mumuki-laboratory 5.0.12 → 5.1.0

data/spec/controllers/api_clients_controller.rb

@@ -0,0 +1,26 @@
+require 'spec_helper'
+
+describe ApiClientsController, type: :controller, organization_workspace: :base do
+  before { @request.env["HTTP_AUTHORIZATION"] = api_client.token }
+  let(:api_client) { create :api_client }
+  let(:api_client_json) do
+    {description: 'foo',
+     user_attributes: user_json
+    }
+  end
+  let(:user_json) do
+    {first_name: 'foo',
+     last_name: 'bar',
+     email: 'foo@bar.com',
+     permissions: {student: 'foo/*'}
+    }
+  end
+  context 'post' do
+    before { post :create, params: { api_client: api_client_json }}
+
+    it { expect(response.status).to eq 200 }
+    it { expect(ApiClient.count).to eq 1 }
+    it { expect(ApiClient.first.user.permissions).to eq('student' => 'foo/*') }
+    it { expect(Apiclient.first.user.email).to eq 'foo@bar.com' }
+  end
+end

data/spec/controllers/confirmations_controller_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe ExerciseConfirmationsController do
+describe ExerciseConfirmationsController, organization_workspace: :test do
   let(:user) { create(:user) }
   let(:reading) { create(:reading) }
 

data/spec/controllers/courses_api_controller_spec.rb

@@ -0,0 +1,28 @@
+require 'spec_helper'
+
+describe Api::CoursesController, type: :controller, organization_workspace: :base do
+  before { set_api_client! }
+  let(:api_client) { create :api_client }
+  let(:course_json) do
+    {slug: 'test/bar',
+     shifts: %w(morning),
+     code: 'k2003',
+     days: %w(monday wednesday),
+     period: '2016',
+     description: 'test course'}
+  end
+
+  let!(:organization) { create :organization, name: 'test' }
+
+  context 'post' do
+    before { post :create, params: { course: course_json }}
+
+    it { expect(response.status).to eq 200 }
+    it { expect(Course.count).to eq 1 }
+    it { expect(Course.first.slug).to eq 'test/bar' }
+    it { expect(Course.first.organization).to eq(organization) }
+    it { expect(Course.first.shifts).to eq(%w(morning)) }
+    it { expect(Course.first.days).to eq(%w(monday wednesday)) }
+  end
+
+end

data/spec/controllers/exercise_solutions_controller_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe ExerciseSolutionsController do
+describe ExerciseSolutionsController, organization_workspace: :test do
   let(:user) { create(:user) }
   let(:problem) { create(:problem) }
 

data/spec/controllers/messages_controller_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe MessagesController do
+describe MessagesController, organization_workspace: :test do
   let(:user) { create(:user) }
   let(:exercise) { create(:exercise) }
   before { set_current_user! user }

data/spec/controllers/organizations_api_controller_spec.rb

@@ -0,0 +1,235 @@
+require 'spec_helper'
+
+describe Api::OrganizationsController, type: :controller, organization_workspace: :base do
+  def check_status!(status)
+    expect(response.status).to eq status
+  end
+
+  describe 'unauthenticated request' do
+    it { expect { get :index }.to raise_error 'missing authorization header' }
+  end
+
+  describe 'unauthenticated request' do
+    before { @request.env["HTTP_AUTHORIZATION"] = 'foo' }
+    it { expect { get :index }.to raise_error 'No Api Client found for Token' }
+  end
+
+  describe 'authenticated request' do
+    let(:book) { create :book }
+
+    before { set_api_client! }
+
+    describe 'GET' do
+      let!(:public_organization) { create :organization, name: 'public' }
+      let!(:dot_organization) { create :organization, name: 'dot.org' }
+      let!(:private_organization) { create :organization, name: 'private', public: false }
+      let!(:another_private_organization) { create :organization, name: 'another_private', public: false }
+
+      context 'GET /organizations' do
+        context 'with wildcard permissions' do
+          before { get :index }
+          let(:api_client) { create :api_client, role: :janitor, grant: '*' }
+          let!(:body) { response.body.parse_json }
+
+          it { check_status! 200 }
+
+          it { expect(body[:organizations].map { |it| it[:name] }).to eq %w(base public dot.org private another_private) }
+        end
+        context 'with non-wildcard permissions' do
+          before { get :index }
+          let(:api_client) { create :api_client, role: :janitor, grant: 'public/*:private/*' }
+          let!(:body) { response.body.parse_json }
+
+          it { check_status! 200 }
+
+          it { expect(body[:organizations].map { |it| it[:name] }).to eq %w(public private) }
+        end
+      end
+
+      context 'GET /organizations/:id' do
+        context 'with a public organization' do
+          before { get :show, params: {id: 'public'} }
+
+          context 'with a user without janitor permissions' do
+            let(:api_client) { create :api_client, role: :editor, grant: 'another_organization/*' }
+
+            it { check_status! 403 }
+          end
+
+          context 'with a user with janitor' do
+            let(:api_client) { create :api_client, role: :janitor, grant: 'public/*' }
+
+            it { check_status! 200 }
+          end
+        end
+
+        context 'with an organization that has a dot in its name' do
+          before { get :show, params: {id: 'dot.org'} }
+
+          let(:api_client) { create :api_client, role: :janitor, grant: 'dot.org/*' }
+          it { check_status! 200 }
+        end
+
+        context 'with a private organization' do
+          before { get :show, params: {id: 'private'} }
+
+          context 'with a user without permissions' do
+            let(:api_client) { create :api_client, role: :editor, grant: 'another_organization/*' }
+
+            it { check_status! 403 }
+          end
+
+          context 'with a user with permissions' do
+            let(:api_client) { create :api_client, role: :janitor, grant: 'private/*' }
+
+            it { check_status! 200 }
+            it { expect(response.body.parse_json).to json_like(private_organization.as_platform_json) }
+          end
+        end
+
+        context 'with a non-existing organization' do
+          before { get :show, params: {id: 'non-existing'} }
+          let(:api_client) { create :api_client, role: :editor, grant: 'bleh/*' }
+
+          it { check_status! 404 }
+        end
+      end
+    end
+
+    describe 'POST /organizations' do
+      before { post :create, params: {organization: organization_json} }
+      let(:organization_json) do
+        {contact_email: 'an_email@gmail.com',
+         name: 'a-name',
+         public: false,
+         book: book.slug,
+         locale: 'es'}
+      end
+
+      context 'with the owner permissions' do
+        let(:api_client) { create :api_client, role: :owner, grant: '*' }
+        let(:organization) { Organization.find_by name: 'a-name' }
+
+        it { check_status! 200 }
+        it { expect(response.body.parse_json).to json_like(organization.as_platform_json) }
+        it { expect(Organization.count).to eq 2 }
+        it { expect(organization.name).to eq 'a-name' }
+        it { expect(organization.contact_email).to eq 'an_email@gmail.com' }
+        it { expect(organization.book).to eq book }
+        it { expect(organization.locale).to eq 'es' }
+
+        context 'with only mandatory values' do
+          it { expect(organization.public?).to eq false }
+          it { expect(organization.login_methods).to eq %w(user_pass) }
+          it { expect(organization.logo_url).to eq 'https://mumuki.io/logo-alt-large.png' }
