#465: Update specs for Api::V1::RepositoriesController, Api::V1::SearchController, Api::V1::UsersController
This commit is contained in:
parent
d23e62e8cc
commit
c15dfb9b2a
|
@ -3,17 +3,13 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
|
|||
|
||||
before_action :authenticate_user!
|
||||
skip_before_action :authenticate_user!, only: [:show, :projects] if APP_CONFIG['anonymous_access']
|
||||
|
||||
before_action :load_platform
|
||||
before_action :load_repository
|
||||
|
||||
def show
|
||||
respond_to :json
|
||||
end
|
||||
|
||||
def projects
|
||||
@projects = @repository.projects.recent.paginate(paginate_params)
|
||||
respond_to :json
|
||||
end
|
||||
|
||||
def update
|
||||
|
@ -33,7 +29,6 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
|
|||
end
|
||||
|
||||
def key_pair
|
||||
respond_to :json
|
||||
end
|
||||
|
||||
# Only one request per 15 minutes for each platform
|
||||
|
@ -113,14 +108,9 @@ class Api::V1::RepositoriesController < Api::V1::BaseController
|
|||
|
||||
private
|
||||
|
||||
# Private: before_action hook which loads Platform.
|
||||
def load_platform
|
||||
authorize @platform = Platform.find_cached(params[:platform_id]), :show?
|
||||
end
|
||||
|
||||
# Private: before_action hook which loads Repository.
|
||||
def load_repository
|
||||
authorize @repository = @platform.repositories.find(params[:id]) if params[:id]
|
||||
authorize @repository = Repository.find(params[:id])
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -1,14 +1,12 @@
|
|||
class Api::V1::SearchController < Api::V1::BaseController
|
||||
before_action :authenticate_user! unless APP_CONFIG['anonymous_access']
|
||||
|
||||
def index
|
||||
search = Search.new(params[:query], current_ability, paginate_params)
|
||||
authorize :search
|
||||
|
||||
search = Search.new(params[:query], current_user, paginate_params)
|
||||
types = Search::TYPES.find{ |t| t == params[:type] } || Search::TYPES
|
||||
@results = {}
|
||||
[types].flatten.each do |type|
|
||||
@results[type] = search.send(type)
|
||||
end
|
||||
|
||||
respond_to :json
|
||||
end
|
||||
end
|
|
@ -2,18 +2,15 @@ class Api::V1::UsersController < Api::V1::BaseController
|
|||
|
||||
before_action :authenticate_user!
|
||||
skip_before_action :authenticate_user!, only: [:show] if APP_CONFIG['anonymous_access']
|
||||
load_and_authorize_resource :user, only: :show
|
||||
before_action :load_user, only: %i(show)
|
||||
before_action :set_current_user, except: :show
|
||||
|
||||
def show
|
||||
@user = User.opened.find params[:id] # dont show system users
|
||||
respond_to :json
|
||||
end
|
||||
|
||||
def show_current_user
|
||||
respond_to do |format|
|
||||
format.json { render :show }
|
||||
end
|
||||
render :show
|
||||
end
|
||||
|
||||
def update
|
||||
|
@ -37,15 +34,18 @@ class Api::V1::UsersController < Api::V1::BaseController
|
|||
else
|
||||
render_json_response @user, error_message(@user.notifier, 'User notification settings have not been updated'), 422
|
||||
end
|
||||
else
|
||||
respond_to :json
|
||||
end
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
def set_current_user
|
||||
@user = current_user
|
||||
authorize @user = current_user
|
||||
end
|
||||
|
||||
# Private: before_action hook which loads User.
|
||||
def load_user
|
||||
authorize @user = User.find(params[:id])
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -23,14 +23,14 @@ class ApplicationController < ActionController::Base
|
|||
|
||||
helper_method :get_owner
|
||||
|
||||
unless Rails.env.development?
