Merge pull request #885 from warpc/861-products_api

[refs #861] Add products api
2013-02-05 00:56:53 -08:00 · 2013-02-05 00:56:53 -08:00 · eb53c1ab5e
parent 53e4ab573f 989e2a1c00
commit eb53c1ab5e
9 changed files with 189 additions and 3 deletions
--- a/app/controllers/api/v1/products_controller.rb
+++ b/app/controllers/api/v1/products_controller.rb
@ -0,0 +1,22 @@
 # -*- encoding : utf-8 -*-
 class Api::V1::ProductsController < Api::V1::BaseController
  before_filter :authenticate_user!
  skip_before_filter :authenticate_user!, :only => [:index, :show] if APP_CONFIG['anonymous_access']
  load_and_authorize_resource
  def create
    create_subject @product
  end
  def update
    update_subject @product
  end
  def show
  end
  def destroy
    destroy_subject @product
  end
 end
--- a/app/models/product.rb
+++ b/app/models/product.rb
@ -15,7 +15,8 @@ class Product < ActiveRecord::Base
                  :description,
                  :project_id,
                  :main_script,
-                  :params
+                  :params,
                  :platform_id
  attr_readonly :platform_id
  def full_clone(attrs = {})
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -146,6 +146,7 @@ class User < Avatar
  end
  def best_role target
    return nil if target.nil?
    roles = target_roles(target)
    return nil if roles.count == 0
    %w(admin writer reader).each {|role| return role if roles.include?(role)}
--- a/app/views/api/v1/platforms/show.json.jbuilder
+++ b/app/views/api/v1/platforms/show.json.jbuilder
@ -8,4 +8,7 @@ json.platform do |json|
    json_repos.(repo, :id, :name)
    json_repos.url api_v1_repository_path(repo.id, :format => :json)
  end
-end
+  json.products @platform.products do |json_products, product|
    json.partial! 'api/v1/products/product', :product => product, :json => json_products
  end
 end
--- a/app/views/api/v1/products/_product.json.jbuilder
+++ b/app/views/api/v1/products/_product.json.jbuilder
@ -0,0 +1 @@
 json.(product, :id, :name, :description, :main_script, :params, :time_living)
--- a/app/views/api/v1/products/show.json.jbuilder
+++ b/app/views/api/v1/products/show.json.jbuilder
@ -0,0 +1,13 @@
 json.product do |json|
  json.partial! 'product', :product => @product, :json => json
  json.platform do |json_platform|
    json.partial! 'api/v1/platforms/platform', :platform => @product.platform, :json => json_platform
  end
  if @product.project.present?
    json.project do |json_project|
      json.partial! 'api/v1/projects/project', :project => @product.project, :json => json_project
    end
  end
  json.created_at @product.created_at.to_i
  json.updated_at @product.updated_at.to_i
 end
--- a/config/routes.rb
+++ b/config/routes.rb
@ -75,6 +75,7 @@ Rosa::Application.routes.draw do
          put :update_member
        }
      end
      resources :products, :only => [:show, :update, :create, :destroy]
    end
  end
--- a/spec/controllers/api/v1/products_controller_spec.rb
+++ b/spec/controllers/api/v1/products_controller_spec.rb
@ -0,0 +1,144 @@
 # -*- encoding : utf-8 -*-
 require 'spec_helper'
 shared_examples_for 'api user without reader rights' do
  it 'should not be able to perform show action', :anonymous_access  => false do
    get :show, :id => @product.id, :format => :json
    response.status.should == 401
  end
  it 'should be able to perform show action' do
    get :show, :id => @product.id, :format => :json
    response.should be_success
  end
  it 'should not be able to perform show action for the hidden platform' do
    @product.platform.update_column :visibility, 'hidden'
    get :show, :id => @product.id, :format => :json
    response.status.should == 403
  end
  it 'should not be able to perform create action' do
    post :create, :format => :json
    response.status.should == 401
  end
  [:update, :destroy].each do |action|
    it "should not be able to perform #{action} action" do
      put action, :id => @product.id, :format => :json
      response.status.should == 401
    end
  end
 end
 shared_examples_for 'api user with reader rights' do
  it 'should be able to perform show action' do
    get :show, :id => @product.id, :format => :json
    response.should be_success
  end
  it 'should be able to perform show action for the hidden main platform' do
    @product.platform.update_column :visibility, 'hidden'
    get :show, :id => @product.id, :format => :json
    response.should be_success # because main platform
  end
  it 'should not be able to perform create action' do
    post :create, :format => :json
    response.status.should == 403
  end
  [:update, :destroy].each do |action|
    it "should not be able to perform #{action} action" do
      put action, :id => @product.id, :format => :json
      response.status.should == 403
    end
  end
 end
 shared_examples_for 'api user with admin rights' do
  before(:each) do
    @product.platform.relations.create!(:actor_type => 'User', :actor_id => @another_user.id, :role => 'admin')
    http_login(@another_user)
    params = {:platform_id => @product.platform.id, :project_id => @product.project.id}
    @create_params = {:product =>{:name => 'pro', :time_living => 150}.merge(params)}
    @update_params = {:product =>{:name => 'pro2', :time_living => 250}}
  end
  it 'should be able to perform show action' do
    get :show, :id => @product.id, :format => :json
    response.should be_success
  end
  it 'should be able to perform show action for the hidden platform' do
    @product.platform.update_column :visibility, 'hidden'
    get :show, :id => @product.id, :format => :json
    response.should be_success
  end
  it 'should be able to perform create action' do
    post :create, @create_params, :format => :json
    response.should be_success
  end
  it 'ensures that product has been created' do
    lambda { post :create, @create_params, :format => :json }.should change{ Product.count }.by(1)
  end
  [:update, :destroy].each do |action|
    it "should be able to perform #{action} action" do
      put action, :id => @product.id, :format => :json
      response.should be_success
    end
  end
  it "ensures that product has been destroyed" do
    lambda { put :destroy, :id => @product.id, :format => :json }.should change{ Product.count }.by(-1)
  end
  it "ensures that product has been updated" do
    put :update, @update_params.merge(:id => @product.id), :format => :json
    @product.reload.name.should == 'pro2'
    @product.reload.time_living.should == 250*60 # in seconds
  end
  it 'ensures that return correct answer for wrong creating action' do
    post :create, :format => :json
    response.status.should == 403 # Maybe 422?
  end
  #[:update, :destroy].each do |action|
  #  it "ensures that return correct answer for wrong #{action} action" do
  #    put action, :id => nil, :format => :json
  #    response.status.should == 404
  #  end
  #end
 end
 describe Api::V1::ProductsController do
  before(:each) do
    stub_symlink_methods
    stub_redis
    @product = FactoryGirl.create(:product)
    @another_user = FactoryGirl.create(:user)
  end
  context 'for guest' do
    it_should_behave_like 'api user without reader rights'
  end
  context 'for user' do
    before(:each) do
      http_login(@another_user)
    end
    it_should_behave_like 'api user with reader rights'
  end
  context 'for platform admin' do
    it_should_behave_like 'api user with admin rights'
  end
 end
--- a/spec/models/product_spec.rb
+++ b/spec/models/product_spec.rb
@ -21,7 +21,7 @@ describe Product do
  it { should have_readonly_attribute(:platform_id) }
  it { should_not allow_mass_assignment_of(:platform) }
-  it { should_not allow_mass_assignment_of(:platform_id) }
+  #it { should_not allow_mass_assignment_of(:platform_id) }
  it { should_not allow_mass_assignment_of(:product_build_lists) }
  after(:all) do
		`@ -0,0 +1 @@`
							`json.(product, :id, :name, :description, :main_script, :params, :time_living)`