##// END OF EJS Templates
jro_apps » redmine
RSS
Allow key authentication when updating issues (with tests) #6447...
Eric Davis -
r4252:7d934c984ae8
parent child
Show More
Side by Side Unified
Context file:
r4252:7d934c984ae8 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,332 +1,332
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2008 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class IssuesController < ApplicationController
19 19 menu_item :new_issue, :only => [:new, :create]
20 20 default_search_scope :issues
21 21
22 22 before_filter :find_issue, :only => [:show, :edit, :update]
23 23 before_filter :find_issues, :only => [:bulk_edit, :bulk_update, :move, :perform_move, :destroy]
24 24 before_filter :check_project_uniqueness, :only => [:move, :perform_move]
25 25 before_filter :find_project, :only => [:new, :create]
26 26 before_filter :authorize, :except => [:index]
27 27 before_filter :find_optional_project, :only => [:index]
28 28 before_filter :check_for_default_issue_status, :only => [:new, :create]
29 29 before_filter :build_new_issue_from_params, :only => [:new, :create]
30 accept_key_auth :index, :show, :create
30 accept_key_auth :index, :show, :create, :update
31 31
32 32 rescue_from Query::StatementInvalid, :with => :query_statement_invalid
33 33
34 34 helper :journals
35 35 helper :projects
36 36 include ProjectsHelper
37 37 helper :custom_fields
38 38 include CustomFieldsHelper
39 39 helper :issue_relations
40 40 include IssueRelationsHelper
41 41 helper :watchers
42 42 include WatchersHelper
43 43 helper :attachments
44 44 include AttachmentsHelper
45 45 helper :queries
46 46 include QueriesHelper
47 47 helper :sort
48 48 include SortHelper
49 49 include IssuesHelper
50 50 helper :timelog
51 51 helper :gantt
52 52 include Redmine::Export::PDF
53 53
54 54 verify :method => [:post, :delete],
55 55 :only => :destroy,
56 56 :render => { :nothing => true, :status => :method_not_allowed }
57 57
58 58 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
59 59 verify :method => :post, :only => :bulk_update, :render => {:nothing => true, :status => :method_not_allowed }
60 60 verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
61 61
62 62 def index
63 63 retrieve_query
64 64 sort_init(@query.sort_criteria.empty? ? [['id', 'desc']] : @query.sort_criteria)
65 65 sort_update(@query.sortable_columns)
66 66
67 67 if @query.valid?
68 68 limit = case params[:format]
69 69 when 'csv', 'pdf'
70 70 Setting.issues_export_limit.to_i
71 71 when 'atom'
72 72 Setting.feeds_limit.to_i
73 73 else
74 74 per_page_option
75 75 end
76 76
77 77 @issue_count = @query.issue_count
78 78 @issue_pages = Paginator.new self, @issue_count, limit, params['page']
79 79 @issues = @query.issues(:include => [:assigned_to, :tracker, :priority, :category, :fixed_version],
80 80 :order => sort_clause,
81 81 :offset => @issue_pages.current.offset,
82 82 :limit => limit)
83 83 @issue_count_by_group = @query.issue_count_by_group
84 84
85 85 respond_to do |format|
86 86 format.html { render :template => 'issues/index.rhtml', :layout => !request.xhr? }
87 87 format.xml { render :layout => false }
88 88 format.json { render :text => @issues.to_json, :layout => false }
89 89 format.atom { render_feed(@issues, :title => "#{@project || Setting.app_title}: #{l(:label_issue_plural)}") }
90 90 format.csv { send_data(issues_to_csv(@issues, @project), :type => 'text/csv; header=present', :filename => 'export.csv') }
91 91 format.pdf { send_data(issues_to_pdf(@issues, @project, @query), :type => 'application/pdf', :filename => 'export.pdf') }
92 92 end
93 93 else
94 94 # Send html if the query is not valid
95 95 render(:template => 'issues/index.rhtml', :layout => !request.xhr?)
96 96 end
97 97 rescue ActiveRecord::RecordNotFound
98 98 render_404
99 99 end
100 100
101 101 def show
102 102 @journals = @issue.journals.find(:all, :include => [:user, :details], :order => "#{Journal.table_name}.created_on ASC")
103 103 @journals.each_with_index {|j,i| j.indice = i+1}
104 104 @journals.reverse! if User.current.wants_comments_in_reverse_order?
105 105 @changesets = @issue.changesets.visible.all
106 106 @changesets.reverse! if User.current.wants_comments_in_reverse_order?
107 107 @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
108 108 @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
109 109 @priorities = IssuePriority.all
110 110 @time_entry = TimeEntry.new
111 111 respond_to do |format|
112 112 format.html { render :template => 'issues/show.rhtml' }
113 113 format.xml { render :layout => false }
114 114 format.json { render :text => @issue.to_json, :layout => false }
115 115 format.atom { render :template => 'journals/index', :layout => false, :content_type => 'application/atom+xml' }
116 116 format.pdf { send_data(issue_to_pdf(@issue), :type => 'application/pdf', :filename => "#{@project.identifier}-#{@issue.id}.pdf") }
117 117 end
118 118 end
119 119
120 120 # Add a new issue
121 121 # The new issue will be created from an existing one if copy_from parameter is given
122 122 def new
123 123 respond_to do |format|
124 124 format.html { render :action => 'new', :layout => !request.xhr? }
125 125 format.js { render :partial => 'attributes' }
126 126 end
127 127 end
128 128
129 129 def create
130 130 call_hook(:controller_issues_new_before_save, { :params => params, :issue => @issue })
131 131 if @issue.save
132 132 attachments = Attachment.attach_files(@issue, params[:attachments])
133 133 render_attachment_warning_if_needed(@issue)
134 134 flash[:notice] = l(:notice_successful_create)
135 135 call_hook(:controller_issues_new_after_save, { :params => params, :issue => @issue})
136 136 respond_to do |format|
137 137 format.html {
138 138 redirect_to(params[:continue] ? { :action => 'new', :project_id => @project, :issue => {:tracker_id => @issue.tracker, :parent_issue_id => @issue.parent_issue_id}.reject {|k,v| v.nil?} } :
139 139 { :action => 'show', :id => @issue })
140 140 }
141 141 format.xml { render :action => 'show', :status => :created, :location => url_for(:controller => 'issues', :action => 'show', :id => @issue) }
142 142 format.json { render :text => @issue.to_json, :status => :created, :location => url_for(:controller => 'issues', :action => 'show'), :layout => false }
143 143 end
144 144 return
145 145 else
146 146 respond_to do |format|
147 147 format.html { render :action => 'new' }
148 148 format.xml { render(:xml => @issue.errors, :status => :unprocessable_entity); return }
149 149 format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
150 150 end
151 151 end
152 152 end
153 153
154 154 # Attributes that can be updated on workflow transition (without :edit permission)
155 155 # TODO: make it configurable (at least per role)
156 156 UPDATABLE_ATTRS_ON_TRANSITION = %w(status_id assigned_to_id fixed_version_id done_ratio) unless const_defined?(:UPDATABLE_ATTRS_ON_TRANSITION)
157 157
158 158 def edit
159 159 update_issue_from_params
160 160
161 161 @journal = @issue.current_journal
162 162
163 163 respond_to do |format|
164 164 format.html { }
165 165 format.xml { }
166 166 end
167 167 end
168 168
169 169 def update
170 170 update_issue_from_params
171 171
172 172 if @issue.save_issue_with_child_records(params, @time_entry)
173 173 render_attachment_warning_if_needed(@issue)
174 174 flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
175 175
176 176 respond_to do |format|
177 177 format.html { redirect_back_or_default({:action => 'show', :id => @issue}) }
178 178 format.xml { head :ok }
179 179 format.json { head :ok }
180 180 end
181 181 else
182 182 render_attachment_warning_if_needed(@issue)
183 183 flash[:notice] = l(:notice_successful_update) unless @issue.current_journal.new_record?
184 184 @journal = @issue.current_journal
185 185
186 186 respond_to do |format|
187 187 format.html { render :action => 'edit' }
188 188 format.xml { render :xml => @issue.errors, :status => :unprocessable_entity }
189 189 format.json { render :text => object_errors_to_json(@issue), :status => :unprocessable_entity, :layout => false }
190 190 end
191 191 end
192 192 end
193 193
194 194 # Bulk edit a set of issues
195 195 def bulk_edit
196 196 @issues.sort!
197 197 @available_statuses = @projects.map{|p|Workflow.available_statuses(p)}.inject{|memo,w|memo & w}
198 198 @custom_fields = @projects.map{|p|p.all_issue_custom_fields}.inject{|memo,c|memo & c}
199 199 @assignables = @projects.map(&:assignable_users).inject{|memo,a| memo & a}
200 200 @trackers = @projects.map(&:trackers).inject{|memo,t| memo & t}
201 201 end
202 202
203 203 def bulk_update
204 204 @issues.sort!
205 205 attributes = parse_params_for_bulk_issue_attributes(params)
206 206
207 207 unsaved_issue_ids = []
208 208 @issues.each do |issue|
209 209 issue.reload
210 210 journal = issue.init_journal(User.current, params[:notes])
211 211 issue.safe_attributes = attributes
212 212 call_hook(:controller_issues_bulk_edit_before_save, { :params => params, :issue => issue })
213 213 unless issue.save
214 214 # Keep unsaved issue ids to display them in flash error
215 215 unsaved_issue_ids << issue.id
216 216 end
217 217 end
218 218 set_flash_from_bulk_issue_save(@issues, unsaved_issue_ids)
219 219 redirect_back_or_default({:controller => 'issues', :action => 'index', :project_id => @project})
220 220 end
221 221
222 222 def destroy
223 223 @hours = TimeEntry.sum(:hours, :conditions => ['issue_id IN (?)', @issues]).to_f
224 224 if @hours > 0
225 225 case params[:todo]
226 226 when 'destroy'
227 227 # nothing to do
228 228 when 'nullify'
229 229 TimeEntry.update_all('issue_id = NULL', ['issue_id IN (?)', @issues])
230 230 when 'reassign'
231 231 reassign_to = @project.issues.find_by_id(params[:reassign_to_id])
232 232 if reassign_to.nil?
233 233 flash.now[:error] = l(:error_issue_not_found_in_project)
234 234 return
235 235 else
236 236 TimeEntry.update_all("issue_id = #{reassign_to.id}", ['issue_id IN (?)', @issues])
237 237 end
238 238 else
239 239 unless params[:format] == 'xml' || params[:format] == 'json'
240 240 # display the destroy form if it's a user request
241 241 return
242 242 end
243 243 end
244 244 end
245 245 @issues.each(&:destroy)
246 246 respond_to do |format|
247 247 format.html { redirect_back_or_default(:action => 'index', :project_id => @project) }
248 248 format.xml { head :ok }
249 249 format.json { head :ok }
250 250 end
251 251 end
252 252
253 253 private
254 254 def find_issue
255 255 @issue = Issue.find(params[:id], :include => [:project, :tracker, :status, :author, :priority, :category])
256 256 @project = @issue.project
257 257 rescue ActiveRecord::RecordNotFound
258 258 render_404
259 259 end
260 260
261 261 def find_project
262 262 project_id = (params[:issue] && params[:issue][:project_id]) || params[:project_id]
263 263 @project = Project.find(project_id)
264 264 rescue ActiveRecord::RecordNotFound
265 265 render_404
266 266 end
267 267
268 268 # Used by #edit and #update to set some common instance variables
269 269 # from the params
270 270 # TODO: Refactor, not everything in here is needed by #edit
271 271 def update_issue_from_params
272 272 @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
273 273 @priorities = IssuePriority.all
274 274 @edit_allowed = User.current.allowed_to?(:edit_issues, @project)
275 275 @time_entry = TimeEntry.new
276 276
277 277 @notes = params[:notes] || (params[:issue].present? ? params[:issue][:notes] : nil)
278 278 @issue.init_journal(User.current, @notes)
279 279 # User can change issue attributes only if he has :edit permission or if a workflow transition is allowed
280 280 if (@edit_allowed || !@allowed_statuses.empty?) && params[:issue]
281 281 attrs = params[:issue].dup
282 282 attrs.delete_if {|k,v| !UPDATABLE_ATTRS_ON_TRANSITION.include?(k) } unless @edit_allowed
283 283 attrs.delete(:status_id) unless @allowed_statuses.detect {|s| s.id.to_s == attrs[:status_id].to_s}
284 284 @issue.safe_attributes = attrs
285 285 end
286 286
287 287 end
288 288
289 289 # TODO: Refactor, lots of extra code in here
290 290 # TODO: Changing tracker on an existing issue should not trigger this
291 291 def build_new_issue_from_params
292 292 if params[:id].blank?
293 293 @issue = Issue.new
294 294 @issue.copy_from(params[:copy_from]) if params[:copy_from]
295 295 @issue.project = @project
296 296 else
297 297 @issue = @project.issues.visible.find(params[:id])
298 298 end
299 299
300 300 @issue.project = @project
301 301 # Tracker must be set before custom field values
302 302 @issue.tracker ||= @project.trackers.find((params[:issue] && params[:issue][:tracker_id]) || params[:tracker_id] || :first)
303 303 if @issue.tracker.nil?
304 304 render_error l(:error_no_tracker_in_project)
305 305 return false
306 306 end
307 307 if params[:issue].is_a?(Hash)
308 308 @issue.safe_attributes = params[:issue]
309 309 if User.current.allowed_to?(:add_issue_watchers, @project) && @issue.new_record?
310 310 @issue.watcher_user_ids = params[:issue]['watcher_user_ids']
311 311 end
312 312 end
313 313 @issue.author = User.current
314 314 @issue.start_date ||= Date.today
315 315 @priorities = IssuePriority.all
316 316 @allowed_statuses = @issue.new_statuses_allowed_to(User.current, true)
317 317 end
318 318
319 319 def check_for_default_issue_status
320 320 if IssueStatus.default.nil?
321 321 render_error l(:error_no_default_issue_status)
322 322 return false
323 323 end
324 324 end
325 325
326 326 def parse_params_for_bulk_issue_attributes(params)
327 327 attributes = (params[:issue] || {}).reject {|k,v| v.blank?}
328 328 attributes.keys.each {|k| attributes[k] = '' if attributes[k] == 'none'}
329 329 attributes[:custom_field_values].reject! {|k,v| v.blank?} if attributes[:custom_field_values]
330 330 attributes
331 331 end
332 332 end
Show file before | Show file after | Hide comments
@@ -1,315 +1,336
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2010 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require "#{File.dirname(__FILE__)}/../../test_helper"
19 19
20 20 class ApiTest::IssuesTest < ActionController::IntegrationTest
21 21 fixtures :projects,
22 22 :users,
23 23 :roles,
24 24 :members,
25 25 :member_roles,
26 26 :issues,
27 27 :issue_statuses,
28 28 :versions,
29 29 :trackers,
30 30 :projects_trackers,
31 31 :issue_categories,
32 32 :enabled_modules,
33 33 :enumerations,
34 34 :attachments,
35 35 :workflows,
36 36 :custom_fields,
37 37 :custom_values,
38 38 :custom_fields_projects,
39 39 :custom_fields_trackers,
40 40 :time_entries,
41 41 :journals,
42 42 :journal_details,
43 43 :queries
44 44
45 45 def setup
46 46 Setting.rest_api_enabled = '1'
47 47 end
48 48
49 49 # Use a private project to make sure auth is really working and not just
50 50 # only showing public issues.
51 51 context "/index.xml" do
52 52 should_allow_api_authentication(:get, "/projects/private-child/issues.xml")
53 53 end
54 54
55 55 context "/index.json" do
56 56 should_allow_api_authentication(:get, "/projects/private-child/issues.json")
57 57 end
58 58
59 59 context "/index.xml with filter" do
60 60 should_allow_api_authentication(:get, "/projects/private-child/issues.xml?status_id=5")
61 61
62 62 should "show only issues with the status_id" do
63 63 get '/issues.xml?status_id=5'
64 64 assert_tag :tag => 'issues',
65 65 :children => { :count => Issue.visible.count(:conditions => {:status_id => 5}),
66 66 :only => { :tag => 'issue' } }
67 67 end
68 68 end
69 69
70 70 context "/index.json with filter" do
71 71 should_allow_api_authentication(:get, "/projects/private-child/issues.json?status_id=5")
72 72
73 73 should "show only issues with the status_id" do
74 74 get '/issues.json?status_id=5'
75 75
76 76 json = ActiveSupport::JSON.decode(response.body)
77 77 status_ids_used = json.collect {|j| j['status_id'] }
78 78 assert_equal 3, status_ids_used.length
79 79 assert status_ids_used.all? {|id| id == 5 }
80 80 end
81 81
82 82 end
83 83
84 84 # Issue 6 is on a private project
85 85 context "/issues/6.xml" do
86 86 should_allow_api_authentication(:get, "/issues/6.xml")
87 87 end
88 88
89 89 context "/issues/6.json" do
90 90 should_allow_api_authentication(:get, "/issues/6.json")
91 91 end
92 92
93 93 context "POST /issues.xml" do
94 94 should_allow_api_authentication(:post,
95 95 '/issues.xml',
96 96 {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}},
97 97 {:success_code => :created})
98 98
99 99 should "create an issue with the attributes" do
100 100 assert_difference('Issue.count') do
101 101 post '/issues.xml', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith')
102 102 end
103 103
104 104 issue = Issue.first(:order => 'id DESC')
105 105 assert_equal 1, issue.project_id
106 106 assert_equal 2, issue.tracker_id
107 107 assert_equal 3, issue.status_id
108 108 assert_equal 'API test', issue.subject
109 109 end
110 110 end
111 111
112 112 context "POST /issues.xml with failure" do
113 113 should_allow_api_authentication(:post,
114 114 '/issues.xml',
115 115 {:issue => {:project_id => 1}},
116 116 {:success_code => :unprocessable_entity})
117 117
118 118 should "have an errors tag" do
119 119 assert_no_difference('Issue.count') do
120 120 post '/issues.xml', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith')
121 121 end
122 122
123 123 assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
124 124 end
125 125 end
126 126
127 127 context "POST /issues.json" do
128 128 should_allow_api_authentication(:post,
129 129 '/issues.json',
130 130 {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}},
131 131 {:success_code => :created})
132 132
133 133 should "create an issue with the attributes" do
134 134 assert_difference('Issue.count') do
135 135 post '/issues.json', {:issue => {:project_id => 1, :subject => 'API test', :tracker_id => 2, :status_id => 3}}, :authorization => credentials('jsmith')
136 136 end
137 137
138 138 issue = Issue.first(:order => 'id DESC')
139 139 assert_equal 1, issue.project_id
140 140 assert_equal 2, issue.tracker_id
141 141 assert_equal 3, issue.status_id
142 142 assert_equal 'API test', issue.subject
143 143 end
144 144
145 145 end
146 146
147 147 context "POST /issues.json with failure" do
148 148 should_allow_api_authentication(:post,
149 149 '/issues.json',
150 150 {:issue => {:project_id => 1}},
151 151 {:success_code => :unprocessable_entity})
152 152
153 153 should "have an errors element" do
154 154 assert_no_difference('Issue.count') do
155 155 post '/issues.json', {:issue => {:project_id => 1}}, :authorization => credentials('jsmith')
156 156 end
157 157
158 158 json = ActiveSupport::JSON.decode(response.body)
159 159 assert_equal "can't be blank", json.first['subject']
160 160 end
161 161 end
162 162
163 context "PUT /issues/1.xml" do
163 # Issue 6 is on a private project
164 context "PUT /issues/6.xml" do
164 165 setup do
165 @issue_count = Issue.count
166 @journal_count = Journal.count
167 @attributes = {:subject => 'API update', :notes => 'A new note'}
168
169 put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
166 @parameters = {:issue => {:subject => 'API update', :notes => 'A new note'}}
167 @headers = { :authorization => credentials('jsmith') }
170 168 end
171 169
172 should_respond_with :ok
173 should_respond_with_content_type 'application/xml'
170 should_allow_api_authentication(:put,
171 '/issues/6.xml',
172 {:issue => {:subject => 'API update', :notes => 'A new note'}},
173 {:success_code => :ok})
174 174
175 175 should "not create a new issue" do
176 assert_equal Issue.count, @issue_count
176 assert_no_difference('Issue.count') do
177 put '/issues/6.xml', @parameters, @headers
178 end
177 179 end
178 180
179 181 should "create a new journal" do
180 assert_equal Journal.count, @journal_count + 1
182 assert_difference('Journal.count') do
183 put '/issues/6.xml', @parameters, @headers
184 end
181 185 end
182 186
183 187 should "add the note to the journal" do
188 put '/issues/6.xml', @parameters, @headers
189
184 190 journal = Journal.last
185 191 assert_equal "A new note", journal.notes
186 192 end
187 193
188 194 should "update the issue" do
189 issue = Issue.find(1)
190 @attributes.each do |attribute, value|
191 assert_equal value, issue.send(attribute) unless attribute == :notes
192 end
195 put '/issues/6.xml', @parameters, @headers
196
197 issue = Issue.find(6)
198 assert_equal "API update", issue.subject
193 199 end
194 200
195 201 end
196 202
197 context "PUT /issues/1.xml with failed update" do
203 context "PUT /issues/6.xml with failed update" do
198 204 setup do
199 @attributes = {:subject => ''}
200 @issue_count = Issue.count
201 @journal_count = Journal.count
202
203 put '/issues/1.xml', {:issue => @attributes}, :authorization => credentials('jsmith')
205 @parameters = {:issue => {:subject => ''}}
206 @headers = { :authorization => credentials('jsmith') }
204 207 end
205 208
206 should_respond_with :unprocessable_entity
207 should_respond_with_content_type 'application/xml'
209 should_allow_api_authentication(:put,
210 '/issues/6.xml',
211 {:issue => {:subject => ''}}, # Missing subject should fail
212 {:success_code => :unprocessable_entity})
208 213
209 214 should "not create a new issue" do
210 assert_equal Issue.count, @issue_count
215 assert_no_difference('Issue.count') do
216 put '/issues/6.xml', @parameters, @headers
217 end
211 218 end
212 219
213 220 should "not create a new journal" do
214 assert_equal Journal.count, @journal_count
221 assert_no_difference('Journal.count') do
222 put '/issues/6.xml', @parameters, @headers
223 end
215 224 end
216 225
217 226 should "have an errors tag" do
227 put '/issues/6.xml', @parameters, @headers
228
218 229 assert_tag :errors, :child => {:tag => 'error', :content => "Subject can't be blank"}
219 230 end
220 231 end
221 232
222 context "PUT /issues/1.json" do
233 context "PUT /issues/6.json" do
223 234 setup do
224 @issue_count = Issue.count
225 @journal_count = Journal.count
226 @attributes = {:subject => 'API update', :notes => 'A new note'}
227
228 put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith')
235 @parameters = {:issue => {:subject => 'API update', :notes => 'A new note'}}
236 @headers = { :authorization => credentials('jsmith') }
229 237 end
230 238
231 should_respond_with :ok
232 should_respond_with_content_type 'application/json'
239 should_allow_api_authentication(:put,
240 '/issues/6.json',
241 {:issue => {:subject => 'API update', :notes => 'A new note'}},
242 {:success_code => :ok})
233 243
234 244 should "not create a new issue" do
235 assert_equal Issue.count, @issue_count
245 assert_no_difference('Issue.count') do
246 put '/issues/6.json', @parameters, @headers
247 end
236 248 end
237 249
238 250 should "create a new journal" do
239 assert_equal Journal.count, @journal_count + 1
251 assert_difference('Journal.count') do
252 put '/issues/6.json', @parameters, @headers
253 end
240 254 end
241 255
242 256 should "add the note to the journal" do
257 put '/issues/6.json', @parameters, @headers
258
243 259 journal = Journal.last
244 260 assert_equal "A new note", journal.notes
245 261 end
246 262
247 263 should "update the issue" do
248 issue = Issue.find(1)
249 @attributes.each do |attribute, value|
250 assert_equal value, issue.send(attribute) unless attribute == :notes
251 end
264 put '/issues/6.json', @parameters, @headers
265
266 issue = Issue.find(6)
267 assert_equal "API update", issue.subject
252 268 end
253 269
254 270 end
255 271
256 context "PUT /issues/1.json with failed update" do
272 context "PUT /issues/6.json with failed update" do
257 273 setup do
258 @attributes = {:subject => ''}
259 @issue_count = Issue.count
260 @journal_count = Journal.count
261
262 put '/issues/1.json', {:issue => @attributes}, :authorization => credentials('jsmith')
274 @parameters = {:issue => {:subject => ''}}
275 @headers = { :authorization => credentials('jsmith') }
263 276 end
264 277
265 should_respond_with :unprocessable_entity
266 should_respond_with_content_type 'application/json'
278 should_allow_api_authentication(:put,
279 '/issues/6.json',
280 {:issue => {:subject => ''}}, # Missing subject should fail
281 {:success_code => :unprocessable_entity})
267 282
268 283 should "not create a new issue" do
269 assert_equal Issue.count, @issue_count
284 assert_no_difference('Issue.count') do
285 put '/issues/6.json', @parameters, @headers
286 end
270 287 end
271 288
272 289 should "not create a new journal" do
273 assert_equal Journal.count, @journal_count
290 assert_no_difference('Journal.count') do
291 put '/issues/6.json', @parameters, @headers
292 end
274 293 end
275 294
276 295 should "have an errors attribute" do
296 put '/issues/6.json', @parameters, @headers
297
277 298 json = ActiveSupport::JSON.decode(response.body)
278 299 assert_equal "can't be blank", json.first['subject']
279 300 end
280 301 end
281 302
282 303 context "DELETE /issues/1.xml" do
283 304 setup do
284 305 @issue_count = Issue.count
285 306 delete '/issues/1.xml', {}, :authorization => credentials('jsmith')
286 307 end
287 308
288 309 should_respond_with :ok
289 310 should_respond_with_content_type 'application/xml'
290 311
291 312 should "delete the issue" do
292 313 assert_equal Issue.count, @issue_count -1
293 314 assert_nil Issue.find_by_id(1)
294 315 end
295 316 end
296 317
297 318 context "DELETE /issues/1.json" do
298 319 setup do
299 320 @issue_count = Issue.count
300 321 delete '/issues/1.json', {}, :authorization => credentials('jsmith')
301 322 end
302 323
303 324 should_respond_with :ok
304 325 should_respond_with_content_type 'application/json'
305 326
306 327 should "delete the issue" do
307 328 assert_equal Issue.count, @issue_count -1
308 329 assert_nil Issue.find_by_id(1)
309 330 end
310 331 end
311 332
312 333 def credentials(user, password=nil)
313 334 ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
314 335 end
315 336 end
Show file before | Show file after | Hide comments
@@ -1,420 +1,420
1 1 # redMine - project management software
2 2 # Copyright (C) 2006 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 ENV["RAILS_ENV"] = "test"
19 19 require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
20 20 require 'test_help'
21 21 require File.expand_path(File.dirname(__FILE__) + '/helper_testcase')
22 22 require File.join(RAILS_ROOT,'test', 'mocks', 'open_id_authentication_mock.rb')
23 23
24 24 require File.expand_path(File.dirname(__FILE__) + '/object_daddy_helpers')
25 25 include ObjectDaddyHelpers
26 26
27 27 class ActiveSupport::TestCase
28 28 # Transactional fixtures accelerate your tests by wrapping each test method
29 29 # in a transaction that's rolled back on completion. This ensures that the
30 30 # test database remains unchanged so your fixtures don't have to be reloaded
31 31 # between every test method. Fewer database queries means faster tests.
32 32 #
33 33 # Read Mike Clark's excellent walkthrough at
34 34 # http://clarkware.com/cgi/blosxom/2005/10/24#Rails10FastTesting
35 35 #
36 36 # Every Active Record database supports transactions except MyISAM tables
37 37 # in MySQL. Turn off transactional fixtures in this case; however, if you
38 38 # don't care one way or the other, switching from MyISAM to InnoDB tables
39 39 # is recommended.
40 40 self.use_transactional_fixtures = true
41 41
42 42 # Instantiated fixtures are slow, but give you @david where otherwise you
43 43 # would need people(:david). If you don't want to migrate your existing
44 44 # test cases which use the @david style and don't mind the speed hit (each
45 45 # instantiated fixtures translates to a database query per test method),
46 46 # then set this back to true.
47 47 self.use_instantiated_fixtures = false
48 48
49 49 # Add more helper methods to be used by all tests here...
50 50
51 51 def log_user(login, password)
52 52 User.anonymous
53 53 get "/login"
54 54 assert_equal nil, session[:user_id]
55 55 assert_response :success
56 56 assert_template "account/login"
57 57 post "/login", :username => login, :password => password
58 58 assert_equal login, User.find(session[:user_id]).login
59 59 end
60 60
61 61 def uploaded_test_file(name, mime)
62 62 ActionController::TestUploadedFile.new(ActiveSupport::TestCase.fixture_path + "/files/#{name}", mime)
63 63 end
64 64
65 65 # Mock out a file
66 66 def self.mock_file
67 67 file = 'a_file.png'
68 68 file.stubs(:size).returns(32)
69 69 file.stubs(:original_filename).returns('a_file.png')
70 70 file.stubs(:content_type).returns('image/png')
71 71 file.stubs(:read).returns(false)
72 72 file
73 73 end
74 74
75 75 def mock_file
76 76 self.class.mock_file
77 77 end
78 78
79 79 # Use a temporary directory for attachment related tests
80 80 def set_tmp_attachments_directory
81 81 Dir.mkdir "#{RAILS_ROOT}/tmp/test" unless File.directory?("#{RAILS_ROOT}/tmp/test")
82 82 Dir.mkdir "#{RAILS_ROOT}/tmp/test/attachments" unless File.directory?("#{RAILS_ROOT}/tmp/test/attachments")
83 83 Attachment.storage_path = "#{RAILS_ROOT}/tmp/test/attachments"
84 84 end
85 85
86 86 def with_settings(options, &block)
87 87 saved_settings = options.keys.inject({}) {|h, k| h[k] = Setting[k].dup; h}
88 88 options.each {|k, v| Setting[k] = v}
89 89 yield
90 90 saved_settings.each {|k, v| Setting[k] = v}
91 91 end
92 92
93 93 def change_user_password(login, new_password)
94 94 user = User.first(:conditions => {:login => login})
95 95 user.password, user.password_confirmation = new_password, new_password
96 96 user.save!
97 97 end
98 98
99 99 def self.ldap_configured?
100 100 @test_ldap = Net::LDAP.new(:host => '127.0.0.1', :port => 389)
101 101 return @test_ldap.bind
102 102 rescue Exception => e
103 103 # LDAP is not listening
104 104 return nil
105 105 end
106 106
107 107 # Returns the path to the test +vendor+ repository
108 108 def self.repository_path(vendor)
109 109 File.join(RAILS_ROOT.gsub(%r{config\/\.\.}, ''), "/tmp/test/#{vendor.downcase}_repository")
110 110 end
111 111
112 112 # Returns true if the +vendor+ test repository is configured
113 113 def self.repository_configured?(vendor)
114 114 File.directory?(repository_path(vendor))
115 115 end
116 116
117 117 def assert_error_tag(options={})
118 118 assert_tag({:tag => 'p', :attributes => { :id => 'errorExplanation' }}.merge(options))
119 119 end
120 120
121 121 # Shoulda macros
122 122 def self.should_render_404
123 123 should_respond_with :not_found
124 124 should_render_template 'common/error'
125 125 end
126 126
127 127 def self.should_have_before_filter(expected_method, options = {})
128 128 should_have_filter('before', expected_method, options)
129 129 end
130 130
131 131 def self.should_have_after_filter(expected_method, options = {})
132 132 should_have_filter('after', expected_method, options)
133 133 end
134 134
135 135 def self.should_have_filter(filter_type, expected_method, options)
136 136 description = "have #{filter_type}_filter :#{expected_method}"
137 137 description << " with #{options.inspect}" unless options.empty?
138 138
139 139 should description do
140 140 klass = "action_controller/filters/#{filter_type}_filter".classify.constantize
141 141 expected = klass.new(:filter, expected_method.to_sym, options)
142 142 assert_equal 1, @controller.class.filter_chain.select { |filter|
143 143 filter.method == expected.method && filter.kind == expected.kind &&
144 144 filter.options == expected.options && filter.class == expected.class
145 145 }.size
146 146 end
147 147 end
148 148
149 149 def self.should_show_the_old_and_new_values_for(prop_key, model, &block)
150 150 context "" do
151 151 setup do
152 152 if block_given?
153 153 instance_eval &block
154 154 else
155 155 @old_value = model.generate!
156 156 @new_value = model.generate!
157 157 end
158 158 end
159 159
160 160 should "use the new value's name" do
161 161 @detail = JournalDetail.generate!(:property => 'attr',
162 162 :old_value => @old_value.id,
163 163 :value => @new_value.id,
164 164 :prop_key => prop_key)
165 165
166 166 assert_match @new_value.name, show_detail(@detail, true)
167 167 end
168 168
169 169 should "use the old value's name" do
170 170 @detail = JournalDetail.generate!(:property => 'attr',
171 171 :old_value => @old_value.id,
172 172 :value => @new_value.id,
173 173 :prop_key => prop_key)
174 174
175 175 assert_match @old_value.name, show_detail(@detail, true)
176 176 end
177 177 end
178 178 end
179 179
180 180 def self.should_create_a_new_user(&block)
181 181 should "create a new user" do
182 182 user = instance_eval &block
183 183 assert user
184 184 assert_kind_of User, user
185 185 assert !user.new_record?
186 186 end
187 187 end
188 188
189 189 # Test that a request allows the three types of API authentication
190 190 #
191 191 # * HTTP Basic with username and password
192 192 # * HTTP Basic with an api key for the username
193 193 # * Key based with the key=X parameter
194 194 #
195 195 # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
196 196 # @param [String] url the request url
197 197 # @param [optional, Hash] parameters additional request parameters
198 198 # @param [optional, Hash] options additional options
199 199 # @option options [Symbol] :success_code Successful response code (:success)
200 200 # @option options [Symbol] :failure_code Failure response code (:unauthorized)
201 201 def self.should_allow_api_authentication(http_method, url, parameters={}, options={})
202 202 should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters, options)
203 203 should_allow_http_basic_auth_with_key(http_method, url, parameters, options)
204 204 should_allow_key_based_auth(http_method, url, parameters, options)
205 205 end
206 206
207 207 # Test that a request allows the username and password for HTTP BASIC
208 208 #
209 209 # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
210 210 # @param [String] url the request url
211 211 # @param [optional, Hash] parameters additional request parameters
212 212 # @param [optional, Hash] options additional options
213 213 # @option options [Symbol] :success_code Successful response code (:success)
214 214 # @option options [Symbol] :failure_code Failure response code (:unauthorized)
215 215 def self.should_allow_http_basic_auth_with_username_and_password(http_method, url, parameters={}, options={})
216 216 success_code = options[:success_code] || :success
217 217 failure_code = options[:failure_code] || :unauthorized
218 218
219 219 context "should allow http basic auth using a username and password for #{http_method} #{url}" do
220 220 context "with a valid HTTP authentication" do
221 221 setup do
222 222 @user = User.generate_with_protected!(:password => 'my_password', :password_confirmation => 'my_password', :admin => true) # Admin so they can access the project
223 223 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'my_password')
224 224 send(http_method, url, parameters, {:authorization => @authorization})
225 225 end
226 226
227 227 should_respond_with success_code
228 228 should_respond_with_content_type_based_on_url(url)
229 229 should "login as the user" do
230 230 assert_equal @user, User.current
231 231 end
232 232 end
233 233
234 234 context "with an invalid HTTP authentication" do
235 235 setup do
236 236 @user = User.generate_with_protected!
237 237 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@user.login, 'wrong_password')
238 238 send(http_method, url, parameters, {:authorization => @authorization})
239 239 end
240 240
241 241 should_respond_with failure_code
242 242 should_respond_with_content_type_based_on_url(url)
243 243 should "not login as the user" do
244 244 assert_equal User.anonymous, User.current
245 245 end
246 246 end
247 247
248 248 context "without credentials" do
249 249 setup do
250 250 send(http_method, url, parameters, {:authorization => ''})
251 251 end
252 252
253 253 should_respond_with failure_code
254 254 should_respond_with_content_type_based_on_url(url)
255 255 should "include_www_authenticate_header" do
256 256 assert @controller.response.headers.has_key?('WWW-Authenticate')
257 257 end
258 258 end
259 259 end
260 260
261 261 end
262 262
263 263 # Test that a request allows the API key with HTTP BASIC
264 264 #
265 265 # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
266 266 # @param [String] url the request url
267 267 # @param [optional, Hash] parameters additional request parameters
268 268 # @param [optional, Hash] options additional options
269 269 # @option options [Symbol] :success_code Successful response code (:success)
270 270 # @option options [Symbol] :failure_code Failure response code (:unauthorized)
271 271 def self.should_allow_http_basic_auth_with_key(http_method, url, parameters={}, options={})
272 272 success_code = options[:success_code] || :success
273 273 failure_code = options[:failure_code] || :unauthorized
274 274
275 275 context "should allow http basic auth with a key for #{http_method} #{url}" do
276 276 context "with a valid HTTP authentication using the API token" do
277 277 setup do
278 278 @user = User.generate_with_protected!(:admin => true)
279 279 @token = Token.generate!(:user => @user, :action => 'api')
280 280 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
281 281 send(http_method, url, parameters, {:authorization => @authorization})
282 282 end
283 283
284 284 should_respond_with success_code
285 285 should_respond_with_content_type_based_on_url(url)
286 286 should_be_a_valid_response_string_based_on_url(url)
287 287 should "login as the user" do
288 288 assert_equal @user, User.current
289 289 end
290 290 end
291 291
292 292 context "with an invalid HTTP authentication" do
293 293 setup do
294 294 @user = User.generate_with_protected!
295 295 @token = Token.generate!(:user => @user, :action => 'feeds')
296 296 @authorization = ActionController::HttpAuthentication::Basic.encode_credentials(@token.value, 'X')
297 297 send(http_method, url, parameters, {:authorization => @authorization})
298 298 end
299 299
300 300 should_respond_with failure_code
301 301 should_respond_with_content_type_based_on_url(url)
302 302 should "not login as the user" do
303 303 assert_equal User.anonymous, User.current
304 304 end
305 305 end
306 306 end
307 307 end
308 308
309 309 # Test that a request allows full key authentication
310 310 #
311 311 # @param [Symbol] http_method the HTTP method for request (:get, :post, :put, :delete)
312 312 # @param [String] url the request url, without the key=ZXY parameter
313 313 # @param [optional, Hash] parameters additional request parameters
314 314 # @param [optional, Hash] options additional options
315 315 # @option options [Symbol] :success_code Successful response code (:success)
316 316 # @option options [Symbol] :failure_code Failure response code (:unauthorized)
317 317 def self.should_allow_key_based_auth(http_method, url, parameters={}, options={})
318 318 success_code = options[:success_code] || :success
319 319 failure_code = options[:failure_code] || :unauthorized
320 320
321 321 context "should allow key based auth using key=X for #{http_method} #{url}" do
322 322 context "with a valid api token" do
323 323 setup do
324 324 @user = User.generate_with_protected!(:admin => true)
325 325 @token = Token.generate!(:user => @user, :action => 'api')
326 326 # Simple url parse to add on ?key= or &key=
327 327 request_url = if url.match(/\?/)
328 328 url + "&key=#{@token.value}"
329 329 else
330 330 url + "?key=#{@token.value}"
331 331 end
332 332 send(http_method, request_url, parameters)
333 333 end
334 334
335 335 should_respond_with success_code
336 336 should_respond_with_content_type_based_on_url(url)
337 337 should_be_a_valid_response_string_based_on_url(url)
338 338 should "login as the user" do
339 339 assert_equal @user, User.current
340 340 end
341 341 end
342 342
343 343 context "with an invalid api token" do
344 344 setup do
345 345 @user = User.generate_with_protected!
346 346 @token = Token.generate!(:user => @user, :action => 'feeds')
347 347 # Simple url parse to add on ?key= or &key=
348 348 request_url = if url.match(/\?/)
349 349 url + "&key=#{@token.value}"
350 350 else
351 351 url + "?key=#{@token.value}"
352 352 end
353 353 send(http_method, request_url, parameters)
354 354 end
355 355
356 356 should_respond_with failure_code
357 357 should_respond_with_content_type_based_on_url(url)
358 358 should "not login as the user" do
359 359 assert_equal User.anonymous, User.current
360 360 end
361 361 end
362 362 end
363 363
364 364 end
365 365
366 366 # Uses should_respond_with_content_type based on what's in the url:
367 367 #
368 368 # '/project/issues.xml' => should_respond_with_content_type :xml
369 369 # '/project/issues.json' => should_respond_with_content_type :json
370 370 #
371 371 # @param [String] url Request
372 372 def self.should_respond_with_content_type_based_on_url(url)
373 373 case
374 374 when url.match(/xml/i)
375 375 should_respond_with_content_type :xml
376 376 when url.match(/json/i)
377 377 should_respond_with_content_type :json
378 378 else
379 379 raise "Unknown content type for should_respond_with_content_type_based_on_url: #{url}"
380 380 end
381 381
382 382 end
383 383
384 384 # Uses the url to assert which format the response should be in
385 385 #
386 386 # '/project/issues.xml' => should_be_a_valid_xml_string
387 387 # '/project/issues.json' => should_be_a_valid_json_string
388 388 #
389 389 # @param [String] url Request
390 390 def self.should_be_a_valid_response_string_based_on_url(url)
391 391 case
392 392 when url.match(/xml/i)
393 393 should_be_a_valid_xml_string
394 394 when url.match(/json/i)
395 395 should_be_a_valid_json_string
396 396 else
397 397 raise "Unknown content type for should_be_a_valid_response_based_on_url: #{url}"
398 398 end
399 399
400 400 end
401 401
402 402 # Checks that the response is a valid JSON string
403 403 def self.should_be_a_valid_json_string
404 should "be a valid JSON string" do
405 assert ActiveSupport::JSON.decode(response.body)
404 should "be a valid JSON string (or empty)" do
405 assert (response.body.blank? || ActiveSupport::JSON.decode(response.body))
406 406 end
407 407 end
408 408
409 409 # Checks that the response is a valid XML string
410 410 def self.should_be_a_valid_xml_string
411 411 should "be a valid XML string" do
412 412 assert REXML::Document.new(response.body)
413 413 end
414 414 end
415 415
416 416 end
417 417
418 418 # Simple module to "namespace" all of the API tests
419 419 module ApiTest
420 420 end
General Comments 0
You need to be logged in to leave comments. Login now