|
||||
rescue_from Exception, with: :render_500
|
||||
rescue_from ActiveRecord::RecordNotFound,
|
||||
# ActionController::RoutingError, # see: config/routes.rb:<last line>
|
||||
ActionController::UnknownController,
|
||||
ActionController::UnknownFormat,
|
||||
AbstractController::ActionNotFound, with: :render_404
|
||||
end
|
||||
# unless Rails.env.development?
|
||||
# rescue_from Exception, with: :render_500
|
||||
# rescue_from ActiveRecord::RecordNotFound,
|
||||
# # ActionController::RoutingError, # see: config/routes.rb:<last line>
|
||||
# ActionController::UnknownController,
|
||||
# ActionController::UnknownFormat,
|
||||
# AbstractController::ActionNotFound, with: :render_404
|
||||
# end
|
||||
|
||||
rescue_from Pundit::NotAuthorizedError do |exception|
|
||||
redirect_to forbidden_url, alert: t("flash.exception_message")
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
class Search < Struct.new(:query, :ability, :paginate_params)
|
||||
class Search < Struct.new(:query, :user, :paginate_params)
|
||||
include ActiveModel::Conversion
|
||||
extend ActiveModel::Naming
|
||||
|
||||
|
@ -18,7 +18,10 @@ class Search < Struct.new(:query, :ability, :paginate_params)
|
|||
if type == 'users'
|
||||
User.opened
|
||||
else
|
||||
type.classify.constantize.accessible_by(ability, :show)
|
||||
klass = type.classify.constantize
|
||||
# scope_policy(type.classify.constantize).accessible_by(ability, :show)
|
||||
"#{klass}Policy::Scope".classify.constantize.new(user, klass).show
|
||||
# policy_scope(type.classify.constantize).show
|
||||
end
|
||||
scope.search(query).
|
||||
search_order.
|
||||
|
|
|
@ -39,4 +39,10 @@ class GroupPolicy < ApplicationPolicy
|
|||
!user.guest?
|
||||
end
|
||||
|
||||
class Scope < Scope
|
||||
def show
|
||||
scope
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -118,6 +118,7 @@ class ProjectPolicy < ApplicationPolicy
|
|||
)
|
||||
SQL
|
||||
end
|
||||
alias_method :show, :read
|
||||
|
||||
protected
|
||||
|
||||
|
|
|
@ -8,28 +8,28 @@ class RepositoryPolicy < ApplicationPolicy
|
|||
alias_method :read?, :show?
|
||||
|
||||
def reader?
|
||||
local_reader?(record.platform)
|
||||
is_admin? || local_reader?(record.platform)
|
||||
end
|
||||
|
||||
def write?
|
||||
local_writer?(record.platform)
|
||||
is_admin? || local_writer?(record.platform)
|
||||
end
|
||||
|
||||
def update?
|
||||
local_admin?(record.platform)
|
||||
is_admin? || local_admin?(record.platform)
|
||||
end
|
||||
alias_method :manage_members?, :update?
|
||||
alias_method :regenerate_metadata?, :update?
|
||||
alias_method :signatures?, :update?
|
||||
|
||||
def create?
|
||||
return false if record.platform.personal? && name == 'main'
|
||||
local_admin?(record.platform)
|
||||
return false if record.platform.personal? && record.name == 'main'
|
||||
is_admin? || owner?(record.platform) || local_admin?(record.platform)
|
||||
end
|
||||
alias_method :destroy?, :create?
|
||||
|
||||
def packages?
|
||||
record.platform.main? && local_admin?(record.platform)
|
||||
record.platform.main? && ( is_admin? || local_admin?(record.platform) )
|
||||
end
|
||||
alias_method :remove_member?, :packages?
|
||||
alias_method :remove_members?, :packages?
|
||||
|
@ -37,21 +37,25 @@ class RepositoryPolicy < ApplicationPolicy
|
|||
alias_method :sync_lock_file?, :packages?
|
||||
|
||||
def add_project?
|
||||
local_admin?(record.platform) || repository_user_ids.include?(user.id)
|
||||
is_admin? || local_admin?(record.platform) || repository_user_ids.include?(user.id)
|
||||
end
|
||||
alias_method :remove_project?, :add_project?
|
||||
|
||||
def destroy?
