diff --git a/app/controllers/api/v1/advisories_controller.rb b/app/controllers/api/v1/advisories_controller.rb index 201c4cd98..3e0e5b79c 100644 --- a/app/controllers/api/v1/advisories_controller.rb +++ b/app/controllers/api/v1/advisories_controller.rb @@ -38,7 +38,7 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController def find_and_authorize_build_list @build_list = BuildList.find params[:build_list_id] - authorize! :update, @build_list.save_to_platform + authorize! :local_admin_manage, @build_list.save_to_platform end end diff --git a/app/controllers/platforms/mass_builds_controller.rb b/app/controllers/platforms/mass_builds_controller.rb index c12d82768..f35127f1d 100644 --- a/app/controllers/platforms/mass_builds_controller.rb +++ b/app/controllers/platforms/mass_builds_controller.rb @@ -28,7 +28,7 @@ class Platforms::MassBuildsController < Platforms::BaseController end def index - authorize! :edit, @platform + authorize! :local_admin_manage, @platform @mass_builds = MassBuild.by_platform(@platform).order('created_at DESC').paginate(:page => params[:page], :per_page => 20) @auto_publish_selected = true diff --git a/app/models/ability.rb b/app/models/ability.rb index 269215a2d..f7d26c011 100644 --- a/app/models/ability.rb +++ b/app/models/ability.rb @@ -95,8 +95,8 @@ class Ability can [:read, :owned, :related, :members], Platform, :owner_type => 'User', :owner_id => user.id can [:read, :related, :members], Platform, :owner_type => 'Group', :owner_id => user.group_ids can([:read, :related, :members], Platform, read_relations_for('platforms')) {|platform| local_reader? platform} - can([:update, :members], Platform) {|platform| local_admin? platform} - can([:destroy, :members, :add_member, :remove_member, :remove_members] , Platform) {|platform| owner?(platform) || local_admin?(platform) } + can([:update, :destroy], Platform) {|platform| owner?(platform) } + can([:local_admin_manage, :members, :add_member, :remove_member, :remove_members] , Platform) {|platform| owner?(platform) || local_admin?(platform) } can([:get_list, :create], MassBuild) {|mass_build| (owner?(mass_build.platform) || local_admin?(mass_build.platform)) && mass_build.platform.main?} can(:cancel, MassBuild) {|mass_build| (owner?(mass_build.platform) || local_admin?(mass_build.platform)) && !mass_build.stop_build && mass_build.platform.main?} @@ -107,7 +107,7 @@ class Ability can([:create, :edit, :update, :destroy, :projects_list, :projects, :add_project, :remove_project, :regenerate_metadata], Repository) {|repository| local_admin? repository.platform} can([:remove_members, :remove_member, :add_member, :signatures], Repository) {|repository| owner?(repository.platform) || local_admin?(repository.platform)} can([:add_project, :remove_project], Repository) {|repository| repository.members.exists?(:id => user.id)} - can(:clear, Platform) {|platform| local_admin?(platform) && platform.personal?} + can(:clear, Platform) {|platform| owner?(platform) && platform.personal?} can([:change_visibility, :settings, :destroy, :edit, :update], Repository) {|repository| owner? repository.platform} can([:create, :destroy], KeyPair) {|key_pair| owner?(key_pair.repository.platform) || local_admin?(key_pair.repository.platform)} diff --git a/config/routes.rb b/config/routes.rb index c788c049e..f564b379a 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -132,12 +132,12 @@ Rosa::Application.routes.draw do resources :platforms do resources :private_users, :except => [:show, :destroy, :update] member do - post :clear + put :clear get :clone get :members post :remove_members # fixme: change post to delete delete :remove_member - post :add_member + put :add_member post :make_clone get :advisories end diff --git a/spec/controllers/api/v1/build_lists_controller_spec.rb b/spec/controllers/api/v1/build_lists_controller_spec.rb index 7d895f265..fdb82b5dd 100644 --- a/spec/controllers/api/v1/build_lists_controller_spec.rb +++ b/spec/controllers/api/v1/build_lists_controller_spec.rb @@ -158,7 +158,7 @@ describe Api::V1::BuildListsController do it_should_behave_like 'validation error via build list api', I18n.t('layout.build_lists.cancel_fail') - it "should not cancel build list" do + it "should not change status of build list" do @build_list.reload.status.should == BuildList::PROJECT_VERSION_NOT_FOUND end end @@ -174,7 +174,7 @@ describe Api::V1::BuildListsController do response.body.should == {"message" => "Access violation to this page!"