+          it { expect(organization.theme_stylesheet).to eq '.defaultCssFromBase { css: red }' }
+          it { expect(organization.extension_javascript).to eq 'function jsFromBase() {}' }
+          it { expect(organization.terms_of_service).to eq nil }
+        end
+
+        context 'with optional values' do
+          let(:organization_json) do
+            {contact_email: 'an_email@gmail.com',
+             name: 'a-name',
+             description: 'A description',
+             book: book.slug,
+             locale: 'es',
+             public: false,
+             login_methods: %w(facebook github),
+             logo_url: 'http://a-logo-url.com',
+             theme_stylesheet: '.theme { color: red }',
+             extension_javascript: 'window.a = function() { }',
+             terms_of_service: 'A TOS'}
+          end
+
+          it { expect(organization.public?).to eq false }
+          it { expect(organization.description).to eq 'A description' }
+          it { expect(organization.login_methods).to eq %w(facebook github) }
+          it { expect(organization.logo_url).to eq 'http://a-logo-url.com' }
+          it { expect(organization.theme_stylesheet).to eq ".theme { color: red }" }
+          it { expect(organization.extension_javascript).to eq "window.a = function() { }" }
+          it { expect(organization.terms_of_service).to eq 'A TOS' }
+        end
+
+        context 'with missing values' do
+          let(:organization_json) do
+            {contact_email: 'an_email@gmail.com',
+             locale: 'blabla'}
+          end
+          let(:expected_errors) do
+            {
+                errors: {
+                    name: ["can't be blank"],
+                    locale: ['is not included in the list']
+                }
+            }
+          end
+
+          it { check_status! 400 }
+          it { expect(response.body.parse_json).to eq expected_errors }
+        end
+      end
+
+      context 'with owner permissions' do
+        let(:api_client) { create :api_client, role: :owner, grant: '*' }
+
+        it { check_status! 200 }
+      end
+
+
+      context 'with not-janitor permissions' do
+        let(:api_client) { create :api_client, role: :editor, grant: '*' }
+
+        it { check_status! 403 }
+      end
+    end
+
+    describe 'PUT /organizations/:id' do
+      let!(:organization) {
+        create :organization,
+                name: 'existing-organization',
+                contact_email: 'first_email@gmail.com',
+                terms_of_service: 'A TOS',
+                public: false,
+                login_methods: ['facebook', 'user_pass'],
+                book: book }
+      let(:updated_organizaton) { organization.reload }
+      let(:update_json) { {contact_email: 'second_email@gmail.com', immersive: true, locale: 'en'} }
+
+      context 'with the owner permissions' do
+        let(:api_client) { create :api_client, role: :owner, grant: 'existing-organization/*' }
+        before { put :update, params: {id: organization.name, organization: update_json} }
+
+        it { check_status! 200 }
+        it { expect(response.body.parse_json).to json_like(
+                                            book: book.slug,
+                                            name: "existing-organization",
+                                            profile: {
+                                              description: "a great org",
+                                              locale: 'en',
+                                              contact_email: "second_email@gmail.com",
+                                              terms_of_service: 'A TOS'
+                                            },
+                                            settings: {
+                                              login_methods: ["facebook", "user_pass"],
+                                              public: false,
+                                              immersive: true
+                                            },
+                                            theme: {
+                                              extension_javascript: 'function jsFromBase() {}',
+                                              theme_stylesheet: '.defaultCssFromBase { css: red }'
+                                            }) }
+
+        it { expect(updated_organizaton.name).to eq 'existing-organization' }
+        it { expect(updated_organizaton.contact_email).to eq 'second_email@gmail.com' }
+      end
+
+      context 'with not-janitor permissions' do
+        let(:api_client) { create :api_client, role: :teacher, grant: 'existing-organization/*' }
+        before { put :update, params: {id: 'existing-organization', organization: update_json} }
+
+        it { check_status! 403 }
+      end
+    end
+  end
+end

data/spec/controllers/students_api_controller_spec.rb

@@ -0,0 +1,101 @@
+require 'spec_helper'
+
+[:student, :teacher].each do |role|
+
+  describe "Api::#{role.capitalize}sController".constantize, type: :controller, organization_workspace: :base do
+    before { set_api_client! }
+    let(:api_client) { create :api_client, grant: 'anorganization/*' }
+    let(:json) { {
+        first_name: 'Agustin',
+        last_name: 'Pina',
+        email: 'agus@mumuki.org',
+        uid: 'agus@mumuki.org'
+    } }
+
+    let!(:organization) { create :organization, name: 'anorganization' }
+    let!(:course) { create :course, slug: 'anorganization/acode' }
+
+    context 'post' do
+      let(:params) { {role => json, organization: 'anorganization', course: 'acode'} }
+
+      context 'when user does not exist' do
+
+        before { post :create, params: params }
+
+        it { expect(response.status).to eq 200 }
+        it { expect(User.count).to eq 2 }
+        it { expect(User.last.last_name).to eq 'Pina' }
+        it { expect(User.last.first_name).to eq 'Agustin' }
+        it { expect(User.last.uid).to eq 'agus@mumuki.org' }
+        it { expect(User.last.email).to eq 'agus@mumuki.org' }
+        it { expect(User.last.permissions.has_permission? role, 'anorganization/acode').to be true }
+
+      end
+      context 'when user exist' do
+        context 'and have no permissions' do
+          before { create :user, json }
+          before { post :create, params: params }
+          it { expect(response.status).to eq 200 }
+          it { expect(User.count).to eq 2 }
+          it { expect(User.last.permissions.has_permission? role, 'anorganization/acode').to be true }
+        end
+        context 'and have permissions' do
+          before { create :user, json.merge(:permissions => {role => 'foo/bar'}) }
+          before { post :create, params: params }
+          it { expect(response.status).to eq 200 }
+          it { expect(User.count).to eq 2 }
+          it { expect(User.last.permissions.has_permission? role, 'anorganization/acode').to be true }
+          it { expect(User.last.permissions.has_permission? role, 'foo/bar').to be true }
+        end
+
+
+      end
+    end
+
+    context 'attach' do
+      let(:params) { {uid: json[:uid], organization: 'anorganization', course: 'acode'} }
+
+      context 'when user does not exist' do
+        before { post :attach, params: params }
+        it { expect(response.status).to eq 404 }
+      end
+
+      context 'when user exist' do
+        context 'and have no permissions' do
+          before { create :user, json }
+          before { post :attach, params: params }
+          it { expect(response.status).to eq 200 }
+          it { expect(User.last.permissions.has_permission? role, 'anorganization/acode').to be true }
+        end
+        context 'and have permissions' do
+          before { create :user, json.merge(:permissions => {role => 'foo/bar'}) }
+          before { post :attach, params: params }
+          it { expect(response.status).to eq 200 }
+          it { expect(User.last.permissions.has_permission? role, 'anorganization/acode').to be true }
+          it { expect(User.last.permissions.has_permission? role, 'foo/bar').to be true }
+        end
+      end
+
+    end
+
+    context 'detach' do
+      let(:params) { {uid: json[:uid], organization: 'anorganization', course: 'acode'} }
+
+      context 'when user does not exist' do
+        before { post :detach, params: params }
+        it { expect(response.status).to eq 404 }
+      end
+
+      context 'when user exist' do
+        context 'and have permissions' do
+          before { create :user, json.merge(:permissions => {role => 'anorganization/acode'}) }
+          before { post :detach, params: params }
+          it { expect(response.status).to eq 200 }
+          it { expect(User.last.permissions.has_permission? role, 'anorganization/acode').to be false }
+        end
+      end
+
+    end
+  end
+
+end

data/spec/controllers/users_api_controller_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+
+describe Api::UsersController, type: :controller, organization_workspace: :base do
+  before { set_api_client! }
+  let(:api_client) { create :api_client }
+  let(:user_json) do
+    {
+      first_name: 'foo',
+      last_name: 'bar',
+      email: 'foo@bar.com',
+      permissions: {student: 'test/bar'},
+    }
+  end
+
+  let(:owner_json) do
+    {
+      first_name: 'foo',
+      last_name: 'bar',
+      email: 'foo@bar.com',
+      permissions: {owner: '*'}
+    }
+  end
+
+  context 'post' do
+    before { post :create, params: {user: user_json} }
+
+    it { expect(response.status).to eq 200 }
+    it { expect(response.body.parse_json).to json_like({uid: 'foo@bar.com',
+                                                        first_name: 'foo',
+                                                        last_name: 'bar',
+                                                        email: 'foo@bar.com',
+                                                        permissions: {'student' => 'test/bar'},
+                                                        image_url: 'user_shape.png'},
+                                                       except: [:id, :created_at, :updated_at]) }
+    it { expect(User.count).to eq 2 }
+    it { expect(User.last.student? 'test/_').to be true }
+    it { expect(User.last.uid).to eq 'foo@bar.com' }
+  end
+
+
+  context 'post without permissions' do
+    before { post :create, params: {user: owner_json} }
+
+    it { expect(response.status).to eq 403 }
+  end
+
+  context 'put' do
+    before { User.create! user_json }
+    before { put :update, params: {id: 'foo@bar.com', user: {first_name: 'Fede'}} }
+
+    it { expect(response.status).to eq 200 }
+    it { expect(User.last.first_name).to eq('Fede') }
+    it { expect(User.last.uid).to eq 'foo@bar.com' }
+  end
+
+end