
  end
 end

+shared_examples_for 'api user with reader rights' do
+  it 'should be able to perform show action' do
+    get :show, :id => @product.id, :format => :json
+    response.should be_success
+  end
+
+  it 'should be able to perform show action for the hidden main platform' do
+    @product.platform.update_column :visibility, 'hidden'
+    get :show, :id => @product.id, :format => :json
+    response.should be_success # because main platform
+  end
+
+  it 'should not be able to perform create action' do
+    post :create, :format => :json
+    response.status.should == 403
+  end
+
+  [:update, :destroy].each do |action|
+    it "should not be able to perform #{action} action" do
+      put action, :id => @product.id, :format => :json
+      response.status.should == 403
+    end
+  end
+end
+
 shared_examples_for 'api user with admin rights' do
  before(:each) do
    @product.platform.relations.create!(:actor_type => 'User', :actor_id => @another_user.id, :role => 'admin')
@ -34,6 +64,7 @@ shared_examples_for 'api user with admin rights' do
    @create_params = {:product =>{:name => 'pro', :time_living => 150}.merge(params)}
    @update_params = {:product =>{:name => 'pro2', :time_living => 250}}
  end
+
  it 'should be able to perform show action' do
    get :show, :id => @product.id, :format => :json
    response.should be_success
@ -70,6 +101,18 @@ shared_examples_for 'api user with admin rights' do
    @product.reload.name.should == 'pro2'
    @product.reload.time_living.should == 250*60 # in seconds
  end
+
+  it 'ensures that return correct answer for wrong creating action' do
+    post :create, :format => :json
+    response.status.should == 403 # Maybe 422?
+  end
+
+  #[:update, :destroy].each do |action|
+  #  it "ensures that return correct answer for wrong #{action} action" do
+  #    put action, :id => nil, :format => :json
+  #    response.status.should == 404
+  #  end
+  #end
 end

 describe Api::V1::ProductsController do
@ -83,6 +126,16 @@ describe Api::V1::ProductsController do

  context 'for guest' do
    it_should_behave_like 'api user without reader rights'
+
+
+  end
+
+  context 'for user' do
+    before(:each) do
+      http_login(@another_user)
+    end
+
+    it_should_behave_like 'api user with reader rights'
  end

  context 'for platform admin' do