Software
/
rosa-build
mirror of https://github.com/OpenMandrivaSoftware/rosa-build.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

#192: updated and added new specs, updated models

This commit is contained in:
Vokhmin Alexey V 2013-07-02 22:13:00 +04:00
parent 20204b3821
commit fe635f244b
4 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/api/v1/platforms_controller.rb
View File

@ -7,7 +7,7 @@ class Api::V1::PlatformsController < Api::V1::BaseController
load_and_authorize_resource :except => :allowed
def allowed
platform_name = (params[:path] || '').match(/^\/[\w]+\//)
platform_name = (params[:path] || '').match(/^\/#{Platform::NAME_PATTERN}\//)
render(:inline => 'true') && return unless platform_name
platform_name = platform_name[0].gsub(/\//, '')
@ -21,7 +21,7 @@ class Api::V1::PlatformsController < Api::V1::BaseController
render(:inline => 'false', :status => 403) && return
end
render(:inline => 'true') && return if platform.tokens.where(:authentication_token => token).exists?
render(:inline => 'true') && return if platform.tokens.by_active.where(:authentication_token => token).exists?
user = User.find_by_authentication_token token
@current_ability, @current_user = nil, user

3
app/models/platform.rb
View File

@ -1,6 +1,7 @@
# -*- encoding : utf-8 -*-
class Platform < ActiveRecord::Base
VISIBILITIES = %w(open hidden)
NAME_PATTERN = /[a-zA-Z0-9_\-\.]+/
belongs_to :parent, :class_name => 'Platform', :foreign_key => 'parent_platform_id'
belongs_to :owner, :polymorphic => true
@ -21,7 +22,7 @@ class Platform < ActiveRecord::Base
validates :description, :presence => true
validates :visibility, :presence => true, :inclusion => {:in => VISIBILITIES}
validates :name, :uniqueness => {:case_sensitive => false}, :presence => true, :format => { :with => /\A[a-zA-Z0-9_\-\.]+\z/ }
validates :name, :uniqueness => {:case_sensitive => false}, :presence => true, :format => { :with => /\A#{NAME_PATTERN}\z/ }
validates :distrib_type, :presence => true, :inclusion => {:in => APP_CONFIG['distr_types']}
validate lambda {
if released_was && !released

1
app/models/token.rb
View File

@ -8,6 +8,7 @@ class Token < ActiveRecord::Base
validates :authentication_token, :presence => true, :uniqueness => {:case_sensitive => true}
default_scope order("#{table_name}.created_at desc")
scope :by_active, where(:status => 'active')
before_validation :generate_token, :on => :create

31
spec/controllers/api/v1/platforms_controller_spec.rb
View File

@ -249,49 +249,60 @@ describe Api::V1::PlatformsController do
context 'perform allowed action' do
it 'ensures that status 403 if no url' do
it 'ensures that status 200 if platform empty' do
get :allowed
response.status.should == 403
response.status.should == 200
end
it 'ensures that status 403 if platform does not exist' do
get :allowed, :url => "#{APP_CONFIG['downloads_url']}/rosa-server/repository/SRPMS/base/release/repodata/"
get :allowed, :path => "/rosa-server/repository/SRPMS/base/release/repodata/"
response.status.should == 403
end
it 'ensures that status 200 if platform open' do
get :allowed, :url => "#{APP_CONFIG['downloads_url']}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 200
end
context 'for hidden platform' do
let(:downloads_url) { APP_CONFIG['downloads_url'].gsub(/^http\:\/\//, '') }
before { @platform.change_visibility }
it 'ensures that status 403 if no token' do
get :allowed, :url => "#{APP_CONFIG['downloads_url']}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 403
end
it 'ensures that status 403 if wrong token' do
get :allowed, :url => "http://KuKu:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64("KuKu:password")
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 403
end
it 'ensures that status 200 if token correct' do
token = FactoryGirl.create(:platform_token, :subject => @platform)
get :allowed, :url => "http://#{token.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(token.authentication_token + ':')
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 200
end
it 'ensures that status 403 if token correct but blocked' do
token = FactoryGirl.create(:platform_token, :subject => @platform)
token.block
@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(token.authentication_token + ':')
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 403
end
it 'ensures that status 200 if user token correct and user has ability to read platform' do
get :allowed, :url => "http://#{@platform.owner.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(@platform.owner.authentication_token + ':')
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 200
end
it 'ensures that status 403 if user token correct but user has no ability to read platform' do
user = FactoryGirl.create(:user)
get :allowed, :url => "http://#{user.authentication_token}:@#{downloads_url}/#{@platform.name}/repository/SRPMS/base/release/repodata/"
@request.env['HTTP_AUTHORIZATION'] = 'Basic ' + Base64::encode64(user.authentication_token + ':')
get :allowed, :path => "/#{@platform.name}/repository/SRPMS/base/release/repodata/"
response.status.should == 403
end
end