Software
/
rosa-build
mirror of https://github.com/OpenMandrivaSoftware/rosa-build.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#465: updated Api::V1::ProductBuildListsController

This commit is contained in:
Vokhmin Alexey V 2015-03-27 02:36:30 +03:00
parent 0518749228
commit d3e8abe0e8
8 changed files with 94 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/controllers/api/v1/product_build_lists_controller.rb
View File

@ -2,21 +2,23 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController
before_action :authenticate_user!
skip_before_action :authenticate_user!, only: [:index, :show] if APP_CONFIG['anonymous_access']
load_and_authorize_resource :product, only: :index
load_and_authorize_resource
before_action :load_product, only: :index
before_action :load_product_build_list, except: [:index, :create]
def index
@product_build_lists = if @product
@product_build_lists =
if @product
@product.product_build_lists
else
ProductBuildList.accessible_by current_ability, :read
PlatformPolicy::Scope.new(current_user, ProductBuildList.joins(product: :platform)).show
# ProductBuildList.accessible_by current_ability, :read
end
@product_build_lists = @product_build_lists.joins(:product, :project, :arch)
@product_build_lists = @product_build_lists.recent.paginate(paginate_params)
respond_to :json
end
def create
@product_build_list = ProductBuildList.new(params[:product_build_list])
@product_build_list.project ||= @product_build_list.try(:product).try(:project)
@product_build_list.main_script ||= @product_build_list.try(:product).try(:main_script)
@product_build_list.params ||= @product_build_list.try(:product).try(:params)
@ -25,7 +27,6 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController
end
def show
respond_to :json
end
def update
@ -44,4 +45,15 @@ class Api::V1::ProductBuildListsController < Api::V1::BaseController
render_validation_error @product_build_list, t("layout.product_build_lists.cancel_fail")
end
end
private
def load_product_build_list
authorize @product_build_list = ProductBuildList.find(params[:id])
end
# Private: before_action hook which loads Product.
def load_product
authorize @product = Product.find(params[:product_id]), :show? if params[:product_id]
end
end

8
app/policies/group_policy.rb
View File

@ -13,15 +13,15 @@ class GroupPolicy < ApplicationPolicy
end
def reader?
local_reader?
is_admin? || local_reader?
end
def write?
owner? || local_writer?
is_admin? || owner? || local_writer?
end
def update?
owner? || local_admin?
is_admin? || owner? || local_admin?
end
alias_method :add_member?, :update?
alias_method :manage_members?, :update?
@ -32,7 +32,7 @@ class GroupPolicy < ApplicationPolicy
alias_method :update_member?, :update?
def destroy?
owner?
is_admin? || owner?
end
def remove_user?

13
app/policies/product_build_list_policy.rb
View File

@ -1,22 +1,27 @@
class ProductBuildListPolicy < ApplicationPolicy
def index?
true
end
def show?
PlatformPolicy.new(user, record.platform).show?
is_admin? || ProductPolicy.new(user, record.product).show?
end
alias_method :log?, :show?
alias_method :read?, :show?
def create?
ProjectPolicy.new(user, record.project).write? || ProductPolicy.new(user, record.product).update?
return false unless record.project && record.product
is_admin? || ProjectPolicy.new(user, record.project).write? || ProductPolicy.new(user, record.product).update?
end
alias_method :cancel?, :create?
def update?
ProductPolicy.new(user, record.product).update?
is_admin? || ProductPolicy.new(user, record.product).update?
end
def destroy?
ProductPolicy.new(user, record.product).destroy?
is_admin? || ProductPolicy.new(user, record.product).destroy?
end
end

4
app/policies/product_policy.rb
View File

@ -5,12 +5,12 @@ class ProductPolicy < ApplicationPolicy
end
def show?
PlatformPolicy.new(user, record.platform).show?
is_admin? || PlatformPolicy.new(user, record.platform).show?
end
alias_method :read?, :show?
def create?
record.platform.main? && local_admin?(record.platform)
is_admin? || record.platform.main? && local_admin?(record.platform)
end
alias_method :clone?, :create?
alias_method :destroy?, :create?

11
app/policies/project_policy.rb
View File

@ -7,6 +7,7 @@ class ProjectPolicy < ApplicationPolicy
alias_method :preview?, :index?
def show?
return true if is_admin?
return true if record.public?
return true if record.owner == user
return true if record.owner.is_a?(Group) && user_group_ids.inclide?(record.owner_id)
@ -19,12 +20,13 @@ class ProjectPolicy < ApplicationPolicy
alias_method :refs_list?, :show?
def create?
return true if is_admin?
return false if user.guest?
!record.try(:owner) || owner_policy.write?
end
def update?
owner? || local_admin?
is_admin? || owner? || local_admin?
end
alias_method :alias?, :update?
alias_method :sections?, :update?
@ -38,14 +40,15 @@ class ProjectPolicy < ApplicationPolicy
alias_method :schedule?, :update?
def destroy?
owner? || record.owner.is_a?(Group) && record.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin')
is_admin? || owner? || record.owner.is_a?(Group) && record.owner.actors.exists?(actor_type: 'User', actor_id: user.id, role: 'admin')
end
def mass_import?
user.platforms.main.find{ |p| local_admin?(p) }.present?
is_admin? || user.platforms.main.find{ |p| local_admin?(p) }.present?
end
def run_mass_import?
return true if is_admin?
return false unless owner_policy.write?
repo = Repository.find(record.add_to_repository_id)
repo.platform.main? && PlatformPolicy.new(user, repo.platform).add_project?
@ -53,7 +56,7 @@ class ProjectPolicy < ApplicationPolicy
# for grack
def write?
owner? || local_writer?
is_admin? || owner? || local_writer?
end
def possible_forks