|
||||
owner?(record.platform)
|
||||
return false if record.platform.personal? && record.name == 'main'
|
||||
is_admin? || owner?(record.platform) || local_admin?(record.platform)
|
||||
end
|
||||
|
||||
def settings?
|
||||
is_admin? || owner?(record.platform) || local_admin?(record.platform)
|
||||
end
|
||||
alias_method :settings?, :destroy?
|
||||
|
||||
def key_pair?
|
||||
user.system?
|
||||
end
|
||||
|
||||
def add_repo_lock_file?
|
||||
user.system? || ( record.platform.main? && local_admin?(record.platform) )
|
||||
is_admin? || user.system? || ( record.platform.main? && local_admin?(record.platform) )
|
||||
end
|
||||
alias_method :remove_repo_lock_file?, :add_repo_lock_file?
|
||||
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
class SearchPolicy < ApplicationPolicy
|
||||
|
||||
def index?
|
||||
APP_CONFIG['anonymous_access'] || !user.guest?
|
||||
end
|
||||
|
||||
end
|
|
@ -7,13 +7,14 @@ class UserPolicy < ApplicationPolicy
|
|||
def update?
|
||||
is_admin? || record == user
|
||||
end
|
||||
alias_method :notifiers?, :update?
|
||||
alias_method :show_current_user?, :update?
|
||||
alias_method :write?, :update?
|
||||
|
||||
def write?
|
||||
is_admin? || record == user
|
||||
class Scope < Scope
|
||||
def show
|
||||
scope
|
||||
end
|
||||
|
||||
def update?
|
||||
is_admin? || record == user
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -15,14 +15,14 @@ end
|
|||
shared_examples_for 'api repository user without packages rights' do
|
||||
it 'should not be able to perform packages action' do
|
||||
get :packages, id: @repository.id, format: :csv
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'api repository user with packages rights' do
|
||||
it 'should be able to perform packages action' do
|
||||
get :packages, id: @repository.id, format: :csv
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -37,25 +37,25 @@ end
|
|||
shared_examples_for "api repository user with show rights" do
|
||||
it 'should be able to perform show action' do
|
||||
get :show, id: @repository.id, format: :json
|
||||
response.should render_template(:show)
|
||||
expect(response).to render_template(:show)
|
||||
end
|
||||
it 'should be able to perform projects action' do
|
||||
get :projects, id: @repository.id, format: :json
|
||||
response.should render_template(:projects)
|
||||
expect(response).to render_template(:projects)
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for "api repository user without show rights" do
|
||||
it 'should not be able to perform show action' do
|
||||
get :show, id: @repository.id, format: :json
|
||||
response.body.should == {"message" => "Access violation to this page!"}.to_json
|
||||
expect(response.body).to eq({"message" => "Access violation to this page!"}.to_json)
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for "api repository user without key_pair rights" do
|
||||
it 'should not be able to perform key_pair action' do
|
||||
get :key_pair, id: @repository.id, format: :json
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -67,11 +67,10 @@ shared_examples_for 'api repository user with writer rights' do
|
|||
end
|
||||
|
||||
it 'should be able to perform update action' do
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
it 'ensures that repository has been updated' do
|
||||
@repository.reload
|
||||
@repository.description.should == 'new description'
|
||||
expect(@repository.reload.description).to eq 'new description'
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -79,7 +78,7 @@ shared_examples_for 'api repository user with writer rights' do
|
|||
[:add_repo_lock_file, :remove_repo_lock_file].each do |action|
|
||||
it "should be able to perform #{action} action" do
|
||||
put action, id: @repository.id, format: :json
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -91,10 +90,10 @@ shared_examples_for 'api repository user with writer rights' do
|
|||
end
|
||||
|
||||
it 'should be able to perform add_member action' do
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
it 'ensures that new member has been added to repository' do
|
||||
@repository.members.should include(member)
|
||||
expect(@repository.members).to include(member)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -106,39 +105,48 @@ shared_examples_for 'api repository user with writer rights' do
|
|||
end
|
||||
|
||||
it 'should be able to perform remove_member action' do
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
it 'ensures that member has been removed from repository' do
|
||||
@repository.members.should_not include(member)
|
||||
