343 lines
9.8 KiB
Ruby
343 lines
9.8 KiB
Ruby
# frozen_sTring_literal: true
|
|
|
|
require "spec_helper"
|
|
|
|
describe Api::V1::AspectsController do
|
|
let(:auth) {
|
|
FactoryGirl.create(
|
|
:auth_with_default_scopes,
|
|
scopes: %w[openid contacts:read contacts:modify]
|
|
)
|
|
}
|
|
|
|
let(:auth_read_only) {
|
|
FactoryGirl.create(
|
|
:auth_with_default_scopes,
|
|
scopes: %w[openid contacts:read]
|
|
)
|
|
}
|
|
|
|
let(:auth_minimum_scopes) {
|
|
FactoryGirl.create(:auth_with_default_scopes)
|
|
}
|
|
|
|
let!(:access_token) { auth.create_access_token.to_s }
|
|
let!(:access_token_read_only) { auth_read_only.create_access_token.to_s }
|
|
let!(:access_token_minimum_scopes) { auth_minimum_scopes.create_access_token.to_s }
|
|
let(:invalid_token) { SecureRandom.hex(9) }
|
|
|
|
before do
|
|
@aspect1 = auth.user.aspects.create(name: "first aspect")
|
|
@aspect2 = auth.user.aspects.create(name: "second aspect")
|
|
end
|
|
|
|
describe "#index" do
|
|
it "returns list of aspects" do
|
|
get(
|
|
api_v1_aspects_path,
|
|
params: {access_token: access_token}
|
|
)
|
|
expect(response.status).to eq(200)
|
|
aspects = response_body_data(response)
|
|
expect(aspects.length).to eq(auth.user.aspects.length)
|
|
aspects.each do |aspect|
|
|
found_aspect = auth.user.aspects.find_by(id: aspect["id"])
|
|
expect(aspect["name"]).to eq(found_aspect.name)
|
|
expect(aspect["order"]).to eq(found_aspect.order_id)
|
|
end
|
|
end
|
|
|
|
context "without impromper credentials" do
|
|
it "fails if token doesn't have contacts:read" do
|
|
get(
|
|
api_v1_aspects_path,
|
|
params: {access_token: access_token_minimum_scopes}
|
|
)
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "fails if invalid token" do
|
|
get(
|
|
api_v1_aspects_path,
|
|
params: {access_token: invalid_token}
|
|
)
|
|
expect(response.status).to eq(401)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#show" do
|
|
context "with correct id" do
|
|
it "returns aspect" do
|
|
get(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {access_token: access_token}
|
|
)
|
|
expect(response.status).to eq(200)
|
|
aspect = JSON.parse(response.body)
|
|
expect(aspect["id"]).to eq(@aspect2.id)
|
|
expect(aspect["name"]).to eq(@aspect2.name)
|
|
expect(aspect["order"]).to eq(@aspect2.order_id)
|
|
expect(aspect["chat_enabled"]).to eq(@aspect2.chat_enabled)
|
|
end
|
|
end
|
|
|
|
context "with incorrect id" do
|
|
it "fails to return with error" do
|
|
get(
|
|
api_v1_aspect_path("-1"),
|
|
params: {access_token: access_token}
|
|
)
|
|
expect(response.status).to eq(404)
|
|
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.not_found"))
|
|
end
|
|
end
|
|
|
|
context "without impromper credentials" do
|
|
it "fails without contacts:read in token" do
|
|
get(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {access_token: access_token_minimum_scopes}
|
|
)
|
|
expect(response.status).to eq(403)
|
|
end
|
|
|
|
it "fails when not logged in" do
|
|
get(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {access_token: invalid_token}
|
|
)
|
|
expect(response.status).to eq(401)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#create" do
|
|
context "with full aspect settings" do
|
|
it "creates aspect" do
|
|
new_name = "diaspora developers"
|
|
post(
|
|
api_v1_aspects_path,
|
|
params: {name: new_name, chat_enabled: true, access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(200)
|
|
aspect = JSON.parse(response.body)
|
|
expect(aspect["name"]).to eq(new_name)
|
|
expect(aspect["chat_enabled"]).to be_truthy
|
|
expect(aspect.has_key?("id")).to be_truthy
|
|
expect(aspect.has_key?("order")).to be_truthy
|
|
end
|
|
|
|
it "fails to create duplicate aspect" do
|
|
post(
|
|
api_v1_aspects_path,
|
|
params: {name: @aspect1.name, chat_enabled: true, access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_create"))
|
|
end
|
|
end
|
|
|
|
context "with malformed settings" do
|
|
it "fails when missing name" do
|
|
post(
|
|
api_v1_aspects_path,
|
|
params: {chat_enabled: true, access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_create"))
|
|
end
|
|
|
|
it "fails when missing chat" do
|
|
post(
|
|
api_v1_aspects_path,
|
|
params: {name: "new_aspect", access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_create"))
|
|
end
|
|
end
|
|
|
|
context "improper credentials" do
|
|
it "fails when not logged in" do
|
|
post(
|
|
api_v1_aspects_path,
|
|
params: {name: "new_name", chat_enabled: true, access_token: invalid_token}
|
|
)
|
|
expect(response.status).to eq(401)
|
|
end
|
|
|
|
it "fails when logged in read only" do
|
|
post(
|
|
api_v1_aspects_path,
|
|
params: {name: "new_name", chat_enabled: true, access_token: access_token_read_only}
|
|
)
|
|
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#update" do
|
|
context "with aspect settings" do
|
|
it "updates full aspect" do
|
|
new_name = "NewAspectName"
|
|
new_chat = @aspect2.chat_enabled
|
|
new_order = @aspect2.order_id + 1
|
|
patch(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {name: new_name, chat_enabled: new_chat, order: new_order, access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(200)
|
|
aspect = JSON.parse(response.body)
|
|
expect(aspect["name"]).to eq(new_name)
|
|
expect(aspect["chat_enabled"]).to eq(new_chat)
|
|
expect(aspect["order"]).to eq(new_order)
|
|
expect(aspect["id"]).to eq(@aspect2.id)
|
|
end
|
|
|
|
it "updates name only aspect" do
|
|
new_name = "NewAspectName"
|
|
patch(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {name: new_name, access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(200)
|
|
aspect = JSON.parse(response.body)
|
|
expect(aspect["name"]).to eq(new_name)
|
|
expect(aspect["id"]).to eq(@aspect2.id)
|
|
end
|
|
|
|
it "updates chat only" do
|
|
new_chat = @aspect2.chat_enabled
|
|
patch(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {chat_enabled: new_chat, access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(200)
|
|
aspect = JSON.parse(response.body)
|
|
expect(aspect["chat_enabled"]).to eq(new_chat)
|
|
expect(aspect["id"]).to eq(@aspect2.id)
|
|
end
|
|
|
|
it "updates order only" do
|
|
new_order = @aspect2.order_id + 1
|
|
patch(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {order: new_order, access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(200)
|
|
aspect = JSON.parse(response.body)
|
|
expect(aspect["order"]).to eq(new_order)
|
|
expect(aspect["id"]).to eq(@aspect2.id)
|
|
end
|
|
|
|
it "succeds with no arguments" do
|
|
patch(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(200)
|
|
aspect = JSON.parse(response.body)
|
|
expect(aspect["name"]).to eq(@aspect2.name)
|
|
expect(aspect["chat_enabled"]).to eq(@aspect2.chat_enabled)
|
|
expect(aspect["id"]).to eq(@aspect2.id)
|
|
end
|
|
end
|
|
|
|
context "with bad parameters" do
|
|
it "fails with reused name" do
|
|
patch(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {name: @aspect1.name, access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(422)
|
|
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_update"))
|
|
end
|
|
|
|
it "fails with bad id" do
|
|
patch(
|
|
api_v1_aspect_path("-1"),
|
|
params: {name: "NewAspectName", access_token: access_token}
|
|
)
|
|
|
|
expect(response.status).to eq(404)
|
|
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_update"))
|
|
end
|
|
end
|
|
|
|
context "improper credentials" do
|
|
it "fails when not logged in" do
|
|
patch(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {access_token: invalid_token}
|
|
)
|
|
expect(response.status).to eq(401)
|
|
end
|
|
|
|
it "fails when logged in read only" do
|
|
patch(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {access_token: access_token_read_only}
|
|
)
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe "#delete" do
|
|
context "with correct ID" do
|
|
it "deletes aspect" do
|
|
delete(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {access_token: access_token}
|
|
)
|
|
expect(response.status).to eq(204)
|
|
expect(auth.user.aspects.find_by(id: @aspect2.id)).to be_nil
|
|
end
|
|
end
|
|
|
|
context "with bad ID" do
|
|
it "fails to delete with error" do
|
|
delete(
|
|
api_v1_aspect_path("-1"),
|
|
params: {access_token: access_token}
|
|
)
|
|
expect(response.status).to eq(422)
|
|
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_delete"))
|
|
end
|
|
end
|
|
|
|
context "improper credentials" do
|
|
it "fails when not logged in" do
|
|
delete(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {access_token: invalid_token}
|
|
)
|
|
expect(response.status).to eq(401)
|
|
end
|
|
|
|
it "fails when logged in read only" do
|
|
delete(
|
|
api_v1_aspect_path(@aspect2.id),
|
|
params: {access_token: access_token_read_only}
|
|
)
|
|
expect(response.status).to eq(403)
|
|
end
|
|
end
|
|
end
|
|
|
|
def response_body_data(response)
|
|
JSON.parse(response.body)["data"]
|
|
end
|
|
end
|