openproject/spec/controllers/api/v2/versions_controller_spec.rb

#-- copyright
# OpenProject is a project management system.
# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See doc/COPYRIGHT.rdoc for more details.
#++

require 'spec_helper'

describe Api::V2::VersionsController, type: :controller do
  let(:project) { FactoryGirl.create(:project) }
  let(:version) { FactoryGirl.create(:version, project: project) }
  let(:admin_user) { FactoryGirl.create(:admin) }

  shared_examples_for 'unauthorized access' do
    before do get action, request_params end

    it { expect(response.status).to eq(401) }
  end

  describe '#index' do
    it_behaves_like 'unauthorized access' do
      let(:action) { :index }
      let(:request_params) { { project_id: project.id, format: :xml } }
    end

    context 'with access' do
      let!(:version) { FactoryGirl.create(:version, project: project) }

      before do allow(User).to receive(:current).and_return admin_user end

      describe 'single project' do
        before do get :index, project_id: project.id, format: :xml end

        it { expect(assigns(:project)).to eq(project) }

        it { expect(assigns(:projects)).to be_nil }

        it { expect(assigns(:versions).length).to eql(1) }

        it { expect(assigns(:versions).map(&:id)).to include(version.id) }
      end

      describe 'multiple projects' do
        let(:project_2) { FactoryGirl.create(:project) }

        shared_context 'request versions' do
          before do
            get :index,
                project_id: projects.map(&:id).join(','),
                format: :xml
          end
        end

        shared_examples_for 'request with multiple projects' do
          include_context 'request versions'

          it { expect(assigns(:project)).to be_nil }

          it { expect(assigns(:projects)).to match_array(expected_projects) }

          it { expect(assigns(:versions).map(&:id)).to match_array(expected_versions.map(&:id)) }
        end

        context 'projects are not in hierarchy' do
          let!(:version_2) { FactoryGirl.create(:version, project: project_2) }

          context 'user has access to all projects' do
            it_behaves_like 'request with multiple projects' do
              let(:projects) { [project, project_2] }
              let(:expected_projects) { projects }
              let(:expected_versions) { [version, version_2] }
            end
          end

          context 'user has access only to one project' do
            let(:user) { FactoryGirl.create(:user, member_in_project: project) }

            before do allow(User).to receive(:current).and_return user end

            it_behaves_like 'request with multiple projects' do
              let(:projects) { [project, project_2] }
              let(:expected_projects) { [project] }
              let(:expected_versions) { [version] }
            end
          end
        end

        context 'projects are in hierarchy and version is shared' do
          let(:child_project) { FactoryGirl.create(:project, parent: project) }
          let(:projects) { [project, child_project] }
          let!(:shared_version) { FactoryGirl.create(:version, project: project, sharing: 'descendants') }

          it_behaves_like 'request with multiple projects' do
            let(:expected_projects) { [project, child_project] }
            let(:expected_versions) { [version, shared_version] }
          end

          describe 'shared versions' do
            include_context 'request versions'

            subject { assigns(:versions).detect { |v| v.id == shared_version.id }.shared_with }

            it { expect(subject).to include(project.id, child_project.id) }
          end
        end
      end

      describe 'ids' do
        shared_context 'request versions filtered' do
          before { get :index, ids: ids, project_id: project.id, format: :json }
        end

        describe 'invalid version' do
          include_context 'request versions filtered' do
            let(:ids) { '0' }
          end

          it { expect(assigns(:versions)).to be_empty }
        end

        describe 'valid versions' do
          let(:version_2) { FactoryGirl.create(:version, project: project) }
          let(:ids) { [version, version_2].map(&:id).join(',') }

          include_context 'request versions filtered'

          it { expect(assigns(:versions).map(&:id)).to match_array([version.id, version_2.id]) }
        end

        describe 'shared version' do
          let(:child_project) { FactoryGirl.create(:project, parent: project) }
          let(:shared_version) { FactoryGirl.create(:version, project: project, sharing: 'descendants') }

          before do get :index, ids: shared_version.id.to_s, project_id: child_project.id, format: :json end

          it { expect(assigns(:versions).map(&:id)).to match_array([shared_version.id]) }

          it { expect(assigns(:versions).first.shared_with).to match_array([child_project.id]) }
        end