expect(@repository.members).to_not include(member)
|
||||
end
|
||||
end
|
||||
|
||||
context 'api repository user with destroy rights' do
|
||||
it 'should be able to perform destroy action for main platform' do
|
||||
delete :destroy, id: @repository.id, format: :json
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
it 'ensures that repository of main platform has been destroyed' do
|
||||
lambda { delete :destroy, id: @repository.id, format: :json }.should change{ Repository.count }.by(-1)
|
||||
expect do
|
||||
delete :destroy, id: @repository.id, format: :json
|
||||
end.to change(Repository, :count).by(-1)
|
||||
end
|
||||
|
||||
context 'repository with name "main" of personal platform' do
|
||||
# hook for "ActiveRecord::ActiveRecordError: name is marked as readonly"
|
||||
before { Repository.where(id: @personal_repository.id).update_all("name = 'main'") }
|
||||
before do
|
||||
Repository.where(id: @personal_repository).update_all(name: 'main')
|
||||
end
|
||||
|
||||
it 'should not be able to perform destroy action' do
|
||||
delete :destroy, id: @personal_repository.id, format: :json
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
it 'ensures that repository has not been destroyed' do
|
||||
lambda { delete :destroy, id: @personal_repository.id, format: :json }.should_not change{ Repository.count }
|
||||
expect do
|
||||
delete :destroy, id: @personal_repository.id, format: :json
|
||||
end.to_not change(Repository, :count)
|
||||
end
|
||||
end
|
||||
it 'should be able to perform destroy action for repository with name not "main" of personal platform' do
|
||||
delete :destroy, id: @personal_repository.id, format: :json
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
it 'ensures that repository with name not "main" of personal platform has been destroyed' do
|
||||
lambda { delete :destroy, id: @personal_repository.id, format: :json }.should change{ Repository.count }.by(-1)
|
||||
expect do
|
||||
delete :destroy, id: @personal_repository.id, format: :json
|
||||
end.to change(Repository, :count).by(-1)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -148,10 +156,10 @@ shared_examples_for 'api repository user with writer rights' do
|
|||
put :signatures, id: @repository.id, repository: {public: kp.public, secret: kp.secret}, format: :json
|
||||
end
|
||||
it 'should be able to perform signatures action' do
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
it 'ensures that signatures has been updated' do
|
||||
@repository.key_pair.should_not be_nil
|
||||
expect(@repository.key_pair).to_not be_nil
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -162,10 +170,10 @@ shared_examples_for 'api repository user with project manage rights' do
|
|||
context 'api repository user with add_project rights' do
|
||||
before { put :add_project, id: @repository.id, project_id: @project.id, format: :json }
|
||||
it 'should be able to perform add_project action' do
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
it 'ensures that project has been added to repository' do
|
||||
@repository.projects.should include(@project)
|
||||
expect(@repository.projects).to include(@project)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -175,11 +183,10 @@ shared_examples_for 'api repository user with project manage rights' do
|
|||
delete :remove_project, id: @repository.id, project_id: @project.id, format: :json
|
||||
end
|
||||
it 'should be able to perform remove_project action' do
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
it 'ensures that project has been removed from repository' do
|
||||
@repository.reload
|
||||
@repository.projects.should_not include(@project)
|
||||
expect(@repository.reload.projects).to_not include(@project)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -193,11 +200,10 @@ shared_examples_for 'api repository user without writer rights' do
|
|||
end
|
||||
|
||||
it 'should not be able to perform update action' do
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
it 'ensures that repository has not been updated' do
|
||||
@repository.reload
|
||||
@repository.description.should_not == 'new description'
|
||||
expect(@repository.reload.description).to_not eq 'new description'
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -205,7 +211,7 @@ shared_examples_for 'api repository user without writer rights' do
|
|||
[:add_repo_lock_file, :remove_repo_lock_file].each do |action|
|
||||
it "should not be able to perform #{action} action" do
|
||||
put action, id: @repository.id, format: :json
