added tests for permissions

bccc8aec · John Doe · 544dddab · bccc8aec · bccc8aec · bccc8aec
Commit bccc8aec authored Feb 20, 2017 by John Doe
Showing with 273 additions and 163 deletions
app/controllers/permissions_controller.rb
app/services/perimssion/create_permission.rb
app/services/permission/create_permission.rb
app/services/permission/destroy_permission.rb
app/views/permissions/create.json.jbuilder
app/views/permissions/destroy.json.jbuilder
app/views/permissions/index.json.jbuilder
app/views/permissions/show.json.jbuilder
spec/controllers/permissions_controller_spec.rb
spec/services/permission/destroy_permission_spec.rb
--- a/app/controllers/permissions_controller.rb
+++ b/app/controllers/permissions_controller.rb
@@ -8,15 +8,15 @@ class PermissionsController < ApplicationController
  # GET /permissions.json
  def index
    # return permissions for nilm specified by nilm_id
-    @permissions = Permission.find_by_nilm(@nilm)
+    @permissions = @nilm.permissions
  end
  # POST /permissions
  # POST /permissions.json
  def create
    # create permission for nilm specified by nilm_id
-    @service = PermissionService.new
+    @service = CreatePermission.new
-    @service.run(@nilm, params[:role], params[:type], params[:target_id])
+    @service.run(@nilm, params[:role], params[:target], params[:target_id])
    @permission = @service.permission
    render status: @service.success? ? :ok : :unprocessable_entity
  end
@@ -25,20 +25,21 @@ class PermissionsController < ApplicationController
  # DELETE /permissions/1.json
  def destroy
    # remove permission from nilm specified by nilm_id
-    @service = ServiceStub.new
+    @service = DestroyPermission.new
-    @service.add_notice("Removed permission")
+    @service.run(@nilm, current_user, params[:id])
-    @nilm.permissions.find(params[:id]).destroy
+    render status: @service.success? ? :ok : :unprocessable_entity
  end
  private
  def set_nilm
-    @nilm = Nilm.find(params[:nilm_id])
+    @nilm = Nilm.find_by_id(params[:nilm_id])
+    head :not_found unless @nilm
  end
  # authorization based on nilms
-  def authorize_owner
+  def authorize_admin
-    head :unauthorized  unless current_user.owns_nilm?(@nilm)
+    head :unauthorized  unless current_user.admins_nilm?(@nilm)
  end
 end
--- a/app/services/perimssion/create_permission.rb
+++ b/app/services/perimssion/create_permission.rb
+# frozen_string_literal: true
+# Handles changing DbStream attributes
+class CreatePermission
+  include ServiceStatus
+  def run(nilm, role, type, target_id)
+    # create [role] perimssion on [nilm] for
+    # the user or group specified
+    # [type]: user|group
+    # [target_id]: user_id or user_group_id value
+    #
+    @permission = Permission.create(nilm: nilm, role: role)
+    case type
+    when 'user'
+      if nilm.permissions.find_by_user_id(target_id)
+        add_error('user already has permissions on this nilm')
+        return self
+      end
+      @permission.user = User.find(target_id)
+    when 'group'
+      if nilm.permissions.find_by_user_groupe_id(target_id)
+        add_error('group already has permissions on this nilm')
+        return self
+      end
+      @permission.user_group = UserGroup.find(target_id)
+    else
+      add_error('invalid target_id')
+      return self
+    end
+    unless @permission.save
+      add_error(permission.errors.full_messages)
+      return self
+    end
+    set_notice('Created permission')
+    self
+  end
+end
--- a/app/services/permission/create_permission.rb
+++ b/app/services/permission/create_permission.rb
 # frozen_string_literal: true
-# Handles changing DbStream attributes
+# Handles permission creation
 class CreatePermission
  include ServiceStatus
  attr_reader :permission

--- a/app/services/permission/destroy_permission.rb
+++ b/app/services/permission/destroy_permission.rb
+# frozen_string_literal: true
+# Handles permission removal
+class DestroyPermission
+  include ServiceStatus
+  def run(nilm, requester, id)
+    # remove permission [id] from nilm
+    # do not allow [requester] to remove his permission
+    @permission = nilm.permissions.find_by_id(id)
+    if @permission.nil?
+      add_error 'invalid permission id'
+      return self
+    elsif(@permission.user == requester)
+      add_error 'cannot remove your own permission'
+      return self
+    else
+      @permission.destroy
+      add_notice 'removed permission'
+      return self
+    end
+  end
+end
--- a/app/views/permissions/create.json.jbuilder
+++ b/app/views/permissions/create.json.jbuilder
+json.data do
+  json.extract! @permission, *Permission.json_keys
+  json.name @permission.target_name
+end
+json.partial! "helpers/messages", service: @service
--- a/app/views/permissions/destroy.json.jbuilder
+++ b/app/views/permissions/destroy.json.jbuilder
+json.partial! "helpers/messages", service: @service
--- a/app/views/permissions/index.json.jbuilder
+++ b/app/views/permissions/index.json.jbuilder
-json.array! @permissions, partial: 'permissions/permission', as: :permission
+json.array!(@permissions) do |permission|
\ No newline at end of file
+  json.extract! permission, *Permission.json_keys
+  json.name permission.target_name
+end
--- a/app/views/permissions/show.json.jbuilder
+++ b/app/views/permissions/show.json.jbuilder
-json.partial! "permissions/permission", permission: @permission
\ No newline at end of file
--- a/spec/controllers/permissions_controller_spec.rb
+++ b/spec/controllers/permissions_controller_spec.rb
 require 'rails_helper'
-# This spec was generated by rspec-rails when you ran the scaffold generator.
+RSpec.describe PermissionsController, type: :request do
-# It demonstrates how one might use RSpec to specify the controller code that
+  let(:john) { create(:user, first_name: 'John') }
-# was generated by Rails when you ran the scaffold generator.
+  let(:nicky) { create(:user, first_name: 'Nicky')}
-#
+  let(:steve) { create(:user, first_name: 'Steve') }
-# It assumes that the implementation code is generated by the rails scaffold
+  let(:pete) { create(:user, first_name: 'Pete') }
-# generator.  If you are using any extension libraries to generate different
+  let(:john_nilm) { create(:nilm, name: "John's NILM",
-# controller code, this generated spec may or may not pass.
+                                  admins: [john],
-#
+                                  owners: [nicky],
-# It only uses APIs available in rails and/or rspec-rails.  There are a number
+                                  viewers: [steve]) }
-# of tools you can use to make these specs even more expressive, but we're
-# sticking to rails and rspec-rails APIs to keep things simple and stable.
+  describe 'GET #index' do
-#
+    # list permissions by nilm
-# Compared to earlier versions of this generator, there is very limited use of
+    context 'with admin privileges' do
-# stubs and message expectations in this spec.  Stubs are only used when there
+      it 'returns nilm permissions' do
-# is no simpler way to get a handle on the object needed for the example.
+        @auth_headers = john.create_new_auth_token
-# Message expectations are only used when there is no simpler way to specify
+        get "/permissions.json",
-# that an instance is receiving a specific message.
+          params: {nilm_id: john_nilm.id},
+          headers: @auth_headers
-RSpec.describe PermissionsController, type: :controller, broken: true do
+        expect(response).to have_http_status(:ok)
+        expect(response.header['Content-Type']).to include('application/json')
-  # This should return the minimal set of attributes required to create a valid
+        permissions = JSON.parse(response.body)
-  # Permission. As you add validations to Permission, be sure to
+        expect(permissions.count).to eq(3)
-  # adjust the attributes here as well.
+      end
-  let(:valid_attributes) {
+    end
-    skip("Add a hash of attributes valid for your model")
+    context 'without admin privileges' do
-  }
+      it 'returns unauthorized' do
+        [nicky,steve].each do |user|
-  let(:invalid_attributes) {
+          @auth_headers = user.create_new_auth_token
-    skip("Add a hash of attributes invalid for your model")
+          get "/permissions.json",
-  }
+              params: {nilm_id: john_nilm.id},
+              headers: @auth_headers
-  # This should return the minimal set of values that should be in the session
+              expect(response).to have_http_status(:unauthorized)
-  # in order to pass any filters (e.g. authentication) defined in
+        end
-  # PermissionsController. Be sure to keep this updated too.
+      end
-  let(:valid_session) { {} }
+      it 'returns not found on bad nilm id' do
+        # nilm 99 does not exist
-  describe "GET #index" do
+        @auth_headers = steve.create_new_auth_token
-    it "assigns all permissions as @permissions" do
+        get "/permissions.json",
-      permission = Permission.create! valid_attributes
+            params: {nilm_id: 99},
-      get :index, params: {}, session: valid_session
+            headers: @auth_headers
-      expect(assigns(:permissions)).to eq([permission])
+            expect(response).to have_http_status(:not_found)
-    end
+      end
-  end
+    end
+    context 'without sign-in' do
-  describe "GET #show" do
+      it 'returns unauthorized' do
-    it "assigns the requested permission as @permission" do
+        #  no headers: nobody is signed in, deny all
-      permission = Permission.create! valid_attributes
+        get "/permissions.json"
-      get :show, params: {id: permission.to_param}, session: valid_session
+        expect(response).to have_http_status(:unauthorized)
-      expect(assigns(:permission)).to eq(permission)
+      end
    end
  end
-  describe "GET #new" do
+  describe 'POST #create' do
-    it "assigns a new permission as @permission" do
+    # add permissions to specified nilm
-      get :new, params: {}, session: valid_session
+    context 'with admin privileges' do
-      expect(assigns(:permission)).to be_a_new(Permission)
+      it 'adds new permission' do
-    end
+        @auth_headers = john.create_new_auth_token
-  end
+        post "/permissions.json",
+          params: {nilm_id: john_nilm.id,
-  describe "GET #edit" do
+                   role: 'viewer',
-    it "assigns the requested permission as @permission" do
+                   target: 'user',
-      permission = Permission.create! valid_attributes
+                   target_id: pete.id},
-      get :edit, params: {id: permission.to_param}, session: valid_session
+          headers: @auth_headers
-      expect(assigns(:permission)).to eq(permission)
+        expect(response).to have_http_status(:ok)
-    end
+        expect(response.header['Content-Type']).to include('application/json')
-  end
+        expect(response).to have_notice_message
+        expect(pete.views_nilm?(john_nilm)).to be true
-  describe "POST #create" do
+      end
-    context "with valid params" do
+      it 'returns errors on invalid request' do
-      it "creates a new Permission" do
+        # steve already has permissions on this nilm
-        expect {
+        @auth_headers = john.create_new_auth_token
-          post :create, params: {permission: valid_attributes}, session: valid_session
+        post "/permissions.json",
-        }.to change(Permission, :count).by(1)
+          params: {nilm_id: john_nilm.id,
-      end
+                   role: 'owner',
+                   target: 'user',
-      it "assigns a newly created permission as @permission" do
+                   target_id: steve.id},
-        post :create, params: {permission: valid_attributes}, session: valid_session
+          headers: @auth_headers
-        expect(assigns(:permission)).to be_a(Permission)
+        expect(response).to have_http_status(:unprocessable_entity)
-        expect(assigns(:permission)).to be_persisted
+        expect(response.header['Content-Type']).to include('application/json')
-      end
+        expect(response).to have_error_message
+      end
-      it "redirects to the created permission" do
+    end
-        post :create, params: {permission: valid_attributes}, session: valid_session
+    context 'without admin privileges' do
-        expect(response).to redirect_to(Permission.last)
+      it 'returns unauthorized' do
+        [nicky,steve].each do |user|
+          @auth_headers = user.create_new_auth_token
+          post "/permissions.json",
+              params: {nilm_id: john_nilm.id},
+              headers: @auth_headers
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
+    end
+    context 'without sign-in' do
+      it 'returns unauthorized' do
+        #  no headers: nobody is signed in, deny all
+        post "/permissions.json"
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
+  describe 'DELETE #destroy' do
+    # removes specified permission from nilm
+    context 'with admin privileges' do
+      it 'removes permission' do
+        p = Permission.where(nilm: john_nilm, user: steve).first
+        expect(steve.views_nilm?(john_nilm)).to be true
+        @auth_headers = john.create_new_auth_token
+        delete "/permissions/#{p.id}.json",
+          params: {nilm_id: john_nilm.id},
+          headers: @auth_headers
+        expect(response).to have_http_status(:ok)
+        expect(response.header['Content-Type']).to include('application/json')
+        expect(response).to have_notice_message
+        expect(steve.views_nilm?(john_nilm)).to be false
+      end
+      it 'returns error on invalid request' do
+        # cannot remove your own permission
+        p = Permission.where(nilm: john_nilm, user: john).first
+        @auth_headers = john.create_new_auth_token
+        delete "/permissions/#{p.id}.json",
+          params: {nilm_id: john_nilm.id},
+          headers: @auth_headers
