Commit bccc8aec by John Doe

added tests for permissions

parent 544dddab
......@@ -8,15 +8,15 @@ class PermissionsController < ApplicationController
# GET /permissions.json
def index
# return permissions for nilm specified by nilm_id
@permissions = Permission.find_by_nilm(@nilm)
@permissions = @nilm.permissions
end
# POST /permissions
# POST /permissions.json
def create
# create permission for nilm specified by nilm_id
@service = PermissionService.new
@service.run(@nilm, params[:role], params[:type], params[:target_id])
@service = CreatePermission.new
@service.run(@nilm, params[:role], params[:target], params[:target_id])
@permission = @service.permission
render status: @service.success? ? :ok : :unprocessable_entity
end
......@@ -25,20 +25,21 @@ class PermissionsController < ApplicationController
# DELETE /permissions/1.json
def destroy
# remove permission from nilm specified by nilm_id
@service = ServiceStub.new
@service.add_notice("Removed permission")
@nilm.permissions.find(params[:id]).destroy
@service = DestroyPermission.new
@service.run(@nilm, current_user, params[:id])
render status: @service.success? ? :ok : :unprocessable_entity
end
private
def set_nilm
@nilm = Nilm.find(params[:nilm_id])
@nilm = Nilm.find_by_id(params[:nilm_id])
head :not_found unless @nilm
end
# authorization based on nilms
def authorize_owner
head :unauthorized unless current_user.owns_nilm?(@nilm)
def authorize_admin
head :unauthorized unless current_user.admins_nilm?(@nilm)
end
end
# frozen_string_literal: true
# Handles changing DbStream attributes
class CreatePermission
include ServiceStatus
def run(nilm, role, type, target_id)
# create [role] perimssion on [nilm] for
# the user or group specified
# [type]: user|group
# [target_id]: user_id or user_group_id value
#
@permission = Permission.create(nilm: nilm, role: role)
case type
when 'user'
if nilm.permissions.find_by_user_id(target_id)
add_error('user already has permissions on this nilm')
return self
end
@permission.user = User.find(target_id)
when 'group'
if nilm.permissions.find_by_user_groupe_id(target_id)
add_error('group already has permissions on this nilm')
return self
end
@permission.user_group = UserGroup.find(target_id)
else
add_error('invalid target_id')
return self
end
unless @permission.save
add_error(permission.errors.full_messages)
return self
end
set_notice('Created permission')
self
end
end
# frozen_string_literal: true
# Handles changing DbStream attributes
# Handles permission creation
class CreatePermission
include ServiceStatus
attr_reader :permission
......
# frozen_string_literal: true
# Handles permission removal
class DestroyPermission
include ServiceStatus
def run(nilm, requester, id)
# remove permission [id] from nilm
# do not allow [requester] to remove his permission
@permission = nilm.permissions.find_by_id(id)
if @permission.nil?
add_error 'invalid permission id'
return self
elsif(@permission.user == requester)
add_error 'cannot remove your own permission'
return self
else
@permission.destroy
add_notice 'removed permission'
return self
end
end
end
json.data do
json.extract! @permission, *Permission.json_keys
json.name @permission.target_name
end
json.partial! "helpers/messages", service: @service
json.partial! "helpers/messages", service: @service
json.array! @permissions, partial: 'permissions/permission', as: :permission
\ No newline at end of file
json.array!(@permissions) do |permission|
json.extract! permission, *Permission.json_keys
json.name permission.target_name
end
json.partial! "permissions/permission", permission: @permission
\ No newline at end of file
require 'rails_helper'