}.to_json end - it "should not cancel build list" do + it "should not change status of build list" do @build_list.reload.status.should == BuildList::BUILD_PENDING end end @@ -262,7 +262,7 @@ describe Api::V1::BuildListsController do response.should be_success end - it "should cancel build list" do + it "should change status of build list" do @build_list.reload.status.should == BuildList::BUILD_PUBLISH end end @@ -292,9 +292,11 @@ describe Api::V1::BuildListsController do do_publish end - it_should_behave_like 'validation error via build list api', I18n.t('layout.build_lists.publish_fail') + it "should return access violation message" do + response.body.should == {"message" => "Access violation to this page!"}.to_json + end - it "should not cancel build list" do + it "should not change status of build list" do @build_list.reload.status.should == BuildList::PROJECT_VERSION_NOT_FOUND end end @@ -309,7 +311,7 @@ describe Api::V1::BuildListsController do response.body.should == {"message" => "Access violation to this page!"}.to_json end - it "should not cancel build list" do + it "should not change status of build list" do @build_list.reload.status.should == BuildList::FAILED_PUBLISH end end @@ -345,7 +347,7 @@ describe Api::V1::BuildListsController do response.body.should == {"message" => "Access violation to this page!"}.to_json end - it "should not cancel build list" do + it "should not change status of build list" do @build_list.reload.status.should == BuildList::FAILED_PUBLISH end end @@ -392,7 +394,7 @@ describe Api::V1::BuildListsController do it_should_behave_like 'validation error via build list api', I18n.t('layout.build_lists.reject_publish_fail') - it "should not cancel build list" do + it "should not change status of build list" do @build_list.reload.status.should == BuildList::PROJECT_VERSION_NOT_FOUND end end @@ -409,7 +411,7 @@ describe Api::V1::BuildListsController do response.body.should == {"message" => "Access violation to this page!"}.to_json end - it "should not cancel build list" do + it "should not change status of build list" do do_reject_publish @build_list.reload.status.should == BuildList::SUCCESS end diff --git a/spec/controllers/api/v1/platforms_controller_spec.rb b/spec/controllers/api/v1/platforms_controller_spec.rb index 682bce637..26fac1318 100644 --- a/spec/controllers/api/v1/platforms_controller_spec.rb +++ b/spec/controllers/api/v1/platforms_controller_spec.rb @@ -15,7 +15,7 @@ shared_examples_for 'api platform user with reader rights' do end end -shared_examples_for 'api platform user with writer rights' do +shared_examples_for 'api platform user with owner rights' do context 'api platform user with update rights' do before do @@ -31,6 +31,60 @@ shared_examples_for 'api platform user with writer rights' do end end + context 'api platform user with destroy rights for main platforms only' do + it 'should be able to perform destroy action for main platform' do + delete :destroy, :id => @platform.id, :format => :json + response.should be_success + end + it 'ensures that main platform has been destroyed' do + lambda { delete :destroy, :id => @platform.id, :format => :json }.should change{ Platform.count }.by(-1) + end + it 'should not be able to perform destroy action for personal platform' do + delete :destroy, :id => @personal_platform.id, :format => :json + response.should_not be_success + end + it 'ensures that personal platform has not been destroyed' do + lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count } + end + end +end + +shared_examples_for 'api platform user without owner rights' do + context 'api platform user without update rights' do + before do + put :update, {:platform => {:description => 'new description'}, :id => @platform.id}, :format => :json + end + + it 'should not be able to perform update action' do + response.should_not be_success + end + it 'ensures that platform has not been updated' do + @platform.reload + @platform.description.should_not == 'new description' + end + end + + context 'api platform user without destroy rights' do + it 'should not be able to perform destroy action for main platform' do + delete :destroy, :id => @platform.id, :format => :json + response.should_not be_success + end + it 'ensures that main platform has not been destroyed' do + lambda { delete :destroy, :id => @platform.id, :format => :json }.should_not change{ Platform.count } + end + it 'should not be able to perform destroy action for personal platform' do + delete :destroy, :id => @personal_platform.id, :format => :json + response.should_not be_success + end + it 'ensures that personal platform has not been destroyed' do + lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count } + end + end + +end + +shared_examples_for 'api platform user with member rights' do + context 'api platform user with add_member rights' do let(:member) { FactoryGirl.create(:user) } before do @@ -60,39 +114,9 @@ shared_examples_for 'api platform user with writer rights' do end end - context 'api platform user with destroy rights for main platforms only' do - it 'should be able to perform destroy action for main platform' do - delete :destroy, :id => @platform.id, :format => :json - response.should be_success - end - it 'ensures that main platform has been destroyed' do - lambda { delete :destroy, :id => @platform.id, :format => :json }.should change{ Platform.count }.by(-1) - end - it 'should not be able to perform destroy action for personal platform' do - delete :destroy, :id => @personal_platform.id, :format => :json - response.should_not be_success - end - it 'ensures that personal platform has not been destroyed' do - lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count } - end - end end -shared_examples_for 'api platform user without writer rights' do - - context 'api platform user without update rights' do - before do - put :update, {:platform => {:description => 'new description'}, :id => @platform.id}, :format => :json - end - - it 'should not be able to perform update action' do - response.should_not be_success - end - it 'ensures that platform has not been updated' do - @platform.reload - @platform.description.should_not == 'new description' - end - end +shared_examples_for 'api platform user without member rights' do context 'api platform user without add_member rights' do let(:member) { FactoryGirl.create(:user) } @@ -123,35 +147,6 @@ shared_examples_for 'api platform user without writer rights' do end end - context 'should not be able to perform clear action' do - it 'for personal platform' do - put :clear, :id => @personal_platform.id, :format => :json - response.should_not be_success - end - it 'for main platform' do - put :clear, :id => @platform.id, :format => :json - response.should_not be_success - end - end - - context 'api platform user without destroy rights' do - it 'should not be able to perform destroy action for main platform' do - delete :destroy, :id => @platform.id, :format => :json - response.should_not be_success - end - it 'ensures that main platform has not been destroyed' do - lambda { delete :destroy, :id => @platform.id, :format => :json }.should_not change{ Platform.count } - end - it 'should not be able to perform destroy action for personal platform' do - delete :destroy, :id => @personal_platform.id, :format => :json - response.should_not be_success - end - it 'ensures that personal platform has not been destroyed' do - lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count } - end - end - - it_should_behave_like 'api platform user without global admin rights' end shared_examples_for 'api platform user without global admin rights' do @@ -193,7 +188,12 @@ shared_examples_for 'api platform user without reader rights for hidden platform @platform.update_column(:visibility, 'hidden') end - it_should_behave_like 'api platform user without show rights' + [:show, :members].each do |action| + it "should not be able to perform #{ action } action" do + get action, :id => @platform.id, :format => :json + response.body.should == {"message" => "Access violation to this page!"}.to_json + end + end end shared_examples_for "api platform user with show rights" do @@ -208,15 +208,6 @@ shared_examples_for "api platform user with show rights" do end end -shared_examples_for "api platform user without show rights" do - [:show, :members].each do |action| - it "should not be able to perform #{ action } action" do - get action, :id => @platform.id, :format => :json - response.body.should == {"message" => "Access violation to this page!"}.to_json - end - end -end - describe Api::V1::PlatformsController do let(:clone_or_create_params) { {:id => @platform.id, :platform => {:description => 'new description', :name => 'new_name', :owner_id => @user.id, :distrib_type => APP_CONFIG['distr_types'].first}} } before do @@ -248,7 +239,9 @@ describe Api::V1::PlatformsController do it_should_behave_like 'api platform user with show rights' if APP_CONFIG['anonymous_access'] it_should_behave_like 'api platform user without reader rights for hidden platform' if APP_CONFIG['anonymous_access'] - it_should_behave_like 'api platform user without writer rights' + it_should_behave_like 'api platform user without member rights' + it_should_behave_like 'api platform user without owner rights' + it_should_behave_like 'api platform user without global admin rights' end context 'for global admin' do @@ -259,7 +252,8 @@ describe Api::V1::PlatformsController do it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights for hidden platform' - it_should_behave_like 'api platform user with writer rights' + it_should_behave_like 'api platform user with member rights' + it_should_behave_like 'api platform user with owner rights' [:clone, :create].each do |action| context "with #{action} rights" do @@ -288,15 +282,16 @@ describe Api::V1::PlatformsController do it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights for hidden platform' - it_should_behave_like 'api platform user with writer rights' + it_should_behave_like 'api platform user with member rights' + it_should_behave_like 'api platform user with owner rights' it_should_behave_like 'api platform user without global admin rights' end - context 'for reader user' do + context 'for member of platform' do before do http_login(@user) - @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') - @personal_platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') + @platform.add_member(@user) + @personal_platform.add_member(@user) end context 'perform index action with type param' do @@ -312,7 +307,9 @@ describe Api::V1::PlatformsController do it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights for hidden platform' - it_should_behave_like 'api platform user without writer rights' + it_should_behave_like 'api platform user with member rights' + it_should_behave_like 'api platform user without owner rights' + it_should_behave_like 'api platform user without global admin rights' end context 'for simple user' do @@ -322,6 +319,8 @@ describe Api::V1::PlatformsController do it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user without reader rights for hidden platform' - it_should_behave_like 'api platform user without writer rights' + it_should_behave_like 'api platform user without member rights' + it_should_behave_like 'api platform user without owner rights' + it_should_behave_like 'api platform user without global admin rights' end end diff --git a/spec/controllers/platforms/platforms_controller_spec.rb b/spec/controllers/platforms/platforms_controller_spec.rb index 6ec4157b4..96312890e 100644 --- a/spec/controllers/platforms/platforms_controller_spec.rb +++ b/spec/controllers/platforms/platforms_controller_spec.rb @@ -1,97 +1,269 @@ # -*- encoding : utf-8 -*- require 'spec_helper' -shared_examples_for 'platform owner' do +shared_examples_for 'platform user with reader rights' do + include_examples 'platform user with show rights' - it 'should not be able to destroy personal platform' do - delete :destroy, :id => @personal_platform.id - response.should redirect_to(forbidden_path) - end - - it 'should change objects count on destroy success' do - lambda { delete :destroy, :id => @platform.id }.should change{ Platform.count }.by(-1) - end - - it 'should be able to perform destroy action' do - delete :destroy, :id => @platform.id - response.should redirect_to(platforms_path) + [:members, :advisories].each do |action| + it 'should be able to perform advisories action' do + get action, :id => @platform.id + response.should render_template(action) + response.should be_success + end end end -shared_examples_for 'system registered user' do - it 'should be able to perform index action' do - get :index - response.should render_template(:index) +shared_examples_for 'platform user with owner rights' do + + context 'platform user with update rights' do + before do + put :update, {:platform => {:description => 'new description'}, :id => @platform.id} + end + + it 'should be able to perform update action' do + response.should redirect_to(platform_path(@platform)) + end + it 'ensures that platform has been updated' do + @platform.reload + @platform.description.should == 'new description' + end end + context 'platform user with destroy rights for main platforms only' do + it 'should be able to perform destroy action for main platform' do + delete :destroy, :id => @platform.id + response.should redirect_to(platforms_path) + end + it 'ensures that main platform has been destroyed' do + lambda { delete :destroy, :id => @platform.id }.should change{ Platform.count }.by(-1) + end + it 'should not be able to perform destroy action for personal platform' do + delete :destroy, :id => @personal_platform.id + response.should_not be_success + end + it 'ensures that personal platform has not been destroyed' do + lambda { delete :destroy, :id => @personal_platform.id }.should_not change{ Platform.count } + end + end +end + +shared_examples_for 'platform user without owner rights' do + context 'platform user without update rights' do + before do + put :update, {:platform => {:description => 'new description'}, :id => @platform.id} + end + + it 'should not be able to perform update action' do + response.should_not be_success + end + it 'ensures that platform has not been updated' do + @platform.reload + @platform.description.should_not == 'new description' + end + end + + context 'platform user without destroy rights' do + it 'should not be able to perform destroy action for main platform' do + delete :destroy, :id => @platform.id + response.should_not be_success + end + it 'ensures that main platform has not been destroyed' do + lambda { delete :destroy, :id => @platform.id }.should_not change{ Platform.count } + end + it 'should not be able to perform destroy action for personal platform' do + delete :destroy, :id => @personal_platform.id + response.should_not be_success + end + it 'ensures that personal platform has not been destroyed' do + lambda { delete :destroy, :id => @personal_platform.id }.should_not change{ Platform.count } + end + end + +end + +shared_examples_for 'platform user with member rights' do + + context 'platform user with add_member rights' do + let(:member) { FactoryGirl.create(:user) } + before do + put :add_member, {:member_id => member.id, :id => @platform.id} + end + + it 'should be able to perform add_member action' do + response.should redirect_to(members_platform_path(@platform)) + end + it 'ensures that new member has been added to platform' do + @platform.members.should include(member) + end + end + + context 'platform user with remove_member rights' do + let(:member) { FactoryGirl.create(:user) } + before do + @platform.add_member(member) + delete :remove_member, {:member_id => member.id, :id => @platform.id} + end + + it 'should be able to perform remove_member action' do + response.should redirect_to(members_platform_path(@platform)) + end + it 'ensures that member has been removed from platform' do + @platform.members.should_not include(member) + end + end + + context 'platform user with remove_members rights' do + let(:member) { FactoryGirl.create(:user) } + before do + @platform.add_member(member) + post :remove_members, {:user_remove => {member.id => [1]}, :id => @platform.id} + end + + it 'should be able to perform remove_members action' do + response.should redirect_to(members_platform_path(@platform)) + end + it 'ensures that member has been removed from platform' do + @platform.members.should_not include(member) + end + end + +end + +shared_examples_for 'platform user without member rights' do |guest = false| + + context 'platform user without add_member rights' do + let(:member) { FactoryGirl.create(:user) } + before do + put :add_member, {:member_id => member.id, :id => @platform.id} + end + + it 'should not be able to perform add_member action' do + response.should redirect_to(guest ? new_user_session_path : forbidden_path) + end + it 'ensures that new member has not been added to platform' do + @platform.members.should_not include(member) + end + end + + context 'platform user without remove_member rights' do + let(:member) { FactoryGirl.create(:user) } + before do + @platform.add_member(member) + delete :remove_member, {:member_id => member.id, :id => @platform.id} + end + + it 'should not be able to perform remove_member action' do + response.should redirect_to(guest ? new_user_session_path : forbidden_path) + end + it 'ensures that member has not been removed from platform' do + @platform.members.should include(member) + end + end + + context 'platform user without remove_members rights' do + let(:member) { FactoryGirl.create(:user) } + before do + @platform.add_member(member) + post :remove_members, {:user_remove => {member.id => [1]}, :id => @platform.id} + end + + it 'should not be able to perform remove_members action' do + response.should redirect_to(guest ? new_user_session_path : forbidden_path) + end + it 'ensures that member has not been removed from platform' do + @platform.members.should include(member) + end + end + +end + +shared_examples_for 'platform user without global admin rights' do + context 'should not be able to perform clear action' do + it 'for personal platform' do + put :clear, :id => @personal_platform.id + response.should_not be_success + end + it 'for main platform' do + put :clear, :id => @platform.id + response.should_not be_success + end + end + + context 'should not be able to perform clone action' do + it 'for personal platform' do + get :clone, :id => @personal_platform.id + response.should_not be_success + end + it 'for main platform' do + get :clone, :id => @platform.id + response.should_not be_success + end + end + + it 'should not be able to perform new action' do + get :new + response.should_not be_success + end + + [:create, :make_clone].each do |action| + context "platform user without #{action} rights" do + before { any_instance_of(Platform, :create_directory => true) } + it "should not be able to perform #{action} action" do + post action, clone_or_create_params + response.should_not be_success + end + it "ensures that platform has not been #{action}d" do + lambda { post action, clone_or_create_params }.should_not change{ Platform.count } + end + end + end +end + +shared_examples_for 'platform user with reader rights for hidden platform' do + before(:each) do + @platform.update_column(:visibility, 'hidden') + end + + it_should_behave_like 'platform user with show rights' +end + +shared_examples_for 'platform user without reader rights for hidden platform' do + before(:each) do + @platform.update_column(:visibility, 'hidden') + end + + [:show, :members].each do |action| + it "should not be able to perform #{ action } action" do + get action, :id => @platform.id + response.should redirect_to(forbidden_path) + end + end +end + +shared_examples_for 'platform user with show rights' do it 'should be able to perform show action' do get :show, :id => @platform.id response.should render_template(:show) assigns(:platform).should eq @platform end - - it 'should be able to perform members action' do - get :members, :id => @platform.id - response.should render_template(:members) - response.should be_success - end - - it 'should be able to perform advisories action' do - get :advisories, :id => @platform.id - response.should render_template(:advisories) - response.should be_success - end - -end - -shared_examples_for 'user without create rights' do - - it 'should not be able to perform new action' do - get :new - response.should redirect_to(forbidden_path) - end - - it 'should not be able to create platform' do - post :create, @create_params - response.should redirect_to(forbidden_path) - end end describe Platforms::PlatformsController do - before(:each) do + let(:clone_or_create_params) { {:id => @platform.id, :platform => {:description => 'new description', :name => 'new_name', :owner_id => @user.id, :distrib_type => APP_CONFIG['distr_types'].first}} } + before do stub_symlink_methods @platform = FactoryGirl.create(:platform) @personal_platform = FactoryGirl.create(:platform, :platform_type => 'personal') @user = FactoryGirl.create(:user) - set_session_for(@user) - - @create_params = {:platform => { - :name => 'pl1', - :description => 'pl1', - :platform_type => 'main', - :distrib_type => APP_CONFIG['distr_types'].first - }} end context 'for guest' do - before(:each) do - set_session_for(User.new) - end - [:index, :create].each do |action| - it "should not be able to perform #{ action } action" do - get action - response.should redirect_to(new_user_session_path) - end - end - - [:new, :edit, :clone, :destroy].each do |action| - it "should not be able to perform #{ action } action" do - get action, :id => @platform - response.should redirect_to(new_user_session_path) - end + it "should not be able to perform index action" do + get :index + response.should redirect_to(new_user_session_path) end [:show, :members, :advisories].each do |action| @@ -101,75 +273,94 @@ describe Platforms::PlatformsController do end end - [:show, :members, :advisories].each do |action| - it "should be able to perform #{ action } action", :anonymous_access => true do - get action, :id => @platform - response.should render_template(action) - response.should be_success - end - end - + it_should_behave_like 'platform user with show rights' if APP_CONFIG['anonymous_access'] + it_should_behave_like 'platform user without reader rights for hidden platform' if APP_CONFIG['anonymous_access'] + it_should_behave_like 'platform user without member rights', true + it_should_behave_like 'platform user without owner rights' + it_should_behave_like 'platform user without global admin rights' end context 'for global admin' do - before(:each) do - @user.role = "admin" - @user.save + before do + @admin = FactoryGirl.create(:admin) + http_login(@admin) end - it_should_behave_like 'system registered user' - it_should_behave_like 'platform owner' + it_should_behave_like 'platform user with reader rights' + it_should_behave_like 'platform user with reader rights for hidden platform' + it_should_behave_like 'platform user with member rights' + it_should_behave_like 'platform user with owner rights' - it 'should be able to perform new action' do - get :new + it "should be able to perform new action" do + get :new, :id => @platform response.should render_template(:new) end - it 'should be able to perform create action' do - post :create, @create_params - response.should redirect_to(platform_path(Platform.last)) + it "should be able to perform clone action" do + get :clone, :id => @platform + response.should render_template(:clone) end - it 'should change objects count on create success' do - lambda { post :create, @create_params }.should change{ Platform.count }.by(1) + [:make_clone, :create].each do |action| + context "with #{action} rights" do + before do + any_instance_of(Platform, :create_directory => true) + clone_or_create_params[:platform][:owner_id] = @admin.id + end + it "should be able to perform #{action} action" do + post action, clone_or_create_params + response.should redirect_to(platform_path(Platform.last)) + end + it "ensures that platform has been #{action}d" do + lambda { post action, clone_or_create_params }.should change{ Platform.count }.by(1) + end + end end - - it 'should create platform with mentioned owner if owner id present' do - owner = FactoryGirl.create(:user) - post :create, @create_params.merge({:admin_id => owner.id, :admin_uname => owner.uname}) - Platform.last.owner.id.should eql(owner.id) - end - - it 'should create platform with current user as owner if owner id not present' do - post :create, @create_params - Platform.last.owner.id.should eql(@user.id) - end - end context 'for owner user' do - before(:each) do - @user = @platform.owner - set_session_for(@user) + before do + http_login(@user) + @platform.owner = @user; @platform.save + @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin') end - it_should_behave_like 'system registered user' - it_should_behave_like 'user without create rights' - it_should_behave_like 'platform owner' - + it_should_behave_like 'platform user with reader rights' + it_should_behave_like 'platform user with reader rights for hidden platform' + it_should_behave_like 'platform user with member rights' + it_should_behave_like 'platform user with owner rights' + it_should_behave_like 'platform user without global admin rights' end - context 'for reader user' do - before(:each) do - @platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') + context 'for member of platform' do + before do + http_login(@user) + @platform.add_member(@user) + @personal_platform.add_member(@user) end - it_should_behave_like 'system registered user' - it_should_behave_like 'user without create rights' - - it 'should not be able to perform destroy action' do - delete :destroy, :id => @platform.id - response.should redirect_to(forbidden_path) - end + it_should_behave_like 'platform user with reader rights' + it_should_behave_like 'platform user with reader rights for hidden platform' + it_should_behave_like 'platform user with member rights' + it_should_behave_like 'platform user without owner rights' + it_should_behave_like 'platform user without global admin rights' end + + context 'for simple user' do + before do + http_login(@user) + end + + it "should be able to perform index action" do + get :index + response.should render_template(:index) + end + + it_should_behave_like 'platform user with reader rights' + it_should_behave_like 'platform user without reader rights for hidden platform' + it_should_behave_like 'platform user without member rights' + it_should_behave_like 'platform user without owner rights' + it_should_behave_like 'platform user without global admin rights' + end + end diff --git a/spec/lib/abf-worker/build_lists_publish_task_manager_spec.rb b/spec/lib/abf-worker/build_lists_publish_task_manager_spec.rb index 990f7627e..d33481f48 100644 --- a/spec/lib/abf-worker/build_lists_publish_task_manager_spec.rb +++ b/spec/lib/abf-worker/build_lists_publish_task_manager_spec.rb @@ -146,6 +146,7 @@ describe AbfWorker::BuildListsPublishTaskManager do before do stub_redis build_list.update_column(:status, BuildList::BUILD_PUBLISHED) + FactoryGirl.create(:build_list_package, :build_list => build_list) ProjectToRepository.where(:project_id => build_list.project_id, :repository_id => build_list.save_to_repository_id).destroy_all 2.times{ subject.new.run } end