Software
/
rosa-build
mirror of https://github.com/OpenMandrivaSoftware/rosa-build.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#465: updated Api::V1::ProductBuildListsController

This commit is contained in:
Vokhmin Alexey V 2015-03-27 02:36:30 +03:00
parent 0518749228
commit d3e8abe0e8
8 changed files with 94 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/controllers/api/v1/product_build_lists_controller.rb
View File

@ -2,21 +2,23 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController
before_action :authenticate_user! before_action :authenticate_user!
skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access'] skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
load_and_authorize_resource :product, only: :index before_action :load_product, only: :index
load_and_authorize_resource before_action :load_product_build_list, except: [:index, :create]
def index def index
@product_build_lists = if @product @product_build_lists =
if @product
@product.product_build_lists @product.product_build_lists
else else
ProductBuildList.accessible_by current_ability, :read PlatformPolicy::Scope.new(current_user, ProductBuildList.joins(product: :platform)).show
# ProductBuildList.accessible_by current_ability, :read
end end
@product_build_lists = @product_build_lists.joins(:product, :project, :arch) @product_build_lists = @product_build_lists.joins(:product, :project, :arch)
@product_build_lists = @product_build_lists.recent.paginate(paginate_params) @product_build_lists = @product_build_lists.recent.paginate(paginate_params)
respond_to :json
end end
def create def create
@product_build_list = ProductBuildList.new(params[:product_build_list])
@product_build_list.project ||= @product_build_list.try(:product).try(:project) @product_build_list.project ||= @product_build_list.try(:product).try(:project)
@product_build_list.main_script ||= @product_build_list.try(:product).try(:main_script) @product_build_list.main_script ||= @product_build_list.try(:product).try(:main_script)
@product_build_list.params ||= @product_build_list.try(:product).try(:params) @product_build_list.params ||= @product_build_list.try(:product).try(:params)
@ -25,7 +27,6 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController
end end
def show def show
respond_to :json
end end
def update def update
@ -44,4 +45,15 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController
render_validation_error @product_build_list, t("layout.product_build_lists.cancel_fail") render_validation_error @product_build_list, t("layout.product_build_lists.cancel_fail")
end end
end end
private
def load_product_build_list
authorize @product_build_list = ProductBuildList.find(params[:id])
end
# Private: before_action hook which loads Product.
def load_product
authorize @product = Product.find(params[:product_id]), :show? if params[:product_id]
end
end end

8
app/policies/group_policy.rb
View File

@ -13,15 +13,15 @@ class GroupPolicy < ApplicationPolicy
end end
def reader? def reader?
local_reader? is_admin? || local_reader?
end end
def write? def write?
owner? || local_writer? is_admin? || owner? || local_writer?
end end
def update? def update?
owner? || local_admin? is_admin? || owner? || local_admin?
end end
alias_method :add_member?, :update? alias_method :add_member?, :update?
alias_method :manage_members?, :update? alias_method :manage_members?, :update?
@ -32,7 +32,7 @@ class GroupPolicy < ApplicationPolicy
alias_method :update_member?, :update? alias_method :update_member?, :update?
def destroy? def destroy?
owner? is_admin? || owner?
end end
def remove_user? def remove_user?

13
app/policies/product_build_list_policy.rb
View File

@ -1,22 +1,27 @@
class ProductBuildListPolicy < ApplicationPolicy class ProductBuildListPolicy < ApplicationPolicy
def index?
true
end
def show? def show?
PlatformPolicy.new(user, record.platform).show? is_admin? || ProductPolicy.new(user, record.product).show?
end end
alias_method :log?, :show? alias_method :log?, :show?
alias_method :read?, :show? alias_method :read?, :show?
def create? def create?
ProjectPolicy.new(user, record.project).write? || ProductPolicy.new(user, record.product).update? return false unless record.project && record.product
is_admin? || ProjectPolicy.new(user, record.project).write? || ProductPolicy.new(user, record.product).update?
end end
alias_method :cancel?, :create? alias_method :cancel?, :create?
def update? def update?
ProductPolicy.new(user, record.product).update? is_admin? || ProductPolicy.new(user, record.product).update?
end end
def destroy? def destroy?
ProductPolicy.new(user, record.product).destroy? is_admin? || ProductPolicy.new(user, record.product).destroy?
end end
end end

4
app/policies/product_policy.rb
View File

@ -5,12 +5,12 @@ class ProductPolicy < ApplicationPolicy
end end
def show? def show?
PlatformPolicy.new(user, record.platform).show? is_admin? || PlatformPolicy.new(user, record.platform).show?
end end
alias_method :read?, :show? alias_method :read?, :show?
def create? def create?
record.platform.main? && local_admin?(record.platform) is_admin? || record.platform.main? && local_admin?(record.platform)
end end
alias_method :clone?, :create? alias_method :clone?, :create?
alias_method :destroy?, :create? alias_method :destroy?, :create?