# This spec was generated by rspec-rails when you ran the scaffold generator.
# It demonstrates how one might use RSpec to specify the controller code that
# was generated by Rails when you ran the scaffold generator.
#
# It assumes that the implementation code is generated by the rails scaffold
# generator. If you are using any extension libraries to generate different
# controller code, this generated spec may or may not pass.
#
# It only uses APIs available in rails and/or rspec-rails. There are a number
# of tools you can use to make these specs even more expressive, but we're
# sticking to rails and rspec-rails APIs to keep things simple and stable.
#
# Compared to earlier versions of this generator, there is very limited use of
# stubs and message expectations in this spec. Stubs are only used when there
# is no simpler way to get a handle on the object needed for the example.
# Message expectations are only used when there is no simpler way to specify
# that an instance is receiving a specific message.
RSpec.describe PermissionsController, type: :controller, broken: true do
# This should return the minimal set of attributes required to create a valid
# Permission. As you add validations to Permission, be sure to
# adjust the attributes here as well.
let(:valid_attributes) {
skip("Add a hash of attributes valid for your model")
}
let(:invalid_attributes) {
skip("Add a hash of attributes invalid for your model")
}
# This should return the minimal set of values that should be in the session
# in order to pass any filters (e.g. authentication) defined in
# PermissionsController. Be sure to keep this updated too.
let(:valid_session) { {} }
describe "GET #index" do
it "assigns all permissions as @permissions" do
permission = Permission.create! valid_attributes
get :index, params: {}, session: valid_session
expect(assigns(:permissions)).to eq([permission])
end
end
describe "GET #show" do
it "assigns the requested permission as @permission" do
permission = Permission.create! valid_attributes
get :show, params: {id: permission.to_param}, session: valid_session
expect(assigns(:permission)).to eq(permission)
RSpec.describe PermissionsController, type: :request do
let(:john) { create(:user, first_name: 'John') }
let(:nicky) { create(:user, first_name: 'Nicky')}
let(:steve) { create(:user, first_name: 'Steve') }
let(:pete) { create(:user, first_name: 'Pete') }
let(:john_nilm) { create(:nilm, name: "John's NILM",
admins: [john],
owners: [nicky],
viewers: [steve]) }
describe 'GET #index' do
# list permissions by nilm
context 'with admin privileges' do
it 'returns nilm permissions' do
@auth_headers = john.create_new_auth_token
get "/permissions.json",
params: {nilm_id: john_nilm.id},
headers: @auth_headers
expect(response).to have_http_status(:ok)
expect(response.header['Content-Type']).to include('application/json')
permissions = JSON.parse(response.body)
expect(permissions.count).to eq(3)
end
end
end
describe "GET #new" do
it "assigns a new permission as @permission" do
get :new, params: {}, session: valid_session
expect(assigns(:permission)).to be_a_new(Permission)
context 'without admin privileges' do
it 'returns unauthorized' do
[nicky,steve].each do |user|
@auth_headers = user.create_new_auth_token
get "/permissions.json",
params: {nilm_id: john_nilm.id},
headers: @auth_headers
expect(response).to have_http_status(:unauthorized)
end
end
it 'returns not found on bad nilm id' do
# nilm 99 does not exist
@auth_headers = steve.create_new_auth_token
get "/permissions.json",
params: {nilm_id: 99},
headers: @auth_headers
expect(response).to have_http_status(:not_found)
end
end
end
describe "GET #edit" do
it "assigns the requested permission as @permission" do
permission = Permission.create! valid_attributes
get :edit, params: {id: permission.to_param}, session: valid_session
expect(assigns(:permission)).to eq(permission)
context 'without sign-in' do
it 'returns unauthorized' do
# no headers: nobody is signed in, deny all
get "/permissions.json"
expect(response).to have_http_status(:unauthorized)
end
end
end
describe "POST #create" do
context "with valid params" do
it "creates a new Permission" do
expect {
post :create, params: {permission: valid_attributes}, session: valid_session
}.to change(Permission, :count).by(1)
end
it "assigns a newly created permission as @permission" do
post :create, params: {permission: valid_attributes}, session: valid_session
expect(assigns(:permission)).to be_a(Permission)
expect(assigns(:permission)).to be_persisted
describe 'POST #create' do
# add permissions to specified nilm
context 'with admin privileges' do
it 'adds new permission' do
@auth_headers = john.create_new_auth_token
post "/permissions.json",
params: {nilm_id: john_nilm.id,
role: 'viewer',
target: 'user',
target_id: pete.id},
headers: @auth_headers
expect(response).to have_http_status(:ok)
expect(response.header['Content-Type']).to include('application/json')
expect(response).to have_notice_message
expect(pete.views_nilm?(john_nilm)).to be true
end
it "redirects to the created permission" do
post :create, params: {permission: valid_attributes}, session: valid_session
expect(response).to redirect_to(Permission.last)
it 'returns errors on invalid request' do
# steve already has permissions on this nilm
@auth_headers = john.create_new_auth_token
post "/permissions.json",
params: {nilm_id: john_nilm.id,
role: 'owner',
target: 'user',
target_id: steve.id},
headers: @auth_headers
expect(response).to have_http_status(:unprocessable_entity)
expect(response.header['Content-Type']).to include('application/json')
expect(response).to have_error_message
end
end
context "with invalid params" do
