Merge pull request #885 from warpc/861-products_api
[refs #861] Add products api
This commit is contained in:
commit
eb53c1ab5e
|
@ -0,0 +1,22 @@
|
|||
# -*- encoding : utf-8 -*-
|
||||
class Api::V1::ProductsController < Api::V1::BaseController
|
||||
before_filter :authenticate_user!
|
||||
skip_before_filter :authenticate_user!, :only => [:index, :show] if APP_CONFIG['anonymous_access']
|
||||
|
||||
load_and_authorize_resource
|
||||
|
||||
def create
|
||||
create_subject @product
|
||||
end
|
||||
|
||||
def update
|
||||
update_subject @product
|
||||
end
|
||||
|
||||
def show
|
||||
end
|
||||
|
||||
def destroy
|
||||
destroy_subject @product
|
||||
end
|
||||
end
|
|
@ -15,7 +15,8 @@ class Product < ActiveRecord::Base
|
|||
:description,
|
||||
:project_id,
|
||||
:main_script,
|
||||
:params
|
||||
:params,
|
||||
:platform_id
|
||||
attr_readonly :platform_id
|
||||
|
||||
def full_clone(attrs = {})
|
||||
|
|
|
@ -146,6 +146,7 @@ class User < Avatar
|
|||
end
|
||||
|
||||
def best_role target
|
||||
return nil if target.nil?
|
||||
roles = target_roles(target)
|
||||
return nil if roles.count == 0
|
||||
%w(admin writer reader).each {|role| return role if roles.include?(role)}
|
||||
|
|
|
@ -8,4 +8,7 @@ json.platform do |json|
|
|||
json_repos.(repo, :id, :name)
|
||||
json_repos.url api_v1_repository_path(repo.id, :format => :json)
|
||||
end
|
||||
json.products @platform.products do |json_products, product|
|
||||
json.partial! 'api/v1/products/product', :product => product, :json => json_products
|
||||
end
|
||||
end
|
|
@ -0,0 +1 @@
|
|||
json.(product, :id, :name, :description, :main_script, :params, :time_living)
|
|
@ -0,0 +1,13 @@
|
|||
json.product do |json|
|
||||
json.partial! 'product', :product => @product, :json => json
|
||||
json.platform do |json_platform|
|
||||
json.partial! 'api/v1/platforms/platform', :platform => @product.platform, :json => json_platform
|
||||
end
|
||||
if @product.project.present?
|
||||
json.project do |json_project|
|
||||
json.partial! 'api/v1/projects/project', :project => @product.project, :json => json_project
|
||||
end
|
||||
end
|
||||
json.created_at @product.created_at.to_i
|
||||
json.updated_at @product.updated_at.to_i
|
||||
end
|
|
@ -75,6 +75,7 @@ Rosa::Application.routes.draw do
|
|||
put :update_member
|
||||
}
|
||||
end
|
||||
resources :products, :only => [:show, :update, :create, :destroy]
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -0,0 +1,144 @@
|
|||
# -*- encoding : utf-8 -*-
|
||||
require 'spec_helper'
|
||||
|
||||
shared_examples_for 'api user without reader rights' do
|
||||
it 'should not be able to perform show action', :anonymous_access => false do
|
||||
get :show, :id => @product.id, :format => :json
|
||||
response.status.should == 401
|
||||
end
|
||||
|
||||
it 'should be able to perform show action' do
|
||||
get :show, :id => @product.id, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
it 'should not be able to perform show action for the hidden platform' do
|
||||
@product.platform.update_column :visibility, 'hidden'
|
||||
get :show, :id => @product.id, :format => :json
|
||||
response.status.should == 403
|
||||
end
|
||||
|
||||
it 'should not be able to perform create action' do
|
||||
post :create, :format => :json
|
||||
response.status.should == 401
|
||||
end
|
||||
|
||||
[:update, :destroy].each do |action|
|
||||
it "should not be able to perform #{action} action" do
|
||||
put action, :id => @product.id, :format => :json
|
||||
response.status.should == 401
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'api user with reader rights' do
|
||||
it 'should be able to perform show action' do
|
||||
get :show, :id => @product.id, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
it 'should be able to perform show action for the hidden main platform' do
|
||||
@product.platform.update_column :visibility, 'hidden'