10
spec/controllers/api/v1/advisories_controller_spec.rb
View File

@ -114,6 +114,16 @@ describe Api::V1::AdvisoriesController, type: :controller do
it_should_behave_like 'api advisories user without admin rights'
end
context 'for admin' do
before do
@admin = FactoryGirl.create(:admin)
http_login(@admin)
end
it_should_behave_like 'api advisories user with show rights'
it_should_behave_like 'api advisories user with admin rights'
end
context 'for user who has access to update build_list' do
before do
@user = FactoryGirl.create(:user)

11
spec/controllers/api/v1/groups_controller_spec.rb
View File

@ -221,6 +221,17 @@ describe Api::V1::GroupsController, type: :controller do
it_should_behave_like 'api group user without owner rights'
end
context 'for global admin' do
before do
@admin = FactoryGirl.create(:admin)
http_login(@admin)
end
it_should_behave_like 'api group user with reader rights'
it_should_behave_like 'api group user with admin rights'
it_should_behave_like 'api group user with owner rights'
end
context 'for owner user' do
before do
@group = FactoryGirl.create(:group, owner: @user)

50
spec/controllers/api/v1/product_build_lists_controller.rb
View File

@ -3,29 +3,29 @@ require 'spec_helper'
shared_examples_for 'api user without reader rights' do
it 'should not be able to perform show action', :anonymous_access => false do
get :show, id: @product_build_list.id, format: :json
response.status.should == 401
expect(response.status).to eq 401
end
it 'should be able to perform show action' do
get :show, id: @product_build_list.id, format: :json
response.should be_success
expect(response).to be_success
end
it 'should be able to perform show action for the personal platform' do
it 'should not be able to perform show action for the hidden platform' do
@product_build_list.product.platform.update_column :visibility, 'hidden'
get :show, id: @product_build_list.id, format: :json
response.should be_success
expect(response).to_not be_success
end
it 'should not be able to perform create action' do
post :create, format: :json
response.status.should == 401
expect(response.status).to eq 401
end
[:update, :destroy].each do |action|
it "should not be able to perform #{action} action" do
put action, id: @product_build_list.id, format: :json
response.status.should == 401
expect(response.status).to eq 401
end
end
end
@ -33,24 +33,26 @@ end
shared_examples_for 'api user with reader rights' do
it 'should be able to perform show action' do
get :show, id: @product_build_list.id, format: :json
response.should be_success
expect(response).to be_success
end
it 'should be able to perform show action for the hidden main platform' do
allow_any_instance_of(PlatformPolicy).to receive(:show?).and_return(true
)
@product_build_list.product.platform.update_column :visibility, 'hidden'
get :show, id: @product_build_list.id, format: :json
response.should be_success # because main platform
expect(response).to be_success
end
it 'should not be able to perform create action' do
post :create, format: :json
response.status.should == 403
expect(response.status).to eq 403
end
[:update, :destroy].each do |action|
it "should not be able to perform #{action} action" do
put action, id: @product_build_list.id, format: :json
response.status.should == 403
expect(response.status).to eq 403
end
end
end
@ -68,52 +70,56 @@ shared_examples_for 'api user with admin rights' do
it 'should be able to perform show action' do
get :show, id: @product_build_list.id, format: :json
response.should be_success
expect(response).to be_success
end
it 'should be able to perform show action for the hidden platform' do
@product_build_list.product.platform.update_column :visibility, 'hidden'
get :show, id: @product_build_list.id, format: :json
response.should be_success
expect(response).to be_success
end
it 'should be able to perform create action' do
post :create, @create_params, format: :json
response.should be_success
expect(response).to be_success
end
it 'ensures that product has been created' do
lambda { post :create, @create_params, format: :json }.should change{ ProductBuildList.count }.by(1)
expect do
post :create, @create_params, format: :json
end.to change(ProductBuildList, :count).by(1)
end
it "should be able to perform destroy action" do
put :destroy, id: @product_build_list.id, format: :json
response.should be_success
expect(response).to be_success
end
it "ensures that product has been destroyed" do
lambda { put :destroy, id: @product_build_list.id, format: :json }.should change{ ProductBuildList.count }.by(-1)
expect do
put :destroy, id: @product_build_list.id, format: :json
end.to change(ProductBuildList, :count).by(-1)
end
it "should be able to perform update action" do
put :update, @update_params.merge(id: @product_build_list.id), format: :json
response.should be_success
expect(response).to be_success
end
it "ensures that only not_delete field of product build list has been updated" do
put :update, @update_params.merge(id: @product_build_list.id), format: :json
@product_build_list.reload.time_living.should == 150*60 # in seconds
@product_build_list.not_delete.should be_truthy
expect(@product_build_list.reload.time_living).to eq 150*60 # in seconds
expect(@product_build_list.not_delete).to be_truthy
end
it 'ensures that return correct answer for wrong creating action' do
post :create, format: :json
response.status.should == 403 # Maybe 422?
expect(response.status).to eq 403 # Maybe 422?
end
end
describe Api::V1::ProductBuildListsController, type: :controller do
before(:each) do
before do
stub_symlink_methods
FactoryGirl.create(:arch, name: 'x86_64')
@ -126,7 +132,7 @@ describe Api::V1::ProductBuildListsController, type: :controller do
end
context 'for user' do
before(:each) do
before do
http_login(@another_user)
end