Commit bccc8aec by John Doe

added tests for permissions

parent 544dddab
...@@ -8,15 +8,15 @@ class PermissionsController < ApplicationController ...@@ -8,15 +8,15 @@ class PermissionsController < ApplicationController
# GET /permissions.json # GET /permissions.json
def index def index
# return permissions for nilm specified by nilm_id # return permissions for nilm specified by nilm_id
@permissions = Permission.find_by_nilm(@nilm) @permissions = @nilm.permissions
end end
# POST /permissions # POST /permissions
# POST /permissions.json # POST /permissions.json
def create def create
# create permission for nilm specified by nilm_id # create permission for nilm specified by nilm_id
@service = PermissionService.new @service = CreatePermission.new
@service.run(@nilm, params[:role], params[:type], params[:target_id]) @service.run(@nilm, params[:role], params[:target], params[:target_id])
@permission = @service.permission @permission = @service.permission
render status: @service.success? ? :ok : :unprocessable_entity render status: @service.success? ? :ok : :unprocessable_entity
end end
...@@ -25,20 +25,21 @@ class PermissionsController < ApplicationController ...@@ -25,20 +25,21 @@ class PermissionsController < ApplicationController
# DELETE /permissions/1.json # DELETE /permissions/1.json
def destroy def destroy
# remove permission from nilm specified by nilm_id # remove permission from nilm specified by nilm_id
@service = ServiceStub.new @service = DestroyPermission.new
@service.add_notice("Removed permission") @service.run(@nilm, current_user, params[:id])
@nilm.permissions.find(params[:id]).destroy render status: @service.success? ? :ok : :unprocessable_entity
end end
private private
def set_nilm def set_nilm
@nilm = Nilm.find(params[:nilm_id]) @nilm = Nilm.find_by_id(params[:nilm_id])
head :not_found unless @nilm
end end
# authorization based on nilms # authorization based on nilms
def authorize_owner def authorize_admin
head :unauthorized unless current_user.owns_nilm?(@nilm) head :unauthorized unless current_user.admins_nilm?(@nilm)
end end
end end
# frozen_string_literal: true
# Handles changing DbStream attributes
class CreatePermission
include ServiceStatus
def run(nilm, role, type, target_id)
# create [role] perimssion on [nilm] for
# the user or group specified
# [type]: user|group
# [target_id]: user_id or user_group_id value
#
@permission = Permission.create(nilm: nilm, role: role)
case type
when 'user'
if nilm.permissions.find_by_user_id(target_id)
add_error('user already has permissions on this nilm')
return self
end
@permission.user = User.find(target_id)
when 'group'
if nilm.permissions.find_by_user_groupe_id(target_id)
add_error('group already has permissions on this nilm')
return self
end
@permission.user_group = UserGroup.find(target_id)
else
add_error('invalid target_id')
return self
end
unless @permission.save
add_error(permission.errors.full_messages)
return self
end
set_notice('Created permission')
self
end
end
# frozen_string_literal: true # frozen_string_literal: true
# Handles changing DbStream attributes # Handles permission creation
class CreatePermission class CreatePermission
include ServiceStatus include ServiceStatus
attr_reader :permission attr_reader :permission
......
# frozen_string_literal: true
# Handles permission removal
class DestroyPermission
include ServiceStatus
def run(nilm, requester, id)
# remove permission [id] from nilm
# do not allow [requester] to remove his permission
@permission = nilm.permissions.find_by_id(id)
if @permission.nil?
add_error 'invalid permission id'
return self
elsif(@permission.user == requester)
add_error 'cannot remove your own permission'
return self
else
@permission.destroy
add_notice 'removed permission'
return self
end
end
end
json.data do
json.extract! @permission, *Permission.json_keys
json.name @permission.target_name
end
json.partial! "helpers/messages", service: @service
json.partial! "helpers/messages", service: @service
json.array! @permissions, partial: 'permissions/permission', as: :permission json.array!(@permissions) do |permission|
\ No newline at end of file json.extract! permission, *Permission.json_keys
json.name permission.target_name
end
json.partial! "permissions/permission", permission: @permission
\ No newline at end of file
require 'rails_helper' require 'rails_helper'
# This spec was generated by rspec-rails when you ran the scaffold generator. RSpec.describe PermissionsController, type: :request do
# It demonstrates how one might use RSpec to specify the controller code that let(:john) { create(:user, first_name: 'John') }
# was generated by Rails when you ran the scaffold generator. let(:nicky) { create(:user, first_name: 'Nicky')}
# let(:steve) { create(:user, first_name: 'Steve') }
# It assumes that the implementation code is generated by the rails scaffold let(:pete) { create(:user, first_name: 'Pete') }
# generator. If you are using any extension libraries to generate different let(:john_nilm) { create(:nilm, name: "John's NILM",
# controller code, this generated spec may or may not pass. admins: [john],
# owners: [nicky],
# It only uses APIs available in rails and/or rspec-rails. There are a number viewers: [steve]) }
# of tools you can use to make these specs even more expressive, but we're
# sticking to rails and rspec-rails APIs to keep things simple and stable. describe 'GET #index' do
# # list permissions by nilm
# Compared to earlier versions of this generator, there is very limited use of context 'with admin privileges' do
# stubs and message expectations in this spec. Stubs are only used when there it 'returns nilm permissions' do
# is no simpler way to get a handle on the object needed for the example. @auth_headers = john.create_new_auth_token
# Message expectations are only used when there is no simpler way to specify get "/permissions.json",
# that an instance is receiving a specific message. params: {nilm_id: john_nilm.id},
headers: @auth_headers
RSpec.describe PermissionsController, type: :controller, broken: true do expect(response).to have_http_status(:ok)
expect(response.header['Content-Type']).to include('application/json')
# This should return the minimal set of attributes required to create a valid permissions = JSON.parse(response.body)
# Permission. As you add validations to Permission, be sure to expect(permissions.count).to eq(3)
# adjust the attributes here as well. end
let(:valid_attributes) {
skip("Add a hash of attributes valid for your model")
}
let(:invalid_attributes) {
skip("Add a hash of attributes invalid for your model")
