From cd4d2c1be11c71586a37be58c042bda3bdd5e3f9 Mon Sep 17 00:00:00 2001 From: Christophe Bliard Date: Fri, 25 Mar 2022 16:50:15 +0100 Subject: [PATCH] add permission tests on storages/admin/projects_storages path --- modules/storages/config/routes.rb | 3 ++- .../manage_storage_in_project_spec.rb | 12 +++++++----- spec/controllers/news_controller_spec.rb | 2 +- spec/support/permission_specs.rb | 18 +++++++++++++++--- spec/support/shared/become_member.rb | 6 +++++- 5 files changed, 30 insertions(+), 11 deletions(-) diff --git a/modules/storages/config/routes.rb b/modules/storages/config/routes.rb index ccd604f102..264078ab71 100644 --- a/modules/storages/config/routes.rb +++ b/modules/storages/config/routes.rb @@ -5,7 +5,8 @@ OpenProject::Application.routes.draw do scope 'projects/:project_id', as: 'project' do namespace 'settings' do - resources :projects_storages, controller: '/storages/admin/projects_storages' + resources :projects_storages, controller: '/storages/admin/projects_storages', + except: %i[show update] end end end diff --git a/modules/storages/spec/permissions/manage_storage_in_project_spec.rb b/modules/storages/spec/permissions/manage_storage_in_project_spec.rb index 266f08141e..0aa6b6a124 100644 --- a/modules/storages/spec/permissions/manage_storage_in_project_spec.rb +++ b/modules/storages/spec/permissions/manage_storage_in_project_spec.rb @@ -29,8 +29,10 @@ require 'spec_helper' require 'support/permission_specs' -# describe Storages::BlaBlaController, 'manage_storage_in_proejct permission', type: :controller do -# include PermissionSpecs -# -# check_permission_required_for('team_planner/team_planner#index', :view_team_planner) -# end +describe Storages::Admin::ProjectsStoragesController, 'manage_storage_in_project permission', type: :controller do + include PermissionSpecs + + controller_actions.each do |action| + check_permission_required_for("#{described_class.controller_path}##{action}", :manage_storages_in_project) + end +end diff --git a/spec/controllers/news_controller_spec.rb b/spec/controllers/news_controller_spec.rb index 1b73810a9a..80e4fd040f 100644 --- a/spec/controllers/news_controller_spec.rb +++ b/spec/controllers/news_controller_spec.rb @@ -101,7 +101,7 @@ describe NewsController, type: :controller do describe '#create' do context 'with news_added notifications' do it 'persists a news item' do - become_member_with_permissions(project, user) + become_member(project, user) post :create, params: { diff --git a/spec/support/permission_specs.rb b/spec/support/permission_specs.rb index e02657b693..9a58404171 100644 --- a/spec/support/permission_specs.rb +++ b/spec/support/permission_specs.rb @@ -36,17 +36,29 @@ module PermissionSpecs include BecomeMember + # returns actions defined in routes and controller code for the described + # controller class + def self.controller_actions + Rails.application.routes.routes + .map(&:defaults) + .select { _1[:controller] == described_class.controller_path } + .pluck(:action) + .uniq + .select { described_class.action_methods.include?(_1) } + .sort + end + def self.check_permission_required_for(controller_action, permission) controller_name, action_name = controller_action.split('#') - it "should allow calling #{controller_action} when having the permission #{permission} permission" do + it "allows calling #{controller_action} when having the permission #{permission}" do become_member_with_permissions(project, current_user, permission) expect(controller.send(:authorize, controller_name, action_name)).to be_truthy end - it "should prevent calling #{controller_action} when not having the permission #{permission} permission" do - become_member_with_permissions(project, current_user) + it "prevents calling #{controller_action} when not having the permission #{permission}" do + become_member(project, current_user) expect(controller.send(:authorize, controller_name, action_name)).to be_falsey end diff --git a/spec/support/shared/become_member.rb b/spec/support/shared/become_member.rb index b1609bea85..515d60a421 100644 --- a/spec/support/shared/become_member.rb +++ b/spec/support/shared/become_member.rb @@ -32,12 +32,16 @@ module BecomeMember end module InstanceMethods - def become_member_with_permissions(project, user, permissions = []) + def become_member_with_permissions(project, user, permissions) role = create :role, permissions: Array(permissions) add_user_to_project! user: user, project: project, role: role end + def become_member(project, user) + become_member_with_permissions(project, user, []) + end + def add_user_to_project!(user:, project:, role: nil, permissions: nil) role ||= create :existing_role, permissions: Array(permissions) create :member, principal: user, project: project, roles: [role]