Download as
Browse Code »

Commit 72b87ff3606fd058d168ef1e4c82a3962705056a

Authored by Rafael Manzo
1 parent ca9b4c1d
Exists in colab and in 4 other branches master, spb-master, spb-stable, stable

Repository ownership checking uses RepositoryAttributes instead of Project

Showing 2 changed files with 62 additions and 2 deletions   Show diff stats
app/controllers/concerns/ownership_authentication.rb
  Diff comments   View file @72b87ff
@@ -14,7 +14,7 @@ module OwnershipAuthentication @@ -14,7 +14,7 @@ module OwnershipAuthentication
14 end 14 end
15 15
16 def repository_owner? 16 def repository_owner?
17 - check_project_ownership(params[:project_id]) 17 + check_repository_ownership(params[:id])
18 end 18 end
19 19
20 def reading_group_owner? 20 def reading_group_owner?
@@ -48,9 +48,20 @@ module OwnershipAuthentication @@ -48,9 +48,20 @@ module OwnershipAuthentication
48 check_kalibro_configuration_ownership(params[:kalibro_configuration_id]) 48 check_kalibro_configuration_ownership(params[:kalibro_configuration_id])
49 end 49 end
50 50
51 -  
52 private 51 private
53 52
  53 + def check_repository_ownership(id)
  54 + if current_user.repository_attributes.find_by_repository_id(id).nil?
  55 + respond_to do |format|
  56 + format.html { redirect_to projects_url, notice: t('not_allowed') }
  57 + format.json { head :no_content }
  58 + end
  59 + end
  60 +
  61 + return true
  62 + end
  63 +
  64 +
54 def check_project_ownership(id) 65 def check_project_ownership(id)
55 if current_user.project_attributes.find_by_project_id(id).nil? 66 if current_user.project_attributes.find_by_project_id(id).nil?
56 respond_to do |format| 67 respond_to do |format|
spec/controllers/concerns/ownership_authentication_spec.rb
  Diff comments   View file @72b87ff
@@ -140,4 +140,53 @@ describe OwnershipAuthentication, type: :controller do @@ -140,4 +140,53 @@ describe OwnershipAuthentication, type: :controller do
140 end 140 end
141 end 141 end
142 end 142 end
  143 +
  144 + describe 'repository_owner?' do
  145 + let(:repository) { FactoryGirl.build(:repository) }
  146 +
  147 + context 'within RepositoriesController' do
  148 + let! (:repositories_controller) { RepositoriesController.new }
  149 +
  150 + before do
  151 + repositories_controller.params = {}
  152 + repositories_controller.params[:id] = repository.id
  153 + end
  154 +
  155 + context 'with a user logged in' do
  156 + let! (:current_user) { FactoryGirl.build(:user) }
  157 +
  158 + before do
  159 + repositories_controller.expects(:current_user).returns(current_user)
  160 + end
  161 +
  162 + context 'when the user owns the Repository' do
  163 + let!(:repository_attributes) { FactoryGirl.build(:repository_attributes, {user_id: current_user.id, repository_id: repository.id}) }
  164 +
  165 + before do
  166 + repository_attrs = mock('repository_attributes')
  167 + repository_attrs.expects(:find_by_repository_id).with(repository.id).returns(repository_attributes)
  168 + current_user.expects(:repository_attributes).returns(repository_attrs)
  169 + end
  170 +
  171 + it 'should return true' do
  172 + expect(repositories_controller.repository_owner?).to be_truthy
  173 + end
  174 + end
  175 +
  176 + context 'when the user does not own the Repository' do
  177 + before do
  178 + repository_attrs = mock('repository_attributes')
  179 + repository_attrs.expects(:find_by_repository_id).with(repository.id).returns(nil)
  180 + current_user.expects(:repository_attributes).returns(repository_attrs)
  181 + end
  182 +
  183 + it 'should respond' do # FIXME: this is not the best test, but it it's the closest we can do I think
  184 + repositories_controller.expects(:respond_to)
  185 +
  186 + repositories_controller.repository_owner?
  187 + end
  188 + end
  189 + end
  190 + end
  191 + end
143 end 192 end