Fix search bug. Write anonymous read specs for issues and search controllers. Refs #263

2012-04-05 20:11:02 +03:00 · 2012-04-05 20:11:02 +03:00 · a9ecc683f2
parent 977ec8382c
commit a9ecc683f2
7 changed files with 72 additions and 10 deletions
--- a/app/models/group.rb
+++ b/app/models/group.rb
@ -18,7 +18,7 @@ class Group < ActiveRecord::Base

  scope :search_order, order("CHAR_LENGTH(uname) ASC")
  scope :without, lambda {|a| where("groups.id NOT IN (?)", a)}
-  scope :search, lambda {|q| where("uname ILIKE ?", "%#{q.strip}%")}
+  scope :search, lambda {|q| where("uname ILIKE ?", "%#{q.to_s.strip}%")}
  scope :opened, where('1=1')
  scope :by_owner, lambda {|owner| where(:owner_id => owner.id)}
  scope :by_admin, lambda {|admin| joins(:objects).where(:'relations.role' => 'admin', :'relations.object_id' => admin.id, :'relations.object_type' => 'User')}
--- a/app/models/platform.rb
+++ b/app/models/platform.rb
@ -29,7 +29,7 @@ class Platform < ActiveRecord::Base
  after_update :update_owner_relation

  scope :search_order, order("CHAR_LENGTH(name) ASC")
-  scope :search, lambda {|q| where("name ILIKE ?", "%#{q.strip}%")}
+  scope :search, lambda {|q| where("name ILIKE ?", "%#{q.to_s.strip}%")}
  scope :by_visibilities, lambda {|v| where(:visibility => v)}
  scope :opened, where(:visibility => 'open')
  scope :hidden, where(:visibility => 'hidden')
--- a/app/models/project.rb
+++ b/app/models/project.rb
@ -29,7 +29,7 @@ class Project < ActiveRecord::Base

  scope :recent, order("name ASC")
  scope :search_order, order("CHAR_LENGTH(name) ASC")
-  scope :search, lambda {|q| by_name("%#{q.strip}%")}
+  scope :search, lambda {|q| by_name("%#{q.to_s.strip}%")}
  scope :by_name, lambda {|name| where('projects.name ILIKE ?', name)}
  scope :by_visibilities, lambda {|v| where(:visibility => v)}
  scope :opened, where(:visibility => 'open')
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -49,7 +49,7 @@ class User < ActiveRecord::Base

  scope :search_order, order("CHAR_LENGTH(uname) ASC")
  scope :without, lambda {|a| where("users.id NOT IN (?)", a)}
-  scope :search, lambda {|q| where("uname ILIKE ?", "%#{q.strip}%")}
+  scope :search, lambda {|q| where("uname ILIKE ?", "%#{q.to_s.strip}%")}
  scope :opened, where('1=1')
  scope :banned, where(:role => 'banned')
  scope :admin, where(:role => 'admin')
--- a/db/schema.rb
+++ b/db/schema.rb
@ -1,4 +1,4 @@
-# -*- encoding : utf-8 -*-
+# encoding: UTF-8
 # This file is auto-generated from the current state of the database. Instead
 # of editing this file, please use the migrations feature of Active Record to
 # incrementally modify your database, and then regenerate this schema definition.
@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.

-ActiveRecord::Schema.define(:version => 20120403110931) do
+ActiveRecord::Schema.define(:version => 20120404134602) do

  create_table "activity_feeds", :force => true do |t|
    t.integer  "user_id",    :null => false
@ -102,7 +102,7 @@ ActiveRecord::Schema.define(:version => 20120403110931) do
    t.string   "locked_by"
    t.datetime "created_at"
    t.datetime "updated_at"
-    t.string   "queue"
+    t.string   "queue",      :default => "default"
  end

  add_index "delayed_jobs", ["priority", "run_at"], :name => "delayed_jobs_priority"
--- a/spec/controllers/issues_controller_spec.rb
+++ b/spec/controllers/issues_controller_spec.rb
@ -39,7 +39,7 @@ end
 shared_examples_for 'user without issue update rights' do
  it 'should not be able to perform update action' do
    put :update, {:id => @issue.serial_id}.merge(@update_params)
-    response.should redirect_to(forbidden_path)
+    response.should redirect_to(controller.current_user ? forbidden_path : new_user_session_path)
  end

  it 'should not update issue title' do
@ -51,11 +51,11 @@ end
 shared_examples_for 'user without issue destroy rights' do
  it 'should not be able to perform destroy action' do
    delete :destroy, :id => @issue.serial_id, :project_id => @project.id
-    response.should redirect_to(forbidden_path)
+    response.should redirect_to(controller.current_user ? forbidden_path : new_user_session_path)
  end

  it 'should not reduce issues count' do
-    lambda{ delete :destroy, :id => @issue.serial_id, :project_id => @project.id }.should change{ Issue.count }.by(0)
+    lambda{ delete :destroy, :id => @issue.serial_id, :project_id => @project.id }.should_not change{ Issue.count }
  end
 end

@ -185,4 +185,32 @@ describe IssuesController do
    it_should_behave_like 'user without issue destroy rights'
    it_should_behave_like 'project with issues turned off'
  end
+
+  context 'for guest' do
+    if APP_CONFIG['anonymous_access']
+      it_should_behave_like 'issue user with project reader rights'
+    else
+      it 'should not be able to perform index action' do
+        get :index, :project_id => @project.id
+        response.should redirect_to(new_user_session_path)
+      end
+
+      it 'should not be able to perform show action' do
+        get :show, :project_id => @project.id, :id => @issue.serial_id
+        response.should redirect_to(new_user_session_path)
+      end
+    end
+
+    it 'should not be able to perform create action' do
+      post :create, @create_params
+      response.should redirect_to(new_user_session_path)
+    end
+
+    it 'should not create issue object into db' do
+      lambda{ post :create, @create_params }.should_not change{ Issue.count }
+    end
+
+    it_should_behave_like 'user without issue update rights'
+    it_should_behave_like 'user without issue destroy rights'
+  end
 end
--- a/spec/controllers/search_controller_spec.rb
+++ b/spec/controllers/search_controller_spec.rb
@ -0,0 +1,34 @@
+# -*- encoding : utf-8 -*-
+require 'spec_helper'
+
+shared_examples_for 'able search' do
+  it 'should be able to search' do
+    get :index
+    response.should be_success
+    response.should render_template(:index)
+  end
+end
+shared_examples_for 'not able search' do
+  it 'should not be able to search' do
+    get :index
+    response.should redirect_to(controller.current_user ? forbidden_path : new_user_session_path)
+  end
+end
+
+describe SearchController do
+  before { stub_rsync_methods }
+
+  context 'as guest' do
+    if APP_CONFIG['anonymous_access']
+      it_should_behave_like 'able search'
+    else
+      it_should_behave_like 'not able search'
+    end
+  end
+
+  context 'as user' do
+    before {set_session_for FactoryGirl.create(:user)}
+
+    it_should_behave_like 'able search'
+  end
+end