Software
/
rosa-build
mirror of https://github.com/OpenMandrivaSoftware/rosa-build.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#465: updated specs for Api::V1::ProjectsController

This commit is contained in:
Vokhmin Alexey V 2015-03-31 04:08:50 +03:00
parent 19836cf2ea
commit d002cfc81b
3 changed files with 110 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/api/v1/projects_controller.rb
View File

@ -61,7 +61,7 @@ class Api::V1::ProjectsController < Api::V1::BaseController
def fork(is_alias = false) def fork(is_alias = false)
owner = (Group.find params[:group_id] if params[:group_id].present?) || current_user owner = (Group.find params[:group_id] if params[:group_id].present?) || current_user
authorize owner, :write? if owner.class == Group authorize owner, :write? if owner.is_a?(Group)
if forked = @project.fork(owner, new_name: params[:fork_name], is_alias: is_alias) and forked.valid? if forked = @project.fork(owner, new_name: params[:fork_name], is_alias: is_alias) and forked.valid?
render_json_response forked, 'Project has been forked successfully' render_json_response forked, 'Project has been forked successfully'
else else

2
app/policies/project_policy.rb
View File

@ -10,7 +10,7 @@ class ProjectPolicy < ApplicationPolicy
return true if is_admin? return true if is_admin?
return true if record.public? return true if record.public?
return true if record.owner == user return true if record.owner == user
return true if record.owner.is_a?(Group) && user_group_ids.inclide?(record.owner_id) return true if record.owner.is_a?(Group) && user_group_ids.include?(record.owner_id)
local_reader? local_reader?
end end
alias_method :read?, :show? alias_method :read?, :show?

197
spec/controllers/api/v1/projects_controller_spec.rb
View File

@ -21,56 +21,61 @@ shared_examples_for "api projects user without reader rights for hidden project"
end end
shared_examples_for "api projects user without show rights" do shared_examples_for "api projects user without show rights" do
it "should show access violation instead of project data" do it "to show access violation instead of project data" do
get :show, id: @project.id, format: :json get :show, id: @project.id, format: :json
response.should_not be_success expect(response).to_not be_success
end end
it "should show access violation instead of project refs_list" do it "to show access violation instead of project refs_list" do
get :refs_list, id: @project.id, format: :json get :refs_list, id: @project.id, format: :json
response.should_not be_success expect(response).to_not be_success
end end
it "should access violation instead of project data by get_id" do it "to access violation instead of project data by get_id" do
get :get_id, name: @project.name, owner: @project.owner_uname, format: :json get :get_id, name: @project.name, owner: @project.owner_uname, format: :json
response.should_not be_success expect(response).to_not be_success
end end
it "should show access violation instead of project members data" do it "to show access violation instead of project members data" do
get :members, id: @project.id, format: :json get :members, id: @project.id, format: :json
response.should_not be_success expect(response).to_not be_success
end end
end end
shared_examples_for 'api projects user without fork rights' do shared_examples_for 'api projects user without fork rights' do
it 'should not be able to perform fork action' do it 'to not be able to perform fork action' do
post :fork, id: @project.id, format: :json post :fork, id: @project.id, format: :json
response.should_not be_success expect(response).to_not be_success
end end
it 'ensures that project has not been forked' do it 'ensures that project has not been forked' do
lambda { post :fork, id: @project.id, format: :json }.should_not change{ Project.count } expect do
post :fork, id: @project.id, format: :json
end.to_not change(Project, :count)
end end
end end
shared_examples_for 'api projects user with fork rights' do shared_examples_for 'api projects user with fork rights' do
it 'should be able to perform fork action' do it 'to be able to perform fork action' do
post :fork, id: @project.id, format: :json post :fork, id: @project.id, format: :json
response.should be_success expect(response).to be_success
end end
it 'ensures that project has been forked' do it 'ensures that project has been forked' do
lambda { post :fork, id: @project.id, format: :json }.should change{ Project.count }.by(1) expect do
post :fork, id: @project.id, format: :json
end.to change(Project, :count).by(1)
end end
it 'should be able to perform fork action with different name' do it 'to be able to perform fork action with different name' do
post :fork, id: @project.id, fork_name: (@project.name + '_forked'), format: :json post :fork, id: @project.id, fork_name: (@project.name + '_forked'), format: :json
response.should be_success expect(response).to be_success
end end
it 'ensures that project has been forked' do it 'ensures that project has been forked' do
new_name = @project.name + '_forked' new_name = @project.name + '_forked'
lambda { post :fork, id: @project.id, fork_name: new_name, format: :json }.should expect do
change{ Project.where(name: new_name).count }.by(1) post :fork, id: @project.id, fork_name: new_name, format: :json
end.to change{ Project.where(name: new_name).count }.by(1)
