mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-12-25 17:24:51 +08:00
Added permissions specs for API, minor changes to permissions [SCI-6152] (#3609)
This commit is contained in:
parent
047f47a46a
commit
6f2d883706
30 changed files with 1513 additions and 19 deletions
|
@ -175,7 +175,7 @@ module Api
|
|||
|
||||
def load_task(key = :task_id)
|
||||
@task = @experiment.my_modules.find(params.require(key))
|
||||
raise PermissionError.new(MyModule, :read) unless can_read_protocol_in_module?(@task.protocol)
|
||||
raise PermissionError.new(MyModule, :read) unless can_read_my_module?(@task)
|
||||
end
|
||||
|
||||
def load_protocol(key = :protocol_id)
|
||||
|
|
|
@ -6,6 +6,7 @@ module Api
|
|||
before_action :load_team
|
||||
before_action :load_project
|
||||
before_action :load_experiment
|
||||
before_action :check_read_permissions
|
||||
before_action :load_user_assignment, only: %i(update show)
|
||||
before_action :load_user_assignment_for_managing, only: %i(update show)
|
||||
|
||||
|
@ -47,12 +48,16 @@ module Api
|
|||
|
||||
private
|
||||
|
||||
def check_read_permissions
|
||||
raise PermissionError.new(Experiment, :read_users) unless can_read_experiment_users?(@experiment)
|
||||
end
|
||||
|
||||
def load_user_assignment
|
||||
@user_assignment = @experiment.user_assignments.find(params.require(:id))
|
||||
end
|
||||
|
||||
def load_user_assignment_for_managing
|
||||
raise PermissionError.new(Experiment, :manage) unless can_manage_experiment?(@experiment)
|
||||
raise PermissionError.new(Experiment, :manage_users) unless can_manage_experiment_users?(@experiment)
|
||||
end
|
||||
|
||||
def user_assignment_params
|
||||
|
|
|
@ -5,6 +5,7 @@ module Api
|
|||
class ProjectCommentsController < BaseController
|
||||
before_action :load_team
|
||||
before_action :load_project
|
||||
before_action :check_read_permissions
|
||||
before_action :load_project_comment, only: :show
|
||||
|
||||
def index
|
||||
|
@ -26,6 +27,10 @@ module Api
|
|||
|
||||
private
|
||||
|
||||
def check_read_permissions
|
||||
raise PermissionError.new(Project, :read_comments) unless can_read_project_comments?(@project)
|
||||
end
|
||||
|
||||
def load_project_comment
|
||||
@project_comment = @project.project_comments.find(params.require(:id))
|
||||
end
|
||||
|
|
|
@ -5,6 +5,7 @@ module Api
|
|||
class ProjectUserAssignmentsController < BaseController
|
||||
before_action :load_team
|
||||
before_action :load_project
|
||||
before_action :check_read_permissions
|
||||
before_action :load_user_assignment, only: %i(show update destroy)
|
||||
before_action :load_user_project_for_managing, only: %i(show update destroy)
|
||||
|
||||
|
@ -26,7 +27,7 @@ module Api
|
|||
end
|
||||
|
||||
def create
|
||||
raise PermissionError.new(Project, :manage) unless can_manage_project?(@project)
|
||||
raise PermissionError.new(Project, :manage) unless can_manage_project_users?(@project)
|
||||
|
||||
# internally we reuse the same logic as for user project assignment
|
||||
user = @team.users.find(user_project_params[:user_id])
|
||||
|
@ -62,12 +63,16 @@ module Api
|
|||
|
||||
private
|
||||
|
||||
def check_read_permissions
|
||||
raise PermissionError.new(Project, :read_users) unless can_read_project_users?(@project)
|
||||
end
|
||||
|
||||
def load_user_assignment
|
||||
@user_assignment = @project.user_assignments.find(params.require(:id))
|
||||
end
|
||||
|
||||
def load_user_project_for_managing
|
||||
raise PermissionError.new(Project, :manage) unless can_manage_project?(@project)
|
||||
raise PermissionError.new(Project, :manage_users) unless can_manage_project_users?(@project)
|
||||
end
|
||||
|
||||
def user_project_params
|
||||
|
|
|
@ -7,6 +7,7 @@ module Api
|
|||
before_action :load_project
|
||||
before_action :load_experiment
|
||||
before_action :load_task
|
||||
before_action :check_read_permissions
|
||||
before_action :load_user_assignment, only: %i(update show)
|
||||
before_action :load_user_assignment_for_managing, only: %i(update show)
|
||||
|
||||
|
@ -50,12 +51,16 @@ module Api
|
|||
|
||||
private
|
||||
|
||||
def check_read_permissions
|
||||
raise PermissionError.new(MyModule, :read_users) unless can_read_my_module_users?(@task)
|
||||
end
|
||||
|
||||
def load_user_assignment
|
||||
@user_assignment = @task.user_assignments.find(params.require(:id))
|
||||
end
|
||||
|
||||
def load_user_assignment_for_managing
|
||||
raise PermissionError.new(MyModule, :manage) unless can_manage_my_module?(@task)
|
||||
raise PermissionError.new(MyModule, :manage_users) unless can_manage_my_module_users?(@task)
|
||||
end
|
||||
|
||||
def user_assignment_params
|
||||
|
|
|
@ -34,7 +34,7 @@ module Api
|
|||
end
|
||||
|
||||
def create
|
||||
raise PermissionError.new(MyModule, :create) unless can_manage_experiment?(@experiment)
|
||||
raise PermissionError.new(MyModule, :create) unless can_manage_experiment_tasks?(@experiment)
|
||||
|
||||
my_module = @experiment.my_modules.create!(task_params_create.merge(created_by: current_user))
|
||||
|
||||
|
|
|
@ -107,8 +107,12 @@ Canaid::Permissions.register_for(MyModule) do
|
|||
my_module.permission_granted?(user, MyModulePermissions::STEPS_COMMENTS_CREATE)
|
||||
end
|
||||
|
||||
can :read_my_module_users do |user, my_module|
|
||||
my_module.permission_granted?(user, MyModulePermissions::USERS_READ)
|
||||
end
|
||||
|
||||
can :manage_my_module_users do |user, my_module|
|
||||
my_module.permission_granted?(user, MyModulePermissions::MANAGE)
|
||||
my_module.permission_granted?(user, MyModulePermissions::USERS_MANAGE)
|
||||
end
|
||||
|
||||
can :restore_my_module do |user, my_module|
|
||||
|
|
|
@ -62,6 +62,10 @@ Canaid::Permissions.register_for(Project) do
|
|||
project.permission_granted?(user, ProjectPermissions::EXPERIMENTS_CREATE)
|
||||
end
|
||||
|
||||
can :read_project_comments do |user, project|
|
||||
project.permission_granted?(user, ProjectPermissions::COMMENTS_READ)
|
||||
end
|
||||
|
||||
can :create_project_comments do |user, project|
|
||||
project.permission_granted?(user, ProjectPermissions::COMMENTS_CREATE)
|
||||
end
|
||||
|
|
|
@ -60,6 +60,7 @@ module PermissionExtends
|
|||
STEPS_COMMENTS_UPDATE_OWN
|
||||
REPOSITORY_ROWS_ASSIGN
|
||||
REPOSITORY_ROWS_MANAGE
|
||||
USERS_READ
|
||||
USERS_MANAGE
|
||||
).each { |permission| const_set(permission, "task_#{permission.underscore}") }
|
||||
end
|
||||
|
@ -123,7 +124,8 @@ module PermissionExtends
|
|||
MyModulePermissions::STEPS_COMMENTS_DELETE_OWN,
|
||||
MyModulePermissions::STEPS_COMMENTS_UPDATE_OWN,
|
||||
MyModulePermissions::REPOSITORY_ROWS_ASSIGN,
|
||||
MyModulePermissions::REPOSITORY_ROWS_MANAGE
|
||||
MyModulePermissions::REPOSITORY_ROWS_MANAGE,
|
||||
MyModulePermissions::USERS_READ
|
||||
]
|
||||
|
||||
TECHNICIAN_PERMISSIONS = [
|
||||
|
@ -154,7 +156,8 @@ module PermissionExtends
|
|||
MyModulePermissions::STEPS_COMMENTS_DELETE_OWN,
|
||||
MyModulePermissions::STEPS_COMMENTS_UPDATE_OWN,
|
||||
MyModulePermissions::REPOSITORY_ROWS_ASSIGN,
|
||||
MyModulePermissions::REPOSITORY_ROWS_MANAGE
|
||||
MyModulePermissions::REPOSITORY_ROWS_MANAGE,
|
||||
MyModulePermissions::USERS_READ
|
||||
]
|
||||
|
||||
VIEWER_PERMISSIONS = [
|
||||
|
@ -169,6 +172,7 @@ module PermissionExtends
|
|||
ExperimentPermissions::ACTIVITIES_READ,
|
||||
ExperimentPermissions::USERS_READ,
|
||||
MyModulePermissions::READ,
|
||||
MyModulePermissions::USERS_READ,
|
||||
MyModulePermissions::ACTIVITIES_READ
|
||||
]
|
||||
end
|
||||
|
|
|
@ -0,0 +1,97 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::AssetsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
id: 1
|
||||
},
|
||||
update: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
id: 1
|
||||
},
|
||||
create: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
},
|
||||
destroy: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
id: 1
|
||||
},
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user,
|
||||
step: true,
|
||||
step_asset: true
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
step_id: step.id,
|
||||
id: step_asset.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :post, :create do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
step_id: step.id,
|
||||
id: step_asset.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,139 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::ChecklistItemsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
checklist_id: 1,
|
||||
id: 1
|
||||
},
|
||||
update: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
checklist_id: 1,
|
||||
id: 1
|
||||
},
|
||||
create: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
checklist_id: 1
|
||||
},
|
||||
destroy: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
checklist_id: 1,
|
||||
id: 1
|
||||
},
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
checklist_id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user,
|
||||
step: true,
|
||||
checklist: true
|
||||
}
|
||||
|
||||
let(:checklist_item) { create(:checklist_item, checklist: checklist) }
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
step_id: step.id,
|
||||
checklist_id: checklist.id,
|
||||
id: checklist_item.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :put, :update do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
step_id: step.id,
|
||||
checklist_id: checklist.id,
|
||||
id: checklist_item.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :delete, :destroy do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
step_id: step.id,
|
||||
checklist_id: checklist.id,
|
||||
id: checklist_item.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :post, :create do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
step_id: step.id,
|
||||
checklist_id: checklist.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,58 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::ConnectionsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user,
|
||||
my_modules: 2,
|
||||
connection: true
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :index do
|
||||
let(:testable) { experiment }
|
||||
let(:permissions) { [ExperimentPermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [ExperimentPermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
id: connection.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,82 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::ExperimentUserAssignmentsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
id: 1
|
||||
},
|
||||
update: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
id: 1
|
||||
},
|
||||
create: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :index do
|
||||
let(:testable) { experiment }
|
||||
let(:permissions) { [ExperimentPermissions::USERS_READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:user_assignment) { UserAssignment.find_by(assignable: experiment) }
|
||||
let(:testable) { experiment }
|
||||
let(:permissions) { [ExperimentPermissions::USERS_READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
id: user_assignment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :put, :update do
|
||||
let(:user_assignment) { UserAssignment.find_by(assignable: experiment) }
|
||||
let(:testable) { experiment }
|
||||
let(:permissions) { [ExperimentPermissions::USERS_MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
id: user_assignment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,95 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::ExperimentsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
id: 1
|
||||
},
|
||||
update: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
id: 1
|
||||
},
|
||||
create: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
},
|
||||
activities: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :index do
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { experiment }
|
||||
let(:permissions) { [ExperimentPermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
id: experiment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :post, :create do
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::EXPERIMENTS_CREATE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
data: {
|
||||
type: "experiments",
|
||||
attributes: {
|
||||
name: "test"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :put, :update do
|
||||
let(:testable) { experiment }
|
||||
let(:permissions) { [ExperimentPermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
id: experiment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,53 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::ProjectCommentsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user,
|
||||
project_comment: true
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :index do
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::COMMENTS_READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { experiment }
|
||||
let(:permissions) { [ProjectPermissions::COMMENTS_READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
id: project_comment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,113 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::ProjectUserAssignmentsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
id: 1
|
||||
},
|
||||
create: {
|
||||
team_id: 1,
|
||||
project_id: 1
|
||||
},
|
||||
update: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
id: 1
|
||||
},
|
||||
destroy: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :index do
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::USERS_READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:user_assignment) { UserAssignment.find_by(assignable: project) }
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::USERS_READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
id: user_assignment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :put, :update do
|
||||
let(:user_assignment) { UserAssignment.find_by(assignable: project) }
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::USERS_MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
id: user_assignment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :delete, :destroy do
|
||||
let(:user_assignment) { UserAssignment.find_by(assignable: project) }
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::USERS_MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
id: user_assignment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :post, :create do
|
||||
let(:user_assignment) { UserAssignment.find_by(assignable: project) }
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::USERS_MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
id: user_assignment.id,
|
||||
data: {
|
||||
type: "project_user_assignments",
|
||||
attributes: {
|
||||
user_id: 1,
|
||||
role_id: 1
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,87 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::ProjectsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
id: 1
|
||||
},
|
||||
update: {
|
||||
team_id: 1,
|
||||
id: 1
|
||||
},
|
||||
create: {
|
||||
team_id: 1
|
||||
},
|
||||
activities: {
|
||||
team_id: 1,
|
||||
project_id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :guest
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
id: project.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :post, :create do
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
data: {
|
||||
type: "projects",
|
||||
attributes: {
|
||||
name: "test"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :put, :update do
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
id: project.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :activities do
|
||||
let(:testable) { project }
|
||||
let(:permissions) { [ProjectPermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,86 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::ResultsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
show: {
|
||||
id: 1,
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1
|
||||
},
|
||||
update: {
|
||||
id: 1,
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1
|
||||
},
|
||||
index: {
|
||||
id: 1,
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1
|
||||
}
|
||||
}, [:create, :destroy],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user,
|
||||
result_text: true
|
||||
}
|
||||
|
||||
let!(:result) { result_text.result }
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
id: result.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :post, :create do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
id: result.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :put, :update do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
id: result.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
112
spec/permissions/controllers/api/v1/steps_controller_spec.rb
Normal file
112
spec/permissions/controllers/api/v1/steps_controller_spec.rb
Normal file
|
@ -0,0 +1,112 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::StepsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
show: {
|
||||
id: 1,
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
id: 1
|
||||
},
|
||||
update: {
|
||||
id: 1,
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
id: 1
|
||||
},
|
||||
create: {
|
||||
id: 1,
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1
|
||||
},
|
||||
destroy: {
|
||||
id: 1,
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
id: 1
|
||||
},
|
||||
index: {
|
||||
id: 1,
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user,
|
||||
step: true,
|
||||
result_text: true
|
||||
}
|
||||
|
||||
let!(:result) { result_text.result }
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
id: step.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :post, :create do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
id: step.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :put, :update do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
id: step.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
129
spec/permissions/controllers/api/v1/tables_controller_spec.rb
Normal file
129
spec/permissions/controllers/api/v1/tables_controller_spec.rb
Normal file
|
@ -0,0 +1,129 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::TablesController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
id: 1
|
||||
},
|
||||
update: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
id: 1
|
||||
},
|
||||
create: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
},
|
||||
destroy: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1,
|
||||
id: 1
|
||||
},
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
protocol_id: 1,
|
||||
step_id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user,
|
||||
step: true,
|
||||
step_table: true
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
step_id: step.id,
|
||||
id: step_table.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :put, :update do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
step_id: step.id,
|
||||
id: step_table.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :delete, :destroy do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
step_id: step.id,
|
||||
id: step_table.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :post, :create do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
protocol_id: step.protocol_id,
|
||||
step_id: step.id,
|
||||
id: step_table.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,57 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::TaskGroupsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user,
|
||||
my_module_group: true
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :index do
|
||||
let(:testable) { experiment }
|
||||
let(:permissions) { [ExperimentPermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [ExperimentPermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
id: my_module_group.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,61 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::TaskInventoryItemsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :index do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:user_assignment) { UserAssignment.find_by(assignable: my_module) }
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
id: 1
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,62 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::TaskTagsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user,
|
||||
my_module_tag: true
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :index do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:user_assignment) { UserAssignment.find_by(assignable: my_module) }
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
id: my_module_tag.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,89 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::TaskUserAssignmentsController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
id: 1
|
||||
},
|
||||
update: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1,
|
||||
id: 1
|
||||
},
|
||||
create: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :index do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::USERS_READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:user_assignment) { UserAssignment.find_by(assignable: my_module) }
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::USERS_READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
id: user_assignment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :put, :update do
|
||||
let(:user_assignment) { UserAssignment.find_by(assignable: my_module) }
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::USERS_MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id,
|
||||
id: user_assignment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
117
spec/permissions/controllers/api/v1/tasks_controller_spec.rb
Normal file
117
spec/permissions/controllers/api/v1/tasks_controller_spec.rb
Normal file
|
@ -0,0 +1,117 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe Api::V1::TasksController, type: :controller do
|
||||
include PermissionExtends
|
||||
|
||||
it_behaves_like "a controller with authentication", {
|
||||
index: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
},
|
||||
show: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
id: 1
|
||||
},
|
||||
update: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
id: 1
|
||||
},
|
||||
create: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
},
|
||||
activities: {
|
||||
team_id: 1,
|
||||
project_id: 1,
|
||||
experiment_id: 1,
|
||||
task_id: 1
|
||||
}
|
||||
}, [],
|
||||
:unauthorized
|
||||
|
||||
|
||||
describe 'permissions checking' do
|
||||
login_api_user
|
||||
|
||||
include_context 'reference_project_structure', {
|
||||
team_role: :normal_user
|
||||
}
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :index do
|
||||
let(:testable) { experiment }
|
||||
let(:permissions) { [ExperimentPermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :show do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
id: my_module.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :post, :create do
|
||||
let(:testable) { experiment }
|
||||
let(:permissions) { [ExperimentPermissions::TASKS_MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
data: {
|
||||
type: "experiments",
|
||||
attributes: {
|
||||
name: "test"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :put, :update do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::MANAGE] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
id: my_module.id
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
it_behaves_like "a controller action with permissions checking", :get, :activities do
|
||||
let(:testable) { my_module }
|
||||
let(:permissions) { [MyModulePermissions::READ] }
|
||||
let(:action_params) {
|
||||
{
|
||||
team_id: team.id,
|
||||
project_id: project.id,
|
||||
experiment_id: experiment.id,
|
||||
task_id: my_module.id
|
||||
}
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
|
@ -106,8 +106,8 @@ RSpec.describe "Api::V1::ProjectUserAssignmentsController", type: :request do
|
|||
}
|
||||
end
|
||||
|
||||
it 'creates new user project and user assignment' do
|
||||
expect { action }.to change { UserAssignment.count }.by(1).and(change { UserProject.count }.by(1))
|
||||
it 'creates new user assignment' do
|
||||
expect { action }.to change { UserAssignment.count }.by(1)
|
||||
end
|
||||
|
||||
it 'returns status 201' do
|
||||
|
|
|
@ -7,4 +7,18 @@ module ControllerMacros
|
|||
sign_in user
|
||||
end
|
||||
end
|
||||
|
||||
def login_api_user
|
||||
before(:each) do
|
||||
user = create :user
|
||||
user.confirm
|
||||
|
||||
@request.headers.merge!({
|
||||
'Authorization': 'Bearer ' + Api::CoreJwt.encode(sub: user.id),
|
||||
'Content-Type': 'application/json'
|
||||
})
|
||||
|
||||
subject.send(:authenticate_request!)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
|
||||
RSpec.shared_context 'reference_project_structure' do |config|
|
||||
config ||= {}
|
||||
|
||||
let!(:user) { subject.current_user }
|
||||
let!(:role) do
|
||||
if config[:role]
|
||||
|
@ -34,8 +35,14 @@ RSpec.shared_context 'reference_project_structure' do |config|
|
|||
let!(:my_module) { create :my_module, experiment: experiment, created_by: user } unless config[:skip_my_module]
|
||||
let!(:my_modules) { create_list :my_module, config[:my_modules], experiment: experiment } if config[:my_modules]
|
||||
|
||||
let(:tag) { create :tag, project: project} if config[:tag]
|
||||
let(:tags) { create_list :tag, config[:tags], project: project} if config[:tags]
|
||||
let!(:connection) { create :connection, input_id: my_modules.first.id, output_id: my_modules.last.id } if config[:connection]
|
||||
|
||||
let!(:my_module_group) do
|
||||
create :my_module_group, experiment: experiment, created_by: user, my_modules: [my_module]
|
||||
end if config[:my_module_group]
|
||||
|
||||
let(:tag) { create :tag, project: project} if config[:tag] || config[:my_module_tag]
|
||||
let(:tags) { create_list :tag, config[:tags], project: project} if config[:tags] || config[:my_module_tags]
|
||||
|
||||
let(:project_comment) { create :project_comment, project: project, user: user } if config[:project_comment]
|
||||
let(:project_comments) { create_list :project_comment, config[:project_comments], project: project, user: user } if config[:project_comments]
|
||||
|
@ -43,15 +50,20 @@ RSpec.shared_context 'reference_project_structure' do |config|
|
|||
let(:my_module_comment) { create :task_comment, my_module: my_module, user: user } if config[:my_module_comment]
|
||||
let(:my_module_comments) { create_list :task_comment, config[:my_module_comments], my_module: my_module, user: user } if config[:my_module_comments]
|
||||
|
||||
let(:my_module_tag) { create :my_module_tag, my_module: my_module, tag: tag } if config[:my_module_tag]
|
||||
let(:my_module_tags) do
|
||||
tags.map { |t| create(:my_module_tag, my_module: my_module, tag: t) }
|
||||
end if config[:my_module_tags]
|
||||
|
||||
if config[:step]
|
||||
let(:step) { create :step, protocol: my_module.protocol, user: user}
|
||||
let(:step_comment) { create :step_comment, step: step, user: user} if config[:step_comment]
|
||||
let(:step_comments) { create_list :step_comment, config[:step_comments], step: step, user: user} if config[:step_comments]
|
||||
|
||||
[:step_asset, :step_table, :step_checklist].each do |step_component|
|
||||
[:step_asset, :step_table, :checklist].each do |step_component|
|
||||
let(step_component) { create step_component, step: step } if config[step_component]
|
||||
end
|
||||
[:step_assets, :step_tables, :step_checklists].each do |step_components|
|
||||
[:step_assets, :step_tables, :checklists].each do |step_components|
|
||||
let(step_components) { create_list step_components, config[step_components], step: step } if config[step_components]
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
require 'rails_helper'
|
||||
|
||||
RSpec.shared_examples 'a controller action with permissions checking' do |verb, action|
|
||||
|
||||
describe 'controller action' do
|
||||
context 'user without permissions' do
|
||||
it "returns forbidden response for action :#{action}" do
|
||||
|
|
|
@ -2,18 +2,18 @@
|
|||
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.shared_examples 'a controller with authentication' do |actions_with_params, actions_to_skip|
|
||||
RSpec.shared_examples 'a controller with authentication' do |actions_with_params, actions_to_skip, custom_response|
|
||||
let (:protected_actions) { described_class.instance_methods(false) - (actions_to_skip || []) }
|
||||
|
||||
describe 'controller actions' do
|
||||
context 'unauthenticated user' do
|
||||
it 'returns forbidden response for all actions' do
|
||||
it "returns #{custom_response || :forbidden} response for all actions" do
|
||||
sign_out :user
|
||||
actions_with_params ||= {}
|
||||
protected_actions.each do |action|
|
||||
params = actions_with_params[action]
|
||||
get action, params: params
|
||||
expect(response).to have_http_status(:forbidden).or redirect_to('/users/sign_in')
|
||||
expect(response).to have_http_status(custom_response || :forbidden).or redirect_to('/users/sign_in')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue