|
|
|
#-- copyright
|
|
|
|
# OpenProject is a project management system.
|
|
|
|
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU General Public License version 3.
|
|
|
|
#
|
|
|
|
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
|
|
|
|
# Copyright (C) 2006-2013 Jean-Philippe Lang
|
|
|
|
# Copyright (C) 2010-2013 the ChiliProject Team
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU General Public License
|
|
|
|
# as published by the Free Software Foundation; either version 2
|
|
|
|
# of the License, or (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
#
|
|
|
|
# See doc/COPYRIGHT.rdoc for more details.
|
|
|
|
#++
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
describe Api::Experimental::QueriesController, type: :controller do
|
|
|
|
let(:current_user) do
|
|
|
|
FactoryGirl.create(:user, member_in_project: project,
|
|
|
|
member_through_role: role)
|
|
|
|
end
|
|
|
|
let(:project) { FactoryGirl.create(:project) }
|
|
|
|
let(:role) do
|
|
|
|
FactoryGirl.create(:role, permissions: [:view_work_packages,
|
|
|
|
:save_queries])
|
|
|
|
end
|
|
|
|
|
|
|
|
before do
|
|
|
|
allow(User).to receive(:current).and_return(current_user)
|
|
|
|
end
|
|
|
|
|
|
|
|
shared_context 'expects policy to be followed' do |allowed_actions|
|
|
|
|
let(:called_with_expected_args) { [] }
|
|
|
|
|
|
|
|
before do
|
|
|
|
policy = double('QueryPolicy').as_null_object
|
|
|
|
allow(QueryPolicy).to receive(:new).and_return(policy)
|
|
|
|
|
|
|
|
expect(policy).to receive(:allowed?) do |received_query, received_action|
|
|
|
|
if received_query.id == query.id &&
|
|
|
|
Array(allowed_actions).include?(received_action)
|
|
|
|
called_with_expected_args << received_action
|
|
|
|
end
|
|
|
|
end.at_least(1).times.and_return(true)
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
expect(called_with_expected_args.uniq).to match_array(Array(allowed_actions))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
shared_context 'expects policy to be ignored' do |ignored_action|
|
|
|
|
before do
|
|
|
|
policy = double('QueryPolicy').as_null_object
|
|
|
|
allow(QueryPolicy).to receive(:new).and_return(policy)
|
|
|
|
|
|
|
|
pending
|
|
|
|
|
|
|
|
expect(policy).not_to receive(:allowed?).with(anything, ignored_action)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#available_columns' do
|
|
|
|
context 'with no query_id parameter' do
|
|
|
|
it 'assigns available_columns' do
|
|
|
|
get :available_columns, format: :json
|
|
|
|
expect(assigns(:available_columns)).not_to be_empty
|
|
|
|
expect(assigns(:available_columns).first).to have_key(:name)
|
|
|
|
expect(assigns(:available_columns).first).to have_key(:meta_data)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'renders the available_columns template' do
|
|
|
|
get :available_columns, format: :json
|
|
|
|
expect(response).to render_template('api/experimental/queries/available_columns')
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without the necessary permissions' do
|
|
|
|
let(:role) { FactoryGirl.create(:role, permissions: []) }
|
|
|
|
|
|
|
|
it 'should respond with 403 to global request' do
|
|
|
|
get :available_columns, format: :json
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should respond with 403 to project scoped request' do
|
|
|
|
get :available_columns, format: :json, params: { project_id: project.id }
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#custom_field_filters' do
|
|
|
|
context 'with no query_id parameter' do
|
|
|
|
it 'assigns custom_field_filters' do
|
|
|
|
get :available_columns, format: :json
|
|
|
|
expect(assigns(:custom_field_filters)).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'renders the custom_field template' do
|
|
|
|
get :custom_field_filters, format: :json
|
|
|
|
expect(response).to render_template('api/experimental/queries/custom_field_filters')
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without the necessary permissions' do
|
|
|
|
let(:role) { FactoryGirl.create(:role, permissions: []) }
|
|
|
|
|
|
|
|
it 'should respond with 403 to global request' do
|
|
|
|
get :custom_field_filters, format: :json
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should respond with 403 to project scoped request' do
|
|
|
|
get :custom_field_filters, format: :json, params: { id: project.id }
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#grouped' do
|
|
|
|
context 'within a project' do
|
|
|
|
it 'responds with 200' do
|
|
|
|
get :grouped, format: :json, params: { project_id: project.id }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without a project' do
|
|
|
|
it 'responds with 200' do
|
|
|
|
get :grouped, format: :json
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without the necessary permissions' do
|
|
|
|
let(:role) { FactoryGirl.create(:role, permissions: []) }
|
|
|
|
|
|
|
|
it 'should respond with 403 to global request' do
|
|
|
|
post :grouped, format: :json
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should respond with 403 to project scoped request' do
|
|
|
|
post :grouped, format: :json, params: { project_id: project.id }
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#create' do
|
|
|
|
context 'within a project' do
|
|
|
|
let(:valid_params) do
|
|
|
|
{ 'c' => ['type', 'status', 'priority', 'assigned_to'],
|
|
|
|
'f' => ['status'],
|
|
|
|
'group_by' => '',
|
|
|
|
'is_public' => 'false',
|
|
|
|
'name' => 'sdfsdfsdf',
|
|
|
|
'op' => { 'status' => 'o' },
|
|
|
|
'sort' => 'parent:desc',
|
|
|
|
'project_id' => project.id,
|
|
|
|
'format' => 'json' }
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'responds with 200' do
|
|
|
|
post :create, params: valid_params
|
|
|
|
expect(response.response_code).to eql(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without a project' do
|
|
|
|
let(:valid_params) do
|
|
|
|
{ 'c' => ['type', 'status', 'priority', 'assigned_to'],
|
|
|
|
'f' => ['status'],
|
|
|
|
'group_by' => '',
|
|
|
|
'is_public' => 'false',
|
|
|
|
'name' => 'sdfsdfsdf',
|
|
|
|
'op' => { 'status' => 'o' },
|
|
|
|
'sort' => 'parent:desc',
|
|
|
|
'format' => 'json' }
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'responds with 200' do
|
|
|
|
post :create, params: valid_params
|
|
|
|
expect(response.response_code).to eql(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without the necessary permissions' do
|
|
|
|
let(:role) { FactoryGirl.create(:role, permissions: []) }
|
|
|
|
|
|
|
|
it 'should respond with 403 to global request' do
|
|
|
|
post :create, format: :json
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should respond with 403 to project scoped request' do
|
|
|
|
post :create, format: :json, params: { project_id: project.id }
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#update' do
|
|
|
|
context 'within a project' do
|
|
|
|
let(:user) { FactoryGirl.create(:user) }
|
|
|
|
let(:query) { FactoryGirl.create(:query, project: project, user: user) }
|
|
|
|
let(:valid_params) do
|
|
|
|
{
|
|
|
|
'c' => ['type', 'status', 'priority', 'assigned_to'],
|
|
|
|
'f' => ['status'],
|
|
|
|
'group_by' => '',
|
|
|
|
'is_public' => 'false',
|
|
|
|
'name' => 'sdfsdfsdf',
|
|
|
|
'op' => { 'status' => 'o' },
|
|
|
|
'sort' => 'parent:desc',
|
|
|
|
'query_id' => query.id,
|
|
|
|
'id' => query.id,
|
|
|
|
'project_id' => project.id,
|
|
|
|
'format' => 'json'
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
shared_examples_for 'valid query update' do
|
|
|
|
before { post :update, params: valid_params }
|
|
|
|
|
|
|
|
it { expect(response.response_code).to eql(200) }
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'query update' do
|
|
|
|
context 'w/o public state' do
|
|
|
|
include_context 'expects policy to be followed', :update
|
|
|
|
|
|
|
|
it_behaves_like 'valid query update'
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'public state' do
|
|
|
|
let(:role) { FactoryGirl.create(:role, permissions: [:manage_public_queries]) }
|
|
|
|
let!(:membership) {
|
|
|
|
FactoryGirl.create(:member,
|
|
|
|
user: user,
|
|
|
|
project: query.project,
|
|
|
|
role_ids: [role.id])
|
|
|
|
}
|
|
|
|
|
|
|
|
before { login_as(user) }
|
|
|
|
|
|
|
|
context 'with other changes' do
|
|
|
|
include_context 'expects policy to be followed', [:update, :publicize]
|
|
|
|
|
|
|
|
before { valid_params['is_public'] = true.to_s }
|
|
|
|
|
|
|
|
it_behaves_like 'valid query update'
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'w/o other changes' do
|
|
|
|
let(:change_public_state_only_params) do
|
|
|
|
{ 'f' => ['status'],
|
|
|
|
'is_public' => 'true',
|
|
|
|
'name' => query.name,
|
|
|
|
'op' => { 'status' => 'o' },
|
|
|
|
'v' => { 'status' => [''] },
|
|
|
|
'query_id' => query.id,
|
|
|
|
'id' => query.id,
|
|
|
|
'project_id' => project.id,
|
|
|
|
'format' => 'json' }
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'publicize' do
|
|
|
|
let(:admin) { FactoryGirl.create(:admin) }
|
|
|
|
let(:valid_params) { change_public_state_only_params }
|
|
|
|
|
|
|
|
context 'allowed policy' do
|
|
|
|
include_context 'expects policy to be followed', :publicize
|
|
|
|
|
|
|
|
it_behaves_like 'valid query update'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'forbidden policy' do
|
|
|
|
include_context 'expects policy to be ignored', :update
|
|
|
|
|
|
|
|
it_behaves_like 'valid query update'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'depublicize' do
|
|
|
|
let(:query) { FactoryGirl.create(:query, project: project, is_public: true) }
|
|
|
|
let(:valid_params) { change_public_state_only_params.merge('is_public' => 'false') }
|
|
|
|
|
|
|
|
context 'allowed policy' do
|
|
|
|
include_context 'expects policy to be followed', :depublicize
|
|
|
|
|
|
|
|
it_behaves_like 'valid query update'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'forbidden policy' do
|
|
|
|
include_context 'expects policy to be ignored', :update
|
|
|
|
|
|
|
|
it_behaves_like 'valid query update'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without a project' do
|
|
|
|
let(:query) { FactoryGirl.create(:query, project: nil) }
|
|
|
|
|
|
|
|
include_context 'expects policy to be followed', :update
|
|
|
|
|
|
|
|
let(:valid_params) do
|
|
|
|
{ 'c' => ['type', 'status', 'priority', 'assigned_to'],
|
|
|
|
'f' => ['status'],
|
|
|
|
'group_by' => '',
|
|
|
|
'is_public' => 'false',
|
|
|
|
'name' => 'sdfsdfsdf',
|
|
|
|
'op' => { 'status' => 'o' },
|
|
|
|
'sort' => 'parent:desc',
|
|
|
|
'query_id' => query.id,
|
|
|
|
'id' => query.id,
|
|
|
|
'format' => 'json' }
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'responds with 200' do
|
|
|
|
post :update, params: valid_params
|
|
|
|
expect(response.response_code).to eql(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without the necessary permissions' do
|
|
|
|
let(:role) { FactoryGirl.create(:role, permissions: []) }
|
|
|
|
|
|
|
|
it 'should respond with 403 to global request' do
|
|
|
|
post :update, format: :json
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should respond with 403 to project scoped request' do
|
|
|
|
post :update, format: :json, project_id: project.id
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#destroy' do
|
|
|
|
context 'within a project' do
|
|
|
|
let(:query) { FactoryGirl.create(:query, project: project) }
|
|
|
|
|
|
|
|
include_context 'expects policy to be followed', :destroy
|
|
|
|
|
|
|
|
let(:valid_params) do
|
|
|
|
{ 'c' => ['type', 'status', 'priority', 'assigned_to'],
|
|
|
|
'f' => ['status'],
|
|
|
|
'group_by' => '',
|
|
|
|
'is_public' => 'false',
|
|
|
|
'name' => 'sdfsdfsdf',
|
|
|
|
'op' => { 'status' => 'o' },
|
|
|
|
'sort' => 'parent:desc',
|
|
|
|
'query_id' => query.id,
|
|
|
|
'id' => query.id,
|
|
|
|
'project_id' => project.id,
|
|
|
|
'format' => 'json' }
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'responds with 200' do
|
|
|
|
delete :destroy, params: valid_params
|
|
|
|
expect(response.response_code).to eql(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without a project' do
|
|
|
|
let(:query) { FactoryGirl.create(:query, project: nil) }
|
|
|
|
|
|
|
|
include_context 'expects policy to be followed', :destroy
|
|
|
|
|
|
|
|
let(:valid_params) do
|
|
|
|
{ 'c' => ['type', 'status', 'priority', 'assigned_to'],
|
|
|
|
'f' => ['status'],
|
|
|
|
'group_by' => '',
|
|
|
|
'is_public' => 'false',
|
|
|
|
'name' => 'sdfsdfsdf',
|
|
|
|
'op' => { 'status' => 'o' },
|
|
|
|
'sort' => 'parent:desc',
|
|
|
|
'query_id' => query.id,
|
|
|
|
'id' => query.id,
|
|
|
|
'format' => 'json' }
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'responds with 200' do
|
|
|
|
delete :destroy, params: valid_params
|
|
|
|
expect(response.response_code).to eql(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without the necessary permissions' do
|
|
|
|
let(:role) { FactoryGirl.create(:role, permissions: []) }
|
|
|
|
|
|
|
|
it 'should respond with 403 to global request' do
|
|
|
|
delete :destroy, format: :json
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'should respond with 403 to project scoped request' do
|
|
|
|
delete :destroy, format: :json, params: { project_id: project.id }
|
|
|
|
expect(response.response_code).to eql(403)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|