end end
end end
@ -85,44 +90,44 @@ shared_examples_for 'api projects user without fork rights for hidden project' d
end end
shared_examples_for "api projects user with show rights" do shared_examples_for "api projects user with show rights" do
it "should show project data" do it "to show project data" do
get :show, id: @project.id, format: :json get :show, id: @project.id, format: :json
render_template(:show) expect(response).to render_template(:show)
end end
it "should show refs_list of project" do it "to show refs_list of project" do
get :refs_list, id: @project.id, format: :json get :refs_list, id: @project.id, format: :json
render_template(:refs_list) expect(response).to render_template(:refs_list)
end end
context 'project find by get_id' do context 'project find by get_id' do
it "should find project by name and owner name" do it "to find project by name and owner name" do
@project.reload @project.reload
get :get_id, name: @project.name, owner: @project.owner_uname, format: :json get :get_id, name: @project.name, owner: @project.owner_uname, format: :json
assigns[:project].id.should == @project.id expect(assigns[:project].id).to eq @project.id
end end
it "should not find project by non existing name and owner name" do it "to not find project by non existing name and owner name" do
get :get_id, name: 'NONE_EXISTING_NAME', owner: @project.owner_uname, format: :json get :get_id, name: 'NONE_EXISTING_NAME', owner: @project.owner_uname, format: :json
assigns[:project].should be_blank expect(assigns :project).to be_blank
end end
it "should render 404 for non existing name and owner name" do it "to render 404 for non existing name and owner name" do
get :get_id, name: 'NONE_EXISTING_NAME', owner: @project.owner_uname, format: :json get :get_id, name: 'NONE_EXISTING_NAME', owner: @project.owner_uname, format: :json
response.body.should == {status: 404, message: I18n.t("flash.404_message")}.to_json expect(response.body).to eq({status: 404, message: I18n.t("flash.404_message")}.to_json)
end end
end end
end end
shared_examples_for 'api projects user with admin rights' do shared_examples_for 'api projects user with admin rights' do
it "should be able to perform members action" do it "to be able to perform members action" do
get :members, id: @project.id, format: :json get :members, id: @project.id, format: :json
response.should be_success expect(response).to be_success
end end
it 'should not set a wrong maintainer_id' do it 'to not set a wrong maintainer_id' do
put :update, project: { maintainer_id: -1 }, id: @project.id, format: :json put :update, project: { maintainer_id: -1 }, id: @project.id, format: :json
response.should_not be_success expect(response).to_not be_success
end end
context 'api project user with update rights' do context 'api project user with update rights' do
@ -130,12 +135,11 @@ shared_examples_for 'api projects user with admin rights' do
put :update, project: { description: 'new description' }, id: @project.id, format: :json put :update, project: { description: 'new description' }, id: @project.id, format: :json
end end
it 'should be able to perform update action' do it 'to be able to perform update action' do
response.should be_success expect(response).to be_success
end end
it 'ensures that description has been updated' do it 'ensures that description has been updated' do
@project.reload expect(@project.reload.description).to eq 'new description'
@project.description.should == 'new description'
end end
end end
@ -145,11 +149,11 @@ shared_examples_for 'api projects user with admin rights' do
put :add_member, member_id: member.id, type: 'User', role: 'admin', id: @project.id, format: :json put :add_member, member_id: member.id, type: 'User', role: 'admin', id: @project.id, format: :json
end end
it 'should be able to perform add_member action' do it 'to be able to perform add_member action' do
response.should be_success expect(response).to be_success
end end
it 'ensures that new member has been added to project' do it 'ensures that new member has been added to project' do
@project.members.should include(member) expect(@project.members).to include(member)
end end
end end
@ -160,11 +164,11 @@ shared_examples_for 'api projects user with admin rights' do
delete :remove_member, member_id: member.id, type: 'User', id: @project.id, format: :json delete :remove_member, member_id: member.id, type: 'User', id: @project.id, format: :json
end end
it 'should be able to perform remove_member action' do it 'to be able to perform remove_member action' do
response.should be_success expect(response).to be_success
end end
it 'ensures that member has been removed from project' do it 'ensures that member has been removed from project' do
@project.members.should_not include(member) expect(@project.members).to_not include(member)
end end
end end
@ -175,21 +179,21 @@ shared_examples_for 'api projects user with admin rights' do
put :update_member, member_id: member.id, type: 'User', role: 'reader', id: @project.id, format: :json put :update_member, member_id: member.id, type: 'User', role: 'reader', id: @project.id, format: :json
end end
it 'should be able to perform update_member action' do it 'to be able to perform update_member action' do
response.should be_success expect(response).to be_success
end end