}
# This should return the minimal set of values that should be in the session
# in order to pass any filters (e.g. authentication) defined in
# PermissionsController. Be sure to keep this updated too.
let(:valid_session) { {} }
describe "GET #index" do
it "assigns all permissions as @permissions" do
permission = Permission.create! valid_attributes
get :index, params: {}, session: valid_session
expect(assigns(:permissions)).to eq([permission])
end
end
describe "GET #show" do
it "assigns the requested permission as @permission" do
permission = Permission.create! valid_attributes
get :show, params: {id: permission.to_param}, session: valid_session
expect(assigns(:permission)).to eq(permission)
end end
end context 'without admin privileges' do
it 'returns unauthorized' do
describe "GET #new" do [nicky,steve].each do |user|
it "assigns a new permission as @permission" do @auth_headers = user.create_new_auth_token
get :new, params: {}, session: valid_session get "/permissions.json",
expect(assigns(:permission)).to be_a_new(Permission) params: {nilm_id: john_nilm.id},
headers: @auth_headers
expect(response).to have_http_status(:unauthorized)
end
end
it 'returns not found on bad nilm id' do
# nilm 99 does not exist
@auth_headers = steve.create_new_auth_token
get "/permissions.json",
params: {nilm_id: 99},
headers: @auth_headers
expect(response).to have_http_status(:not_found)
end
end end
end context 'without sign-in' do
it 'returns unauthorized' do
describe "GET #edit" do # no headers: nobody is signed in, deny all
it "assigns the requested permission as @permission" do get "/permissions.json"
permission = Permission.create! valid_attributes expect(response).to have_http_status(:unauthorized)
get :edit, params: {id: permission.to_param}, session: valid_session end
expect(assigns(:permission)).to eq(permission)
end end
end end
describe "POST #create" do describe 'POST #create' do
context "with valid params" do # add permissions to specified nilm
it "creates a new Permission" do context 'with admin privileges' do
expect { it 'adds new permission' do
post :create, params: {permission: valid_attributes}, session: valid_session @auth_headers = john.create_new_auth_token
}.to change(Permission, :count).by(1) post "/permissions.json",
end params: {nilm_id: john_nilm.id,
role: 'viewer',
it "assigns a newly created permission as @permission" do target: 'user',
post :create, params: {permission: valid_attributes}, session: valid_session target_id: pete.id},
expect(assigns(:permission)).to be_a(Permission) headers: @auth_headers
expect(assigns(:permission)).to be_persisted expect(response).to have_http_status(:ok)
expect(response.header['Content-Type']).to include('application/json')
expect(response).to have_notice_message
expect(pete.views_nilm?(john_nilm)).to be true
end end
it 'returns errors on invalid request' do
it "redirects to the created permission" do # steve already has permissions on this nilm
post :create, params: {permission: valid_attributes}, session: valid_session @auth_headers = john.create_new_auth_token
expect(response).to redirect_to(Permission.last) post "/permissions.json",
params: {nilm_id: john_nilm.id,
role: 'owner',
target: 'user',
target_id: steve.id},
headers: @auth_headers
expect(response).to have_http_status(:unprocessable_entity)
expect(response.header['Content-Type']).to include('application/json')
expect(response).to have_error_message
end end
end end
context 'without admin privileges' do
context "with invalid params" do it 'returns unauthorized' do
it "assigns a newly created but unsaved permission as @permission" do [nicky,steve].each do |user|
post :create, params: {permission: invalid_attributes}, session: valid_session @auth_headers = user.create_new_auth_token
expect(assigns(:permission)).to be_a_new(Permission) post "/permissions.json",
params: {nilm_id: john_nilm.id},
headers: @auth_headers
expect(response).to have_http_status(:unauthorized)
end
end end
end
it "re-renders the 'new' template" do context 'without sign-in' do
post :create, params: {permission: invalid_attributes}, session: valid_session it 'returns unauthorized' do
expect(response).to render_template("new") # no headers: nobody is signed in, deny all
post "/permissions.json"
expect(response).to have_http_status(:unauthorized)
end end
end end
end end
describe "PUT #update" do describe 'DELETE #destroy' do
context "with valid params" do # removes specified permission from nilm
let(:new_attributes) { context 'with admin privileges' do
skip("Add a hash of attributes valid for your model") it 'removes permission' do
