RepositoriesController ownership checking for new and create refactored

project_owner? is semantically more correct Signed off by: Guilherme Rojas V. de Lima <guilhermehrojas@gmail.com>

RepositoriesController ownership checking for new and create refactored
project_owner? is semantically more correct Signed off by: Guilherme Rojas V. de Lima <guilhermehrojas@gmail.com>
Rafael Manzo
1 parent 88145f3a
Showing 4 changed files with 76 additions and 4 deletions Show diff stats
app/controllers/concerns/ownership_authentication.rb
app/controllers/repositories_controller.rb
spec/controllers/concerns/ownership_authentication_spec.rb
spec/controllers/repositories_controller_spec.rb
@@ -2,7 +2,15 @@ module OwnershipAuthentication
   extend ActiveSupport::Concern
   def project_owner?
-    check_project_ownership(params[:id])
+    if self.kind_of?(ProjectsController)
+      id = params[:id]
+    elsif self.kind_of?(RepositoriesController)
+      id = params[:project_id]
+    else
+      raise "Not supported"
+    end
+
+    check_project_ownership(id)
   end
   def repository_owner?
@@ -50,6 +58,8 @@ module OwnershipAuthentication
         format.json { head :no_content }
       end
     end
+
+    return true
   end
   def check_reading_group_ownership(id)
@@ -2,7 +2,8 @@ include OwnershipAuthentication
 class RepositoriesController < ApplicationController
   before_action :authenticate_user!, except: [:show, :state]
-  before_action :repository_owner?, except: [:show, :state]
+  before_action :project_owner?, only: [:new, :create]
+  before_action :repository_owner?, only: [:edit, :update, :destroy, :process_repository]
   before_action :set_repository, only: [:show, :edit, :update, :destroy, :state, :process_repository]
   # GET /projects/1/repositories/1
@@ -79,4 +79,65 @@ describe OwnershipAuthentication, type: :controller do
       end
     end
   end
+
+  describe 'project_owner?' do
+    let(:project) { FactoryGirl.build(:project) }
+
+    context 'Not ProjectsController nor RepositoriesController' do
+      let!(:reading_group_controller) { ReadingGroupsController.new }
+
+      before do
+        reading_group_controller.extend(OwnershipAuthentication)
+      end
+
+      it 'should raise an exception' do
+        expect { reading_group_controller.project_owner? }.to raise_error("Not supported")
+      end
+    end
+
+    context 'within RepositoriesController' do
+      let! (:repositories_controller) { RepositoriesController.new }
+
+      before do
+        repositories_controller.params = {}
+        repositories_controller.params[:project_id] = project.id
+      end
+
+      context 'with a user logged in' do
+        let! (:current_user) { FactoryGirl.create(:user) }
+
+        before do
+          repositories_controller.expects(:current_user).returns(current_user)
+        end
+
+        context 'when the user owns the Repository' do
+          let!(:project_ownership) { FactoryGirl.build(:project_ownership, {user_id: current_user.id, project_id: project.id}) }
+
+          before do
+            project_ownerships = Object.new
+            project_ownerships.expects(:find_by_project_id).with(project.id).returns(project_ownership)
+            current_user.expects(:project_ownerships).returns(project_ownerships)
+          end
+
+          it 'should return true' do
+            repositories_controller.project_owner?.should be_true
+          end
+        end
+
+        context 'when the user does not own the Repository' do
+          before do
+            project_ownerships = Object.new
+            project_ownerships.expects(:find_by_project_id).with(project.id).returns(nil)
+            current_user.expects(:project_ownerships).returns(project_ownerships)
+          end
+
+          it 'should respond' do # FIXME: this is not the best test, but it it's the closest we can do I think
+            repositories_controller.expects(:respond_to)
+
+            repositories_controller.project_owner?
+          end
+        end
+      end
+    end
+  end
 end
@@ -11,7 +11,7 @@ describe RepositoriesController do
     context 'when the current user owns the project' do
       before :each do
         Repository.expects(:repository_types).returns([])
-        subject.expects(:repository_owner?).returns true
+        subject.expects(:project_owner?).returns true
         get :new, project_id: project.id.to_s
       end
@@ -40,7 +40,7 @@ describe RepositoriesController do
     context 'when the current user owns the project' do
       before :each do
-        subject.expects(:repository_owner?).returns true
+        subject.expects(:project_owner?).returns true
       end
       context 'with valid fields' do
	@@ -2,7 +2,8 @@ include OwnershipAuthentication		@@ -2,7 +2,8 @@ include OwnershipAuthentication
2		2
3	class RepositoriesController < ApplicationController	3	class RepositoriesController < ApplicationController
4	before_action :authenticate_user!, except: [:show, :state]	4	before_action :authenticate_user!, except: [:show, :state]
5	- before_action :repository_owner?, except: [:show, :state]	5	+ before_action :project_owner?, only: [:new, :create]
		6	+ before_action :repository_owner?, only: [:edit, :update, :destroy, :process_repository]
6	before_action :set_repository, only: [:show, :edit, :update, :destroy, :state, :process_repository]	7	before_action :set_repository, only: [:show, :edit, :update, :destroy, :state, :process_repository]
7		8
8	# GET /projects/1/repositories/1	9	# GET /projects/1/repositories/1
	@@ -79,4 +79,65 @@ describe OwnershipAuthentication, type: :controller do		@@ -79,4 +79,65 @@ describe OwnershipAuthentication, type: :controller do
79	end	79	end
80	end	80	end
81	end	81	end
		82	+
		83	+ describe 'project_owner?' do
		84	+ let(:project) { FactoryGirl.build(:project) }
		85	+
		86	+ context 'Not ProjectsController nor RepositoriesController' do
		87	+ let!(:reading_group_controller) { ReadingGroupsController.new }
		88	+
		89	+ before do
		90	+ reading_group_controller.extend(OwnershipAuthentication)
		91	+ end
		92	+
		93	+ it 'should raise an exception' do
		94	+ expect { reading_group_controller.project_owner? }.to raise_error("Not supported")
		95	+ end
		96	+ end
		97	+
		98	+ context 'within RepositoriesController' do
		99	+ let! (:repositories_controller) { RepositoriesController.new }
		100	+
		101	+ before do
		102	+ repositories_controller.params = {}
		103	+ repositories_controller.params[:project_id] = project.id
		104	+ end
		105	+
		106	+ context 'with a user logged in' do
		107	+ let! (:current_user) { FactoryGirl.create(:user) }
		108	+
		109	+ before do
		110	+ repositories_controller.expects(:current_user).returns(current_user)
		111	+ end
		112	+
		113	+ context 'when the user owns the Repository' do
		114	+ let!(:project_ownership) { FactoryGirl.build(:project_ownership, {user_id: current_user.id, project_id: project.id}) }
		115	+
		116	+ before do
		117	+ project_ownerships = Object.new
		118	+ project_ownerships.expects(:find_by_project_id).with(project.id).returns(project_ownership)
		119	+ current_user.expects(:project_ownerships).returns(project_ownerships)
		120	+ end
		121	+
		122	+ it 'should return true' do
		123	+ repositories_controller.project_owner?.should be_true
		124	+ end
		125	+ end
		126	+
		127	+ context 'when the user does not own the Repository' do
		128	+ before do
		129	+ project_ownerships = Object.new
		130	+ project_ownerships.expects(:find_by_project_id).with(project.id).returns(nil)
		131	+ current_user.expects(:project_ownerships).returns(project_ownerships)
		132	+ end
		133	+
		134	+ it 'should respond' do # FIXME: this is not the best test, but it it's the closest we can do I think
		135	+ repositories_controller.expects(:respond_to)
		136	+
		137	+ repositories_controller.project_owner?
		138	+ end
		139	+ end
		140	+ end
		141	+ end
		142	+ end
82	end	143	end
	@@ -11,7 +11,7 @@ describe RepositoriesController do		@@ -11,7 +11,7 @@ describe RepositoriesController do
11	context 'when the current user owns the project' do	11	context 'when the current user owns the project' do
12	before :each do	12	before :each do
13	Repository.expects(:repository_types).returns([])	13	Repository.expects(:repository_types).returns([])
14	- subject.expects(:repository_owner?).returns true	14	+ subject.expects(:project_owner?).returns true
15		15
16	get :new, project_id: project.id.to_s	16	get :new, project_id: project.id.to_s
17	end	17	end
	@@ -40,7 +40,7 @@ describe RepositoriesController do		@@ -40,7 +40,7 @@ describe RepositoriesController do
40		40
41	context 'when the current user owns the project' do	41	context 'when the current user owns the project' do
42	before :each do	42	before :each do
43	- subject.expects(:repository_owner?).returns true	43	+ subject.expects(:project_owner?).returns true
44	end	44	end
45		45
46	context 'with valid fields' do	46	context 'with valid fields' do