it 'ensures that member role has been updated in project' do it 'ensures that member role has been updated in project' do
@project.relations.by_actor(member).first. role = @project.relations.by_actor(member).first.role
role.should == 'reader' expect(role).to eq 'reader'
end end
end end
end end
shared_examples_for 'api projects user without admin rights' do shared_examples_for 'api projects user without admin rights' do
it "should not be able to perform members action" do it "to not be able to perform members action" do
get :members, id: @project.id, format: :json get :members, id: @project.id, format: :json
response.should_not be_success expect(response).to_not be_success
end end
context 'api project user without update_member rights' do context 'api project user without update_member rights' do
@ -199,12 +203,12 @@ shared_examples_for 'api projects user without admin rights' do
put :update_member, member_id: member.id, type: 'User', role: 'reader', id: @project.id, format: :json put :update_member, member_id: member.id, type: 'User', role: 'reader', id: @project.id, format: :json
end end
it 'should not be able to perform update_member action' do it 'to not be able to perform update_member action' do
response.should_not be_success expect(response).to_not be_success
end end
it 'ensures that member role has not been updated in project' do it 'ensures that member role has not been updated in project' do
@project.relations.by_actor(member).first. role = @project.relations.by_actor(member).first.role
role.should_not == 'reader' expect(role).to_not eq 'reader'
end end
end end
@ -213,12 +217,11 @@ shared_examples_for 'api projects user without admin rights' do
put :update, project: {description: 'new description'}, id: @project.id, format: :json put :update, project: {description: 'new description'}, id: @project.id, format: :json
end end
it 'should not be able to perform update action' do it 'to not be able to perform update action' do
response.should_not be_success expect(response).to_not be_success
end end
it 'ensures that project has not been updated' do it 'ensures that project has not been updated' do
@project.reload expect(@project.reload.description).to_not eq 'new description'
@project.description.should_not == 'new description'
end end
end end
@ -228,11 +231,11 @@ shared_examples_for 'api projects user without admin rights' do
put :add_member, member_id: member.id, type: 'User', role: 'admin', id: @project.id, format: :json put :add_member, member_id: member.id, type: 'User', role: 'admin', id: @project.id, format: :json
end end
it 'should not be able to perform add_member action' do it 'to not be able to perform add_member action' do
response.should_not be_success expect(response).to_not be_success
end end
it 'ensures that new member has not been added to project' do it 'ensures that new member has not been added to project' do
@project.members.should_not include(member) expect(@project.members).to_not include(member)
end end
end end
@ -243,35 +246,39 @@ shared_examples_for 'api projects user without admin rights' do
delete :remove_member, member_id: member.id, type: 'User', id: @project.id, format: :json delete :remove_member, member_id: member.id, type: 'User', id: @project.id, format: :json
end end
it 'should be able to perform update action' do it 'to be able to perform update action' do
response.should_not be_success expect(response).to_not be_success
end end
it 'ensures that member has not been removed from project' do it 'ensures that member has not been removed from project' do
@project.members.should include(member) expect(@project.members).to include(member)
end end
end end
end end
shared_examples_for 'api projects user with owner rights' do shared_examples_for 'api projects user with owner rights' do
context 'api project user with destroy rights' do context 'api project user with destroy rights' do
it 'should be able to perform destroy action' do it 'to be able to perform destroy action' do
delete :destroy, id: @project.id, format: :json delete :destroy, id: @project.id, format: :json
response.should be_success expect(response).to be_success
end end
it 'ensures that project has been destroyed' do it 'ensures that project has been destroyed' do
lambda { delete :destroy, id: @project.id, format: :json }.should change{ Project.count }.by(-1) expect do
delete :destroy, id: @project.id, format: :json
end.to change(Project, :count).by(-1)
end end
end end
end end
shared_examples_for 'api projects user without owner rights' do shared_examples_for 'api projects user without owner rights' do
context 'api project user with destroy rights' do context 'api project user with destroy rights' do
it 'should not be able to perform destroy action' do it 'to not be able to perform destroy action' do
delete :destroy, id: @project.id, format: :json delete :destroy, id: @project.id, format: :json
response.should_not be_success expect(response).to_not be_success
end end
it 'ensures that project has not been destroyed' do it 'ensures that project has not been destroyed' do
lambda { delete :destroy, id: @project.id, format: :json }.should_not change{ Project.count } expect do
delete :destroy, id: @project.id, format: :json
end.to_not change(Project, :count)
end end
end end
end end
@ -289,9 +296,9 @@ describe Api::V1::ProjectsController, type: :controller do
context 'for guest' do context 'for guest' do