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(response.header['Content-Type']).to include('application/json')
+        expect(response).to have_error_message
+        expect(john.admins_nilm?(john_nilm)).to be true
+      end
+    end
+    context 'without admin privileges' do
+      it 'returns unauthorized' do
+        [nicky,steve].each do |user|
+          @auth_headers = user.create_new_auth_token
+          delete "/permissions/99.json",
+              params: {nilm_id: john_nilm.id},
+              headers: @auth_headers
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
    end
+    context 'without sign-in' do
+      it 'returns unauthorized' do
+        #  no headers: nobody is signed in, deny all
+        delete "/permissions/99.json"
+        expect(response).to have_http_status(:unauthorized)
      end
-    context "with invalid params" do
-      it "assigns a newly created but unsaved permission as @permission" do
-        post :create, params: {permission: invalid_attributes}, session: valid_session
-        expect(assigns(:permission)).to be_a_new(Permission)
-      end
-      it "re-renders the 'new' template" do
-        post :create, params: {permission: invalid_attributes}, session: valid_session
-        expect(response).to render_template("new")
    end
-    end
-  end
-  describe "PUT #update" do
-    context "with valid params" do
-      let(:new_attributes) {
-        skip("Add a hash of attributes valid for your model")
-      }
-      it "updates the requested permission" do
-        permission = Permission.create! valid_attributes
-        put :update, params: {id: permission.to_param, permission: new_attributes}, session: valid_session
-        permission.reload
-        skip("Add assertions for updated state")
-      end
-      it "assigns the requested permission as @permission" do
-        permission = Permission.create! valid_attributes
-        put :update, params: {id: permission.to_param, permission: valid_attributes}, session: valid_session
-        expect(assigns(:permission)).to eq(permission)
-      end
-      it "redirects to the permission" do
-        permission = Permission.create! valid_attributes
-        put :update, params: {id: permission.to_param, permission: valid_attributes}, session: valid_session
-        expect(response).to redirect_to(permission)
-      end
  end
-    context "with invalid params" do
-      it "assigns the permission as @permission" do
-        permission = Permission.create! valid_attributes
-        put :update, params: {id: permission.to_param, permission: invalid_attributes}, session: valid_session
-        expect(assigns(:permission)).to eq(permission)
-      end
-      it "re-renders the 'edit' template" do
-        permission = Permission.create! valid_attributes
-        put :update, params: {id: permission.to_param, permission: invalid_attributes}, session: valid_session
-        expect(response).to render_template("edit")
-      end
-    end
-  end
-  describe "DELETE #destroy" do
-    it "destroys the requested permission" do
-      permission = Permission.create! valid_attributes
-      expect {
-        delete :destroy, params: {id: permission.to_param}, session: valid_session
-      }.to change(Permission, :count).by(-1)
-    end
-    it "redirects to the permissions list" do
-      permission = Permission.create! valid_attributes
-      delete :destroy, params: {id: permission.to_param}, session: valid_session
-      expect(response).to redirect_to(permissions_url)
-    end
-  end
 end
--- a/spec/services/permission/destroy_permission_spec.rb
+++ b/spec/services/permission/destroy_permission_spec.rb
+# frozen_string_literal: true
+require 'rails_helper'
+describe 'DestroyPermission service' do
+  let(:requester){ create(:user)}
+  let(:viewer){ create(:user)}
+  let(:group){ create(:user_group)}
+  let(:nilm){ create(:nilm,
+                     admins:[requester],
+                     viewers:[viewer, group])}
+  it 'removes specified user permission from nilm' do
+    expect(viewer.views_nilm?(nilm)).to be true
+    service = DestroyPermission.new
+    p = nilm.permissions.where(user: viewer).first
+    service.run(nilm,requester,p.id)
+    expect(service.success?).to be true
+    expect(viewer.views_nilm?(nilm)).to be false
+  end
+  it 'removes specified group permission from nilm' do
+    expect(group.permissions).to be_empty
+    service = DestroyPermission.new
+    p = nilm.permissions.where(user_group: group).first
+    service.run(nilm,requester,p.id)
+    expect(service.success?).to be true
+    expect(group.permissions).to be_empty
+  end
+  it 'returns error if permission is not on nilm' do
+    nilm2 = create(:nilm, admins: [viewer])
+    p2 = nilm2.permissions.first
+    service = DestroyPermission.new
+    service.run(nilm,requester,p2.id)
+    expect(service.success?).to be false
+    expect(Permission.find(p2.id)).to be_present
+  end
+  it 'does not allow requester to delete himself' do
+    service = DestroyPermission.new
+    p = nilm.permissions.where(user: requester).first
+    service.run(nilm,requester,p.id)
+    expect(service.success?).to be false
+    expect(requester.admins_nilm?(nilm)).to be true
+  end
+end