11
app/policies/project_policy.rb
View File

@ -7,6 +7,7 @@ class ProjectPolicy < ApplicationPolicy
alias_method :preview?, :index? alias_method :preview?, :index?
def show? def show?
return true if is_admin?
return true if record.public? return true if record.public?
return true if record.owner == user return true if record.owner == user
return true if record.owner.is_a?(Group) && user_group_ids.inclide?(record.owner_id) return true if record.owner.is_a?(Group) && user_group_ids.inclide?(record.owner_id)
@ -19,12 +20,13 @@ class ProjectPolicy < ApplicationPolicy
alias_method :refs_list?, :show? alias_method :refs_list?, :show?
def create? def create?
return true if is_admin?
return false if user.guest? return false if user.guest?
!record.try(:owner) || owner_policy.write? !record.try(:owner) || owner_policy.write?
end end
def update? def update?
owner? || local_admin? is_admin? || owner? || local_admin?
end end
alias_method :alias?, :update? alias_method :alias?, :update?
alias_method :sections?, :update? alias_method :sections?, :update?
@ -38,14 +40,15 @@ class ProjectPolicy < ApplicationPolicy
alias_method :schedule?, :update? alias_method :schedule?, :update?
def destroy? def destroy?
owner? || record.owner.is_a?(Group) && record.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin') is_admin? || owner? || record.owner.is_a?(Group) && record.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin')
end end
def mass_import? def mass_import?
user.platforms.main.find{ |p| local_admin?(p) }.present? is_admin? || user.platforms.main.find{ |p| local_admin?(p) }.present?
end end
def run_mass_import? def run_mass_import?
return true if is_admin?
return false unless owner_policy.write? return false unless owner_policy.write?
repo = Repository.find(record.add_to_repository_id) repo = Repository.find(record.add_to_repository_id)
repo.platform.main? && PlatformPolicy.new(user, repo.platform).add_project? repo.platform.main? && PlatformPolicy.new(user, repo.platform).add_project?
@ -53,7 +56,7 @@ class ProjectPolicy < ApplicationPolicy
# for grack # for grack
def write? def write?
owner? || local_writer? is_admin? || owner? || local_writer?
end end
def possible_forks def possible_forks

10
spec/controllers/api/v1/advisories_controller_spec.rb
View File

@ -114,6 +114,16 @@ describe Api::V1::AdvisoriesController, type: :controller do
it_should_behave_like 'api advisories user without admin rights' it_should_behave_like 'api advisories user without admin rights'
end end
context 'for admin' do
before do
@admin = FactoryGirl.create(:admin)
http_login(@admin)
end
it_should_behave_like 'api advisories user with show rights'
it_should_behave_like 'api advisories user with admin rights'
end
context 'for user who has access to update build_list' do context 'for user who has access to update build_list' do
before do before do
@user = FactoryGirl.create(:user) @user = FactoryGirl.create(:user)

11
spec/controllers/api/v1/groups_controller_spec.rb
View File

@ -221,6 +221,17 @@ describe Api::V1::GroupsController, type: :controller do
it_should_behave_like 'api group user without owner rights' it_should_behave_like 'api group user without owner rights'
end end
context 'for global admin' do
before do
@admin = FactoryGirl.create(:admin)
http_login(@admin)
end
it_should_behave_like 'api group user with reader rights'
it_should_behave_like 'api group user with admin rights'
it_should_behave_like 'api group user with owner rights'
end
context 'for owner user' do context 'for owner user' do
before do before do
@group = FactoryGirl.create(:group, owner: @user) @group = FactoryGirl.create(:group, owner: @user)

