Software
/
rosa-build
mirror of https://github.com/OpenMandrivaSoftware/rosa-build.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #2 from abf/rosa-build:1-update-access-rights-for-admins-of-platform\r\n #1: Update access rights for admins of platform

This commit is contained in:
avm 2013-03-07 17:16:27 +04:00
parent dd942703f0 9de37b852e
commit e33138a118
8 changed files with 404 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/api/v1/advisories_controller.rb
View File

@ -38,7 +38,7 @@ class Api::V1::AdvisoriesController < Api::V1::BaseController
def find_and_authorize_build_list def find_and_authorize_build_list
@build_list = BuildList.find params[:build_list_id] @build_list = BuildList.find params[:build_list_id]
authorize! :update, @build_list.save_to_platform authorize! :local_admin_manage, @build_list.save_to_platform
end end
end end

2
app/controllers/platforms/mass_builds_controller.rb
View File

@ -28,7 +28,7 @@ class Platforms::MassBuildsController < Platforms::BaseController
end end
def index def index
authorize! :edit, @platform authorize! :local_admin_manage, @platform
@mass_builds = MassBuild.by_platform(@platform).order('created_at DESC').paginate(:page => params[:page], :per_page => 20) @mass_builds = MassBuild.by_platform(@platform).order('created_at DESC').paginate(:page => params[:page], :per_page => 20)
@auto_publish_selected = true @auto_publish_selected = true

6
app/models/ability.rb
View File

@ -95,8 +95,8 @@ class Ability
can [:read, :owned, :related, :members], Platform, :owner_type => 'User', :owner_id => user.id can [:read, :owned, :related, :members], Platform, :owner_type => 'User', :owner_id => user.id
can [:read, :related, :members], Platform, :owner_type => 'Group', :owner_id => user.group_ids can [:read, :related, :members], Platform, :owner_type => 'Group', :owner_id => user.group_ids
can([:read, :related, :members], Platform, read_relations_for('platforms')) {|platform| local_reader? platform} can([:read, :related, :members], Platform, read_relations_for('platforms')) {|platform| local_reader? platform}
can([:update, :members], Platform) {|platform| local_admin? platform} can([:update, :destroy], Platform) {|platform| owner?(platform) }
can([:destroy, :members, :add_member, :remove_member, :remove_members] , Platform) {|platform| owner?(platform) || local_admin?(platform) } can([:local_admin_manage, :members, :add_member, :remove_member, :remove_members] , Platform) {|platform| owner?(platform) || local_admin?(platform) }
can([:get_list, :create], MassBuild) {|mass_build| (owner?(mass_build.platform) || local_admin?(mass_build.platform)) && mass_build.platform.main?} can([:get_list, :create], MassBuild) {|mass_build| (owner?(mass_build.platform) || local_admin?(mass_build.platform)) && mass_build.platform.main?}
can(:cancel, MassBuild) {|mass_build| (owner?(mass_build.platform) || local_admin?(mass_build.platform)) && !mass_build.stop_build && mass_build.platform.main?} can(:cancel, MassBuild) {|mass_build| (owner?(mass_build.platform) || local_admin?(mass_build.platform)) && !mass_build.stop_build && mass_build.platform.main?}
@ -107,7 +107,7 @@ class Ability
can([:create, :edit, :update, :destroy, :projects_list, :projects, :add_project, :remove_project, :regenerate_metadata], Repository) {|repository| local_admin? repository.platform} can([:create, :edit, :update, :destroy, :projects_list, :projects, :add_project, :remove_project, :regenerate_metadata], Repository) {|repository| local_admin? repository.platform}
can([:remove_members, :remove_member, :add_member, :signatures], Repository) {|repository| owner?(repository.platform) || local_admin?(repository.platform)} can([:remove_members, :remove_member, :add_member, :signatures], Repository) {|repository| owner?(repository.platform) || local_admin?(repository.platform)}
can([:add_project, :remove_project], Repository) {|repository| repository.members.exists?(:id => user.id)} can([:add_project, :remove_project], Repository) {|repository| repository.members.exists?(:id => user.id)}
can(:clear, Platform) {|platform| local_admin?(platform) && platform.personal?} can(:clear, Platform) {|platform| owner?(platform) && platform.personal?}
can([:change_visibility, :settings, :destroy, :edit, :update], Repository) {|repository| owner? repository.platform} can([:change_visibility, :settings, :destroy, :edit, :update], Repository) {|repository| owner? repository.platform}
can([:create, :destroy], KeyPair) {|key_pair| owner?(key_pair.repository.platform) || local_admin?(key_pair.repository.platform)} can([:create, :destroy], KeyPair) {|key_pair| owner?(key_pair.repository.platform) || local_admin?(key_pair.repository.platform)}