        describe 'shared version when the user has access to only the inheriting project' do
          let(:child_project) { FactoryGirl.create(:project, parent: project) }
          let(:shared_version) do
            FactoryGirl.create(:version, project: project, sharing: 'descendants')
          end
          let(:user) { FactoryGirl.create(:user, member_in_project: child_project) }

          before do
            allow(User).to receive(:current).and_return user

            get :index, ids: shared_version.id.to_s, project_id: child_project.id, format: :json
          end

          it { expect(assigns(:versions).map(&:id)).to match_array([shared_version.id]) }

          it { expect(assigns(:versions).first.shared_with).to match_array([child_project.id]) }
        end
      end
    end
  end
end
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`#-- copyright`
			`# OpenProject is a project management system.`
Update year in copyright header to 2015 [ci skip] 10 years ago			`# Copyright (C) 2012-2015 the OpenProject Foundation (OPF)`
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
			`# See doc/COPYRIGHT.rdoc for more details.`
			`#++`

Use simple require for spec helper 10 years ago			`require 'spec_helper'`
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago
			`describe Api::V2::VersionsController, type: :controller do`
Add specs for API v2 version index 10 years ago			`let(:project) { FactoryGirl.create(:project) }`
			`let(:version) { FactoryGirl.create(:version, project: project) }`
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`let(:admin_user) { FactoryGirl.create(:admin) }`

Add specs for API v2 version index 10 years ago			`shared_examples_for 'unauthorized access' do`
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 9 years ago			`before do get action, request_params end`
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago
Add specs for API v2 version index 10 years ago			`it { expect(response.status).to eq(401) }`
			`end`
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago
Add specs for API v2 version index 10 years ago			`describe '#index' do`
			`it_behaves_like 'unauthorized access' do`
			`let(:action) { :index }`
			`let(:request_params) { { project_id: project.id, format: :xml } }`
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`end`

			`context 'with access' do`
Add specs for API v2 version index 10 years ago			`let!(:version) { FactoryGirl.create(:version, project: project) }`

Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 9 years ago			`before do allow(User).to receive(:current).and_return admin_user end`
Add specs for API v2 version index 10 years ago
			`describe 'single project' do`
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 9 years ago			`before do get :index, project_id: project.id, format: :xml end`
Add specs for API v2 version index 10 years ago
			`it { expect(assigns(:project)).to eq(project) }`

			`it { expect(assigns(:projects)).to be_nil }`
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago
Aggregate projects for shared versions 10 years ago			`it { expect(assigns(:versions).length).to eql(1) }`

Prefer #map over #collect in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`it { expect(assigns(:versions).map(&:id)).to include(version.id) }`
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`end`

Add specs for API v2 version index 10 years ago			`describe 'multiple projects' do`
			`let(:project_2) { FactoryGirl.create(:project) }`
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago
Test projects references in shared versions 10 years ago			`shared_context 'request versions' do`
Add specs for API v2 version index 10 years ago			`before do`
			`get :index,`
Prefer #map over #collect in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`project_id: projects.map(&:id).join(','),`
Add specs for API v2 version index 10 years ago			`format: :xml`
			`end`
Test projects references in shared versions 10 years ago			`end`

			`shared_examples_for 'request with multiple projects' do`
			`include_context 'request versions'`
Add specs for API v2 version index 10 years ago
			`it { expect(assigns(:project)).to be_nil }`

			`it { expect(assigns(:projects)).to match_array(expected_projects) }`

Prefer #map over #collect in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`it { expect(assigns(:versions).map(&:id)).to match_array(expected_versions.map(&:id)) }`
Add specs for API v2 version index 10 years ago			`end`

Test handling of shared versions 10 years ago			`context 'projects are not in hierarchy' do`
			`let!(:version_2) { FactoryGirl.create(:version, project: project_2) }`

			`context 'user has access to all projects' do`
			`it_behaves_like 'request with multiple projects' do`
			`let(:projects) { [project, project_2] }`
			`let(:expected_projects) { projects }`
			`let(:expected_versions) { [version, version_2] }`
			`end`
Add specs for API v2 version index 10 years ago			`end`

Test handling of shared versions 10 years ago			`context 'user has access only to one project' do`
			`let(:user) { FactoryGirl.create(:user, member_in_project: project) }`
Add specs for API v2 version index 10 years ago
Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 9 years ago			`before do allow(User).to receive(:current).and_return user end`
Test handling of shared versions 10 years ago
			`it_behaves_like 'request with multiple projects' do`
			`let(:projects) { [project, project_2] }`
			`let(:expected_projects) { [project] }`
			`let(:expected_versions) { [version] }`
			`end`
			`end`
			`end`

			`context 'projects are in hierarchy and version is shared' do`
			`let(:child_project) { FactoryGirl.create(:project, parent: project) }`
Test projects references in shared versions 10 years ago			`let(:projects) { [project, child_project] }`
Test handling of shared versions 10 years ago			`let!(:shared_version) { FactoryGirl.create(:version, project: project, sharing: 'descendants') }`
Add specs for API v2 version index 10 years ago
			`it_behaves_like 'request with multiple projects' do`
Test handling of shared versions 10 years ago			`let(:expected_projects) { [project, child_project] }`
Test projects references in shared versions 10 years ago			`let(:expected_versions) { [version, shared_version] }`
			`end`

			`describe 'shared versions' do`
			`include_context 'request versions'`

Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`subject { assigns(:versions).detect { \|v\| v.id == shared_version.id }.shared_with }`
Test projects references in shared versions 10 years ago
			`it { expect(subject).to include(project.id, child_project.id) }`
Add specs for API v2 version index 10 years ago			`end`
			`end`
			`end`
Test version ids filter 10 years ago
			`describe 'ids' do`
			`shared_context 'request versions filtered' do`
			`before { get :index, ids: ids, project_id: project.id, format: :json }`
			`end`

			`describe 'invalid version' do`
			`include_context 'request versions filtered' do`
			`let(:ids) { '0' }`
			`end`

			`it { expect(assigns(:versions)).to be_empty }`
			`end`

			`describe 'valid versions' do`
			`let(:version_2) { FactoryGirl.create(:version, project: project) }`
Prefer #map over #collect in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`let(:ids) { [version, version_2].map(&:id).join(',') }`
Test version ids filter 10 years ago
			`include_context 'request versions filtered'`

Prefer #map over #collect in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`it { expect(assigns(:versions).map(&:id)).to match_array([version.id, version_2.id]) }`
Test version ids filter 10 years ago			`end`

			`describe 'shared version' do`
			`let(:child_project) { FactoryGirl.create(:project, parent: project) }`
			`let(:shared_version) { FactoryGirl.create(:version, project: project, sharing: 'descendants') }`

Fix syntax (w/Rubocop) in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 9 years ago			`before do get :index, ids: shared_version.id.to_s, project_id: child_project.id, format: :json end`
Test version ids filter 10 years ago
Prefer #map over #collect in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`it { expect(assigns(:versions).map(&:id)).to match_array([shared_version.id]) }`
Test version ids filter 10 years ago
			`it { expect(assigns(:versions).first.shared_with).to match_array([child_project.id]) }`
			`end`
removes unnecessary visibility filter on Version scope Authorization is handled an project level here and thus does not need to be done for the version itself. Authorising on the Version in addition has the drawback to only return versions in projects which the user can see work packages in. It does not take into account that the version can be shared. 10 years ago
			`describe 'shared version when the user has access to only the inheriting project' do`
			`let(:child_project) { FactoryGirl.create(:project, parent: project) }`
			`let(:shared_version) do`
			`FactoryGirl.create(:version, project: project, sharing: 'descendants')`
			`end`
			`let(:user) { FactoryGirl.create(:user, member_in_project: child_project) }`

			`before do`
			`allow(User).to receive(:current).and_return user`

			`get :index, ids: shared_version.id.to_s, project_id: child_project.id, format: :json`
			`end`

Prefer #map over #collect in specs Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`it { expect(assigns(:versions).map(&:id)).to match_array([shared_version.id]) }`
removes unnecessary visibility filter on Version scope Authorization is handled an project level here and thus does not need to be done for the version itself. Authorising on the Version in addition has the drawback to only return versions in projects which the user can see work packages in. It does not take into account that the version can be shared. 10 years ago
			`it { expect(assigns(:versions).first.shared_with).to match_array([child_project.id]) }`
			`end`
Test version ids filter 10 years ago			`end`
[wip] Add Versions List, Version API (v2) resource Signed-off-by: Alex Coles <alex@alexbcoles.com> 10 years ago			`end`
			`end`
			`end`