it "assigns a newly created but unsaved permission as @permission" do
post :create, params: {permission: invalid_attributes}, session: valid_session
expect(assigns(:permission)).to be_a_new(Permission)
context 'without admin privileges' do
it 'returns unauthorized' do
[nicky,steve].each do |user|
@auth_headers = user.create_new_auth_token
post "/permissions.json",
params: {nilm_id: john_nilm.id},
headers: @auth_headers
expect(response).to have_http_status(:unauthorized)
end
end
it "re-renders the 'new' template" do
post :create, params: {permission: invalid_attributes}, session: valid_session
expect(response).to render_template("new")
end
context 'without sign-in' do
it 'returns unauthorized' do
# no headers: nobody is signed in, deny all
post "/permissions.json"
expect(response).to have_http_status(:unauthorized)
end
end
end
describe "PUT #update" do
context "with valid params" do
let(:new_attributes) {
skip("Add a hash of attributes valid for your model")
}
it "updates the requested permission" do
permission = Permission.create! valid_attributes
put :update, params: {id: permission.to_param, permission: new_attributes}, session: valid_session
permission.reload
skip("Add assertions for updated state")
end
it "assigns the requested permission as @permission" do
permission = Permission.create! valid_attributes
put :update, params: {id: permission.to_param, permission: valid_attributes}, session: valid_session
expect(assigns(:permission)).to eq(permission)
describe 'DELETE #destroy' do
# removes specified permission from nilm
context 'with admin privileges' do
it 'removes permission' do
p = Permission.where(nilm: john_nilm, user: steve).first
expect(steve.views_nilm?(john_nilm)).to be true
@auth_headers = john.create_new_auth_token
delete "/permissions/#{p.id}.json",
params: {nilm_id: john_nilm.id},
headers: @auth_headers
expect(response).to have_http_status(:ok)
expect(response.header['Content-Type']).to include('application/json')
expect(response).to have_notice_message
expect(steve.views_nilm?(john_nilm)).to be false
end
it "redirects to the permission" do
permission = Permission.create! valid_attributes
put :update, params: {id: permission.to_param, permission: valid_attributes}, session: valid_session
expect(response).to redirect_to(permission)
it 'returns error on invalid request' do
# cannot remove your own permission
p = Permission.where(nilm: john_nilm, user: john).first
@auth_headers = john.create_new_auth_token
delete "/permissions/#{p.id}.json",
params: {nilm_id: john_nilm.id},
headers: @auth_headers
expect(response).to have_http_status(:unprocessable_entity)
expect(response.header['Content-Type']).to include('application/json')
expect(response).to have_error_message
expect(john.admins_nilm?(john_nilm)).to be true
end
end
context "with invalid params" do
it "assigns the permission as @permission" do
permission = Permission.create! valid_attributes
put :update, params: {id: permission.to_param, permission: invalid_attributes}, session: valid_session
expect(assigns(:permission)).to eq(permission)
end
it "re-renders the 'edit' template" do
permission = Permission.create! valid_attributes
put :update, params: {id: permission.to_param, permission: invalid_attributes}, session: valid_session
expect(response).to render_template("edit")
context 'without admin privileges' do
it 'returns unauthorized' do
[nicky,steve].each do |user|
@auth_headers = user.create_new_auth_token
delete "/permissions/99.json",
params: {nilm_id: john_nilm.id},
headers: @auth_headers
expect(response).to have_http_status(:unauthorized)
end
end
end
end
describe "DELETE #destroy" do
it "destroys the requested permission" do
permission = Permission.create! valid_attributes
expect {
delete :destroy, params: {id: permission.to_param}, session: valid_session
}.to change(Permission, :count).by(-1)
context 'without sign-in' do
it 'returns unauthorized' do
# no headers: nobody is signed in, deny all
delete "/permissions/99.json"
expect(response).to have_http_status(:unauthorized)
end
end
it "redirects to the permissions list" do
permission = Permission.create! valid_attributes
delete :destroy, params: {id: permission.to_param}, session: valid_session
expect(response).to redirect_to(permissions_url)
end
end
end
# frozen_string_literal: true
require 'rails_helper'
describe 'DestroyPermission service' do
let(:requester){ create(:user)}
let(:viewer){ create(:user)}
let(:group){ create(:user_group)}
let(:nilm){ create(:nilm,
admins:[requester],
viewers:[viewer, group])}
it 'removes specified user permission from nilm' do
expect(viewer.views_nilm?(nilm)).to be true
service = DestroyPermission.new
p = nilm.permissions.where(user: viewer).first
service.run(nilm,requester,p.id)
expect(service.success?).to be true
expect(viewer.views_nilm?(nilm)).to be false
end
it 'removes specified group permission from nilm' do
expect(group.permissions).to be_empty
service = DestroyPermission.new
p = nilm.permissions.where(user_group: group).first
service.run(nilm,requester,p.id)
expect(service.success?).to be true
expect(group.permissions).to be_empty
end
it 'returns error if permission is not on nilm' do
nilm2 = create(:nilm, admins: [viewer])
p2 = nilm2.permissions.first
service = DestroyPermission.new
service.run(nilm,requester,p2.id)
expect(service.success?).to be false
expect(Permission.find(p2.id)).to be_present
end
it 'does not allow requester to delete himself' do
service = DestroyPermission.new
p = nilm.permissions.where(user: requester).first
service.run(nilm,requester,p.id)
expect(service.success?).to be false
expect(requester.admins_nilm?(nilm)).to be true
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment