Commit 247e46d392c82d48f7f6ecbbc8f092ccf3025f10
1 parent
1617e755
Exists in
staging
and in
9 other branches
refactoring task actions
Showing
2 changed files
with
30 additions
and
5 deletions
Show diff stats
app/api/v1/tasks.rb
| ... | ... | @@ -30,8 +30,7 @@ module Api |
| 30 | 30 | %w[finish cancel].each do |action| |
| 31 | 31 | desc "#{action.capitalize} a task" |
| 32 | 32 | put ":id/#{action}" do |
| 33 | - authenticate! | |
| 34 | - task = find_task(current_person, params[:id]) | |
| 33 | + task = find_task(current_person, Task.to(current_person), params[:id]) | |
| 35 | 34 | task.send(action, current_person) if (task.status == Task::Status::ACTIVE) |
| 36 | 35 | present_partial task, :with => Entities::Task |
| 37 | 36 | end | ... | ... |
test/api/task_test.rb
| ... | ... | @@ -50,7 +50,7 @@ class TasksTest < ActiveSupport::TestCase |
| 50 | 50 | task = create(Task, :requestor => person, :target => environment) |
| 51 | 51 | |
| 52 | 52 | get "/api/v1/tasks/#{task.id}?#{params.to_query}" |
| 53 | - assert_equal 403, last_response.status | |
| 53 | + assert_equal 404, last_response.status | |
| 54 | 54 | end |
| 55 | 55 | |
| 56 | 56 | should 'find the current user task even it is finished' do |
| ... | ... | @@ -161,7 +161,6 @@ class TasksTest < ActiveSupport::TestCase |
| 161 | 161 | task_actions_state={"finish"=>"FINISHED","cancel"=>"CANCELLED"} |
| 162 | 162 | task_actions.each do |action| |
| 163 | 163 | should "person be able to #{action} his own task" do |
| 164 | - login_api | |
| 165 | 164 | person1 = fast_create(Person) |
| 166 | 165 | task = create(Task, :requestor => person1, :target => person) |
| 167 | 166 | put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}" |
| ... | ... | @@ -169,8 +168,35 @@ class TasksTest < ActiveSupport::TestCase |
| 169 | 168 | assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status |
| 170 | 169 | end |
| 171 | 170 | |
| 171 | + should "person be able to #{action} environment task if it's admin user" do | |
| 172 | + environment = Environment.default | |
| 173 | + environment.add_admin(person) | |
| 174 | + task = create(Task, :requestor => person, :target => environment) | |
| 175 | + put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}" | |
| 176 | + assert_equal person.reload.id, task.reload.closed_by_id | |
| 177 | + assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status | |
| 178 | + end | |
| 179 | + | |
| 180 | + should "person be able to #{action} community task if it has permission on it" do | |
| 181 | + community = fast_create(Community) | |
| 182 | + community.add_member(person) | |
| 183 | + give_permission(person, 'perform_task', community) | |
| 184 | + task = create(Task, :requestor => person, :target => community) | |
| 185 | + put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}" | |
| 186 | + assert_equal person.reload.id, task.reload.closed_by_id | |
| 187 | + assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status | |
| 188 | + end | |
| 189 | + | |
| 190 | + should "person not be able to #{action} community task if it has no permission on it" do | |
| 191 | + community = fast_create(Community) | |
| 192 | + community.add_member(person) | |
| 193 | + task = create(Task, :requestor => person, :target => community) | |
| 194 | + put "/api/v1/tasks/#{task.id}/#{action}?#{params.to_query}" | |
| 195 | + assert_equal person.reload.id, task.reload.closed_by_id | |
| 196 | + assert_equal "Task::Status::#{task_actions_state[action]}".constantize, task.reload.status | |
| 197 | + end | |
| 198 | + | |
| 172 | 199 | should "person not be able to #{action} other person's task" do |
| 173 | - login_api | |
| 174 | 200 | user = fast_create(User) |
| 175 | 201 | person1 = fast_create(Person, :user_id => user) |
| 176 | 202 | task = create(Task, :requestor => person, :target => person1) | ... | ... |