Merge pull request #885 from warpc/861-products_api

[refs #861] Add products api
2013-02-05 00:56:53 -08:00 · 2013-02-05 00:56:53 -08:00 · eb53c1ab5e
parent 53e4ab573f 989e2a1c00
commit eb53c1ab5e
9 changed files with 189 additions and 3 deletions
--- a/app/controllers/api/v1/products_controller.rb
+++ b/app/controllers/api/v1/products_controller.rb
@ -0,0 +1,22 @@
+# -*- encoding : utf-8 -*-
+class Api::V1::ProductsController < Api::V1::BaseController
+  before_filter :authenticate_user!
+  skip_before_filter :authenticate_user!, :only => [:index, :show] if APP_CONFIG['anonymous_access']
+
+  load_and_authorize_resource
+
+  def create
+    create_subject @product
+  end
+
+  def update
+    update_subject @product
+  end
+
+  def show
+  end
+
+  def destroy
+    destroy_subject @product
+  end
+end
--- a/app/models/product.rb
+++ b/app/models/product.rb
@ -15,7 +15,8 @@ class Product < ActiveRecord::Base
                  :description,
                  :project_id,
                  :main_script,
-                  :params
+                  :params,
+                  :platform_id
  attr_readonly :platform_id

  def full_clone(attrs = {})
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -146,6 +146,7 @@ class User < Avatar
  end

  def best_role target
+    return nil if target.nil?
    roles = target_roles(target)
    return nil if roles.count == 0
    %w(admin writer reader).each {|role| return role if roles.include?(role)}
--- a/app/views/api/v1/platforms/show.json.jbuilder
+++ b/app/views/api/v1/platforms/show.json.jbuilder
@ -8,4 +8,7 @@ json.platform do |json|
    json_repos.(repo, :id, :name)
    json_repos.url api_v1_repository_path(repo.id, :format => :json)
  end
-end
+  json.products @platform.products do |json_products, product|
+    json.partial! 'api/v1/products/product', :product => product, :json => json_products
+  end
+end
--- a/app/views/api/v1/products/_product.json.jbuilder
+++ b/app/views/api/v1/products/_product.json.jbuilder
@ -0,0 +1 @@
+json.(product, :id, :name, :description, :main_script, :params, :time_living)
--- a/app/views/api/v1/products/show.json.jbuilder
+++ b/app/views/api/v1/products/show.json.jbuilder
@ -0,0 +1,13 @@
+json.product do |json|
+  json.partial! 'product', :product => @product, :json => json
+  json.platform do |json_platform|
+    json.partial! 'api/v1/platforms/platform', :platform => @product.platform, :json => json_platform
+  end
+  if @product.project.present?
+    json.project do |json_project|
+      json.partial! 'api/v1/projects/project', :project => @product.project, :json => json_project
+    end
+  end
+  json.created_at @product.created_at.to_i
+  json.updated_at @product.updated_at.to_i
+end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -75,6 +75,7 @@ Rosa::Application.routes.draw do
          put :update_member
        }
      end
+      resources :products, :only => [:show, :update, :create, :destroy]
    end
  end

--- a/spec/controllers/api/v1/products_controller_spec.rb
+++ b/spec/controllers/api/v1/products_controller_spec.rb
@ -0,0 +1,144 @@
+# -*- encoding : utf-8 -*-
+require 'spec_helper'
+
+shared_examples_for 'api user without reader rights' do
+  it 'should not be able to perform show action', :anonymous_access  => false do
+    get :show, :id => @product.id, :format => :json
+    response.status.should == 401
+  end
+
+  it 'should be able to perform show action' do
+    get :show, :id => @product.id, :format => :json
+    response.should be_success
+  end
+
+  it 'should not be able to perform show action for the hidden platform' do
+    @product.platform.update_column :visibility, 'hidden'
+    get :show, :id => @product.id, :format => :json
+    response.status.should == 403
+  end
+
+  it 'should not be able to perform create action' do
+    post :create, :format => :json
+    response.status.should == 401
+  end
+
+  [:update, :destroy].each do |action|
+    it "should not be able to perform #{action} action" do
+      put action, :id => @product.id, :format => :json
+      response.status.should == 401
+    end
+  end
+end
+
+shared_examples_for 'api user with reader rights' do
+  it 'should be able to perform show action' do
+    get :show, :id => @product.id, :format => :json
+    response.should be_success
+  end
+
+  it 'should be able to perform show action for the hidden main platform' do
+    @product.platform.update_column :visibility, 'hidden'
+    get :show, :id => @product.id, :format => :json
+    response.should be_success # because main platform
+  end
+
+  it 'should not be able to perform create action' do
+    post :create, :format => :json
+    response.status.should == 403
+  end
+
+  [:update, :destroy].each do |action|
+    it "should not be able to perform #{action} action" do
+      put action, :id => @product.id, :format => :json
+      response.status.should == 403
+    end
+  end
+end
+
+shared_examples_for 'api user with admin rights' do
+  before(:each) do
+    @product.platform.relations.create!(:actor_type => 'User', :actor_id => @another_user.id, :role => 'admin')
+    http_login(@another_user)
+    params = {:platform_id => @product.platform.id, :project_id => @product.project.id}
+    @create_params = {:product =>{:name => 'pro', :time_living => 150}.merge(params)}
+    @update_params = {:product =>{:name => 'pro2', :time_living => 250}}
+  end
+
+  it 'should be able to perform show action' do
+    get :show, :id => @product.id, :format => :json
+    response.should be_success
+  end
+
+  it 'should be able to perform show action for the hidden platform' do
+    @product.platform.update_column :visibility, 'hidden'
+    get :show, :id => @product.id, :format => :json
+    response.should be_success
+  end
+
+  it 'should be able to perform create action' do
+    post :create, @create_params, :format => :json
+    response.should be_success
+  end
+
+  it 'ensures that product has been created' do
+    lambda { post :create, @create_params, :format => :json }.should change{ Product.count }.by(1)
+  end
+
+  [:update, :destroy].each do |action|
+    it "should be able to perform #{action} action" do
+      put action, :id => @product.id, :format => :json
+      response.should be_success
+    end
+  end
+
+  it "ensures that product has been destroyed" do
+    lambda { put :destroy, :id => @product.id, :format => :json }.should change{ Product.count }.by(-1)
+  end
+
+  it "ensures that product has been updated" do
+    put :update, @update_params.merge(:id => @product.id), :format => :json
+    @product.reload.name.should == 'pro2'
+    @product.reload.time_living.should == 250*60 # in seconds
+  end
+
+  it 'ensures that return correct answer for wrong creating action' do
+    post :create, :format => :json
+    response.status.should == 403 # Maybe 422?
+  end
+
+  #[:update, :destroy].each do |action|
+  #  it "ensures that return correct answer for wrong #{action} action" do
+  #    put action, :id => nil, :format => :json
+  #    response.status.should == 404
+  #  end
+  #end
+end
+
+describe Api::V1::ProductsController do
+  before(:each) do
+    stub_symlink_methods
+    stub_redis
+
+    @product = FactoryGirl.create(:product)
+    @another_user = FactoryGirl.create(:user)
+  end
+
+  context 'for guest' do
+    it_should_behave_like 'api user without reader rights'
+
+
+  end
+
+  context 'for user' do
+    before(:each) do
+      http_login(@another_user)
+    end
+
+    it_should_behave_like 'api user with reader rights'
+  end
+
+  context 'for platform admin' do
+    it_should_behave_like 'api user with admin rights'
+  end
+end
--- a/spec/models/product_spec.rb
+++ b/spec/models/product_spec.rb
@ -21,7 +21,7 @@ describe Product do
  it { should have_readonly_attribute(:platform_id) }

  it { should_not allow_mass_assignment_of(:platform) }
-  it { should_not allow_mass_assignment_of(:platform_id) }
+  #it { should_not allow_mass_assignment_of(:platform_id) }
  it { should_not allow_mass_assignment_of(:product_build_lists) }

  after(:all) do
				`@ -0,0 +1 @@`
				`json.(product, :id, :name, :description, :main_script, :params, :time_living)`