require 'spec_helper' shared_context "issues controller" do before do stub_symlink_methods @project = FactoryGirl.create(:project_with_commit) @issue_user = FactoryGirl.create(:user) @issue = FactoryGirl.create(:issue, project_id: @project.id, assignee_id: @issue_user.id) @label = FactoryGirl.create(:label, project_id: @project.id) @project_with_turned_off_issues = FactoryGirl.create(:project, has_issues: false) @turned_of_issue = FactoryGirl.create(:issue, project_id: @project_with_turned_off_issues.id, assignee_id: @issue_user.id) @user = FactoryGirl.create(:user) set_session_for(@user) @create_params = { name_with_owner: @project.name_with_owner, issue: { title: "issue1", body: "issue body", labelings_attributes: { @label.id => { label_id: @label.id }}, assignee_id: @issue_user.id } } @update_params = { name_with_owner: @project.name_with_owner, issue: { title: "issue2" }, format: :json } @pull = @project.pull_requests.new issue_attributes: { title: 'test', body: 'testing' } @pull.issue.user, @pull.issue.project = @project.owner, @pull.to_project @pull.to_ref = 'master' @pull.from_project, @pull.from_ref = @project, 'non_conflicts' @pull.save end end shared_examples_for 'issue user with project guest rights' do it 'should be able to perform index action' do get :index, name_with_owner: @project.name_with_owner response.should render_template(:index) end it 'should be able to perform show action' do get :show, name_with_owner: @project.name_with_owner, id: @issue.serial_id response.should render_template(:show) end end shared_examples_for 'issue user with project reader rights' do it 'should be able to perform index action on hidden project' do @project.update_attributes(visibility: 'hidden') get :index, name_with_owner: @project.name_with_owner response.should render_template(:index) end it 'should be able to perform create action' do post :create, @create_params response.should redirect_to(project_issues_path(@project)) end it 'should create issue object into db' do lambda{ post :create, @create_params }.should change{ Issue.count }.by(1) end end shared_examples_for 'issue user with project writer rights' do it 'should be able to perform index action on hidden project' do @project.update_attributes(visibility: 'hidden') get :index, name_with_owner: @project.name_with_owner response.should render_template(:index) end it 'should create issue object into db' do lambda{ post :create, @create_params }.should change{ Issue.count }.by(1) end context 'perform create action' do before { post :create, @create_params } it 'user should be assigned to issue' do @project.issues.last.assignee_id.should_not be_nil end it 'label should be attached to issue' do expect(@project.issues.last.labels.count).to eq 1 end end end shared_examples_for 'user with issue update rights' do it 'should be able to perform update action' do put :update, {id: @issue.serial_id}.merge(@update_params) response.code.should eq('200') end it 'should update issue title' do put :update, {id: @issue.serial_id}.merge(@update_params) @issue.reload.title.should == 'issue2' end end shared_examples_for 'user without issue update rights' do it 'should not be able to perform update action' do put :update, {id: @issue.serial_id}.merge(@update_params) response.should redirect_to(forbidden_path) end it 'should not update issue title' do put :update, {id: @issue.serial_id}.merge(@update_params) @issue.reload.title.should_not == 'issue2' end end # shared_examples_for 'user without issue destroy rights' do # it 'should not be able to perform destroy action' do # delete :destroy, id: @issue.serial_id, name_with_owner: @project.name_with_owner # response.should redirect_to(controller.current_user ? forbidden_path : new_user_session_path) # end # it 'should not reduce issues count' do # lambda{ delete :destroy, id: @issue.serial_id, name_with_owner: @project.name_with_owner }.should_not change{ Issue.count } # end # end shared_examples_for 'project with issues turned off' do it 'should not be able to perform index action' do get :index, name_with_owner: @project_with_turned_off_issues.name_with_owner response.should redirect_to(forbidden_path) end it 'should not be able to perform show action' do get :show, name_with_owner: @project_with_turned_off_issues.name_with_owner, id: @turned_of_issue.serial_id response.should redirect_to(forbidden_path) end end describe Projects::IssuesController, type: :controller do include_context "issues controller" context 'for global admin user' do before(:each) do @user.role = "admin" @user.save end it_should_behave_like 'issue user with project guest rights' it_should_behave_like 'issue user with project reader rights' it_should_behave_like 'issue user with project writer rights' it_should_behave_like 'user with issue update rights' it_should_behave_like 'project with issues turned off' # it_should_behave_like 'user without issue destroy rights' end context 'for project admin user' do before(:each) do create_relation(@project, @user, 'admin') end it_should_behave_like 'issue user with project guest rights' it_should_behave_like 'issue user with project reader rights' it_should_behave_like 'issue user with project writer rights' it_should_behave_like 'user with issue update rights' it_should_behave_like 'project with issues turned off' # it_should_behave_like 'user without issue destroy rights' end context 'for project owner user' do before(:each) do @user = @project.owner set_session_for(@user) end it_should_behave_like 'issue user with project guest rights' it_should_behave_like 'issue user with project reader rights' it_should_behave_like 'issue user with project writer rights' it_should_behave_like 'user with issue update rights' it_should_behave_like 'project with issues turned off' # it_should_behave_like 'user without issue destroy rights' end context 'for project reader user' do before(:each) do create_relation(@project, @user, 'reader') end it_should_behave_like 'issue user with project guest rights' it_should_behave_like 'issue user with project reader rights' it_should_behave_like 'user without issue update rights' it_should_behave_like 'project with issues turned off' # it_should_behave_like 'user without issue destroy rights' context 'perform create action' do before { post :create, @create_params } it 'user should not be assigned to issue' do @project.issues.last.assignee_id.should be_nil end it 'label should not be attached to issue' do expect(@project.issues.last.labels.count).to eq 0 end end # it 'should not be able to perform create action on project' do # post :create, @create_params # response.should redirect_to(forbidden_path) # end # it 'should not create issue object into db' do # lambda{ post :create, @create_params }.should change{ Issue.count }.by(0) # end it 'should return 404' do get :show, name_with_owner: @project.name_with_owner, id: 999999 render_template(file: "#{Rails.root}/public/404.html") end it 'should redirect to pull request page' do get :show, name_with_owner: @project.name_with_owner, id: @pull.serial_id response.should redirect_to(project_pull_request_path(@project, @pull)) end end context 'for project writer user' do before(:each) do create_relation(@project, @user, 'writer') end it_should_behave_like 'issue user with project guest rights' it_should_behave_like 'issue user with project reader rights' it_should_behave_like 'issue user with project writer rights' it_should_behave_like 'user without issue update rights' it_should_behave_like 'project with issues turned off' # it_should_behave_like 'user without issue destroy rights' end context 'for issue assign user' do before(:each) do set_session_for(@issue_user) end it_should_behave_like 'user without issue update rights' it_should_behave_like 'project with issues turned off' # it_should_behave_like 'user without issue destroy rights' end context 'for guest' do before(:each) do set_session_for(User.new) end if APP_CONFIG['anonymous_access'] it_should_behave_like 'issue user with project guest rights' it 'should not be able to perform index action on hidden project' do @project.update_attributes(visibility: 'hidden') get :index, name_with_owner: @project.name_with_owner response.should redirect_to(forbidden_path) end else it 'should not be able to perform index action' do get :index, name_with_owner: @project.name_with_owner response.should redirect_to(new_user_session_path) end it 'should not be able to perform show action' do get :show, name_with_owner: @project.name_with_owner, id: @issue.serial_id response.should redirect_to(new_user_session_path) end it 'should not be able to perform index action on hidden project' do @project.update_attributes(visibility: 'hidden') get :index, name_with_owner: @project.name_with_owner response.should redirect_to(new_user_session_path) end end it 'should not be able to perform create action' do post :create, @create_params response.should redirect_to(new_user_session_path) end it 'should not create issue object into db' do lambda{ post :create, @create_params }.should_not change{ Issue.count } end #it_should_behave_like 'user without issue update rights' it 'should not be able to perform update action' do put :update, {id: @issue.serial_id}.merge(@update_params) response.status.should == 401 end it 'should not update issue title' do put :update, {id: @issue.serial_id}.merge(@update_params) @issue.reload.title.should_not == 'issue2' end # it_should_behave_like 'user without issue destroy rights' end end