4
config/routes.rb
View File

@ -132,12 +132,12 @@ Rosa::Application.routes.draw do
resources :platforms do resources :platforms do
resources :private_users, :except => [:show, :destroy, :update] resources :private_users, :except => [:show, :destroy, :update]
member do member do
post :clear put :clear
get :clone get :clone
get :members get :members
post :remove_members # fixme: change post to delete post :remove_members # fixme: change post to delete
delete :remove_member delete :remove_member
post :add_member put :add_member
post :make_clone post :make_clone
get :advisories get :advisories
end end

20
spec/controllers/api/v1/build_lists_controller_spec.rb
View File

@ -158,7 +158,7 @@ describe Api::V1::BuildListsController do
it_should_behave_like 'validation error via build list api', I18n.t('layout.build_lists.cancel_fail') it_should_behave_like 'validation error via build list api', I18n.t('layout.build_lists.cancel_fail')
it "should not cancel build list" do it "should not change status of build list" do
@build_list.reload.status.should == BuildList::PROJECT_VERSION_NOT_FOUND @build_list.reload.status.should == BuildList::PROJECT_VERSION_NOT_FOUND
end end
end end
@ -174,7 +174,7 @@ describe Api::V1::BuildListsController do
response.body.should == {"message" => "Access violation to this page!"}.to_json response.body.should == {"message" => "Access violation to this page!"}.to_json
end end
it "should not cancel build list" do it "should not change status of build list" do
@build_list.reload.status.should == BuildList::BUILD_PENDING @build_list.reload.status.should == BuildList::BUILD_PENDING
end end
end end
@ -262,7 +262,7 @@ describe Api::V1::BuildListsController do
response.should be_success response.should be_success
end end
it "should cancel build list" do it "should change status of build list" do
@build_list.reload.status.should == BuildList::BUILD_PUBLISH @build_list.reload.status.should == BuildList::BUILD_PUBLISH
end end
end end
@ -292,9 +292,11 @@ describe Api::V1::BuildListsController do
do_publish do_publish
end end
it_should_behave_like 'validation error via build list api', I18n.t('layout.build_lists.publish_fail') it "should return access violation message" do
response.body.should == {"message" => "Access violation to this page!"}.to_json
end
it "should not cancel build list" do it "should not change status of build list" do
@build_list.reload.status.should == BuildList::PROJECT_VERSION_NOT_FOUND @build_list.reload.status.should == BuildList::PROJECT_VERSION_NOT_FOUND
end end
end end
@ -309,7 +311,7 @@ describe Api::V1::BuildListsController do
response.body.should == {"message" => "Access violation to this page!"}.to_json response.body.should == {"message" => "Access violation to this page!"}.to_json
end end
it "should not cancel build list" do it "should not change status of build list" do
@build_list.reload.status.should == BuildList::FAILED_PUBLISH @build_list.reload.status.should == BuildList::FAILED_PUBLISH
end end
end end
@ -345,7 +347,7 @@ describe Api::V1::BuildListsController do
response.body.should == {"message" => "Access violation to this page!"}.to_json response.body.should == {"message" => "Access violation to this page!"}.to_json
end end
it "should not cancel build list" do it "should not change status of build list" do
@build_list.reload.status.should == BuildList::FAILED_PUBLISH @build_list.reload.status.should == BuildList::FAILED_PUBLISH
end end
end end
@ -392,7 +394,7 @@ describe Api::V1::BuildListsController do
it_should_behave_like 'validation error via build list api', I18n.t('layout.build_lists.reject_publish_fail') it_should_behave_like 'validation error via build list api', I18n.t('layout.build_lists.reject_publish_fail')
it "should not cancel build list" do it "should not change status of build list" do
@build_list.reload.status.should == BuildList::PROJECT_VERSION_NOT_FOUND @build_list.reload.status.should == BuildList::PROJECT_VERSION_NOT_FOUND
end end
end end
@ -409,7 +411,7 @@ describe Api::V1::BuildListsController do
response.body.should == {"message" => "Access violation to this page!"}.to_json response.body.should == {"message" => "Access violation to this page!"}.to_json
end end
it "should not cancel build list" do it "should not change status of build list" do
do_reject_publish do_reject_publish
@build_list.reload.status.should == BuildList::SUCCESS @build_list.reload.status.should == BuildList::SUCCESS
end end

157
spec/controllers/api/v1/platforms_controller_spec.rb
View File

@ -15,7 +15,7 @@ shared_examples_for 'api platform user with reader rights' do
end end
end end
shared_examples_for 'api platform user with writer rights' do shared_examples_for 'api platform user with owner rights' do
context 'api platform user with update rights' do context 'api platform user with update rights' do
before do before do
@ -31,6 +31,60 @@ shared_examples_for 'api platform user with writer rights' do
end end
end end
context 'api platform user with destroy rights for main platforms only' do
it 'should be able to perform destroy action for main platform' do
delete :destroy, :id => @platform.id, :format => :json
response.should be_success
end
it 'ensures that main platform has been destroyed' do
lambda { delete :destroy, :id => @platform.id, :format => :json }.should change{ Platform.count }.by(-1)
end
it 'should not be able to perform destroy action for personal platform' do
delete :destroy, :id => @personal_platform.id, :format => :json
response.should_not be_success
end
it 'ensures that personal platform has not been destroyed' do
lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count }
end
end
end
shared_examples_for 'api platform user without owner rights' do
context 'api platform user without update rights' do
before do
put :update, {:platform => {:description => 'new description'}, :id => @platform.id}, :format => :json
end
it 'should not be able to perform update action' do
response.should_not be_success
end
it 'ensures that platform has not been updated' do
@platform.reload
@platform.description.should_not == 'new description'
end
end
context 'api platform user without destroy rights' do
it 'should not be able to perform destroy action for main platform' do
delete :destroy, :id => @platform.id, :format => :json
response.should_not be_success
end
it 'ensures that main platform has not been destroyed' do
lambda { delete :destroy, :id => @platform.id, :format => :json }.should_not change{ Platform.count }
end
it 'should not be able to perform destroy action for personal platform' do
delete :destroy, :id => @personal_platform.id, :format => :json
response.should_not be_success
end
it 'ensures that personal platform has not been destroyed' do
lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count }
end
end
end
shared_examples_for 'api platform user with member rights' do
context 'api platform user with add_member rights' do context 'api platform user with add_member rights' do
let(:member) { FactoryGirl.create(:user) } let(:member) { FactoryGirl.create(:user) }
before do before do
@ -60,39 +114,9 @@ shared_examples_for 'api platform user with writer rights' do
end end
end end
context 'api platform user with destroy rights for main platforms only' do
it 'should be able to perform destroy action for main platform' do
delete :destroy, :id => @platform.id, :format => :json
response.should be_success
end
it 'ensures that main platform has been destroyed' do
lambda { delete :destroy, :id => @platform.id, :format => :json }.should change{ Platform.count }.by(-1)
end
it 'should not be able to perform destroy action for personal platform' do
delete :destroy, :id => @personal_platform.id, :format => :json
response.should_not be_success
end
it 'ensures that personal platform has not been destroyed' do
lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count }
end
end
end end
shared_examples_for 'api platform user without writer rights' do shared_examples_for 'api platform user without member rights' do
context 'api platform user without update rights' do
before do
put :update, {:platform => {:description => 'new description'}, :id => @platform.id}, :format => :json
end
it 'should not be able to perform update action' do
response.should_not be_success
end
it 'ensures that platform has not been updated' do
@platform.reload
@platform.description.should_not == 'new description'
end
end
context 'api platform user without add_member rights' do context 'api platform user without add_member rights' do
let(:member) { FactoryGirl.create(:user) } let(:member) { FactoryGirl.create(:user) }
@ -123,35 +147,6 @@ shared_examples_for 'api platform user without writer rights' do
end end
end end
context 'should not be able to perform clear action' do
it 'for personal platform' do
put :clear, :id => @personal_platform.id, :format => :json
response.should_not be_success
end
it 'for main platform' do
put :clear, :id => @platform.id, :format => :json
response.should_not be_success
end
end
context 'api platform user without destroy rights' do
it 'should not be able to perform destroy action for main platform' do
delete :destroy, :id => @platform.id, :format => :json
response.should_not be_success
end
it 'ensures that main platform has not been destroyed' do
lambda { delete :destroy, :id => @platform.id, :format => :json }.should_not change{ Platform.count }
end
it 'should not be able to perform destroy action for personal platform' do
delete :destroy, :id => @personal_platform.id, :format => :json
response.should_not be_success
end
it 'ensures that personal platform has not been destroyed' do
lambda { delete :destroy, :id => @personal_platform.id, :format => :json }.should_not change{ Platform.count }
end
end
it_should_behave_like 'api platform user without global admin rights'
end end
shared_examples_for 'api platform user without global admin rights' do shared_examples_for 'api platform user without global admin rights' do
@ -193,7 +188,12 @@ shared_examples_for 'api platform user without reader rights for hidden platform
@platform.update_column(:visibility, 'hidden') @platform.update_column(:visibility, 'hidden')
end end
it_should_behave_like 'api platform user without show rights' [:show, :members].each do |action|
it "should not be able to perform #{ action } action" do
get action, :id => @platform.id, :format => :json
response.body.should == {"message" => "Access violation to this page!"}.to_json
end
end
end end
shared_examples_for "api platform user with show rights" do shared_examples_for "api platform user with show rights" do
@ -208,15 +208,6 @@ shared_examples_for "api platform user with show rights" do
end end
end end
shared_examples_for "api platform user without show rights" do
[:show, :members].each do |action|
it "should not be able to perform #{ action } action" do
get action, :id => @platform.id, :format => :json
response.body.should == {"message" => "Access violation to this page!"}.to_json
end
end
end
describe Api::V1::PlatformsController do describe Api::V1::PlatformsController do
let(:clone_or_create_params) { {:id => @platform.id, :platform => {:description => 'new description', :name => 'new_name', :owner_id => @user.id, :distrib_type => APP_CONFIG['distr_types'].first}} } let(:clone_or_create_params) { {:id => @platform.id, :platform => {:description => 'new description', :name => 'new_name', :owner_id => @user.id, :distrib_type => APP_CONFIG['distr_types'].first}} }
before do before do
@ -248,7 +239,9 @@ describe Api::V1::PlatformsController do
it_should_behave_like 'api platform user with show rights' if APP_CONFIG['anonymous_access'] it_should_behave_like 'api platform user with show rights' if APP_CONFIG['anonymous_access']
it_should_behave_like 'api platform user without reader rights for hidden platform' if APP_CONFIG['anonymous_access'] it_should_behave_like 'api platform user without reader rights for hidden platform' if APP_CONFIG['anonymous_access']
it_should_behave_like 'api platform user without writer rights' it_should_behave_like 'api platform user without member rights'
it_should_behave_like 'api platform user without owner rights'
it_should_behave_like 'api platform user without global admin rights'
end end
context 'for global admin' do context 'for global admin' do
@ -259,7 +252,8 @@ describe Api::V1::PlatformsController do
it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights'
it_should_behave_like 'api platform user with reader rights for hidden platform' it_should_behave_like 'api platform user with reader rights for hidden platform'
it_should_behave_like 'api platform user with writer rights' it_should_behave_like 'api platform user with member rights'
it_should_behave_like 'api platform user with owner rights'
[:clone, :create].each do |action| [:clone, :create].each do |action|
context "with #{action} rights" do context "with #{action} rights" do
@ -288,15 +282,16 @@ describe Api::V1::PlatformsController do
it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights'
it_should_behave_like 'api platform user with reader rights for hidden platform' it_should_behave_like 'api platform user with reader rights for hidden platform'
it_should_behave_like 'api platform user with writer rights' it_should_behave_like 'api platform user with member rights'
it_should_behave_like 'api platform user with owner rights'
it_should_behave_like 'api platform user without global admin rights' it_should_behave_like 'api platform user without global admin rights'
end end
context 'for reader user' do context 'for member of platform' do
before do before do
http_login(@user) http_login(@user)
@platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') @platform.add_member(@user)
@personal_platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') @personal_platform.add_member(@user)
end end
context 'perform index action with type param' do context 'perform index action with type param' do
@ -312,7 +307,9 @@ describe Api::V1::PlatformsController do
it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights'
it_should_behave_like 'api platform user with reader rights for hidden platform' it_should_behave_like 'api platform user with reader rights for hidden platform'
it_should_behave_like 'api platform user without writer rights' it_should_behave_like 'api platform user with member rights'
it_should_behave_like 'api platform user without owner rights'
it_should_behave_like 'api platform user without global admin rights'
end end
context 'for simple user' do context 'for simple user' do
@ -322,6 +319,8 @@ describe Api::V1::PlatformsController do
it_should_behave_like 'api platform user with reader rights' it_should_behave_like 'api platform user with reader rights'
it_should_behave_like 'api platform user without reader rights for hidden platform' it_should_behave_like 'api platform user without reader rights for hidden platform'
it_should_behave_like 'api platform user without writer rights' it_should_behave_like 'api platform user without member rights'
it_should_behave_like 'api platform user without owner rights'
it_should_behave_like 'api platform user without global admin rights'
end end
end end

423
spec/controllers/platforms/platforms_controller_spec.rb
View File

@ -1,97 +1,269 @@
# -*- encoding : utf-8 -*- # -*- encoding : utf-8 -*-
require 'spec_helper' require 'spec_helper'
shared_examples_for 'platform owner' do shared_examples_for 'platform user with reader rights' do
include_examples 'platform user with show rights'
it 'should not be able to destroy personal platform' do [:members, :advisories].each do |action|
delete :destroy, :id => @personal_platform.id it 'should be able to perform advisories action' do
response.should redirect_to(forbidden_path) get action, :id => @platform.id
end response.should render_template(action)
response.should be_success
it 'should change objects count on destroy success' do end
lambda { delete :destroy, :id => @platform.id }.should change{ Platform.count }.by(-1)
end
it 'should be able to perform destroy action' do
delete :destroy, :id => @platform.id
response.should redirect_to(platforms_path)
end end
end end
shared_examples_for 'system registered user' do shared_examples_for 'platform user with owner rights' do
it 'should be able to perform index action' do
get :index context 'platform user with update rights' do
response.should render_template(:index) before do
put :update, {:platform => {:description => 'new description'}, :id => @platform.id}
end
it 'should be able to perform update action' do
response.should redirect_to(platform_path(@platform))
end
it 'ensures that platform has been updated' do
@platform.reload
@platform.description.should == 'new description'
end
end end
context 'platform user with destroy rights for main platforms only' do
it 'should be able to perform destroy action for main platform' do
delete :destroy, :id => @platform.id
response.should redirect_to(platforms_path)
end
it 'ensures that main platform has been destroyed' do
lambda { delete :destroy, :id => @platform.id }.should change{ Platform.count }.by(-1)
end
it 'should not be able to perform destroy action for personal platform' do
delete :destroy, :id => @personal_platform.id
response.should_not be_success
end
it 'ensures that personal platform has not been destroyed' do
lambda { delete :destroy, :id => @personal_platform.id }.should_not change{ Platform.count }
end
end
end
shared_examples_for 'platform user without owner rights' do
context 'platform user without update rights' do
before do
put :update, {:platform => {:description => 'new description'}, :id => @platform.id}
end
it 'should not be able to perform update action' do
response.should_not be_success
end
it 'ensures that platform has not been updated' do
@platform.reload
@platform.description.should_not == 'new description'
end
end
context 'platform user without destroy rights' do
it 'should not be able to perform destroy action for main platform' do
delete :destroy, :id => @platform.id
response.should_not be_success
end
it 'ensures that main platform has not been destroyed' do
lambda { delete :destroy, :id => @platform.id }.should_not change{ Platform.count }
end
it 'should not be able to perform destroy action for personal platform' do
delete :destroy, :id => @personal_platform.id
response.should_not be_success
end
it 'ensures that personal platform has not been destroyed' do
lambda { delete :destroy, :id => @personal_platform.id }.should_not change{ Platform.count }
end
end
end
shared_examples_for 'platform user with member rights' do
context 'platform user with add_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
put :add_member, {:member_id => member.id, :id => @platform.id}
end
it 'should be able to perform add_member action' do
response.should redirect_to(members_platform_path(@platform))
end
it 'ensures that new member has been added to platform' do
@platform.members.should include(member)
end
end
context 'platform user with remove_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
@platform.add_member(member)
delete :remove_member, {:member_id => member.id, :id => @platform.id}
end
it 'should be able to perform remove_member action' do
response.should redirect_to(members_platform_path(@platform))
end
it 'ensures that member has been removed from platform' do
@platform.members.should_not include(member)
end
end
context 'platform user with remove_members rights' do
let(:member) { FactoryGirl.create(:user) }
before do
@platform.add_member(member)
post :remove_members, {:user_remove => {member.id => [1]}, :id => @platform.id}
end
it 'should be able to perform remove_members action' do
response.should redirect_to(members_platform_path(@platform))
end
it 'ensures that member has been removed from platform' do
@platform.members.should_not include(member)
end
end
end
shared_examples_for 'platform user without member rights' do |guest = false|
context 'platform user without add_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
put :add_member, {:member_id => member.id, :id => @platform.id}
end
it 'should not be able to perform add_member action' do
response.should redirect_to(guest ? new_user_session_path : forbidden_path)
end
it 'ensures that new member has not been added to platform' do
@platform.members.should_not include(member)
end
end
context 'platform user without remove_member rights' do
let(:member) { FactoryGirl.create(:user) }
before do
@platform.add_member(member)
delete :remove_member, {:member_id => member.id, :id => @platform.id}
end
it 'should not be able to perform remove_member action' do
response.should redirect_to(guest ? new_user_session_path : forbidden_path)
end
it 'ensures that member has not been removed from platform' do
@platform.members.should include(member)
end
end
context 'platform user without remove_members rights' do
let(:member) { FactoryGirl.create(:user) }
before do
@platform.add_member(member)
post :remove_members, {:user_remove => {member.id => [1]}, :id => @platform.id}
end
it 'should not be able to perform remove_members action' do
response.should redirect_to(guest ? new_user_session_path : forbidden_path)
end
it 'ensures that member has not been removed from platform' do
@platform.members.should include(member)
end
end
end
shared_examples_for 'platform user without global admin rights' do
context 'should not be able to perform clear action' do
it 'for personal platform' do
put :clear, :id => @personal_platform.id
response.should_not be_success
end
it 'for main platform' do
put :clear, :id => @platform.id
response.should_not be_success
end
end
context 'should not be able to perform clone action' do
it 'for personal platform' do
get :clone, :id => @personal_platform.id
response.should_not be_success
end
it 'for main platform' do
get :clone, :id => @platform.id
response.should_not be_success
end
end
it 'should not be able to perform new action' do
get :new
response.should_not be_success
end
[:create, :make_clone].each do |action|
context "platform user without #{action} rights" do
before { any_instance_of(Platform, :create_directory => true) }
it "should not be able to perform #{action} action" do
post action, clone_or_create_params
response.should_not be_success
end
it "ensures that platform has not been #{action}d" do
lambda { post action, clone_or_create_params }.should_not change{ Platform.count }
end
end
end
end
shared_examples_for 'platform user with reader rights for hidden platform' do
before(:each) do
@platform.update_column(:visibility, 'hidden')
end
it_should_behave_like 'platform user with show rights'
end
shared_examples_for 'platform user without reader rights for hidden platform' do
before(:each) do
@platform.update_column(:visibility, 'hidden')
end
[:show, :members].each do |action|
it "should not be able to perform #{ action } action" do
get action, :id => @platform.id
response.should redirect_to(forbidden_path)
end
end
end
shared_examples_for 'platform user with show rights' do
it 'should be able to perform show action' do it 'should be able to perform show action' do
get :show, :id => @platform.id get :show, :id => @platform.id
response.should render_template(:show) response.should render_template(:show)
assigns(:platform).should eq @platform assigns(:platform).should eq @platform
end end
it 'should be able to perform members action' do
get :members, :id => @platform.id
response.should render_template(:members)
response.should be_success
end
it 'should be able to perform advisories action' do
get :advisories, :id => @platform.id
response.should render_template(:advisories)
response.should be_success
end
end
shared_examples_for 'user without create rights' do
it 'should not be able to perform new action' do
get :new
response.should redirect_to(forbidden_path)
end
it 'should not be able to create platform' do
post :create, @create_params
response.should redirect_to(forbidden_path)
end
end end
describe Platforms::PlatformsController do describe Platforms::PlatformsController do
before(:each) do let(:clone_or_create_params) { {:id => @platform.id, :platform => {:description => 'new description', :name => 'new_name', :owner_id => @user.id, :distrib_type => APP_CONFIG['distr_types'].first}} }
before do
stub_symlink_methods stub_symlink_methods
@platform = FactoryGirl.create(:platform) @platform = FactoryGirl.create(:platform)
@personal_platform = FactoryGirl.create(:platform, :platform_type => 'personal') @personal_platform = FactoryGirl.create(:platform, :platform_type => 'personal')
@user = FactoryGirl.create(:user) @user = FactoryGirl.create(:user)
set_session_for(@user)
@create_params = {:platform => {
:name => 'pl1',
:description => 'pl1',
:platform_type => 'main',
:distrib_type => APP_CONFIG['distr_types'].first
}}
end end
context 'for guest' do context 'for guest' do
before(:each) do
set_session_for(User.new)
end
[:index, :create].each do |action| it "should not be able to perform index action" do
it "should not be able to perform #{ action } action" do get :index
get action response.should redirect_to(new_user_session_path)
response.should redirect_to(new_user_session_path)
end
end
[:new, :edit, :clone, :destroy].each do |action|
it "should not be able to perform #{ action } action" do
get action, :id => @platform
response.should redirect_to(new_user_session_path)
end
end end
[:show, :members, :advisories].each do |action| [:show, :members, :advisories].each do |action|
@ -101,75 +273,94 @@ describe Platforms::PlatformsController do
end end
end end
[:show, :members, :advisories].each do |action| it_should_behave_like 'platform user with show rights' if APP_CONFIG['anonymous_access']
it "should be able to perform #{ action } action", :anonymous_access => true do it_should_behave_like 'platform user without reader rights for hidden platform' if APP_CONFIG['anonymous_access']
get action, :id => @platform it_should_behave_like 'platform user without member rights', true
response.should render_template(action) it_should_behave_like 'platform user without owner rights'
response.should be_success it_should_behave_like 'platform user without global admin rights'
end
end
end end
context 'for global admin' do context 'for global admin' do
before(:each) do before do
@user.role = "admin" @admin = FactoryGirl.create(:admin)
@user.save http_login(@admin)
end end
it_should_behave_like 'system registered user' it_should_behave_like 'platform user with reader rights'
it_should_behave_like 'platform owner' it_should_behave_like 'platform user with reader rights for hidden platform'
it_should_behave_like 'platform user with member rights'
it_should_behave_like 'platform user with owner rights'
it 'should be able to perform new action' do it "should be able to perform new action" do
get :new get :new, :id => @platform
response.should render_template(:new) response.should render_template(:new)
end end
it 'should be able to perform create action' do it "should be able to perform clone action" do
post :create, @create_params get :clone, :id => @platform
response.should redirect_to(platform_path(Platform.last)) response.should render_template(:clone)
end end
it 'should change objects count on create success' do [:make_clone, :create].each do |action|
lambda { post :create, @create_params }.should change{ Platform.count }.by(1) context "with #{action} rights" do
before do
any_instance_of(Platform, :create_directory => true)
clone_or_create_params[:platform][:owner_id] = @admin.id
end
it "should be able to perform #{action} action" do
post action, clone_or_create_params
response.should redirect_to(platform_path(Platform.last))
end
it "ensures that platform has been #{action}d" do
lambda { post action, clone_or_create_params }.should change{ Platform.count }.by(1)
end
end
end end
it 'should create platform with mentioned owner if owner id present' do
owner = FactoryGirl.create(:user)
post :create, @create_params.merge({:admin_id => owner.id, :admin_uname => owner.uname})
Platform.last.owner.id.should eql(owner.id)
end
it 'should create platform with current user as owner if owner id not present' do
post :create, @create_params
Platform.last.owner.id.should eql(@user.id)
end
end end
context 'for owner user' do context 'for owner user' do
before(:each) do before do
@user = @platform.owner http_login(@user)
set_session_for(@user) @platform.owner = @user; @platform.save
@platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'admin')
end end
it_should_behave_like 'system registered user' it_should_behave_like 'platform user with reader rights'
it_should_behave_like 'user without create rights' it_should_behave_like 'platform user with reader rights for hidden platform'
it_should_behave_like 'platform owner' it_should_behave_like 'platform user with member rights'
it_should_behave_like 'platform user with owner rights'
it_should_behave_like 'platform user without global admin rights'
end end
context 'for reader user' do context 'for member of platform' do
before(:each) do before do
@platform.relations.create!(:actor_type => 'User', :actor_id => @user.id, :role => 'reader') http_login(@user)
@platform.add_member(@user)
@personal_platform.add_member(@user)
end end
it_should_behave_like 'system registered user' it_should_behave_like 'platform user with reader rights'
it_should_behave_like 'user without create rights' it_should_behave_like 'platform user with reader rights for hidden platform'
it_should_behave_like 'platform user with member rights'
it 'should not be able to perform destroy action' do it_should_behave_like 'platform user without owner rights'
delete :destroy, :id => @platform.id it_should_behave_like 'platform user without global admin rights'
response.should redirect_to(forbidden_path)
end
end end
context 'for simple user' do
before do
http_login(@user)
end
it "should be able to perform index action" do
get :index
response.should render_template(:index)
end
it_should_behave_like 'platform user with reader rights'
it_should_behave_like 'platform user without reader rights for hidden platform'
it_should_behave_like 'platform user without member rights'
it_should_behave_like 'platform user without owner rights'
it_should_behave_like 'platform user without global admin rights'
end
end end

1
spec/lib/abf-worker/build_lists_publish_task_manager_spec.rb
View File

@ -146,6 +146,7 @@ describe AbfWorker::BuildListsPublishTaskManager do
before do before do
stub_redis stub_redis
build_list.update_column(:status, BuildList::BUILD_PUBLISHED) build_list.update_column(:status, BuildList::BUILD_PUBLISHED)
FactoryGirl.create(:build_list_package, :build_list => build_list)
ProjectToRepository.where(:project_id => build_list.project_id, :repository_id => build_list.save_to_repository_id).destroy_all ProjectToRepository.where(:project_id => build_list.project_id, :repository_id => build_list.save_to_repository_id).destroy_all
2.times{ subject.new.run } 2.times{ subject.new.run }
end end