[:index, :members].each do |action| [:index, :members].each do |action|
it "should not be able to perform #{action} action" do it "to not be able to perform #{action} action" do
get action, id: @project.id, format: :json get action, id: @project.id, format: :json
response.should_not be_success expect(response).to_not be_success
end end
end end
@ -313,31 +320,37 @@ describe Api::V1::ProjectsController, type: :controller do
http_login(@user) http_login(@user)
end end
it 'should be able to perform index action' do it 'to be able to perform index action' do
get :index, format: :json get :index, format: :json
response.should be_success expect(response).to be_success
end end
context 'api project user with create rights' do context 'api project user with create rights' do
let(:params) { {project: {name: 'test_name', owner_id: @user.id, owner_type: 'User', visibility: 'open'}, format: :json} } let(:params) { {project: {name: 'test_name', owner_id: @user.id, owner_type: 'User', visibility: 'open'}, format: :json} }
it 'should be able to perform create action' do it 'to be able to perform create action' do
post :create, params, format: :json post :create, params, format: :json
response.should be_success expect(response).to be_success
end end
it 'ensures that project has been created' do it 'ensures that project has been created' do
lambda { post :create, params }.should change{ Project.count }.by(1) expect do
post :create, params
end.to change(Project, :count).by(1)
end end
it 'writer group should be able to create project for their group' do it 'writer group to be able to create project for their group' do
group = FactoryGirl.create(:group) group = FactoryGirl.create(:group)
create_actor_relation(group, @user, 'writer') create_actor_relation(group, @user, 'writer')
lambda { post :create, params.deep_merge({project: {owner_type: 'Group', owner_id: group.id}})}.should change{ Project.count }.by(1) expect do
post :create, params.deep_merge({project: {owner_type: 'Group', owner_id: group.id}})
end.to change(Project, :count).by(1)
end end
it 'reader group should not be able to create project for their group' do it 'reader group to not be able to create project for their group' do
group = FactoryGirl.create(:group) group = FactoryGirl.create(:group)
create_actor_relation(group, @user, 'reader') create_actor_relation(group, @user, 'reader')
lambda { post :create, params.deep_merge({project: {owner_type: 'Group', owner_id: group.id}})}.should change{ Project.count }.by(0) expect do
post :create, params.deep_merge({project: {owner_type: 'Group', owner_id: group.id}})
end.to_not change(Project, :count)
end end
end end
@ -349,34 +362,40 @@ describe Api::V1::ProjectsController, type: :controller do
it_should_behave_like 'api projects user without owner rights' it_should_behave_like 'api projects user without owner rights'
context 'group writer' do context 'group writer' do
it 'should be able to fork project to their group' do it 'to be able to fork project to their group' do
group = FactoryGirl.create(:group) group = FactoryGirl.create(:group)
create_actor_relation(group, @user, 'writer') create_actor_relation(group, @user, 'writer')
lambda {post :fork, id: @project.id, group_id: group.id}.should change{ Project.count }.by(1) expect do
post :fork, id: @project.id, group_id: group.id, format: :json
end.to change(Project, :count).by(1)
end end
it 'should be able to fork project with different name to their group' do it 'to be able to fork project with different name to their group' do
group = FactoryGirl.create(:group) group = FactoryGirl.create(:group)
create_actor_relation(group, @user, 'writer') create_actor_relation(group, @user, 'writer')
new_name = @project.name + '_forked' new_name = @project.name + '_forked'
lambda { post :fork, id: @project.id, group_id: group.id, fork_name: new_name }.should expect do
change { Project.where(name: new_name).count }.by(1) post :fork, id: @project.id, group_id: group.id, fork_name: new_name, format: :json
end.to change { Project.where(name: new_name).count }.by(1)
end end
end end
context 'group reader' do context 'group reader' do
it 'should not be able to fork project to their group' do it 'to not be able to fork project to their group' do
group = FactoryGirl.create(:group) group = FactoryGirl.create(:group)
create_actor_relation(group, @user, 'reader') create_actor_relation(group, @user, 'reader')
lambda {post :fork, id: @project.id, group_id: group.id, format: :json}.should change{ Project.count }.by(0) expect do
post :fork, id: @project.id, group_id: group.id, format: :json
end.to_not change(Project, :count)
end end
it 'should not be able to fork project with different name to their group' do it 'to not be able to fork project with different name to their group' do
group = FactoryGirl.create(:group) group = FactoryGirl.create(:group)
new_name = @project.name + '_forked' new_name = @project.name + '_forked'
create_actor_relation(group, @user, 'reader') create_actor_relation(group, @user, 'reader')
lambda { post :fork, id: @project.id, group_id: group.id, fork_name: new_name }.should expect do
change{ Project.where(name: new_name.count) }.by(0) post :fork, id: @project.id, group_id: group.id, fork_name: new_name, format: :json
end.to_not change{ Project.where(name: new_name).count }
end end
end end
end end