#672: added #add_member, #remove_member, #update, #destroy actipns for Repository API

app/controllers/api/v1/base_controller.rb

@@ -1,5 +1,6 @@
 # -*- encoding : utf-8 -*-
 class Api::V1::BaseController < ApplicationController
+  include Api::V1::BaseHelper
   #respond_to :json
 
   rescue_from CanCan::AccessDenied do |exception|
@@ -8,32 +9,4 @@ class Api::V1::BaseController < ApplicationController
     end
   end
 
-  protected
-
-  def paginate_params
-    per_page = params[:per_page].to_i
-    per_page = 20 if per_page < 1
-    per_page = 100 if per_page >100
-    {:page => params[:page], :per_page => per_page}
-  end
-
-  def render_json_response(subject, message, status = 200)
-    id = status != 200 ? nil : subject.id
-
-    render :json => {
-      subject.class.name.downcase.to_sym => {
-        :id => id,
-        :message => message
-      }
-    }.to_json, :status => status
-  end
-
-  def render_validation_error(subject, message)
-    errors = subject.errors.full_messages.join('. ')
-    if errors.present?
-      message << '. ' << errors
-    end
-    render_json_response(subject, message, 422)
-  end
-
 end

app/controllers/api/v1/platforms_controller.rb

@@ -81,17 +81,4 @@ class Api::V1::PlatformsController < Api::V1::BaseController
     render_json_response @platform, 'Platform has been destroyed successfully'
   end
 
-  private
-
-  def member
-    return @member if @member
-    if params[:type] == 'User'
-      member = User
-    elsif params[:type] == 'Group'
-      member = Group
-    end
-    @member = member.where(:id => params[:member_id]).first if member
-    @member ||= ''
-  end
-
 end

app/controllers/api/v1/repositories_controller.rb

@@ -7,7 +7,36 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
   load_and_authorize_resource :repository, :through => :platform, :shallow => true
 
   def show
+  end
 
+  def update
+    rep_params = params[:repository] || {}
+    if @repository.update_attributes(rep_params)
+      render_json_response @repository, 'Repository has been updated successfully'
+    else
+      render_validation_error @repository, 'Repository has not been updated'
+    end
+  end
+
+  def add_member
+    if member.present? && @repository.add_member(member)
+      render_json_response @repository, "#{member.class.to_s} '#{member.id}' has been added to repository successfully"
+    else
+      render_validation_error @repository, 'Member has not been added to repository'
+    end
+  end
+
+  def remove_member
+    if member.present? && @repository.remove_member(member)
+      render_json_response @repository, "#{member.class.to_s} '#{member.id}' has been removed from repository successfully"
+    else
+      render_validation_error @repository, 'Member has not been removed from repository'
+    end
+  end
+
+  def destroy
+    @repository.destroy # later with resque
+    render_json_response @repository, 'Repository has been destroyed successfully'
   end
 
 end

app/helpers/api/v1/base_helper.rb

@@ -0,0 +1,42 @@
+module Api::V1::BaseHelper
+
+  protected
+
+  def paginate_params
+    per_page = params[:per_page].to_i
+    per_page = 20 if per_page < 1
+    per_page = 100 if per_page >100
+    {:page => params[:page], :per_page => per_page}
+  end
+
+  def render_json_response(subject, message, status = 200)
+    id = status != 200 ? nil : subject.id
+
+    render :json => {
+      subject.class.name.downcase.to_sym => {
+        :id => id,
+        :message => message
+      }
+    }.to_json, :status => status
+  end
+
+  def render_validation_error(subject, message)
+    errors = subject.errors.full_messages.join('. ')
+    if errors.present?
+      message << '. ' << errors
+    end
+    render_json_response(subject, message, 422)
+  end
+
+  def member
+    return @member if @member
+    if params[:type] == 'User'
+      member = User
+    elsif params[:type] == 'Group'
+      member = Group
+    end
+    @member = member.where(:id => params[:member_id]).first if member
+    @member ||= ''
+  end 
+
+end

config/routes.rb

@@ -32,7 +32,12 @@ Rosa::Application.routes.draw do
           put :clear
         }
       end
-      resources :repositories, :only => [:show]
+      resources :repositories, :only => [:show, :update, :destroy] do
+        member {
+          put :add_member
+          delete :remove_member
+        }
+      end
       resources :projects, :only => [:show] do
         collection { get :get_id }
         member {

spec/controllers/api/v1/platforms_controller_spec.rb

@@ -52,7 +52,7 @@ shared_examples_for 'api platform user with writer rights' do
       delete :remove_member, {:member_id => member.id, :type => 'User', :id => @platform.id}, :format => :json
     end
 
-    it 'should be able to perform update action' do
+    it 'should be able to perform remove_member action' do
       response.should be_success
     end
     it 'ensures that member has been removed from platform' do

spec/controllers/api/v1/repositories_controller_spec.rb

@@ -35,6 +35,133 @@ shared_examples_for "api repository user without show rights" do
   end
 end
 
+shared_examples_for 'api repository user with writer rights' do
+
+  context 'api repository user with update rights' do
+    before do
+      put :update, {:repository => {:description => 'new description'}, :id => @repository.id}, :format => :json
+    end
+
+    it 'should be able to perform update action' do
+      response.should be_success
+    end
+    it 'ensures that repository has been updated' do
+      @repository.reload
+      @repository.description.should == 'new description'
+    end
+  end
+
+  context 'api repository user with add_member rights' do
+    let(:member) { FactoryGirl.create(:user) }
+    before do
+      put :add_member, {:member_id => member.id, :type => 'User', :id => @repository.id}, :format => :json
+    end
+
+    it 'should be able to perform add_member action' do
+      response.should be_success
+    end
+    it 'ensures that new member has been added to repository' do
+      @repository.members.should include(member)
+    end
+  end
+
+  context 'api repository user with remove_member rights' do
+    let(:member) { FactoryGirl.create(:user) }
+    before do
+      @repository.add_member(member)
+      delete :remove_member, {:member_id => member.id, :type => 'User', :id => @repository.id}, :format => :json
+    end
+
+    it 'should be able to perform remove_member action' do
+      response.should be_success
+    end
+    it 'ensures that member has been removed from repository' do
+      @repository.members.should_not include(member)
+    end
+  end
+
+  context 'api repository user with destroy rights' do
+    it 'should be able to perform destroy action for main platform' do
+      delete :destroy, :id => @repository.id, :format => :json
+      response.should be_success
+    end
+    it 'ensures that repository of main platform has been destroyed' do
+      lambda { delete :destroy, :id => @repository.id, :format => :json }.should change{ Repository.count }.by(-1)
+    end
+    it 'should not be able to perform destroy action for repository of personal platform' do
+      delete :destroy, :id => @personal_repository.id, :format => :json
+      response.should_not be_success
+    end
+    it 'ensures that repository of personal platform has not been destroyed' do
+      lambda { delete :destroy, :id => @personal_repository.id, :format => :json }.should_not change{ Repository.count }
+    end
+  end
+end
+
+shared_examples_for 'api repository user without writer rights' do
+
+  context 'api repository user without update rights' do
+    before do
+      put :update, {:repository => {:description => 'new description'}, :id => @repository.id}, :format => :json
+    end
+
+    it 'should not be able to perform update action' do
+      response.should_not be_success
+    end
+    it 'ensures that repository has not been updated' do
+      @repository.reload
+      @repository.description.should_not == 'new description'
+    end
+  end
+
+  context 'api repository user without add_member rights' do
+    let(:member) { FactoryGirl.create(:user) }
+    before do
+      put :add_member, {:member_id => member.id, :type => 'User', :id => @repository.id}, :format => :json
+    end
+
+    it 'should not be able to perform add_member action' do
+      response.should_not be_success
+    end
+    it 'ensures that new member has not been added to repository' do
+      @repository.members.should_not include(member)
+    end
+  end
+
+  context 'api repository user without remove_member rights' do
+    let(:member) { FactoryGirl.create(:user) }
+    before do
+      @repository.add_member(member)
+      delete :remove_member, {:member_id => member.id, :type => 'User', :id => @repository.id}, :format => :json
+    end
+
+    it 'should be able to perform update action' do
+      response.should_not be_success
+    end
+    it 'ensures that member has not been removed from repository' do
+      @repository.members.should include(member)
+    end
+  end
+
+  context 'api repository user without destroy rights' do
+    it 'should not be able to perform destroy action for repository of main platform' do
+      delete :destroy, :id => @repository.id, :format => :json
+      response.should_not be_success
+    end
+    it 'ensures that repository of main platform has not been destroyed' do
+      lambda { delete :destroy, :id => @repository.id, :format => :json }.should_not change{ Repository.count }
+    end
+    it 'should not be able to perform destroy action for repository of personal platform' do
+      delete :destroy, :id => @personal_repository.id, :format => :json
+      response.should_not be_success
+    end
+    it 'ensures that repository of personal platform has not been destroyed' do
+      lambda { delete :destroy, :id => @personal_repository.id, :format => :json }.should_not change{ Repository.count }
+    end
+  end
+end
+
+
 describe Api::V1::RepositoriesController do
   before(:each) do
     stub_symlink_methods
@@ -52,8 +179,11 @@ describe Api::V1::RepositoriesController do
       response.status.should == 401
     end
 
-    it_should_behave_like 'api repository user without reader rights for hidden platform' if APP_CONFIG['anonymous_access']
-    it_should_behave_like 'api repository user with show rights' if APP_CONFIG['anonymous_access']
+    if APP_CONFIG['anonymous_access']
+      it_should_behave_like 'api repository user without reader rights for hidden platform'
+      it_should_behave_like 'api repository user with show rights'
+    end
+    it_should_behave_like 'api repository user without writer rights'
   end
 
   context 'for admin' do
@@ -64,6 +194,7 @@ describe Api::V1::RepositoriesController do
 
     it_should_behave_like 'api repository user with reader rights'
     it_should_behave_like 'api repository user with reader rights for hidden platform'
+    it_should_behave_like 'api repository user with writer rights'
   end
 
   context 'for platform owner user' do
@@ -77,6 +208,7 @@ describe Api::V1::RepositoriesController do
 
     it_should_behave_like 'api repository user with reader rights'
     it_should_behave_like 'api repository user with reader rights for hidden platform'
+    it_should_behave_like 'api repository user with writer rights'
   end
 
   context 'for user' do
@@ -88,5 +220,6 @@ describe Api::V1::RepositoriesController do
     it_should_behave_like 'api repository user with reader rights'
     it_should_behave_like 'api repository user without reader rights for hidden platform'
     it_should_behave_like 'api repository user with show rights'
+    it_should_behave_like 'api repository user without writer rights'
   end
 end