From 232389f4e8ebaffd125985ce63439cea407e85d5 Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Sat, 25 Aug 2012 13:43:55 -0400 Subject: [PATCH] Clean up request specs --- spec/requests/admin/security_spec.rb | 24 +- spec/requests/api/issues_spec.rb | 14 +- spec/requests/api/projects_spec.rb | 35 ++- spec/requests/api/users_spec.rb | 8 +- spec/requests/security/profile_access_spec.rb | 30 ++- spec/requests/security/project_access_spec.rb | 230 ++++++++++-------- 6 files changed, 191 insertions(+), 150 deletions(-) diff --git a/spec/requests/admin/security_spec.rb b/spec/requests/admin/security_spec.rb index 0c369740..63068326 100644 --- a/spec/requests/admin/security_spec.rb +++ b/spec/requests/admin/security_spec.rb @@ -2,20 +2,26 @@ require 'spec_helper' describe "Admin::Projects" do describe "GET /admin/projects" do - it { admin_projects_path.should be_allowed_for :admin } - it { admin_projects_path.should be_denied_for :user } - it { admin_projects_path.should be_denied_for :visitor } + subject { admin_projects_path } + + it { should be_allowed_for :admin } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /admin/users" do - it { admin_users_path.should be_allowed_for :admin } - it { admin_users_path.should be_denied_for :user } - it { admin_users_path.should be_denied_for :visitor } + subject { admin_users_path } + + it { should be_allowed_for :admin } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /admin/hooks" do - it { admin_hooks_path.should be_allowed_for :admin } - it { admin_hooks_path.should be_denied_for :user } - it { admin_hooks_path.should be_denied_for :visitor } + subject { admin_hooks_path } + + it { should be_allowed_for :admin } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end end diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb index 4701ca2f..c00a056d 100644 --- a/spec/requests/api/issues_spec.rb +++ b/spec/requests/api/issues_spec.rb @@ -10,13 +10,13 @@ describe Gitlab::API do describe "GET /issues" do it "should return authentication error" do - get "#{api_prefix}/issues" + get api("/issues") response.status.should == 401 end describe "authenticated GET /issues" do it "should return an array of issues" do - get "#{api_prefix}/issues?private_token=#{user.private_token}" + get api("/issues", user) response.status.should == 200 json_response.should be_an Array json_response.first['title'].should == issue.title @@ -26,7 +26,7 @@ describe Gitlab::API do describe "GET /projects/:id/issues" do it "should return project issues" do - get "#{api_prefix}/projects/#{project.code}/issues?private_token=#{user.private_token}" + get api("/projects/#{project.code}/issues", user) response.status.should == 200 json_response.should be_an Array json_response.first['title'].should == issue.title @@ -35,7 +35,7 @@ describe Gitlab::API do describe "GET /projects/:id/issues/:issue_id" do it "should return a project issue by id" do - get "#{api_prefix}/projects/#{project.code}/issues/#{issue.id}?private_token=#{user.private_token}" + get api("/projects/#{project.code}/issues/#{issue.id}", user) response.status.should == 200 json_response['title'].should == issue.title end @@ -43,7 +43,7 @@ describe Gitlab::API do describe "POST /projects/:id/issues" do it "should create a new project issue" do - post "#{api_prefix}/projects/#{project.code}/issues?private_token=#{user.private_token}", + post api("/projects/#{project.code}/issues", user), title: 'new issue', labels: 'label, label2' response.status.should == 201 json_response['title'].should == 'new issue' @@ -54,7 +54,7 @@ describe Gitlab::API do describe "PUT /projects/:id/issues/:issue_id" do it "should update a project issue" do - put "#{api_prefix}/projects/#{project.code}/issues/#{issue.id}?private_token=#{user.private_token}", + put api("/projects/#{project.code}/issues/#{issue.id}", user), title: 'updated title', labels: 'label2', closed: 1 response.status.should == 200 json_response['title'].should == 'updated title' @@ -66,7 +66,7 @@ describe Gitlab::API do describe "DELETE /projects/:id/issues/:issue_id" do it "should delete a project issue" do expect { - delete "#{api_prefix}/projects/#{project.code}/issues/#{issue.id}?private_token=#{user.private_token}" + delete api("/projects/#{project.code}/issues/#{issue.id}", user) }.to change { Issue.count }.by(-1) end end diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb index a721ab3a..0cbc12af 100644 --- a/spec/requests/api/projects_spec.rb +++ b/spec/requests/api/projects_spec.rb @@ -10,13 +10,13 @@ describe Gitlab::API do describe "GET /projects" do it "should return authentication error" do - get "#{api_prefix}/projects" + get api("/projects") response.status.should == 401 end describe "authenticated GET /projects" do it "should return an array of projects" do - get "#{api_prefix}/projects?private_token=#{user.private_token}" + get api("/projects", user) response.status.should == 200 json_response.should be_an Array json_response.first['name'].should == project.name @@ -27,20 +27,20 @@ describe Gitlab::API do describe "GET /projects/:id" do it "should return a project by id" do - get "#{api_prefix}/projects/#{project.id}?private_token=#{user.private_token}" + get api("/projects/#{project.id}", user) response.status.should == 200 json_response['name'].should == project.name json_response['owner']['email'].should == user.email end it "should return a project by code name" do - get "#{api_prefix}/projects/#{project.code}?private_token=#{user.private_token}" + get api("/projects/#{project.code}", user) response.status.should == 200 json_response['name'].should == project.name end it "should return a 404 error if not found" do - get "#{api_prefix}/projects/42?private_token=#{user.private_token}" + get api("/projects/42", user) response.status.should == 404 json_response['message'].should == '404 Not found' end @@ -48,7 +48,7 @@ describe Gitlab::API do describe "GET /projects/:id/repository/branches" do it "should return an array of project branches" do - get "#{api_prefix}/projects/#{project.code}/repository/branches?private_token=#{user.private_token}" + get api("/projects/#{project.code}/repository/branches", user) response.status.should == 200 json_response.should be_an Array json_response.first['name'].should == project.repo.heads.sort_by(&:name).first.name @@ -57,7 +57,7 @@ describe Gitlab::API do describe "GET /projects/:id/repository/branches/:branch" do it "should return the branch information for a single branch" do - get "#{api_prefix}/projects/#{project.code}/repository/branches/new_design?private_token=#{user.private_token}" + get api("/projects/#{project.code}/repository/branches/new_design", user) response.status.should == 200 json_response['name'].should == 'new_design' @@ -67,7 +67,7 @@ describe Gitlab::API do describe "GET /projects/:id/repository/tags" do it "should return an array of project tags" do - get "#{api_prefix}/projects/#{project.code}/repository/tags?private_token=#{user.private_token}" + get api("/projects/#{project.code}/repository/tags", user) response.status.should == 200 json_response.should be_an Array json_response.first['name'].should == project.repo.tags.sort_by(&:name).reverse.first.name @@ -76,7 +76,7 @@ describe Gitlab::API do describe "GET /projects/:id/snippets/:snippet_id" do it "should return a project snippet" do - get "#{api_prefix}/projects/#{project.code}/snippets/#{snippet.id}?private_token=#{user.private_token}" + get api("/projects/#{project.code}/snippets/#{snippet.id}", user) response.status.should == 200 json_response['title'].should == snippet.title end @@ -84,7 +84,7 @@ describe Gitlab::API do describe "POST /projects/:id/snippets" do it "should create a new project snippet" do - post "#{api_prefix}/projects/#{project.code}/snippets?private_token=#{user.private_token}", + post api("/projects/#{project.code}/snippets", user), title: 'api test', file_name: 'sample.rb', code: 'test' response.status.should == 201 json_response['title'].should == 'api test' @@ -93,7 +93,7 @@ describe Gitlab::API do describe "PUT /projects/:id/snippets" do it "should update an existing project snippet" do - put "#{api_prefix}/projects/#{project.code}/snippets/#{snippet.id}?private_token=#{user.private_token}", + put api("/projects/#{project.code}/snippets/#{snippet.id}", user), code: 'updated code' response.status.should == 200 json_response['title'].should == 'example' @@ -104,34 +104,31 @@ describe Gitlab::API do describe "DELETE /projects/:id/snippets/:snippet_id" do it "should delete existing project snippet" do expect { - delete "#{api_prefix}/projects/#{project.code}/snippets/#{snippet.id}?private_token=#{user.private_token}" + delete api("/projects/#{project.code}/snippets/#{snippet.id}", user) }.to change { Snippet.count }.by(-1) end end describe "GET /projects/:id/snippets/:snippet_id/raw" do it "should get a raw project snippet" do - get "#{api_prefix}/projects/#{project.code}/snippets/#{snippet.id}/raw?private_token=#{user.private_token}" + get api("/projects/#{project.code}/snippets/#{snippet.id}/raw", user) response.status.should == 200 end end describe "GET /projects/:id/:sha/blob" do it "should get the raw file contents" do - get "#{api_prefix}/projects/#{project.code}/repository/commits/master/blob?filepath=README.md&private_token=#{user.private_token}" - + get api("/projects/#{project.code}/repository/commits/master/blob?filepath=README.md", user) response.status.should == 200 end it "should return 404 for invalid branch_name" do - get "#{api_prefix}/projects/#{project.code}/repository/commits/invalid_branch_name/blob?filepath=README.md&private_token=#{user.private_token}" - + get api("/projects/#{project.code}/repository/commits/invalid_branch_name/blob?filepath=README.md", user) response.status.should == 404 end it "should return 404 for invalid file" do - get "#{api_prefix}/projects/#{project.code}/repository/commits/master/blob?filepath=README.invalid&private_token=#{user.private_token}" - + get api("/projects/#{project.code}/repository/commits/master/blob?filepath=README.invalid", user) response.status.should == 404 end end diff --git a/spec/requests/api/users_spec.rb b/spec/requests/api/users_spec.rb index fcfea131..d791962a 100644 --- a/spec/requests/api/users_spec.rb +++ b/spec/requests/api/users_spec.rb @@ -7,13 +7,13 @@ describe Gitlab::API do describe "GET /users" do it "should return authentication error" do - get "#{api_prefix}/users" + get api("/users") response.status.should == 401 end describe "authenticated GET /users" do it "should return an array of users" do - get "#{api_prefix}/users?private_token=#{user.private_token}" + get api("/users", user) response.status.should == 200 json_response.should be_an Array json_response.first['email'].should == user.email @@ -23,7 +23,7 @@ describe Gitlab::API do describe "GET /users/:id" do it "should return a user by id" do - get "#{api_prefix}/users/#{user.id}?private_token=#{user.private_token}" + get api("/users/#{user.id}", user) response.status.should == 200 json_response['email'].should == user.email end @@ -31,7 +31,7 @@ describe Gitlab::API do describe "GET /user" do it "should return current user" do - get "#{api_prefix}/user?private_token=#{user.private_token}" + get api("/user", user) response.status.should == 200 json_response['email'].should == user.email end diff --git a/spec/requests/security/profile_access_spec.rb b/spec/requests/security/profile_access_spec.rb index b8ed27f0..9f6fe6a2 100644 --- a/spec/requests/security/profile_access_spec.rb +++ b/spec/requests/security/profile_access_spec.rb @@ -11,24 +11,30 @@ describe "Users Security" do end describe "GET /keys" do - it { keys_path.should be_allowed_for @u1 } - it { keys_path.should be_allowed_for :admin } - it { keys_path.should be_allowed_for :user } - it { keys_path.should be_denied_for :visitor } + subject { keys_path } + + it { should be_allowed_for @u1 } + it { should be_allowed_for :admin } + it { should be_allowed_for :user } + it { should be_denied_for :visitor } end describe "GET /profile" do - it { profile_path.should be_allowed_for @u1 } - it { profile_path.should be_allowed_for :admin } - it { profile_path.should be_allowed_for :user } - it { profile_path.should be_denied_for :visitor } + subject { profile_path } + + it { should be_allowed_for @u1 } + it { should be_allowed_for :admin } + it { should be_allowed_for :user } + it { should be_denied_for :visitor } end describe "GET /profile/password" do - it { profile_password_path.should be_allowed_for @u1 } - it { profile_password_path.should be_allowed_for :admin } - it { profile_password_path.should be_allowed_for :user } - it { profile_password_path.should be_denied_for :visitor } + subject { profile_password_path } + + it { should be_allowed_for @u1 } + it { should be_allowed_for :admin } + it { should be_allowed_for :user } + it { should be_denied_for :visitor } end end end diff --git a/spec/requests/security/project_access_spec.rb b/spec/requests/security/project_access_spec.rb index d503cf85..0cdf43bf 100644 --- a/spec/requests/security/project_access_spec.rb +++ b/spec/requests/security/project_access_spec.rb @@ -26,64 +26,76 @@ describe "Application access" do end describe "GET /project_code" do - it { project_path(@project).should be_allowed_for @u1 } - it { project_path(@project).should be_allowed_for @u3 } - it { project_path(@project).should be_denied_for :admin } - it { project_path(@project).should be_denied_for @u2 } - it { project_path(@project).should be_denied_for :user } - it { project_path(@project).should be_denied_for :visitor } + subject { project_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/master/tree" do - it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u1 } - it { tree_project_ref_path(@project, @project.root_ref).should be_allowed_for @u3 } - it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :admin } - it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for @u2 } - it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :user } - it { tree_project_ref_path(@project, @project.root_ref).should be_denied_for :visitor } + subject { tree_project_ref_path(@project, @project.root_ref) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/commits" do - it { project_commits_path(@project).should be_allowed_for @u1 } - it { project_commits_path(@project).should be_allowed_for @u3 } - it { project_commits_path(@project).should be_denied_for :admin } - it { project_commits_path(@project).should be_denied_for @u2 } - it { project_commits_path(@project).should be_denied_for :user } - it { project_commits_path(@project).should be_denied_for :visitor } + subject { project_commits_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/commit" do - it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u1 } - it { project_commit_path(@project, @project.commit.id).should be_allowed_for @u3 } - it { project_commit_path(@project, @project.commit.id).should be_denied_for :admin } - it { project_commit_path(@project, @project.commit.id).should be_denied_for @u2 } - it { project_commit_path(@project, @project.commit.id).should be_denied_for :user } - it { project_commit_path(@project, @project.commit.id).should be_denied_for :visitor } + subject { project_commit_path(@project, @project.commit.id) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/team" do - it { team_project_path(@project).should be_allowed_for @u1 } - it { team_project_path(@project).should be_allowed_for @u3 } - it { team_project_path(@project).should be_denied_for :admin } - it { team_project_path(@project).should be_denied_for @u2 } - it { team_project_path(@project).should be_denied_for :user } - it { team_project_path(@project).should be_denied_for :visitor } + subject { team_project_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/wall" do - it { wall_project_path(@project).should be_allowed_for @u1 } - it { wall_project_path(@project).should be_allowed_for @u3 } - it { wall_project_path(@project).should be_denied_for :admin } - it { wall_project_path(@project).should be_denied_for @u2 } - it { wall_project_path(@project).should be_denied_for :user } - it { wall_project_path(@project).should be_denied_for :visitor } + subject { wall_project_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/blob" do before do - @commit = @project.commit - @path = @commit.tree.contents.select { |i| i.is_a?(Grit::Blob)}.first.name - @blob_path = blob_project_ref_path(@project, @commit.id, path: @path) + commit = @project.commit + path = commit.tree.contents.select { |i| i.is_a?(Grit::Blob)}.first.name + @blob_path = blob_project_ref_path(@project, commit.id, path: path) end it { @blob_path.should be_allowed_for @u1 } @@ -95,93 +107,113 @@ describe "Application access" do end describe "GET /project_code/edit" do - it { edit_project_path(@project).should be_allowed_for @u1 } - it { edit_project_path(@project).should be_denied_for @u3 } - it { edit_project_path(@project).should be_denied_for :admin } - it { edit_project_path(@project).should be_denied_for @u2 } - it { edit_project_path(@project).should be_denied_for :user } - it { edit_project_path(@project).should be_denied_for :visitor } + subject { edit_project_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_denied_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/deploy_keys" do - it { project_deploy_keys_path(@project).should be_allowed_for @u1 } - it { project_deploy_keys_path(@project).should be_denied_for @u3 } - it { project_deploy_keys_path(@project).should be_denied_for :admin } - it { project_deploy_keys_path(@project).should be_denied_for @u2 } - it { project_deploy_keys_path(@project).should be_denied_for :user } - it { project_deploy_keys_path(@project).should be_denied_for :visitor } + subject { project_deploy_keys_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_denied_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/issues" do - it { project_issues_path(@project).should be_allowed_for @u1 } - it { project_issues_path(@project).should be_allowed_for @u3 } - it { project_issues_path(@project).should be_denied_for :admin } - it { project_issues_path(@project).should be_denied_for @u2 } - it { project_issues_path(@project).should be_denied_for :user } - it { project_issues_path(@project).should be_denied_for :visitor } + subject { project_issues_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/snippets" do - it { project_snippets_path(@project).should be_allowed_for @u1 } - it { project_snippets_path(@project).should be_allowed_for @u3 } - it { project_snippets_path(@project).should be_denied_for :admin } - it { project_snippets_path(@project).should be_denied_for @u2 } - it { project_snippets_path(@project).should be_denied_for :user } - it { project_snippets_path(@project).should be_denied_for :visitor } + subject { project_snippets_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/merge_requests" do - it { project_merge_requests_path(@project).should be_allowed_for @u1 } - it { project_merge_requests_path(@project).should be_allowed_for @u3 } - it { project_merge_requests_path(@project).should be_denied_for :admin } - it { project_merge_requests_path(@project).should be_denied_for @u2 } - it { project_merge_requests_path(@project).should be_denied_for :user } - it { project_merge_requests_path(@project).should be_denied_for :visitor } + subject { project_merge_requests_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/repository" do - it { project_repository_path(@project).should be_allowed_for @u1 } - it { project_repository_path(@project).should be_allowed_for @u3 } - it { project_repository_path(@project).should be_denied_for :admin } - it { project_repository_path(@project).should be_denied_for @u2 } - it { project_repository_path(@project).should be_denied_for :user } - it { project_repository_path(@project).should be_denied_for :visitor } + subject { project_repository_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/repository/branches" do - it { branches_project_repository_path(@project).should be_allowed_for @u1 } - it { branches_project_repository_path(@project).should be_allowed_for @u3 } - it { branches_project_repository_path(@project).should be_denied_for :admin } - it { branches_project_repository_path(@project).should be_denied_for @u2 } - it { branches_project_repository_path(@project).should be_denied_for :user } - it { branches_project_repository_path(@project).should be_denied_for :visitor } + subject { branches_project_repository_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/repository/tags" do - it { tags_project_repository_path(@project).should be_allowed_for @u1 } - it { tags_project_repository_path(@project).should be_allowed_for @u3 } - it { tags_project_repository_path(@project).should be_denied_for :admin } - it { tags_project_repository_path(@project).should be_denied_for @u2 } - it { tags_project_repository_path(@project).should be_denied_for :user } - it { tags_project_repository_path(@project).should be_denied_for :visitor } + subject { tags_project_repository_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/hooks" do - it { project_hooks_path(@project).should be_allowed_for @u1 } - it { project_hooks_path(@project).should be_allowed_for @u3 } - it { project_hooks_path(@project).should be_denied_for :admin } - it { project_hooks_path(@project).should be_denied_for @u2 } - it { project_hooks_path(@project).should be_denied_for :user } - it { project_hooks_path(@project).should be_denied_for :visitor } + subject { project_hooks_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end describe "GET /project_code/files" do - it { files_project_path(@project).should be_allowed_for @u1 } - it { files_project_path(@project).should be_allowed_for @u3 } - it { files_project_path(@project).should be_denied_for :admin } - it { files_project_path(@project).should be_denied_for @u2 } - it { files_project_path(@project).should be_denied_for :user } - it { files_project_path(@project).should be_denied_for :visitor } + subject { files_project_path(@project) } + + it { should be_allowed_for @u1 } + it { should be_allowed_for @u3 } + it { should be_denied_for :admin } + it { should be_denied_for @u2 } + it { should be_denied_for :user } + it { should be_denied_for :visitor } end end end