introspective_grape 0.0.3

data/spec/requests/project_api_spec.rb

@@ -0,0 +1,151 @@
+require 'rails_helper'
+
+describe Dummy::ProjectAPI, type: :request do
+  before :all do
+    [User,Project,Company,Location].map(&:destroy_all)
+    cm = User.make!(email:'company.admin@springshot.com')
+    pm = User.make!(email:'project.admin@springshot.com')
+
+    2.times {  Project.make! }
+
+    c = Company.make!(name:"Sprockets")
+    p = Project.make!(name:"Manufacture Sprockets", owner: c)
+        Project.make!(name:"Disassemble Sprockets", owner: c)
+
+    cm.admin_companies.push c
+    pm.admin_projects.push p
+  
+    cm.save!
+    pm.save! 
+  end
+
+  let(:company) { Company.find_by_name("Sprockets") }
+  let(:project) { Project.find_by_name("Manufacture Sprockets") }
+
+  context "As a super admin" do
+    it "should return a list of all projects" do
+      get '/api/v1/projects'
+      response.should be_success
+      json.length.should == Project.count
+      json.map{|c| c['id'].to_i}.include?(project.id).should == true
+    end
+
+    it "should return the specified project" do
+      get "/api/v1/projects/#{project.id}"
+      response.should be_success
+      json['name'].should == project.name
+    end
+
+    it "should return an error if the project doesn't exist" do
+      get "/api/v1/projects/#{Project.last.id+1}"
+      response.code.should == "404"
+    end
+
+    context "edit a project team" do 
+
+      before(:each) do
+        @team = Team.make!(project: project)
+        @u1 = User.make!
+        @u2 = User.make!
+        UserProjectJob.make!(project: project, job: project.jobs.first, user: @u1)
+        UserProjectJob.make!(project: project, job: project.jobs.first, user: @u2)
+      end
+
+      context "via nested attributes" do 
+        it "should create a team with users" do 
+          p = { name: 'New Team',
+            team_users_attributes: [{ user_id: @u1.id }, { user_id: @u2.id }]
+          }
+          post "/api/v1/projects/#{project.id}/teams", p
+          response.should be_success
+          Team.last.name.should == 'New Team'
+          Team.last.users.to_a.should == [@u1,@u2]
+        end
+
+        it "should add a team member" do  
+          p = { team_users_attributes: [
+            { user_id: @u1.id }, { user_id: @u2.id } 
+          ] }
+          put "/api/v1/projects/#{project.id}/teams/#{@team.id}", p
+          response.should be_success
+
+          Team.last.users.to_a.should == [@u1,@u2]
+        end
+
+        it "should delete a team member" do 
+          @team.users << [@u1,@u2]
+          @team.save!
+          p = { team_users_attributes: [
+            { id: @team.team_users.where(user_id:@u1.id).first.id, _destroy: 1 } 
+          ] }
+          put "/api/v1/projects/#{project.id}/teams/#{@team.id}", p
+          response.should be_success
+          Team.last.users.to_a.should == [@u2]
+        end
+      end
+
+      context "edit a project team via nested routes" do 
+        it "should add a team member" do 
+          p = { user_id: @u1.id }
+          post "/api/v1/projects/#{project.id}/teams/#{@team.id}/team_users", p
+          response.should be_success
+          Team.last.users.to_a.should == [@u1]
+        end
+
+        it "should delete a team member" do 
+          @team.users << [@u1,@u2]
+          @team.save!
+          id = @team.team_users.where(user_id:@u1.id).first.id
+          delete "/api/v1/projects/#{project.id}/teams/#{@team.id}/team_users/#{id}"
+          response.should be_success
+          Team.last.users.to_a.should == [@u2]
+        end
+      end
+    end
+  end
+
+  context "As a company admin" do
+    before :all do 
+      @without_authentication = true
+    end
+
+    before :each do
+      Grape::Endpoint.before_each do |endpoint|
+        allow(endpoint).to receive(:current_user) do
+          User.find_by_email("company.admin@springshot.com") 
+        end
+      end
+    end
+
+    it "should return a list of all the company's projects" do
+      get '/api/v1/projects'
+      response.should be_success
+      json.length.should == 2 
+      json.map{|c| c['name']}.include?("Manufacture Sprockets").should == true
+      json.map{|c| c['name']}.include?("Disassemble Sprockets").should == true
+    end
+
+  end
+
+  context "As a project admin" do
+    before :all do 
+      @without_authentication = true
+    end
+    before :each do
+      Grape::Endpoint.before_each do |endpoint|
+        allow(endpoint).to receive(:current_user) do
+          User.find_by_email("project.admin@springshot.com") 
+        end
+      end
+    end
+
+    it "should return a list of all the project admin's projects" do
+      get '/api/v1/projects'
+      response.should be_success
+      json.length.should == 1 
+      json.map{|c| c['name']}.include?("Manufacture Sprockets").should == true
+      json.map{|c| c['name']}.include?("Disassemble Sprockets").should == false
+    end
+  end
+
+end

