provide necessary permissions in specs

pull/7338/head
ulferts 5 years ago
parent 5b758c1419
commit 6c3c7003e2
No known key found for this signature in database
GPG Key ID: A205708DE1284017
  1. 6
      app/models/mail_handler.rb
  2. 15
      modules/backlogs/spec/api/work_packages/specific_work_package_schema_spec.rb
  3. 1
      spec/contracts/work_packages/base_contract_spec.rb
  4. 205
      spec/controllers/work_packages/bulk_controller_spec.rb
  5. 3
      spec/features/work_packages/copy_spec.rb
  6. 36
      spec/lib/api/v3/work_packages/schema/specific_work_package_schema_spec.rb
  7. 18
      spec/lib/api/v3/work_packages/work_package_payload_representer_spec.rb
  8. 30
      spec/requests/api/v3/work_package_resource_spec.rb

@ -31,10 +31,8 @@ class MailHandler < ActionMailer::Base
include ActionView::Helpers::SanitizeHelper
include Redmine::I18n
class UnauthorizedAction < StandardError;
end
class MissingInformation < StandardError;
end
class UnauthorizedAction < StandardError; end
class MissingInformation < StandardError; end
attr_reader :email, :user

@ -33,8 +33,19 @@ describe ::API::V3::WorkPackages::Schema::SpecificWorkPackageSchema do
let(:type) { FactoryBot.build(:type) }
let(:work_package) do
FactoryBot.build(:work_package,
project: project,
type: type)
project: project,
type: type)
end
let(:current_user) do
FactoryBot.build_stubbed(:user).tap do |u|
allow(u)
.to receive(:allowed_to?)
.and_return(true)
end
end
before do
login_as(current_user)
end
describe '#remaining_time_writable?' do

@ -64,6 +64,7 @@ describe WorkPackages::BaseContract do
delete_work_package_watchers
manage_work_package_relations
add_work_package_notes
assign_versions
)
end
let(:changed_values) { [] }

@ -32,79 +32,80 @@ describe WorkPackages::BulkController, type: :controller do
let(:user) { FactoryBot.create(:user) }
let(:user2) { FactoryBot.create(:user) }
let(:custom_field_value) { '125' }
let(:custom_field_1) {
let(:custom_field_1) do
FactoryBot.create(:work_package_custom_field,
field_format: 'string',
is_for_all: true)
}
field_format: 'string',
is_for_all: true)
end
let(:custom_field_2) { FactoryBot.create(:work_package_custom_field) }
let(:custom_field_user) { FactoryBot.create(:user_issue_custom_field) }
let(:status) { FactoryBot.create(:status) }
let(:type) {
let(:type) do
FactoryBot.create(:type_standard,
custom_fields: [custom_field_1, custom_field_2, custom_field_user])
}
let(:project_1) {
custom_fields: [custom_field_1, custom_field_2, custom_field_user])
end
let(:project_1) do
FactoryBot.create(:project,
types: [type],
work_package_custom_fields: [custom_field_2])
}
let(:project_2) {
types: [type],
work_package_custom_fields: [custom_field_2])
end
let(:project_2) do
FactoryBot.create(:project,
types: [type])
}
let(:role) {
types: [type])
end
let(:role) do
FactoryBot.create(:role,
permissions: [:edit_work_packages,
:view_work_packages,
:manage_subtasks])
}
let(:member1_p1) {
permissions: %i[edit_work_packages
view_work_packages
manage_subtasks
assign_versions])
end
let(:member1_p1) do
FactoryBot.create(:member,
project: project_1,
principal: user,
roles: [role])
}
let(:member2_p1) {
project: project_1,
principal: user,
roles: [role])
end
let(:member2_p1) do
FactoryBot.create(:member,
project: project_1,
principal: user2,
roles: [role])
}
let(:member1_p2) {
project: project_1,
principal: user2,
roles: [role])
end
let(:member1_p2) do
FactoryBot.create(:member,
project: project_2,
principal: user,
roles: [role])
}
let(:work_package_1) {
project: project_2,
principal: user,
roles: [role])
end
let(:work_package_1) do
FactoryBot.create(:work_package,
author: user,
assigned_to: user,
responsible: user2,
type: type,
status: status,
custom_field_values: { custom_field_1.id => custom_field_value },
project: project_1)
}
let(:work_package_2) {
author: user,
assigned_to: user,
responsible: user2,
type: type,
status: status,
custom_field_values: { custom_field_1.id => custom_field_value },
project: project_1)
end
let(:work_package_2) do
FactoryBot.create(:work_package,
author: user,
assigned_to: user,
responsible: user2,
type: type,
status: status,
custom_field_values: { custom_field_1.id => custom_field_value },
project: project_1)
}
let(:work_package_3) {
author: user,
assigned_to: user,
responsible: user2,
type: type,
status: status,
custom_field_values: { custom_field_1.id => custom_field_value },
project: project_1)
end
let(:work_package_3) do
FactoryBot.create(:work_package,
author: user,
type: type,
status: status,
custom_field_values: { custom_field_1.id => custom_field_value },
project: project_2)
}
author: user,
type: type,
status: status,
custom_field_values: { custom_field_1.id => custom_field_value },
project: project_2)
end
let(:stub_work_package) { FactoryBot.build_stubbed(:work_package) }
@ -126,7 +127,7 @@ describe WorkPackages::BulkController, type: :controller do
end
context 'same project' do
before do get :edit, params: { ids: [work_package_1.id, work_package_2.id] } end
before { get :edit, params: { ids: [work_package_1.id, work_package_2.id] } }
it_behaves_like :response
@ -197,7 +198,7 @@ describe WorkPackages::BulkController, type: :controller do
context 'in host' do
let(:url) { '/work_packages' }
before do put :update, params: { ids: work_package_ids, back_url: url } end
before { put :update, params: { ids: work_package_ids, back_url: url } }
subject { response }
@ -209,7 +210,7 @@ describe WorkPackages::BulkController, type: :controller do
context 'of host' do
let(:url) { 'http://google.com' }
before do put :update, params: { ids: work_package_ids, back_url: url } end
before { put :update, params: { ids: work_package_ids, back_url: url } }
subject { response }
@ -225,18 +226,18 @@ describe WorkPackages::BulkController, type: :controller do
let!(:role_with_permission_to_add_watchers) { FactoryBot.create(:role, permissions: role.permissions + [:add_work_package_watchers]) }
let!(:other_user) { FactoryBot.create :user }
let!(:other_member_1) {
let!(:other_member_1) do
FactoryBot.create(:member,
project: project_1,
principal: other_user,
roles: [role_with_permission_to_add_watchers])
}
let!(:other_member_2) {
project: project_1,
principal: other_user,
roles: [role_with_permission_to_add_watchers])
end
let!(:other_member_2) do
FactoryBot.create(:member,
project: project_2,
principal: other_user,
roles: [role])
}
project: project_2,
principal: other_user,
roles: [role])
end
let(:description) { 'Text' }
let(:work_package_params) do
@ -300,11 +301,11 @@ describe WorkPackages::BulkController, type: :controller do
describe '#custom_fields' do
let(:result) { [custom_field_value] }
subject {
subject do
WorkPackage.where(id: work_package_ids)
.map { |w| w.custom_value_for(custom_field_1.id).value }
.uniq
}
end
it { is_expected.to match_array(result) }
end
@ -313,11 +314,11 @@ describe WorkPackages::BulkController, type: :controller do
describe '#notes' do
let(:result) { ['Bulk editing'] }
subject {
subject do
WorkPackage.where(id: work_package_ids)
.map { |w| w.last_journal.notes }
.uniq
}
end
it { is_expected.to match_array(result) }
end
@ -325,11 +326,11 @@ describe WorkPackages::BulkController, type: :controller do
describe '#details' do
let(:result) { [1] }
subject {
subject do
WorkPackage.where(id: work_package_ids)
.map { |w| w.last_journal.details.size }
.uniq
}
end
it { is_expected.to match_array(result) }
end
@ -350,7 +351,7 @@ describe WorkPackages::BulkController, type: :controller do
let(:work_package_ids) { [work_package_1.id, work_package_2.id, work_package_3.id] }
context 'with permission' do
before do member1_p2 end
before { member1_p2 }
include_context 'update_request'
@ -381,12 +382,12 @@ describe WorkPackages::BulkController, type: :controller do
subject { work_packages.map(&:assigned_to_id).uniq }
context 'allowed' do
let!(:member_group_p1) {
let!(:member_group_p1) do
FactoryBot.create(:member,
project: project_1,
principal: group,
roles: [role])
}
end
include_context 'update_request'
it 'does succeed' do
@ -417,13 +418,13 @@ describe WorkPackages::BulkController, type: :controller do
describe '#status' do
let(:closed_status) { FactoryBot.create(:closed_status) }
let(:workflow) {
let(:workflow) do
FactoryBot.create(:workflow,
role: role,
type_id: type.id,
old_status: status,
new_status: closed_status)
}
role: role,
type_id: type.id,
old_status: status,
new_status: closed_status)
end
before do
workflow
@ -441,11 +442,11 @@ describe WorkPackages::BulkController, type: :controller do
end
describe '#parent' do
let(:parent) {
let(:parent) do
FactoryBot.create(:work_package,
author: user,
project: project_1)
}
author: user,
project: project_1)
end
before do
put :update,
@ -473,10 +474,10 @@ describe WorkPackages::BulkController, type: :controller do
}
end
subject {
subject do
work_packages.map { |w| w.custom_value_for(custom_field_1.id).value }
.uniq
}
end
it { is_expected.to match_array [result] }
end
@ -511,17 +512,17 @@ describe WorkPackages::BulkController, type: :controller do
describe '#version' do
describe 'set fixed_version_id attribute to some version' do
let(:version) {
let(:version) do
FactoryBot.create(:version,
status: 'open',
sharing: 'tree',
project: subproject)
}
let(:subproject) {
status: 'open',
sharing: 'tree',
project: subproject)
end
let(:subproject) do
FactoryBot.create(:project,
parent: project_1,
types: [type])
}
parent: project_1,
types: [type])
end
before do
put :update,