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -217,10 +223,10 @@ shared_examples_for 'api repository user without writer rights' do
|
|||
end
|
||||
|
||||
it 'should not be able to perform add_member action' do
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
it 'ensures that new member has not been added to repository' do
|
||||
@repository.members.should_not include(member)
|
||||
expect(@repository.members).to_not include(member)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -232,27 +238,31 @@ shared_examples_for 'api repository user without writer rights' do
|
|||
end
|
||||
|
||||
it 'should be able to perform update action' do
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
it 'ensures that member has not been removed from repository' do
|
||||
@repository.members.should include(member)
|
||||
expect(@repository.members).to include(member)
|
||||
end
|
||||
end
|
||||
|
||||
context 'api repository user without destroy rights' do
|
||||
it 'should not be able to perform destroy action for repository of main platform' do
|
||||
delete :destroy, id: @repository.id, format: :json
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
it 'ensures that repository of main platform has not been destroyed' do
|
||||
lambda { delete :destroy, id: @repository.id, format: :json }.should_not change{ Repository.count }
|
||||
expect do
|
||||
delete :destroy, id: @repository.id, format: :json
|
||||
end.to_not change(Repository, :count)
|
||||
end
|
||||
it 'should not be able to perform destroy action for repository of personal platform' do
|
||||
delete :destroy, id: @personal_repository.id, format: :json
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
it 'ensures that repository of personal platform has not been destroyed' do
|
||||
lambda { delete :destroy, id: @personal_repository.id, format: :json }.should_not change{ Repository.count }
|
||||
expect do
|
||||
delete :destroy, id: @personal_repository.id, format: :json
|
||||
end.to_not change(Repository, :count)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -262,10 +272,10 @@ shared_examples_for 'api repository user without writer rights' do
|
|||
put :signatures, id: @repository.id, repository: {public: kp.public, secret: kp.secret}, format: :json
|
||||
end
|
||||
it 'should not be able to perform signatures action' do
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
it 'ensures that signatures has not been updated' do
|
||||
@repository.key_pair.should be_nil
|
||||
expect(@repository.key_pair).to be_nil
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -275,10 +285,10 @@ shared_examples_for 'api repository user without project manage rights' do
|
|||
context 'api repository user without add_project rights' do
|
||||
before { put :add_project, id: @repository.id, project_id: @project.id, format: :json }
|
||||
it 'should not be able to perform add_project action' do
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
it 'ensures that project has not been added to repository' do
|
||||
@repository.projects.should_not include(@project)
|
||||
expect(@repository.projects).to_not include(@project)
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -288,11 +298,10 @@ shared_examples_for 'api repository user without project manage rights' do
|
|||
delete :remove_project, id: @repository.id, project_id: @project.id, format: :json
|
||||
end
|
||||
it 'should not be able to perform remove_project action' do
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
it 'ensures that project has not been removed from repository' do
|
||||
@repository.reload
|
||||
@repository.projects.should include(@project)
|
||||
expect(@repository.reload.projects).to include(@project)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -312,7 +321,7 @@ describe Api::V1::RepositoriesController, type: :controller do
|
|||
context 'for guest' do
|
||||
it "should not be able to perform show action", :anonymous_access => false do
|
||||
get :show, id: @repository.id, format: :json
|
||||
response.status.should == 401
|
||||
expect(response.status).to eq 401
|
||||
end
|
||||
|
||||
if APP_CONFIG['anonymous_access']
|
||||
|
@ -326,7 +335,7 @@ describe Api::V1::RepositoriesController, type: :controller do
|
|||
|
||||
it 'should not be able to perform projects action', anonymous_access: false do
|
||||
get :projects, id: @repository.id, format: :json
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -400,13 +409,13 @@ describe Api::V1::RepositoriesController, type: :controller do
|
|||
|
||||
it 'should be able to perform key_pair action when repository has not keys' do
|
||||
get :key_pair, id: @repository.id, format: :json