data/spec/requests/role_api_spec.rb

@@ -0,0 +1,37 @@
+require 'rails_helper'
+
+describe Dummy::RoleAPI, type: :request do
+  let(:role) { Role.last }
+  let(:user) { User.last }
+
+  before :all do
+    Role.destroy_all
+    User.make!
+    Role.make!(user_id: User.last.id, ownable_type: 'SuperUser')
+  end
+
+  it 'should return a list of user roles' do
+    get '/api/v1/roles'
+    response.should be_success
+    json.length.should == 1
+    json.first['id'].to_i.should == role.id
+  end
+
+  it 'should return the specified user role' do
+    get "/api/v1/roles/#{role.id}"
+    response.should be_success
+    json['email'].should == role.email
+  end
+
+  it "should return an error if the role doesn't exist" do
+    get "/api/v1/roles/#{role.id+1}"
+    response.code.should == '404'
+  end
+
+  it 'should not duplicate user roles' do
+    post '/api/v1/roles', { user_id: user.id, ownable_type: 'SuperUser' }
+    response.code.should == '400'
+    json['error'].should =~ /user has already been assigned that role/
+  end
+  
+end

data/spec/requests/sessions_api_spec.rb

@@ -0,0 +1,55 @@
+require 'rails_helper'
+describe Dummy::Sessions, type: :request do
+  @without_authentication = true
+
+  before :all do
+    @without_authentication = true
+    User.make!
+  end
+
+  let(:user) { User.last }
+
+  context :sign_in do 
+
+    it "should set a user token on login" do
+      post '/api/v1/sessions', { login: user.email, password: 'abc12345', token: true }
+      response.should be_success
+      json['id'].to_i.should == user.id
+      json['email'].should == user.email
+      json['authentication_token'].should be_truthy
+    end
+
+    it "should not set a token if the login fails" do
+      post '/api/v1/sessions', { login: user.email, password: 'bad password', token: true }
+      response.should_not be_success
+      json['error'].should be_truthy
+      json['error']['type'].should == 'unauthorized'
+      user.authentication_token.should be_nil
+    end
+  end
+
+  context :sign_out do
+    it "should reset a user's auth token" do 
+      user.authentication_token = "1234567890"
+      user.save!
+      delete "/api/v1/sessions", { api_key: "1234567890" }
+      response.should be_success
+      user.reload
+      user.authentication_token.should be_nil
+    end
+
+    it "signing out an already signed-out user should look fine, right?" do 
+      user.authentication_token = "1234567890"
+      user.save!
+      delete "/api/v1/sessions", { api_key: "1234567890" }
+      response.should be_success
+      user.reload
+      user.authentication_token.should be_nil
+      delete "/api/v1/sessions", { api_key: "1234567890" }
+      response.should be_success
+      user.reload
+      user.authentication_token.should be_nil
+    end
+  end
+
+end

data/spec/requests/user_api_spec.rb

@@ -0,0 +1,191 @@
+require 'rails_helper'
+describe Dummy::UserAPI, type: :request do
+
+  let(:user) { User.last || User.make!}
+  let(:company) { Company.last || Company.make! }
+
+  before :all do
+    User.destroy_all
+    c = Company.make
+    u = User.make
+    u.roles.push Role.new(ownable: c)
+    u.save
+  end
+
+  context :index do 
+
+    it "should return a list of users" do
+      get '/api/v1/users'
+      response.should be_success
+      json.length.should == 1
+      json.first['id'].to_i.should    == user.id
+      json.first['first_name'].should == user.first_name
+      json.first['last_name'].should  == user.last_name
+      json.first['roles_attributes'].size.should == 1
+      json.first['roles_attributes'].first['ownable_type'].should == 'Company'
+      json.first['roles_attributes'].first['ownable_id'].should == company.id
+    end
+
+    it "should not expose users' encrypted_passwords" do
+      get "/api/v1/users"
+      response.should be_success
+      json.first['encrypted_password'].should be_nil
+    end
+  end
+
+
+  context :show do
+    it "should return the specified user" do
+      get "/api/v1/users/#{user.id}"
+      response.should be_success
+      json['email'].should == user.email
+    end
+
+    it "should not expose a user's encrypted_password" do
+      get "/api/v1/users/#{user.id}"
+      response.should be_success
+      json['encrypted_password'].should be_nil
+    end
+
+    it "should return an error if the user doesn't exist" do
+      get "/api/v1/users/#{user.id+1}"
+      response.code.should == "404"
+    end
+  end
+
+
+  context :create do
+
+    it "should create a user and send the confirmation email" do
+      post "/api/v1/users", { email: 'email@test.com', password: 'abc12345' }
+      response.should be_success
+      json['email'].should == user.email
+      User.last.confirmed_at.should == nil
+      User.last.confirmation_sent_at.should_not == nil
+    end
+
+    it "should create a user and skip the confirmation email" do
+      post "/api/v1/users", { email: 'email@test.com', password: 'abc12345', skip_confirmation_email: true }
+      response.should be_success
+      json['email'].should == user.email
+      User.last.confirmed_at.should_not == nil
+      User.last.confirmation_sent_at.should == nil
+    end
+
+    it "should validate a new user" do
+      post "/api/v1/users", { email: 'a'*257, password: '' }
+      response.code.should == "400"
+      json['error'].should == "Email: is invalid, Password: can't be blank"
+    end
+
+    let(:params) do
+      { email: 'test@test.com', password: 'abc12345', roles_attributes:[] }
+    end
+
+    let(:role) do
+      { ownable_id: company.id, ownable_type: 'Company' }
+    end
+
+    it "should create a company admin" do 
+      params[:roles_attributes].push(role)
+      post "/api/v1/users", params
+      response.should be_success
+      User.last.admin?(company).should be_truthy
+    end
+
+
+    context "Project default passwords for new users" do 
+      let(:job)     { Job.make! }
+      let(:project) { Project.make!(jobs: [job], default_password: "super secret") }
+      let(:params) do 
+        {
+          email: 'test@test.com', password: '',
+          user_project_jobs_attributes: [ job_id: project.jobs.first.id, project_id: project.id ]
+        } 
+      end
+
+      it "should set an empty password to an assigned project's default password" do
+        post "/api/v1/users", params
+        response.should be_success 
+        json['user_project_jobs_attributes'][0]['name'].should  == project.name
+        json['user_project_jobs_attributes'][0]['title'].should == job.title
+      end
+
+      it "should return a validation error if the user's assigned project has no default password" do
+        project.update_attributes(default_password: nil)
+        post "/api/v1/users", params
+        response.status.should == 400
+        json['error'].should == "Password: can't be blank"
+      end
+    end
+
+  end
+
+  context :update do
+    it "should upload a user avatar via the root route" do
+      params = { avatar_attributes: { file: Rack::Test::UploadedFile.new(Rails.root+'../fixtures/images/avatar.jpeg', 'image/jpeg', true) } }
+
+      put "/api/v1/users/#{user.id}", params
+
+      response.should be_success
+      user.avatar.should     == Image.last
+      user.avatar_url.should == Image.last.file.url(:medium)
+    end
+ 
+    it "should upload a user avatar via the nested route, to test the restful api's handling of has_one associations" do
+      params = { file: Rack::Test::UploadedFile.new(Rails.root+'../fixtures/images/avatar.jpeg', 'image/jpeg', true) }
+
+      post "/api/v1/users/#{user.id}/avatars", params
+
+      response.should be_success
+      user.avatar.should     == Image.last
+      user.avatar_url.should == Image.last.file.url(:medium)
+      user.avatar_url
+    end
+    
+    it "should require a devise re-confirmation email to update a user's email address" do
+      new_email = 'new.email@test.com'
+      old_email = user.email
+      put "/api/v1/users/#{user.id}", { email: new_email } 
+      response.should be_success
+      user.reload
+      user.email.should             == old_email
+      user.unconfirmed_email.should == new_email
+      json['email'].should == old_email
+    end
+
+    it "should skip the confirmation and update a user's email address" do
+      new_email = 'new.email@test.com'
+      put "/api/v1/users/#{user.id}", { email: new_email, skip_confirmation_email: true } 
+      response.should be_success
+      json['email'].should == new_email
+      user.reload
+      user.email.should    == new_email
+    end
+
+    it "should validate the uniqueness of a user role" do 
+      put "/api/v1/users/#{user.id}", { roles_attributes: [{ownable_type: 'Company', ownable_id: company.id}] }
+      response.should_not be_success
+      json['error'].should =~ /user has already been assigned that role/
+        user.admin?(company).should be_truthy
+    end
+
+    it "should update a user to be company admin" do 
+      c = Company.make
+      c.save!
+      put "/api/v1/users/#{user.id}", { roles_attributes: [{ownable_type: 'Company', ownable_id: c.id}] } 
+      response.should be_success
+      user.reload
+      user.admin?(c).should be_truthy
+    end
+
+    it "should destroy a user's company admin role" do 
+      user.admin?(company).should be_truthy
+      put "/api/v1/users/#{user.id}", { roles_attributes: [{id: user.roles.last.id, _destroy: '1'}] }
+      response.should be_success
+      user.reload
+      user.admin?(company).should be_falsey
+    end
+  end
+
+end

data/spec/support/blueprints.rb

@@ -0,0 +1,103 @@
+require 'machinist/active_record'
+require 'rufus/mnemo'
+
+def _index # prevent unique string collisions over the test cycle
+  @_uniq_idx ||= 0
+  (@_uniq_idx+=1).to_s(36)
+end
+
+def syllable(length=-1)
+  s = Rufus::Mnemo::from_integer(rand(8**5)+1) #+ _index
+  s[0..length]
+end
+
+def word(max_syl=3)
+  (1+rand(max_syl)).times.collect { syllable }.join
+end
+
+def words(n=3)
+  n.times.collect { word }.join
+end
+
+def paragraph(n=25)
+  words(n)
+end
+
+Company.blueprint do
+  name       { words } 
+  short_name { syllable(10) } 
+end
+
+User.blueprint do
+  email       { "test-"+syllable+'@springshot.com' }
+  first_name  { word(4) }
+  last_name   { word(5) }
+  password    { 'abc12345' }
+  confirmed_at { Time.now }
+end
+
+Role.blueprint {
+  user_id       { User.first||User.make }
+  ownable_id    { Company.first||Company.make } 
+  ownable_type  { 'Company' }
+}
+
+Locatable.blueprint {
+  location { Location.make }
+  locatable { Company.make }
+}
+Location.blueprint {
+  name     { (65+rand(8)).chr+"1"} 
+  kind     { 'gate' }
+  gps      { LocationGps.new(lat: 37.615223, lng: -122.389977 ) }
+}
+LocationBeacon.blueprint {
+  location  { Location.make }
+  company   { Company.make }
+  mac_address { SecureRandom.hex(6) }
+  # e.g. 2F234454-CF6D-4A0F-ADF2-F4911BA9FFA6
+  uuid { SecureRandom.hex(4)+'-'+SecureRandom.hex(2)+'-'+SecureRandom.hex(2)+'-'+SecureRandom.hex(2)+'-'+SecureRandom.hex(6) }
+  major { rand(9999) }
+  minor { rand(9999) }
+}
+LocationGps.blueprint {
+  location { Location.make }
+  # place the point randomly within about a mile radius of the TEST airport (LocationHelper)
+  lat { 37.615223   + 0.01609*rand(0.1) * (rand(2) > 0 ? 1 : -1) }
+  lng { -122.389977 + 0.01609*rand(0.1)*Math.cos(37.615223*Math::PI/180) * (rand(2) > 0 ? 1 : -1) }
+  alt { 0 }  
+}
+
+Project.blueprint {
+  name  { words(2) }
+  owner { Company.make } 
+  jobs { [Job.make, Job.make] }
+  admins { [User.make] }
+}
+Job.blueprint {
+  title { words(2) }
+}
+UserProjectJob.blueprint {
+  user    { User.make } 
+  project { Project.make }
+  job     { Job.make }
+}
+ProjectJob.blueprint {
+  project { Project.make }
+  job     { Job.make }
+}
+
+
+Team.blueprint { 
+  p = Project.make
+  project { p } 
+  creator { p.admins.first }
+  name { words(2) }
+}
+TeamUser.blueprint {
+  t = Team.make
+  t.project.users.push User.make(projects: [t.project])
+  team { t }
+  user { t.project.users.first } 
+}
+

data/spec/support/location_helper.rb

@@ -0,0 +1,56 @@
+module LocationHelper
+
+  def rand_coords # generate a random point somewhere around the test airport
+    l = LocationGps.make
+    [l.lat,l.lng,l.alt]
+  end
+
+  def create_test_airport
+    ###  build an airport with 8 terminals each with 3 gates along each cardinal and ordinal
+    ###  axis, for two companies each with their own set of bluetooth beacons at every gate:
+    ###
+    ###                      (1)A B C          
+    ###                          \|/      
+    ###                      (8)H-*-D e.g.->(Terminal D with gates D1, D2, and D3) 
+    ###                          /|\       
+    ###                         G F E 
+
+    @sprocketCo = Company.find_by_name("Sprockets") || Company.make(name:'Sprockets')
+    @widgetCo   = Company.find_by_name("Widgets")   || Company.make(name:'Widgets')
+    if @airport = Location.find_by_name("TEST")
+      return @airport
+    end
+
+    @airport     = Location.new(name:'TEST',kind:'airport')
+    @airport.companies.push @sprocketCo
+    @airport.companies.push @widgetCo
+    @airport.gps = LocationGps.new(lat: 37.615223, lng: -122.389977 )
+    (1..8).each do |terminal|
+      gate = (64+terminal).chr # A-H
+      t = Location.new(name:"Terminal #{gate}",kind:'terminal')
+
+      @airport.child_locations.push t
+
+      (1..3).each do |number|
+
+        lat, lng = [@airport.gps.lat, @airport.gps.lng]
+        adj = 0.003*number # push successive gates ~0.21 miles out
+
+        lat += (1..3).include?(terminal) ? adj : 0
+        lat -= (5..7).include?(terminal) ? adj : 0
+
+        adj *= Math.cos(37.615223*Math::PI/180) 
+        lng += (3..5).include?( terminal) ? adj : 0
+        lng -= [1,7,8].include?(terminal) ? adj : 0
+
+        g = Location.new(name:"Gate #{gate}#{number}", kind:'gate')
+        g.gps = LocationGps.make(location: g, lat: lat, lng: lng)
+        g.beacons.push LocationBeacon.make(company: @sprocketCo, location: g)
+        g.beacons.push LocationBeacon.make(company: @widgetCo, location: g)
+        t.child_locations.push g
+      end
+    end
+    @airport.save!
+    @airport
+  end
+end

data/spec/support/pundit_helpers.rb

@@ -0,0 +1,13 @@
+RSpec::Matchers.define :permit do |action|
+  match do |policy|
+    policy.public_send("#{action}?")
+  end
+
+  failure_message_when_negated do |policy|
+    "#{policy.class} does not permit #{action} on #{policy.record} for #{policy.user.inspect}."
+  end
+
+  failure_message do |policy|
+    "#{policy.class} does not forbid #{action} on #{policy.record} for #{policy.user.inspect}."
+  end
+end

data/spec/support/request_helpers.rb

@@ -0,0 +1,22 @@
+require 'introspective_grape/camel_snake'
+module RequestHelpers
+  include IntrospectiveGrape::CamelSnake 
+
+  def json
+    @json ||= snake_keys(JSON.parse(response.body))
+  end
+
+  def with_authentication(role=:superuser)
+    return if @without_authentication
+    current_user = User.new #double('User')
+    allow(current_user).to receive(:admin?) { true }     if role == :superuser 
+    allow(current_user).to receive(:superuser?) { true } if role == :superuser
+
+    # Stubbing API helper methods requires this very nearly undocumented invokation
+    Grape::Endpoint.before_each do |endpoint|
+      allow(endpoint).to receive(:current_user) { current_user } 
+    end
+  end
+end
+
+