|
||||
get :show, :id => @product.id, :format => :json
|
||||
response.should be_success # because main platform
|
||||
end
|
||||
|
||||
it 'should not be able to perform create action' do
|
||||
post :create, :format => :json
|
||||
response.status.should == 403
|
||||
end
|
||||
|
||||
[:update, :destroy].each do |action|
|
||||
it "should not be able to perform #{action} action" do
|
||||
put action, :id => @product.id, :format => :json
|
||||
response.status.should == 403
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
shared_examples_for 'api user with admin rights' do
|
||||
before(:each) do
|
||||
@product.platform.relations.create!(:actor_type => 'User', :actor_id => @another_user.id, :role => 'admin')
|
||||
http_login(@another_user)
|
||||
params = {:platform_id => @product.platform.id, :project_id => @product.project.id}
|
||||
@create_params = {:product =>{:name => 'pro', :time_living => 150}.merge(params)}
|
||||
@update_params = {:product =>{:name => 'pro2', :time_living => 250}}
|
||||
end
|
||||
|
||||
it 'should be able to perform show action' do
|
||||
get :show, :id => @product.id, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
it 'should be able to perform show action for the hidden platform' do
|
||||
@product.platform.update_column :visibility, 'hidden'
|
||||
get :show, :id => @product.id, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
it 'should be able to perform create action' do
|
||||
post :create, @create_params, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
|
||||
it 'ensures that product has been created' do
|
||||
lambda { post :create, @create_params, :format => :json }.should change{ Product.count }.by(1)
|
||||
end
|
||||
|
||||
[:update, :destroy].each do |action|
|
||||
it "should be able to perform #{action} action" do
|
||||
put action, :id => @product.id, :format => :json
|
||||
response.should be_success
|
||||
end
|
||||
end
|
||||
|
||||
it "ensures that product has been destroyed" do
|
||||
lambda { put :destroy, :id => @product.id, :format => :json }.should change{ Product.count }.by(-1)
|
||||
end
|
||||
|
||||
it "ensures that product has been updated" do
|
||||
put :update, @update_params.merge(:id => @product.id), :format => :json
|
||||
@product.reload.name.should == 'pro2'
|
||||
@product.reload.time_living.should == 250*60 # in seconds
|
||||
end
|
||||
|
||||
it 'ensures that return correct answer for wrong creating action' do
|
||||
post :create, :format => :json
|
||||
response.status.should == 403 # Maybe 422?
|
||||
end
|
||||
|
||||
#[:update, :destroy].each do |action|
|
||||
# it "ensures that return correct answer for wrong #{action} action" do
|
||||
# put action, :id => nil, :format => :json
|
||||
# response.status.should == 404
|
||||
# end
|
||||
#end
|
||||
end
|
||||
|
||||
describe Api::V1::ProductsController do
|
||||
before(:each) do
|
||||
stub_symlink_methods
|
||||
stub_redis
|
||||
|
||||
@product = FactoryGirl.create(:product)
|
||||
@another_user = FactoryGirl.create(:user)
|
||||
end
|
||||
|
||||
context 'for guest' do
|
||||
it_should_behave_like 'api user without reader rights'
|
||||
|
||||
|
||||
end
|
||||
|
||||
context 'for user' do
|
||||
before(:each) do
|
||||
http_login(@another_user)
|
||||
end
|
||||
|
||||
it_should_behave_like 'api user with reader rights'
|
||||
end
|
||||
|
||||
context 'for platform admin' do
|
||||
it_should_behave_like 'api user with admin rights'
|
||||
end
|
||||
end
|
|
@ -21,7 +21,7 @@ describe Product do
|
|||
it { should have_readonly_attribute(:platform_id) }
|
||||
|
||||
it { should_not allow_mass_assignment_of(:platform) }
|
||||
it { should_not allow_mass_assignment_of(:platform_id) }
|
||||
#it { should_not allow_mass_assignment_of(:platform_id) }
|
||||
it { should_not allow_mass_assignment_of(:product_build_lists) }
|
||||
|
||||
after(:all) do
|
||||
|
|
Loading…
Reference in New Issue