TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58924 Commits
139 Branches
203 Tags
1.2 GiB
Tag: Branch: Tree: a9a911d29c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a9a911d29c'
${ noResults }
openproject/spec/lib/api/v3/users/user_representer_spec.rb

324 lines
10 KiB
Raw Normal View History Unescape

Added some properties to the API user representer
11 years ago
#-- copyright
Update copyright notice
5 years ago
# OpenProject is an open source project management software.
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
4 years ago
# Copyright (C) 2012-2021 the OpenProject GmbH
Added some properties to the API user representer
11 years ago
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
4 years ago
# Copyright (C) 2006-2013 Jean-Philippe Lang
Added some properties to the API user representer
11 years ago
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
Bump copyright to 2018 (#6171) [ci skip]
7 years ago
# See docs/COPYRIGHT.rdoc for more details.
Added some properties to the API user representer
11 years ago
#++
require 'spec_helper'
describe ::API::V3::Users::UserRepresenter do
Placeholder user project members (#8961) * remove intermediate placeholder scope Doing so, placeholder users will begin to show up in the system * remove scope without value * extract scope * use enum for status * allow placeholder users to become project members * display placeholder user member on members widget * remove now superfluous method The status name can simply be queried via #status now * replace possible_assignees/responsibles on project This also leads to placeholder users becoming eligible as assignees and responsibles. * fix aggregated scope on bulk edit * linting * remove IssueHelper
4 years ago
let(:status) { Principal.statuses[:active] }
display user name as link for non admins The showUser link of the user representer is now used to signal when the link can be followed. That link can only be followed when the user is not logged. The frontend now only checks the availability of the link to determine whether the user name in the work package activity is to be displayed as a link or not
5 years ago
let(:user) { FactoryBot.build_stubbed(:user, status: status) }
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:current_user) { FactoryBot.build_stubbed(:user) }
houndci linting fixes
10 years ago
let(:representer) { described_class.new(user, current_user: current_user) }
Added some properties to the API user representer
11 years ago
Feature/members api show (#7308) * basic members collection response * complete member index end point * document versions#index * remove user association from members There is already a more generic principals association. Having both causes confusion and leads to duplicate loading of models * linting * remove disabled test * add members#show api end point * add project and principal to member representer * replace member.user reference with principal * use principal reference in project members association * modernize roles api * complete member representer rendering * replace remnants of user association * add member schema api endpoint * have dedicated available projects end point for versions * linting * limit roles to assignable ones in schema * rename member to membership in api * remove remnants of user in member * spec fixes * use available_projects endpoint in versions board * add eager loading to memberships#index * members create form api endpoint * ensure role exists for default assignment * extract switch for users/groups to work_packages representer * document membership create form * add l10n expected in specs * strengthen the usage of a delete base service * use base class for set attributes service * fix alias in service * add create endpoint to members api * document members create endpoint * linting * adapt to altered service signature * use default endpoint for wp#get * use CF infused representer [ci skip]
6 years ago
include API::V3::Utilities::PathHelper
Added some properties to the API user representer
11 years ago
context 'generation' do
subject(:generated) { representer.to_json }
Fix rubocop issues
9 years ago
it do is_expected.to include_json('User'.to_json).at_path('_type') end
Added some properties to the API user representer
11 years ago
Adapter UserRepresenter and spec according to visibility
8 years ago
context 'as regular user' do
it 'hides as much information as possible' do
is_expected.to have_json_path('id')
is_expected.to have_json_path('name')
is_expected.not_to have_json_path('login')
is_expected.not_to have_json_path('firstName')
is_expected.not_to have_json_path('lastName')
is_expected.not_to have_json_path('admin')
is_expected.not_to have_json_path('updatedAt')
is_expected.not_to have_json_path('createdAt')
hide user status in api
5 years ago
is_expected.not_to have_json_path('status')
hide email if so desired * Admin and self can still retrieve it * The attribute is now hidden altogether if the preferences state to not show the mail. This is in line with the rest of the representer`s behaviour
5 years ago
is_expected.not_to have_json_path('email')
add language to user api (#8812) It is documented and as such, it should be part of the api
4 years ago
is_expected.not_to have_json_path('language')
Adapter UserRepresenter and spec according to visibility
8 years ago
end
end
context 'as the represented user' do
let(:current_user) { user }
it 'shows the information of the user' do
is_expected.to have_json_path('id')
is_expected.to have_json_path('name')
is_expected.to have_json_path('login')
is_expected.to have_json_path('firstName')
is_expected.to have_json_path('lastName')
is_expected.to have_json_path('updatedAt')
is_expected.to have_json_path('createdAt')
hide user status in api
5 years ago
is_expected.to have_json_path('status')
hide email if so desired * Admin and self can still retrieve it * The attribute is now hidden altogether if the preferences state to not show the mail. This is in line with the rest of the representer`s behaviour
5 years ago
is_expected.to have_json_path('email')
add language to user api (#8812) It is documented and as such, it should be part of the api
4 years ago
is_expected.to have_json_path('language')
Adapter UserRepresenter and spec according to visibility
8 years ago
is_expected.not_to have_json_path('admin')
end
end
context 'as admin' do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:current_user) { FactoryBot.build_stubbed(:admin) }
Adapter UserRepresenter and spec according to visibility
8 years ago
it 'shows everything' do
cached representers
7 years ago
is_expected.to have_json_path('id')
is_expected.to have_json_path('login')
is_expected.to have_json_path('firstName')
is_expected.to have_json_path('lastName')
is_expected.to have_json_path('name')
hide user status in api
5 years ago
is_expected.to have_json_path('status')
hide email if so desired * Admin and self can still retrieve it * The attribute is now hidden altogether if the preferences state to not show the mail. This is in line with the rest of the representer`s behaviour
5 years ago
is_expected.to have_json_path('email')
is_expected.to have_json_path('admin')
add language to user api (#8812) It is documented and as such, it should be part of the api
4 years ago
is_expected.to have_json_path('language')
Adapter UserRepresenter and spec according to visibility
8 years ago
end
it_behaves_like 'has UTC ISO 8601 date and time' do
Chore/rename timestamps (#8765) * rename timestamps on time entry * add updated_at filter/order for time entries * rename on cost entries as well This will make handling in the cost query easier * adapt specs * linting * adapt project activity * update references to updated_on * remove outdated docs/code * global memberships are just memberships * rewire global membership creation/update/deletion * delete no longer required code and patches * move code to core * move specs to core * completely remove global roles in the form of a plugin * adapt specs * remove unused methods * migrate existing data * adapt membership representer to changed timestamps * global memberships available via API * implements created/update_at filters on memberships * update member on roles being added/removed * specify default value for created_at * fix project permission check and validation on members * adapt membership schema * adapt usage of sort by on members widget * support created/updated_on for api sort and filter * remove outdated model file * rename timestamps * allow specifying timestamp column for aaj * reload column information * further rename of created_on * include updated_at into journal creation * adapt document updated_at calculation * remove references to JournalVersion
4 years ago
let(:date) { user.created_at }
Adapter UserRepresenter and spec according to visibility
8 years ago
let(:json_path) { 'createdAt' }
end
it_behaves_like 'has UTC ISO 8601 date and time' do
Chore/rename timestamps (#8765) * rename timestamps on time entry * add updated_at filter/order for time entries * rename on cost entries as well This will make handling in the cost query easier * adapt specs * linting * adapt project activity * update references to updated_on * remove outdated docs/code * global memberships are just memberships * rewire global membership creation/update/deletion * delete no longer required code and patches * move code to core * move specs to core * completely remove global roles in the form of a plugin * adapt specs * remove unused methods * migrate existing data * adapt membership representer to changed timestamps * global memberships available via API * implements created/update_at filters on memberships * update member on roles being added/removed * specify default value for created_at * fix project permission check and validation on members * adapt membership schema * adapt usage of sort by on members widget * support created/updated_on for api sort and filter * remove outdated model file * rename timestamps * allow specifying timestamp column for aaj * reload column information * further rename of created_on * include updated_at into journal creation * adapt document updated_at calculation * remove references to JournalVersion
4 years ago
let(:date) { user.updated_at }
Adapter UserRepresenter and spec according to visibility
8 years ago
let(:json_path) { 'updatedAt' }
end
end
hide a users mail address if he wishes to
10 years ago
describe 'email' do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:user) { FactoryBot.build_stubbed(:user, status: 1, preference: preference) }
introduce group resource stub
7 years ago
hide email if so desired * Admin and self can still retrieve it * The attribute is now hidden altogether if the preferences state to not show the mail. This is in line with the rest of the representer`s behaviour
5 years ago
shared_examples_for 'shows the users E-Mail address' do
it do
is_expected.to be_json_eql(user.mail.to_json).at_path('email')
end
end
hide a users mail address if he wishes to
10 years ago
context 'user shows his E-Mail address' do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:preference) { FactoryBot.build(:user_preference, hide_mail: false) }
hide a users mail address if he wishes to
10 years ago
hide email if so desired * Admin and self can still retrieve it * The attribute is now hidden altogether if the preferences state to not show the mail. This is in line with the rest of the representer`s behaviour
5 years ago
it_behaves_like 'shows the users E-Mail address'
use shared examples in more tests
10 years ago
end
hide a users mail address if he wishes to
10 years ago
context 'user hides his E-Mail address' do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:preference) { FactoryBot.build(:user_preference, hide_mail: true) }
hide a users mail address if he wishes to
10 years ago
Add spec for invalid status
8 years ago
it 'does not render the users E-Mail address' do
hide email if so desired * Admin and self can still retrieve it * The attribute is now hidden altogether if the preferences state to not show the mail. This is in line with the rest of the representer`s behaviour
5 years ago
is_expected
.not_to have_json_path('email')
end
context 'if an admin inquires' do
let(:current_user) { FactoryBot.build_stubbed(:admin) }
it_behaves_like 'shows the users E-Mail address'
end
context 'if the user inquires himself' do
let(:current_user) { user }
it_behaves_like 'shows the users E-Mail address'
hide a users mail address if he wishes to
10 years ago
end
use shared examples in more tests
10 years ago
end
hide a users mail address if he wishes to
10 years ago
end
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
describe 'status' do
hide user status in api
5 years ago
# as only admin or self can see the status
let(:current_user) { user }
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
it 'contains the name of the account status' do
hide a users mail address if he wishes to
10 years ago
is_expected.to be_json_eql('active'.to_json).at_path('status')
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
end
end
Added some properties to the API user representer
11 years ago
describe '_links' do
it 'should link to self' do
expect(subject).to have_json_path('_links/self/href')
end
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
display user name as link for non admins The showUser link of the user representer is now used to signal when the link can be followed. That link can only be followed when the user is not logged. The frontend now only checks the availability of the link to determine whether the user name in the work package activity is to be displayed as a link or not
5 years ago
context 'showUser' do
it_behaves_like 'has an untitled link' do
let(:link) { 'showUser' }
let(:href) { "/users/#{user.id}" }
end
context 'with a locked user' do
Placeholder user project members (#8961) * remove intermediate placeholder scope Doing so, placeholder users will begin to show up in the system * remove scope without value * extract scope * use enum for status * allow placeholder users to become project members * display placeholder user member on members widget * remove now superfluous method The status name can simply be queried via #status now * replace possible_assignees/responsibles on project This also leads to placeholder users becoming eligible as assignees and responsibles. * fix aggregated scope on bulk edit * linting * remove IssueHelper
4 years ago
let(:status) { Principal.statuses[:locked] }
display user name as link for non admins The showUser link of the user representer is now used to signal when the link can be followed. That link can only be followed when the user is not logged. The frontend now only checks the availability of the link to determine whether the user name in the work package activity is to be displayed as a link or not
5 years ago
it_behaves_like 'has no link' do
let(:link) { 'showUser' }
end
end
Implement showUser path
9 years ago
end
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
context 'when regular current_user' do
it 'should have no lock-related links' do
Prefer #not_to over #to_not in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
expect(subject).not_to have_json_path('_links/lock/href')
expect(subject).not_to have_json_path('_links/unlock/href')
[24063] Add Users PATCH endpoint
8 years ago
expect(subject).not_to have_json_path('_links/update/href')
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
end
end
context 'when current_user is admin' do
FactoryGirl => FactoryBot Removes the deprecation
7 years ago
let(:current_user) { FactoryBot.build_stubbed(:admin) }
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
[24063] Add Users PATCH endpoint
8 years ago
it 'should link to lock and update' do
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
expect(subject).to have_json_path('_links/lock/href')
Adapter UserRepresenter and spec according to visibility
8 years ago
expect(subject).to have_json_path('_links/updateImmediately/href')
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
end
context 'when account is locked' do
it 'should link to unlock' do
user.lock
expect(subject).to have_json_path('_links/unlock/href')
end
end
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
context 'when deletion is allowed' do
before do
allow(Users::DeleteContract).to receive(:deletion_allowed?)
.with(user, current_user)
.and_return(true)
end
it 'should link to delete' do
expect(subject).to have_json_path('_links/delete/href')
end
end
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
end
fix tests, use mocking
10 years ago
context 'when deletion is allowed' do
before do
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
allow(Users::DeleteContract).to receive(:deletion_allowed?)
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
.with(user, current_user)
.and_return(true)
fix tests, use mocking
10 years ago
end
obey style rules
10 years ago
it 'should link to delete' do
actually include delete link how hard can ruby be anyway... I will for certain regret that commit soon ^^
10 years ago
expect(subject).to have_json_path('_links/delete/href')
fix tests, use mocking
10 years ago
end
end
context 'when deletion is not allowed' do
before do
[35507] Allow global permission to add and edit users (#8937) * Add global permission for add_user * Rename fieldset for global roles to "Global" * Add permission to admin actions * Add index action to add_user permission * Redirect to first admin item if only one * Hide status action for non admins * Break down user form into partials for easier rendering * Disable some user form tabs for non-admins * Make users API and services conformant with endpoints * Fix references to DeleteService#deletion_allowed? * Authorize add_user on show as well * Only show invite user toolbar item with permission * Fix Delete Service spec * Fix the way user prefs are handled in service * Ensure session_id is treated as string This causes a cast error otherwise as it passes rack session locally * Fix service call on onboarding controller * Fix service call on users controller * Add delete spec for global user * Hide login attribute again when adding a new user * Render auth source correctly in simple form * Fix creating invited users through service The invitation requires the mail attribute to be present. Previously, there was a manual error added to the mail. As the errors are now determined by the contract + model, we now end up with all missing properties as errors. * Properly constraint attributes for non-admins * Add specs for global user * Start working on how to update password from UsersController that code is a mess... * Change permitted_params spec to include non-admin params * Fix create user service spec * Remove mail_notification param from users controller It's not part of the contract/params passed to user * Remove todos * Extend docs * Correct the way backlogs patches into the user settings * Remove superfluous UpdateUserService * Rewrite duplicated update service examples into common shared example * Remove duplicate password writable check * Base Users::DeleteContract on base delete contract * Move checks for active users into the UserAllowedService * Restore password writable check as it is not an attribute * Fix menus for global user * Allow global users to add custom fields * Allow global user add permission to reinvite user * Fix changed var name in update service spec * Ensure also invited or registered users can be authroized This ensure that e.g., invited users can also be set as watchers * fix typo Co-authored-by: ulferts <jens.ulferts@googlemail.com>
4 years ago
allow(Users::DeleteContract).to receive(:deletion_allowed?)
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
.with(user, current_user)
.and_return(false)
fix tests, use mocking
10 years ago
end
it 'should not link to delete' do
Prefer #not_to over #to_not in specs Signed-off-by: Alex Coles <alex@alexbcoles.com>
10 years ago
expect(subject).not_to have_json_path('_links/delete/href')
apiv3: User (Un-)Locking functionality This commit implements the proposed user locking/unlocking functionality in https://github.com/opf/openproject/pull/2401. The APIv3 is extended with a resource ``/user/:id/lock`` with the following properties: * ``POST /lock``: Set the lock of user(:id), if its account status is 'active'. * ``DELETE /lock``: Remove an active lock of user(:id), if its account status is 'locked'. This commit also implements the following changes to ``UserRepresenter``: * Replaced the integer status field with the textual status name (i.e., 'active') * Added two entries to *_links* for admin users: ``lock``, ``unlock``.
10 years ago
end
end
Feature/members api show (#7308) * basic members collection response * complete member index end point * document versions#index * remove user association from members There is already a more generic principals association. Having both causes confusion and leads to duplicate loading of models * linting * remove disabled test * add members#show api end point * add project and principal to member representer * replace member.user reference with principal * use principal reference in project members association * modernize roles api * complete member representer rendering * replace remnants of user association * add member schema api endpoint * have dedicated available projects end point for versions * linting * limit roles to assignable ones in schema * rename member to membership in api * remove remnants of user in member * spec fixes * use available_projects endpoint in versions board * add eager loading to memberships#index * members create form api endpoint * ensure role exists for default assignment * extract switch for users/groups to work_packages representer * document membership create form * add l10n expected in specs * strengthen the usage of a delete base service * use base class for set attributes service * fix alias in service * add create endpoint to members api * document members create endpoint * linting * adapt to altered service signature * use default endpoint for wp#get * use CF infused representer [ci skip]
6 years ago
describe 'memberships' do
before do
allow(current_user)
Placeholder user project members (#8961) * remove intermediate placeholder scope Doing so, placeholder users will begin to show up in the system * remove scope without value * extract scope * use enum for status * allow placeholder users to become project members * display placeholder user member on members widget * remove now superfluous method The status name can simply be queried via #status now * replace possible_assignees/responsibles on project This also leads to placeholder users becoming eligible as assignees and responsibles. * fix aggregated scope on bulk edit * linting * remove IssueHelper
4 years ago
.to receive(:allowed_to_globally?) do |action|
permissions.include?(action)
Feature/members api show (#7308) * basic members collection response * complete member index end point * document versions#index * remove user association from members There is already a more generic principals association. Having both causes confusion and leads to duplicate loading of models * linting * remove disabled test * add members#show api end point * add project and principal to member representer * replace member.user reference with principal * use principal reference in project members association * modernize roles api * complete member representer rendering * replace remnants of user association * add member schema api endpoint * have dedicated available projects end point for versions * linting * limit roles to assignable ones in schema * rename member to membership in api * remove remnants of user in member * spec fixes * use available_projects endpoint in versions board * add eager loading to memberships#index * members create form api endpoint * ensure role exists for default assignment * extract switch for users/groups to work_packages representer * document membership create form * add l10n expected in specs * strengthen the usage of a delete base service * use base class for set attributes service * fix alias in service * add create endpoint to members api * document members create endpoint * linting * adapt to altered service signature * use default endpoint for wp#get * use CF infused representer [ci skip]
6 years ago
end
end
let(:href) do
filters = [{ 'principal' => {
'operator' => '=',
'values' => [user.id.to_s]
} }]
api_v3_paths.path_for(:memberships, filters: filters)
end
context 'if the user has the :view_members permissions' do
let(:permissions) { [:view_members] }
it_behaves_like 'has a titled link' do
let(:link) { 'memberships' }
let(:title) { I18n.t(:label_member_plural) }
end
end
context 'if the user has the :manage_members permissions' do
let(:permissions) { [:manage_members] }
it_behaves_like 'has a titled link' do
let(:link) { 'memberships' }
let(:title) { I18n.t(:label_member_plural) }
end
end
context 'if the user lacks permissions' do
let(:permissions) { [] }
it_behaves_like 'has no link' do
let(:link) { 'memberships' }
end
end
end
Added some properties to the API user representer
11 years ago
end
cached representers
7 years ago
describe 'caching' do
it 'is based on the representer\'s cache_key' do
expect(OpenProject::Cache)
.to receive(:fetch)
place user delete service inside users namespace
6 years ago
.with(representer.json_cache_key)
.and_call_original
cached representers
7 years ago
representer.to_json
end
Feature/versions api update (#7299) Feature/versions api update [ci skip]
6 years ago
describe '#json_cache_key' do
let(:auth_source) { FactoryBot.build_stubbed(:auth_source) }
cached representers
7 years ago
Feature/versions api update (#7299) Feature/versions api update [ci skip]
6 years ago
before do
user.auth_source = auth_source
end
let!(:former_cache_key) { representer.json_cache_key }
cached representers
7 years ago
Feature/versions api update (#7299) Feature/versions api update [ci skip]
6 years ago
it 'includes the name of the representer class' do
expect(representer.json_cache_key)
.to include('API', 'V3', 'Users', 'UserRepresenter')
end
cached representers
7 years ago
Feature/versions api update (#7299) Feature/versions api update [ci skip]
6 years ago
it 'changes when the locale changes' do
I18n.with_locale(:fr) do
cached representers
7 years ago
expect(representer.json_cache_key)
Feature/versions api update (#7299) Feature/versions api update [ci skip]
6 years ago
.not_to eql former_cache_key
cached representers
7 years ago
end
Feature/versions api update (#7299) Feature/versions api update [ci skip]
6 years ago
end
cached representers
7 years ago
Feature/versions api update (#7299) Feature/versions api update [ci skip]
6 years ago
it 'changes when the user is updated' do
Chore/rename timestamps (#8765) * rename timestamps on time entry * add updated_at filter/order for time entries * rename on cost entries as well This will make handling in the cost query easier * adapt specs * linting * adapt project activity * update references to updated_on * remove outdated docs/code * global memberships are just memberships * rewire global membership creation/update/deletion * delete no longer required code and patches * move code to core * move specs to core * completely remove global roles in the form of a plugin * adapt specs * remove unused methods * migrate existing data * adapt membership representer to changed timestamps * global memberships available via API * implements created/update_at filters on memberships * update member on roles being added/removed * specify default value for created_at * fix project permission check and validation on members * adapt membership schema * adapt usage of sort by on members widget * support created/updated_on for api sort and filter * remove outdated model file * rename timestamps * allow specifying timestamp column for aaj * reload column information * further rename of created_on * include updated_at into journal creation * adapt document updated_at calculation * remove references to JournalVersion
4 years ago
user.updated_at = Time.now + 20.seconds
cached representers
7 years ago
Feature/versions api update (#7299) Feature/versions api update [ci skip]
6 years ago
expect(representer.json_cache_key)
.not_to eql former_cache_key
end
cached representers
7 years ago
Feature/versions api update (#7299) Feature/versions api update [ci skip]
6 years ago
it 'changes when the user\'s auth_source is updated' do
user.auth_source.updated_at = Time.now + 20.seconds
cached representers
7 years ago
Feature/versions api update (#7299) Feature/versions api update [ci skip]
6 years ago
expect(representer.json_cache_key)
.not_to eql former_cache_key
cached representers
7 years ago
end
end
end
Added some properties to the API user representer
11 years ago
end
end