50
spec/controllers/api/v1/product_build_lists_controller.rb
View File

@ -3,29 +3,29 @@ require 'spec_helper'
shared_examples_for 'api user without reader rights' do shared_examples_for 'api user without reader rights' do
it 'should not be able to perform show action', :anonymous_access => false do it 'should not be able to perform show action', :anonymous_access => false do
get :show, id: @product_build_list.id, format: :json get :show, id: @product_build_list.id, format: :json
response.status.should == 401 expect(response.status).to eq 401
end end
it 'should be able to perform show action' do it 'should be able to perform show action' do
get :show, id: @product_build_list.id, format: :json get :show, id: @product_build_list.id, format: :json
response.should be_success expect(response).to be_success
end end
it 'should be able to perform show action for the personal platform' do it 'should not be able to perform show action for the hidden platform' do
@product_build_list.product.platform.update_column :visibility, 'hidden' @product_build_list.product.platform.update_column :visibility, 'hidden'
get :show, id: @product_build_list.id, format: :json get :show, id: @product_build_list.id, format: :json
response.should be_success expect(response).to_not be_success
end end
it 'should not be able to perform create action' do it 'should not be able to perform create action' do
post :create, format: :json post :create, format: :json
response.status.should == 401 expect(response.status).to eq 401
end end
[:update, :destroy].each do |action| [:update, :destroy].each do |action|
it "should not be able to perform #{action} action" do it "should not be able to perform #{action} action" do
put action, id: @product_build_list.id, format: :json put action, id: @product_build_list.id, format: :json
response.status.should == 401 expect(response.status).to eq 401
end end
end end
end end
@ -33,24 +33,26 @@ end
shared_examples_for 'api user with reader rights' do shared_examples_for 'api user with reader rights' do
it 'should be able to perform show action' do it 'should be able to perform show action' do
get :show, id: @product_build_list.id, format: :json get :show, id: @product_build_list.id, format: :json
response.should be_success expect(response).to be_success
end end
it 'should be able to perform show action for the hidden main platform' do it 'should be able to perform show action for the hidden main platform' do
allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true
)
@product_build_list.product.platform.update_column :visibility, 'hidden' @product_build_list.product.platform.update_column :visibility, 'hidden'
get :show, id: @product_build_list.id, format: :json get :show, id: @product_build_list.id, format: :json
response.should be_success # because main platform expect(response).to be_success
end end
it 'should not be able to perform create action' do it 'should not be able to perform create action' do
post :create, format: :json post :create, format: :json
response.status.should == 403 expect(response.status).to eq 403
end end
[:update, :destroy].each do |action| [:update, :destroy].each do |action|
it "should not be able to perform #{action} action" do it "should not be able to perform #{action} action" do
put action, id: @product_build_list.id, format: :json put action, id: @product_build_list.id, format: :json
response.status.should == 403 expect(response.status).to eq 403
end end
end end
end end
@ -68,52 +70,56 @@ shared_examples_for 'api user with admin rights' do
it 'should be able to perform show action' do it 'should be able to perform show action' do
get :show, id: @product_build_list.id, format: :json get :show, id: @product_build_list.id, format: :json
response.should be_success expect(response).to be_success
end end
it 'should be able to perform show action for the hidden platform' do it 'should be able to perform show action for the hidden platform' do
@product_build_list.product.platform.update_column :visibility, 'hidden' @product_build_list.product.platform.update_column :visibility, 'hidden'
get :show, id: @product_build_list.id, format: :json get :show, id: @product_build_list.id, format: :json
response.should be_success expect(response).to be_success
end end
it 'should be able to perform create action' do it 'should be able to perform create action' do
post :create, @create_params, format: :json post :create, @create_params, format: :json
response.should be_success expect(response).to be_success
end end
it 'ensures that product has been created' do it 'ensures that product has been created' do
lambda { post :create, @create_params, format: :json }.should change{ ProductBuildList.count }.by(1) expect do
post :create, @create_params, format: :json
end.to change(ProductBuildList, :count).by(1)
end end
it "should be able to perform destroy action" do it "should be able to perform destroy action" do
put :destroy, id: @product_build_list.id, format: :json put :destroy, id: @product_build_list.id, format: :json
response.should be_success expect(response).to be_success
end end
it "ensures that product has been destroyed" do it "ensures that product has been destroyed" do
lambda { put :destroy, id: @product_build_list.id, format: :json }.should change{ ProductBuildList.count }.by(-1) expect do
put :destroy, id: @product_build_list.id, format: :json
end.to change(ProductBuildList, :count).by(-1)
end end
it "should be able to perform update action" do it "should be able to perform update action" do
put :update, @update_params.merge(id: @product_build_list.id), format: :json put :update, @update_params.merge(id: @product_build_list.id), format: :json
response.should be_success expect(response).to be_success
end end
it "ensures that only not_delete field of product build list has been updated" do it "ensures that only not_delete field of product build list has been updated" do
put :update, @update_params.merge(id: @product_build_list.id), format: :json put :update, @update_params.merge(id: @product_build_list.id), format: :json
@product_build_list.reload.time_living.should == 150*60 # in seconds expect(@product_build_list.reload.time_living).to eq 150*60 # in seconds
@product_build_list.not_delete.should be_truthy expect(@product_build_list.not_delete).to be_truthy
end end
it 'ensures that return correct answer for wrong creating action' do it 'ensures that return correct answer for wrong creating action' do
post :create, format: :json post :create, format: :json
response.status.should == 403 # Maybe 422? expect(response.status).to eq 403 # Maybe 422?
end end
end end
describe Api::V1::ProductBuildListsController, type: :controller do describe Api::V1::ProductBuildListsController, type: :controller do
before(:each) do before do
stub_symlink_methods stub_symlink_methods
FactoryGirl.create(:arch, name: 'x86_64') FactoryGirl.create(:arch, name: 'x86_64')
@ -126,7 +132,7 @@ describe Api::V1::ProductBuildListsController, type: :controller do
end end
context 'for user' do context 'for user' do
before(:each) do before do
http_login(@another_user) http_login(@another_user)
end end