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
|
||||
it 'should be able to perform key_pair action when repository has keys' do
|
||||
FactoryGirl.create(:key_pair, repository: @repository)
|
||||
get :key_pair, id: @repository.id, format: :json
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -3,14 +3,14 @@ require 'spec_helper'
|
|||
shared_examples_for 'able search with api' do
|
||||
it 'should be able to search' do
|
||||
get :index, format: :json
|
||||
response.should be_success
|
||||
response.should render_template(:index)
|
||||
expect(response).to be_success
|
||||
expect(response).to render_template(:index)
|
||||
end
|
||||
end
|
||||
shared_examples_for 'not able search with api' do
|
||||
it 'should not be able to search' do
|
||||
get :index, format: :json
|
||||
response.code.should eq('401')
|
||||
expect(response.code).to eq('401')
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -12,39 +12,35 @@ describe Api::V1::UsersController, type: :controller do
|
|||
[:show_current_user, :notifiers].each do |action|
|
||||
it "should not be able to perform #{ action } action for a current user" do
|
||||
get action, format: :json
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
end
|
||||
|
||||
it 'should be able to perform show action for a single user', :anonymous_access => true do
|
||||
get :show, id: @user.id, format: :json
|
||||
response.should render_template(:show)
|
||||
expect(response).to render_template(:show)
|
||||
end
|
||||
|
||||
it 'should not be able to perform show action for a single user', :anonymous_access => false do
|
||||
get :show, id: @user.id, format: :json
|
||||
response.should_not be_success
|
||||
expect(response).to_not be_success
|
||||
end
|
||||
|
||||
context 'should not be able to perform update action for a current user' do
|
||||
before do
|
||||
put :update, user: { company: 'test_company' }, format: :json
|
||||
end
|
||||
it { response.should_not be_success }
|
||||
it 'ensures that user has not been updated' do
|
||||
@user.reload
|
||||
@user.company.should_not == 'test_company'
|
||||
put :update, user: { company: 'test_company' }, format: :json
|
||||
expect(response).to_not be_success
|
||||
expect(@user.reload.company).to_not eq 'test_company'
|
||||
end
|
||||
end
|
||||
|
||||
context 'should not be able to perform notifiers action for a current user' do
|
||||
before do
|
||||
put :notifiers, notifiers: { can_notify: false }, format: :json
|
||||
end
|
||||
it { response.should_not be_success }
|
||||
it 'ensures that user notification settings have not been updated' do
|
||||
@user.reload
|
||||
@user.notifier.can_notify.should be_truthy
|
||||
put :notifiers, notifiers: { can_notify: false }, format: :json
|
||||
expect(response).to_not be_success
|
||||
expect(@user.reload.notifier.can_notify).to be_truthy
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -58,34 +54,28 @@ describe Api::V1::UsersController, type: :controller do
|
|||
[:show_current_user, :notifiers].each do |action|
|
||||
it "should be able to perform #{ action } action for a current user" do
|
||||
get action, format: :json
|
||||
response.should be_success
|
||||
expect(response).to be_success
|
||||
end
|
||||
end
|
||||
|
||||
it 'should be able to perform show action for a single user' do
|
||||
get :show, id: @user.id, format: :json
|
||||
response.should render_template(:show)
|
||||
expect(response).to render_template(:show)
|
||||
end
|
||||
|
||||
context 'should be able to perform update action for a current user' do
|
||||
before do
|
||||
put :update, user: { company: 'test_company' }, format: :json
|
||||
end
|
||||
it { response.should be_success }
|
||||
it 'ensures that user has been updated' do
|
||||
@user.reload
|
||||
@user.company.should == 'test_company'
|
||||
put :update, user: { company: 'test_company' }, format: :json
|
||||
expect(response).to be_success
|
||||
expect(@user.reload.company).to eq 'test_company'
|
||||
end
|
||||
end
|
||||
|
||||
context 'should be able to perform notifiers action for a current user' do
|
||||
before do
|
||||
put :notifiers, notifiers: {can_notify: false }, format: :json
|
||||
end
|
||||
it { response.should be_success }
|
||||
it 'ensures that user notification settings have been updated' do
|
||||
@user.reload
|
||||
@user.notifier.can_notify.should be_falsy
|
||||
put :notifiers, notifiers: {can_notify: false }, format: :json
|
||||
expect(response).to be_success
|
||||
expect(@user.reload.notifier.can_notify).to be_falsy
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue