decko 0.1 → 0.2

data/lib/decko/tasks/test.rake

@@ -22,6 +22,15 @@ namespace :test do
     ENV["GENERATE_FIXTURES"] = "true"
     raise "must be test env" unless Rails.env == "test"
 
+    Rake::Task["test:repopulate_database"].invoke
+
+    puts ">>extracting to fixtures"
+    puts `rake test:extract_fixtures --trace`
+  end
+
+  desc "seeds database and populates it with test data"
+  task repopulate_database: :environment do
+    raise "must be test env" unless Rails.env == "test"
     Rake::Task["decko:reset_cache"]
 
     puts "reseed test db"
@@ -29,11 +38,9 @@ namespace :test do
 
     puts ">>populating test data"
     puts `rake test:populate_template_database --trace`
-
-    puts ">>extracting to fixtures"
-    puts `rake test:extract_fixtures --trace`
   end
 
+
   desc "dump current db to test fixtures"
   task extract_fixtures: :environment do
     raise "must be test env" unless Rails.env == "test"

data/rails/controllers/card_controller.rb

@@ -49,17 +49,24 @@ class CardController < ActionController::Base
 
   #-------( FILTERS )
 
-  before_filter :setup, except: [:asset]
-  before_filter :authenticate, except: [:asset]
-  before_filter :load_id, only: [:read]
-  before_filter :load_card, except: [:asset]
-  before_filter :refresh_card, only: [:create, :update, :delete]
+  before_action :setup, except: [:asset]
+  before_action :authenticate, except: [:asset]
+  before_action :load_id, only: [:read]
+  before_action :load_card, except: [:asset]
+  before_action :refresh_card, only: [:create, :update, :delete]
 
   def setup
     request.format = :html unless params[:format] # is this used??
-    Card::Mod::Loader.refresh_script_and_style if Rails.env.development?
+    Card::Machine.refresh_script_and_style if Rails.env.development?
     Card::Cache.renew
     Card::Env.reset controller: self
+    # unprotect_card_params!
+  end
+
+  def unprotect_card_params!
+    # FIXME:  always wear protection
+    return unless params[:card].is_a? ActionController::Parameters
+    params[:card].to_unsafe_h
   end
 
   def authenticate
@@ -71,7 +78,7 @@ class CardController < ActionController::Base
   end
 
   def load_card
-    @card = Card.deep_fetch params
+    @card = Card.controller_fetch params
     raise Card::Error::NotFound unless @card
     @card.select_action_by_params params #
     Card::Env[:main_name] = params[:main] || (card && card.name) || ""
@@ -107,8 +114,7 @@ class CardController < ActionController::Base
     card.action = :read
     card.content = card.last_draft_content if use_draft?
 
-    formatname = format_from_params
-    format = card.format formatname
+    format = format_from_params card
 
     view ||= params[:view]
     result = card.act do
@@ -116,7 +122,7 @@ class CardController < ActionController::Base
     end
 
     status = format.error_status || status
-    deliver formatname, result, status
+    deliver format, result, status
   end
 
   def render_errors

data/rails/engine-routes.rb

@@ -41,7 +41,10 @@ Decko::Engine.routes.draw do
   # ~~~~~~~~~~~~~~~~~~~~~~~~~~
 
   # standard non-RESTful
-  get "(card)/:action(/:id(.:format))"  => "card", action: /create|read|update|delete|asset/
+  %w[create read update delete asset].each do |action|
+    get "(card)/#{action}(/:id(.:format))"  => "card", action: action
+  end
+
   match "(card)/create(/:id(.:format))" => "card#create", via: [:post, :patch]
   match "(card)/update(/:id(.:format))" => "card#update", via: [:post, :put, :patch]
   match "(card)/delete(/:id(.:format))" => "card#delete", via: :delete

data/spec/controllers/card_controller_spec.rb

@@ -1,6 +1,6 @@
 # -*- encoding : utf-8 -*-
 
-describe CardController do
+RSpec.describe CardController, type: :controller do
   routes { Decko::Engine.routes }
 
   include Capybara::DSL
@@ -63,11 +63,11 @@ describe CardController do
     #  maybe think about refactoring to use mocks etc. to reduce
     #  test dependencies.
     it "creates cards" do
-      post :create, card: {
+      post :create, params: { card: {
         name: "NewCardFoo",
         type: "Basic",
         content: "Bananas"
-      }
+      } }
       assert_response 302
       c = Card["NewCardFoo"]
       expect(c.type_code).to eq(:basic)
@@ -75,18 +75,18 @@ describe CardController do
     end
 
     it "handles permission denials" do
-      post :create, card: {
-        name: "LackPerms",
-        type: "Html"
-      }
+      post :create, params: { card: { name: "LackPerms", type: "Html" } }
       assert_response 403
       expect(Card["LackPerms"]).to be_nil
     end
 
     # no controller-specific handling.  move test elsewhere
     it "creates cardtype cards" do
-      xhr :post, :create,
-          card: { "content" => "test", type: "Cardtype", name: "Editor" }
+      post :create,
+           xhr: true,
+           params: { card: {
+             "content" => "test", type: "Cardtype", name: "Editor"
+           } }
       expect(assigns["card"]).not_to be_nil
       assert_response 200
       c = Card["Editor"]
@@ -98,9 +98,9 @@ describe CardController do
       @c = Card.create! name: "Problem", content: "boof"
       @c.delete!
       post :create,
-           card: {
+           params: { card: {
              "name" => "Problem", "type" => "Phrase", "content" => "noof"
-           }
+           } }
       assert_response 302
       c = Card["Problem"]
       expect(c.type_code).to eq(:phrase)
@@ -108,25 +108,26 @@ describe CardController do
 
     context "multi-create" do
       it "catches missing name error" do
-        post :create, "card" => {
+        post :create, params: { "card" => {
           "name" => "",
           "type" => "Fruit",
           "subcards" => { "+text" => { "content" => "<p>abraid</p>" } }
-        }, "view" => "open"
+        }, "view" => "open" }
         assert_response 422
         expect(assigns["card"].errors[:name].first).to eq("can't be blank")
       end
 
       it "creates card with subcards" do
         login_as "joe_admin"
-        xhr :post, :create, success: "REDIRECT: /", card: {
+        $stop = true
+        post :create, xhr: true, params: { success: "REDIRECT: /", card: {
           name: "Gala",
           type: "Fruit",
           subcards: {
             "+kind"  => { content: "apple" },
             "+color" => { type: "Phrase", content: "red"  }
           }
-        }
+        } }
         assert_response 200
         expect(Card["Gala"]).not_to be_nil
         expect(Card["Gala+kind"].content).to eq("apple")
@@ -135,14 +136,14 @@ describe CardController do
     end
 
     it "renders errors if create fails" do
-      post :create, "card" => { "name" => "Joe User" }
+      post :create, params: { card: { name: "Joe User" } }
       assert_response 422
     end
 
     it "redirects to thanks if present" do
       login_as "joe_admin"
-      xhr :post, :create, success: "REDIRECT: /thank_you",
-                          card: { "name" => "Wombly" }
+      post :create, xhr: true, params: { success: "REDIRECT: /thank_you",
+                          card: { "name" => "Wombly" } }
       assert_response 200
       json = JSON.parse response.body
       expect(json["redirect"]).to match(/^http.*\/thank_you$/)
@@ -150,25 +151,25 @@ describe CardController do
 
     it "redirects to card if thanks is blank" do
       login_as "joe_admin"
-      post :create, success: "REDIRECT: _self",
-                    "card" => { "name" => "Joe+boop" }
+      post :create, params: { success: "REDIRECT: _self",
+                              card: { name: "Joe+boop" } }
       assert_redirected_to "/Joe+boop"
     end
 
     it "redirects to previous" do
       # Fruits (from shared_data) are anon creatable but not readable
       login_as :anonymous
-      post :create, { success: "REDIRECT: *previous",
-                      "card" => { "type" => "Fruit", name: "papaya" } },
-           history: ["/blam"]
+      post :create, params: { success: "REDIRECT: *previous",
+                              "card" => { "type" => "Fruit", name: "papaya" } },
+                    session: { history: ["/blam"] }
       assert_redirected_to "/blam"
     end
   end
 
   describe "#read" do
     it "works for basic request" do
-      get :read, id: "Sample_Basic"
-      expect(response.body.match(/\<body[^>]*\>/im)).to be_truthy
+      get :read, params: { id: "Sample_Basic" }
+      expect(response.body).to match(/\<body[^>]*\>/im)
       # have_selector broke in commit 8d3bf2380eb8197410e962304c5e640fced684b9,
       # presumably because of a gem (like capybara?)
       # response.should have_selector('body')
@@ -178,17 +179,17 @@ describe CardController do
 
     it "handles nonexistent card with create permission" do
       login_as "joe_user"
-      get :read, id: "Sample_Fako"
+      get :read, params: { id: "Sample_Fako" }
       assert_response :success
     end
 
     it "handles nonexistent card without create permissions" do
-      get :read, id: "Sample_Fako"
+      get :read, params: { id: "Sample_Fako" }
       assert_response 404
     end
 
     it "handles nonexistent card ids" do
-      get :read, id: "~9999999"
+      get :read, params: { id: "~9999999" }
       assert_response 404
     end
 
@@ -196,9 +197,9 @@ describe CardController do
       Card::Auth.as_bot do
         Card.create! name: "Strawberry", type: "Fruit" # only admin can read
       end
-      get :read, id: "Strawberry"
+      get :read, params: { id: "Strawberry" }
       assert_response 403
-      get :read, id: "Strawberry", format: "txt"
+      get :read, params: { id: "Strawberry", format: "txt" }
       assert_response 403
     end
 
@@ -208,7 +209,7 @@ describe CardController do
       end
 
       it "works on index" do
-        get :read, view: "new"
+        get :read, params: { view: "new" }
         expect(assigns["card"].name).to eq("")
         assert_response :success, "response should succeed"
         assert_equal Card::BasicID, assigns["card"].type_id,
@@ -216,20 +217,20 @@ describe CardController do
       end
 
       it "new with name" do
-        post :read, card: { name: "BananaBread" }, view: "new"
+        post :read, params: { card: { name: "BananaBread" }, view: "new" }
         assert_response :success, "response should succeed"
         assert_equal "BananaBread", assigns["card"].name,
                      "@card.name should == BananaBread"
       end
 
       it "new with existing name" do
-        get :read, card: { name: "A" }, view: "new"
+        get :read, params: { card: { name: "A" }, view: "new" }
         # really?? how come this is ok?
         assert_response :success, "response should succeed"
       end
 
       it "new with type_code" do
-        post :read, card: { type: "Date" }, view: "new"
+        post :read, params: { card: { type: "Date" }, view: "new" }
         assert_response :success, "response should succeed"
         assert_equal Card::DateID, assigns["card"].type_id,
                      "@card type should == Date"
@@ -237,12 +238,13 @@ describe CardController do
 
       it "new should work for creatable nonviewable cardtype" do
         login_as :anonymous
-        get :read, type: "Fruit", view: "new"
+        get :read, params: { type: "Fruit", view: "new" }
         assert_response :success
       end
 
       it "uses card params name over id in new cards" do
-        get :read, id: "my_life", card: { name: "My LIFE" }, view: "new"
+        get :read, params: { id: "my_life",
+                             card: { name: "My LIFE" }, view: "new" }
         expect(assigns["card"].name).to eq("My LIFE")
       end
     end
@@ -254,14 +256,25 @@ describe CardController do
       end
 
       it "creates missing machine output file" do
-        args = { id: @all_style.machine_output_card.name,
+        args = { params: { id: @all_style.machine_output_card.name,
                  format: "css",
-                 explicit_file: true }
+                 explicit_file: true } }
         get :read, args
         # output_card = Card[:all, :style, :machine_output]
         expect(response).to redirect_to(@all_style.machine_output_url)
         get :read, args
         expect(response.status).to eq(200)
+        expect(response.content_type).to eq("text/css")
+      end
+    end
+
+    context "js" do
+      let(:all_js) { Card[:all, :script] }
+
+      it "has correct MIME type" do
+        get :read, params: { id: all_js.machine_output_card.name, format: "js" }
+        expect(response.status).to eq 200
+        expect(response.content_type).to eq "text/javascript"
       end
     end
 
@@ -275,17 +288,17 @@ describe CardController do
       end
 
       it "handles image with no read permission" do
-        get :read, id: "mao2"
+        get :read, params: { id: "mao2" }
         assert_response 403, "denies html card view"
-        get :read, id: "mao2", format: "jpg"
+        get :read, params: { id: "mao2", format: "jpg" }
         assert_response 403, "denies simple file view"
       end
 
       it "handles image with read permission" do
         login_as "joe_admin"
-        get :read, id: "mao2"
+        get :read, params: { id: "mao2" }
         assert_response 200
-        get :read, id: "mao2", format: "jpg"
+        get :read, params: { id: "mao2", format: "jpg" }
         assert_response 200
       end
     end
@@ -305,8 +318,7 @@ describe CardController do
     end
 
     it "denies access to other directories" do
-      args = { filename: "/../../Gemfile" }
-      get :asset, args
+      get :asset, params: { filename: "/../../Gemfile" }
       expect(response.status).to eq(404)
     end
   end
@@ -319,8 +331,8 @@ describe CardController do
 
     describe "#update" do
       it "works" do
-        xhr :post, :update, id: "~#{@simple_card.id}",
-                            card: { content: "brand new content" }
+        post :update, xhr: true, params: { id: "~#{@simple_card.id}",
+                            card: { content: "brand new content" } }
         assert_response :success, "edited card"
         assert_equal "brand new content", Card["Sample Basic"].content,
                      "content was updated"
@@ -328,17 +340,22 @@ describe CardController do
 
       it "rename without update references should work" do
         f = Card.create! type: "Cardtype", name: "Apple"
-        xhr :post, :update, id: "~#{f.id}", card: {
-          name: "Newt",
-          update_referers: "false"
-        }
+        post :update, xhr: true,
+                      params: {
+                        id: "~#{f.id}",
+                        card: { name: "Newt", update_referers: "false" }
+                      }
         expect(assigns["card"].errors.empty?).not_to be_nil
         assert_response :success
         expect(Card["Newt"]).not_to be_nil
       end
 
       it "update type_code" do
-        xhr :post, :update, id: "~#{@simple_card.id}", card: { type: "Date" }
+        post :update, xhr: true,
+                      params: {
+                        id: "~#{@simple_card.id}",
+                        card: { type: "Date" }
+                      }
         assert_response :success, "changed card type"
         expect(Card["Sample Basic"].type_code).to eq(:date)
       end
@@ -347,7 +364,7 @@ describe CardController do
     describe "delete" do
       it "works" do
         c = Card.create(name: "Boo", content: "booya")
-        post :delete, id: "~#{c.id}"
+        post :delete, params: { id: "~#{c.id}" }
         assert_response :redirect
         expect(Card["Boo"]).to eq(nil)
       end
@@ -360,14 +377,14 @@ describe CardController do
           t2 = Card.create! name: "Testable1+bandana", content: "world"
         end
 
-        get :read, id: t1.key
-        get :read, id: t2.key
+        get :read, params: { id: t1.key }
+        get :read, params: { id: t2.key }
 
-        post :delete, id: "~" + t2.id.to_s
+        post :delete, params: { id: "~" + t2.id.to_s }
         assert_nil Card[t2.name]
         assert_redirected_to "/#{t1.name}"
 
-        post :delete, id: "~" + t1.id.to_s
+        post :delete, params: { id: "~" + t1.id.to_s }
         assert_redirected_to "/"
         assert_nil Card[t1.name]
       end
@@ -378,8 +395,10 @@ describe CardController do
         Card.create name: "basicname+*self+*comment",
                     content: "[[Anyone Signed In]]"
       end
-      post :update, id: "basicname",
-                    card: { comment: " and more\n  \nsome lines\n\n" }
+      post :update, params: {
+                      id: "basicname",
+                      card: { comment: " and more\n  \nsome lines\n\n" }
+                    }
       cont = Card["basicname"].content
       expect(cont).to match(/basiccontent/)
       expect(cont).to match(/some lines/)