} p = Permission.where(nilm: john_nilm, user: steve).first
expect(steve.views_nilm?(john_nilm)).to be true
it "updates the requested permission" do @auth_headers = john.create_new_auth_token
permission = Permission.create! valid_attributes delete "/permissions/#{p.id}.json",
put :update, params: {id: permission.to_param, permission: new_attributes}, session: valid_session params: {nilm_id: john_nilm.id},
permission.reload headers: @auth_headers
skip("Add assertions for updated state") expect(response).to have_http_status(:ok)
end expect(response.header['Content-Type']).to include('application/json')
expect(response).to have_notice_message
it "assigns the requested permission as @permission" do expect(steve.views_nilm?(john_nilm)).to be false
permission = Permission.create! valid_attributes
put :update, params: {id: permission.to_param, permission: valid_attributes}, session: valid_session
expect(assigns(:permission)).to eq(permission)
end end
it 'returns error on invalid request' do
it "redirects to the permission" do # cannot remove your own permission
permission = Permission.create! valid_attributes p = Permission.where(nilm: john_nilm, user: john).first
put :update, params: {id: permission.to_param, permission: valid_attributes}, session: valid_session @auth_headers = john.create_new_auth_token
expect(response).to redirect_to(permission) delete "/permissions/#{p.id}.json",
params: {nilm_id: john_nilm.id},
headers: @auth_headers
expect(response).to have_http_status(:unprocessable_entity)
expect(response.header['Content-Type']).to include('application/json')
expect(response).to have_error_message
expect(john.admins_nilm?(john_nilm)).to be true
end end
end end
context 'without admin privileges' do
context "with invalid params" do it 'returns unauthorized' do
it "assigns the permission as @permission" do [nicky,steve].each do |user|
permission = Permission.create! valid_attributes @auth_headers = user.create_new_auth_token
put :update, params: {id: permission.to_param, permission: invalid_attributes}, session: valid_session delete "/permissions/99.json",
expect(assigns(:permission)).to eq(permission) params: {nilm_id: john_nilm.id},
end headers: @auth_headers
expect(response).to have_http_status(:unauthorized)
it "re-renders the 'edit' template" do end
permission = Permission.create! valid_attributes
put :update, params: {id: permission.to_param, permission: invalid_attributes}, session: valid_session
expect(response).to render_template("edit")
end end
end end
end context 'without sign-in' do
it 'returns unauthorized' do
describe "DELETE #destroy" do # no headers: nobody is signed in, deny all
it "destroys the requested permission" do delete "/permissions/99.json"
permission = Permission.create! valid_attributes expect(response).to have_http_status(:unauthorized)
expect { end
delete :destroy, params: {id: permission.to_param}, session: valid_session
}.to change(Permission, :count).by(-1)
end end
it "redirects to the permissions list" do
permission = Permission.create! valid_attributes
delete :destroy, params: {id: permission.to_param}, session: valid_session
expect(response).to redirect_to(permissions_url)
end
end end
end end
# frozen_string_literal: true
require 'rails_helper'
describe 'DestroyPermission service' do
let(:requester){ create(:user)}
let(:viewer){ create(:user)}
let(:group){ create(:user_group)}
let(:nilm){ create(:nilm,
admins:[requester],
viewers:[viewer, group])}
it 'removes specified user permission from nilm' do
expect(viewer.views_nilm?(nilm)).to be true
service = DestroyPermission.new
p = nilm.permissions.where(user: viewer).first
service.run(nilm,requester,p.id)
expect(service.success?).to be true
expect(viewer.views_nilm?(nilm)).to be false
end
it 'removes specified group permission from nilm' do
expect(group.permissions).to be_empty
service = DestroyPermission.new
p = nilm.permissions.where(user_group: group).first
service.run(nilm,requester,p.id)
expect(service.success?).to be true
expect(group.permissions).to be_empty
end
it 'returns error if permission is not on nilm' do
nilm2 = create(:nilm, admins: [viewer])
p2 = nilm2.permissions.first
service = DestroyPermission.new
service.run(nilm,requester,p2.id)
expect(service.success?).to be false
expect(Permission.find(p2.id)).to be_present
end
it 'does not allow requester to delete himself' do
service = DestroyPermission.new
p = nilm.permissions.where(user: requester).first
service.run(nilm,requester,p.id)
expect(service.success?).to be false
expect(requester.admins_nilm?(nilm)).to be true
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment