313 lines
9.4 KiB
Ruby
313 lines
9.4 KiB
Ruby
# -*- encoding : utf-8 -*-
|
|
require 'spec_helper'
|
|
require "cancan/matchers"
|
|
|
|
def admin_create
|
|
@admin = FactoryGirl.create(:admin)
|
|
@ability = Ability.new(@admin)
|
|
end
|
|
|
|
def user_create
|
|
@user = FactoryGirl.create(:user)
|
|
@ability = Ability.new(@user)
|
|
end
|
|
|
|
def guest_create
|
|
@ability = Ability.new(User.new)
|
|
end
|
|
|
|
describe CanCan do
|
|
let(:open_platform) { FactoryGirl.create(:platform, :visibility => 'open') }
|
|
|
|
before(:each) do
|
|
stub_symlink_methods
|
|
end
|
|
|
|
context 'Site admin' do
|
|
let(:personal_platform) { FactoryGirl.create(:platform, :platform_type => 'personal') }
|
|
let(:personal_repository_main) { FactoryGirl.create(:personal_repository, :name => 'main') }
|
|
let(:personal_repository) { FactoryGirl.create(:personal_repository) }
|
|
before(:each) do
|
|
admin_create
|
|
end
|
|
|
|
it 'should manage all' do
|
|
#(@ability.can? :manage, :all).should be_true
|
|
@ability.should be_able_to(:manage, :all)
|
|
end
|
|
|
|
it 'should not be able to destroy personal platforms' do
|
|
@ability.should_not be_able_to(:destroy, personal_platform)
|
|
end
|
|
|
|
it 'should not be able to destroy personal repositories with name "main"' do
|
|
@ability.should_not be_able_to(:destroy, personal_repository_main)
|
|
end
|
|
it 'should be able to destroy personal repositories with name not "main"' do
|
|
@ability.should be_able_to(:destroy, personal_repository)
|
|
end
|
|
end
|
|
|
|
context 'Site guest' do
|
|
let(:register_request) { FactoryGirl.create(:register_request) }
|
|
|
|
before(:each) do
|
|
guest_create
|
|
end
|
|
|
|
it 'should not be able to read open platform' do
|
|
@ability.should_not be_able_to(:read, open_platform)
|
|
end
|
|
|
|
[:publish, :cancel, :reject_publish, :create_container].each do |action|
|
|
it "should not be able to #{ action } build list" do
|
|
@ability.should_not be_able_to(action, BuildList)
|
|
end
|
|
end
|
|
|
|
it 'should not be able to update register request' do
|
|
@ability.should_not be_able_to(:update, register_request)
|
|
end
|
|
|
|
it 'should not be able to list register requests' do
|
|
@ability.should_not be_able_to(:read, register_request)
|
|
end
|
|
|
|
it 'should not be able to destroy register requests' do
|
|
@ability.should_not be_able_to(:destroy, register_request)
|
|
end
|
|
|
|
pending 'should be able to register new user' do # while self registration is closed
|
|
@ability.should be_able_to(:create, User)
|
|
end
|
|
end
|
|
|
|
context 'Site user' do
|
|
before(:each) do
|
|
user_create
|
|
end
|
|
|
|
[Platform, Repository].each do |model_name|
|
|
it "should be able to read #{model_name}" do
|
|
@ability.should be_able_to(:read, model_name)
|
|
end
|
|
end
|
|
|
|
it "shoud be able to show user profile" do
|
|
@ability.should be_able_to(:show, User)
|
|
end
|
|
|
|
it "shoud be able to read another user object" do
|
|
admin_create
|
|
@ability.should be_able_to(:read, @admin)
|
|
end
|
|
|
|
it "shoud be able to read open projects" do
|
|
@project = FactoryGirl.create(:project, :visibility => 'open')
|
|
@ability.should be_able_to(:read, @project)
|
|
end
|
|
|
|
it 'should be able to see open platform' do
|
|
@ability.should be_able_to(:show, open_platform)
|
|
end
|
|
|
|
it "shoud be able to create project" do
|
|
@ability.should be_able_to(:create, Project)
|
|
end
|
|
|
|
it "should not be able to manage register requests" do
|
|
@ability.should_not be_able_to(:manage, RegisterRequest)
|
|
end
|
|
|
|
context "private users relations" do
|
|
before(:each) do
|
|
@private_user = FactoryGirl.create(:private_user)
|
|
|
|
@private_user.platform.owner = @user
|
|
@private_user.platform.save
|
|
end
|
|
|
|
[:read, :create].each do |action|
|
|
it "should be able to #{ action } PrivateUser" do
|
|
@ability.should be_able_to(action, @private_user)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'as project collaborator' do
|
|
before(:each) do
|
|
@project = FactoryGirl.create(:project_with_commit)
|
|
@issue = FactoryGirl.create(:issue, :project_id => @project.id)
|
|
end
|
|
|
|
context 'with read rights' do
|
|
before(:each) do
|
|
@project.relations.create!(:actor_id => @user.id, :actor_type => 'User', :role => 'reader')
|
|
end
|
|
|
|
it 'should be able to read project' do
|
|
@ability.should be_able_to(:read, @project)
|
|
end
|
|
|
|
it 'should be able to read issue' do
|
|
@ability.should be_able_to(:read, @issue)
|
|
end
|
|
end
|
|
|
|
context 'with writer rights' do
|
|
before(:each) do
|
|
@project.relations.create!(:actor_id => @user.id, :actor_type => 'User', :role => 'writer')
|
|
end
|
|
|
|
[:read, :create, :new].each do |action|
|
|
it "should be able to #{ action } project" do
|
|
@ability.should be_able_to(action, @project)
|
|
end
|
|
end
|
|
|
|
[:new, :create].each do |action|
|
|
it "should be able to #{action} build_list" do
|
|
@build_list = FactoryGirl.create(:build_list_with_attaching_project, :project => @project)
|
|
@ability.should be_able_to(action, @build_list)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with admin rights' do
|
|
before(:each) do
|
|
@project.relations.create!(:actor_id => @user.id, :actor_type => 'User', :role => 'admin')
|
|
end
|
|
|
|
[:read, :update].each do |action|
|
|
it "should be able to #{ action } project" do
|
|
@ability.should be_able_to(action, @project)
|
|
end
|
|
end
|
|
|
|
[:new, :create].each do |action|
|
|
it "should be able to #{action} build_list" do
|
|
@build_list = FactoryGirl.create(:build_list_with_attaching_project, :project => @project)
|
|
@ability.should be_able_to(action, @build_list)
|
|
end
|
|
end
|
|
|
|
it "should be able to manage collaborators of project" do
|
|
@ability.should be_able_to(:manage_collaborators, @project)
|
|
end
|
|
|
|
[:read, :create, :new, :update, :edit].each do |action|
|
|
it "should be able to #{ action } issue" do
|
|
@ability.should be_able_to(action, @issue)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with owner rights' do
|
|
before(:each) do
|
|
@project = FactoryGirl.create(:project_with_commit, :owner => @user)
|
|
@issue = FactoryGirl.create(:issue, :project_id => @project.id)
|
|
end
|
|
|
|
[:read, :update, :destroy].each do |action|
|
|
it "should be able to #{ action } project" do
|
|
@ability.should be_able_to(action, @project)
|
|
end
|
|
end
|
|
|
|
[:new, :create].each do |action|
|
|
it "should be able to #{action} build_list" do
|
|
@build_list = FactoryGirl.create(:build_list_with_attaching_project, :project => @project)
|
|
@ability.should be_able_to(action, @build_list)
|
|
end
|
|
end
|
|
|
|
[:read, :update, :edit].each do |action|
|
|
it "should be able to #{ action } issue" do
|
|
@ability.should be_able_to(action, @issue)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'through group-member' do
|
|
before(:each) do
|
|
@group_member = FactoryGirl.create(:group)
|
|
@project.relations.create!(:actor_id => @group_member.id, :actor_type => 'Group', :role => 'reader')
|
|
@group_member_ability = Ability.new(@group_member.owner)
|
|
end
|
|
|
|
it 'should be able to read open project' do
|
|
@group_member_ability.should be_able_to(:read, @project)
|
|
end
|
|
|
|
it 'should be able to read closed project' do
|
|
@project.update_attribute :visibility, 'hidden'
|
|
@group_member_ability.should be_able_to(:read, @project)
|
|
end
|
|
|
|
it 'should include hidden project in list' do
|
|
@project.update_attribute :visibility, 'hidden'
|
|
Project.accessible_by(@group_member_ability, :show).where(:projects => {:id => @project.id}).count.should == 1
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'platform relations' do
|
|
before(:each) do
|
|
@platform = FactoryGirl.create(:platform)
|
|
end
|
|
|
|
context 'with owner rights' do
|
|
before(:each) do
|
|
@platform.owner = @user
|
|
@platform.save
|
|
end
|
|
|
|
[:read, :update, :destroy, :change_visibility].each do |action|
|
|
it "should be able to #{action} platform" do
|
|
@ability.should be_able_to(action, @platform)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with read rights' do
|
|
before(:each) do
|
|
@platform.relations.create!(:actor_id => @user.id, :actor_type => 'User', :role => 'reader')
|
|
end
|
|
|
|
it "should be able to read platform" do
|
|
@ability.should be_able_to(:read, @platform)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'repository relations' do
|
|
before(:each) do
|
|
@repository = FactoryGirl.create(:repository)
|
|
end
|
|
|
|
context 'with owner rights' do
|
|
before(:each) do
|
|
@repository.platform.owner = @user
|
|
@repository.platform.save
|
|
end
|
|
|
|
[:read, :create, :update, :destroy, :add_project, :remove_project, :settings].each do |action|
|
|
it "should be able to #{action} repository" do
|
|
@ability.should be_able_to(action, @repository)
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with read rights' do
|
|
before(:each) do
|
|
@repository.platform.relations.create!(:actor_id => @user.id, :actor_type => 'User', :role => 'reader')
|
|
end
|
|
|
|
it "should be able to read repository" do
|
|
@ability.should be_able_to(:read, @repository)
|
|
end
|
|
end
|
|
end # 'repository relations'
|
|
end # 'Site user'
|
|
end
|