Fix search bug. Write anonymous read specs for issues and search controllers. Refs #263

This commit is contained in:
Pavel Chipiga 2012-04-05 20:11:02 +03:00
parent 977ec8382c
commit a9ecc683f2
7 changed files with 72 additions and 10 deletions

View File

@ -18,7 +18,7 @@ class Group < ActiveRecord::Base
scope :search_order, order("CHAR_LENGTH(uname) ASC") scope :search_order, order("CHAR_LENGTH(uname) ASC")
scope :without, lambda {|a| where("groups.id NOT IN (?)", a)} scope :without, lambda {|a| where("groups.id NOT IN (?)", a)}
scope :search, lambda {|q| where("uname ILIKE ?", "%#{q.strip}%")} scope :search, lambda {|q| where("uname ILIKE ?", "%#{q.to_s.strip}%")}
scope :opened, where('1=1') scope :opened, where('1=1')
scope :by_owner, lambda {|owner| where(:owner_id => owner.id)} scope :by_owner, lambda {|owner| where(:owner_id => owner.id)}
scope :by_admin, lambda {|admin| joins(:objects).where(:'relations.role' => 'admin', :'relations.object_id' => admin.id, :'relations.object_type' => 'User')} scope :by_admin, lambda {|admin| joins(:objects).where(:'relations.role' => 'admin', :'relations.object_id' => admin.id, :'relations.object_type' => 'User')}

View File

@ -29,7 +29,7 @@ class Platform < ActiveRecord::Base
after_update :update_owner_relation after_update :update_owner_relation
scope :search_order, order("CHAR_LENGTH(name) ASC") scope :search_order, order("CHAR_LENGTH(name) ASC")
scope :search, lambda {|q| where("name ILIKE ?", "%#{q.strip}%")} scope :search, lambda {|q| where("name ILIKE ?", "%#{q.to_s.strip}%")}
scope :by_visibilities, lambda {|v| where(:visibility => v)} scope :by_visibilities, lambda {|v| where(:visibility => v)}
scope :opened, where(:visibility => 'open') scope :opened, where(:visibility => 'open')
scope :hidden, where(:visibility => 'hidden') scope :hidden, where(:visibility => 'hidden')

View File

@ -29,7 +29,7 @@ class Project < ActiveRecord::Base
scope :recent, order("name ASC") scope :recent, order("name ASC")
scope :search_order, order("CHAR_LENGTH(name) ASC") scope :search_order, order("CHAR_LENGTH(name) ASC")
scope :search, lambda {|q| by_name("%#{q.strip}%")} scope :search, lambda {|q| by_name("%#{q.to_s.strip}%")}
scope :by_name, lambda {|name| where('projects.name ILIKE ?', name)} scope :by_name, lambda {|name| where('projects.name ILIKE ?', name)}
scope :by_visibilities, lambda {|v| where(:visibility => v)} scope :by_visibilities, lambda {|v| where(:visibility => v)}
scope :opened, where(:visibility => 'open') scope :opened, where(:visibility => 'open')

View File

@ -49,7 +49,7 @@ class User < ActiveRecord::Base
scope :search_order, order("CHAR_LENGTH(uname) ASC") scope :search_order, order("CHAR_LENGTH(uname) ASC")
scope :without, lambda {|a| where("users.id NOT IN (?)", a)} scope :without, lambda {|a| where("users.id NOT IN (?)", a)}
scope :search, lambda {|q| where("uname ILIKE ?", "%#{q.strip}%")} scope :search, lambda {|q| where("uname ILIKE ?", "%#{q.to_s.strip}%")}
scope :opened, where('1=1') scope :opened, where('1=1')
scope :banned, where(:role => 'banned') scope :banned, where(:role => 'banned')
scope :admin, where(:role => 'admin') scope :admin, where(:role => 'admin')

View File

@ -1,4 +1,4 @@
# -*- encoding : utf-8 -*- # encoding: UTF-8
# This file is auto-generated from the current state of the database. Instead # This file is auto-generated from the current state of the database. Instead
# of editing this file, please use the migrations feature of Active Record to # of editing this file, please use the migrations feature of Active Record to
# incrementally modify your database, and then regenerate this schema definition. # incrementally modify your database, and then regenerate this schema definition.
@ -11,7 +11,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20120403110931) do ActiveRecord::Schema.define(:version => 20120404134602) do
create_table "activity_feeds", :force => true do |t| create_table "activity_feeds", :force => true do |t|
t.integer "user_id", :null => false t.integer "user_id", :null => false
@ -102,7 +102,7 @@ ActiveRecord::Schema.define(:version => 20120403110931) do
t.string "locked_by" t.string "locked_by"
t.datetime "created_at" t.datetime "created_at"
t.datetime "updated_at" t.datetime "updated_at"
t.string "queue" t.string "queue", :default => "default"
end end
add_index "delayed_jobs", ["priority", "run_at"], :name => "delayed_jobs_priority" add_index "delayed_jobs", ["priority", "run_at"], :name => "delayed_jobs_priority"

View File

@ -39,7 +39,7 @@ end
shared_examples_for 'user without issue update rights' do shared_examples_for 'user without issue update rights' do
it 'should not be able to perform update action' do it 'should not be able to perform update action' do
put :update, {:id => @issue.serial_id}.merge(@update_params) put :update, {:id => @issue.serial_id}.merge(@update_params)
response.should redirect_to(forbidden_path) response.should redirect_to(controller.current_user ? forbidden_path : new_user_session_path)
end end
it 'should not update issue title' do it 'should not update issue title' do
@ -51,11 +51,11 @@ end
shared_examples_for 'user without issue destroy rights' do shared_examples_for 'user without issue destroy rights' do
it 'should not be able to perform destroy action' do it 'should not be able to perform destroy action' do
delete :destroy, :id => @issue.serial_id, :project_id => @project.id delete :destroy, :id => @issue.serial_id, :project_id => @project.id
response.should redirect_to(forbidden_path) response.should redirect_to(controller.current_user ? forbidden_path : new_user_session_path)
end end
it 'should not reduce issues count' do it 'should not reduce issues count' do
lambda{ delete :destroy, :id => @issue.serial_id, :project_id => @project.id }.should change{ Issue.count }.by(0) lambda{ delete :destroy, :id => @issue.serial_id, :project_id => @project.id }.should_not change{ Issue.count }
end end
end end
@ -185,4 +185,32 @@ describe IssuesController do
it_should_behave_like 'user without issue destroy rights' it_should_behave_like 'user without issue destroy rights'
it_should_behave_like 'project with issues turned off' it_should_behave_like 'project with issues turned off'
end end
context 'for guest' do
if APP_CONFIG['anonymous_access']
it_should_behave_like 'issue user with project reader rights'
else
it 'should not be able to perform index action' do
get :index, :project_id => @project.id
response.should redirect_to(new_user_session_path)
end
it 'should not be able to perform show action' do
get :show, :project_id => @project.id, :id => @issue.serial_id
response.should redirect_to(new_user_session_path)
end
end
it 'should not be able to perform create action' do
post :create, @create_params
response.should redirect_to(new_user_session_path)
end
it 'should not create issue object into db' do
lambda{ post :create, @create_params }.should_not change{ Issue.count }
end
it_should_behave_like 'user without issue update rights'
it_should_behave_like 'user without issue destroy rights'
end
end end

View File

@ -0,0 +1,34 @@
# -*- encoding : utf-8 -*-
require 'spec_helper'
shared_examples_for 'able search' do
it 'should be able to search' do
get :index
response.should be_success
response.should render_template(:index)
end
end
shared_examples_for 'not able search' do
it 'should not be able to search' do
get :index
response.should redirect_to(controller.current_user ? forbidden_path : new_user_session_path)
end
end
describe SearchController do
before { stub_rsync_methods }
context 'as guest' do
if APP_CONFIG['anonymous_access']
it_should_behave_like 'able search'
else
it_should_behave_like 'not able search'
end
end
context 'as user' do
before {set_session_for FactoryGirl.create(:user)}
it_should_behave_like 'able search'
end
end