@ -47,7 +47,8 @@ RSpec.feature 'Work package copy', js: true, selenium: true do
permissions: %i[view_work_packages
add_work_packages
manage_work_package_relations
edit_work_packages])
edit_work_packages
assign_versions])
end
let(:type) { FactoryBot.create(:type) }
let(:project) { FactoryBot.create(:project, types: [type]) }

@ -31,12 +31,22 @@ require 'spec_helper'
describe ::API::V3::WorkPackages::Schema::SpecificWorkPackageSchema do
let(:project) { FactoryBot.build_stubbed(:project) }
let(:type) { FactoryBot.build_stubbed(:type) }
let(:work_package) {
let(:work_package) do
FactoryBot.build_stubbed(:work_package,
project: project,
type: type)
}
let(:current_user) { double('current user') }
project: project,
type: type)
end
let(:current_user) do
double('current user').tap do |u|
allow(u)
.to receive(:allowed_to?)
.and_return(true)
end
end
before do
login_as(current_user)
end
subject { described_class.new(work_package: work_package) }
@ -103,20 +113,20 @@ describe ::API::V3::WorkPackages::Schema::SpecificWorkPackageSchema do
end
context 'changed work package' do
let(:work_package) {
let(:work_package) do
double('original work package',
id: double,
clone: cloned_wp,
status: double('wrong status'),
persisted?: true).as_null_object
}
let(:cloned_wp) {
end
let(:cloned_wp) do
double('cloned work package',
new_statuses_allowed_to: status_result)
}
let(:stored_status) {
end
let(:stored_status) do
double('good status')
}
end
before do
allow(work_package).to receive(:persisted?).and_return(true)
@ -143,11 +153,11 @@ describe ::API::V3::WorkPackages::Schema::SpecificWorkPackageSchema do
end
describe '#assignable_types' do
let(:result) {
let(:result) do
result = double
allow(result).to receive(:includes).and_return(result)
result
}
end
it 'calls through to the project' do
expect(project).to receive(:types).and_return(result)

@ -45,7 +45,11 @@ describe ::API::V3::WorkPackages::WorkPackagePayloadRepresenter do
end
let(:user) do
FactoryBot.build_stubbed(:user)
FactoryBot.build_stubbed(:user) do |u|
allow(u)
.to receive(:allowed_to?)
.and_return(true)
end
end
let(:representer) do
@ -56,7 +60,9 @@ describe ::API::V3::WorkPackages::WorkPackagePayloadRepresenter do
let(:available_custom_fields) { [] }
before do
allow(work_package).to receive(:lock_version).and_return(1)
allow(work_package)
.to receive(:lock_version)
.and_return(1)
end
context 'generation' do
@ -305,12 +311,12 @@ describe ::API::V3::WorkPackages::WorkPackagePayloadRepresenter do
end
describe 'assignee and responsible' do
let(:user) { FactoryBot.build_stubbed(:user) }
let(:link) { "/api/v3/users/#{user.id}" }
let(:other_user) { FactoryBot.build_stubbed(:user) }
let(:link) { "/api/v3/users/#{other_user.id}" }
describe 'assignee' do
before do
work_package.assigned_to = user
work_package.assigned_to = other_user
end
it_behaves_like 'linked property' do
@ -322,7 +328,7 @@ describe ::API::V3::WorkPackages::WorkPackagePayloadRepresenter do
describe 'responsible' do
before do
work_package.responsible = user
work_package.responsible = other_user
end
it_behaves_like 'linked property' do

@ -47,7 +47,7 @@ describe 'API v3 Work package resource',
FactoryBot.create(:project, identifier: 'test_project', is_public: false)
end
let(:role) { FactoryBot.create(:role, permissions: permissions) }
let(:permissions) { %i[view_work_packages edit_work_packages] }
let(:permissions) { %i[view_work_packages edit_work_packages assign_versions] }
let(:current_user) do
user = FactoryBot.create(:user, member_in_project: project, member_through_role: role)
@ -309,6 +309,20 @@ describe 'API v3 Work package resource',
end
it_behaves_like 'lock version updated'
context 'for a user having assign_versions but lacking edit_work_packages permission' do
let(:permissions) { %i[view_work_packages assign_versions] }
include_context 'patch request'
it { expect(response.status).to eq(422) }
it 'has a readonly error' do
expect(response.body)
.to be_json_eql('urn:openproject-org:api:v3:errors:PropertyIsReadOnly'.to_json)
.at_path('errorIdentifier')
end
end
end
context 'description' do
@ -727,6 +741,20 @@ describe 'API v3 Work package resource',
it_behaves_like 'lock version updated'
end
context 'for a user lacking the assign_versions permission' do
let(:permissions) { %i[view_work_packages edit_work_packages] }
include_context 'patch request'
it { expect(response.status).to eq(422) }
it 'has a readonly error' do
expect(response.body)
.to be_json_eql('urn:openproject-org:api:v3:errors:PropertyIsReadOnly'.to_json)
.at_path('errorIdentifier')
end
end
end
context 'category' do

Loading…
Cancel
Save