openproject-global_roles 1.0.0

data/spec/controllers/users_controller_spec.rb

@@ -0,0 +1,57 @@
+#-- copyright
+# OpenProject is a project management system.
+#
+# Copyright (C) 2010-2013 the OpenProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# See doc/COPYRIGHT.rdoc for more details.
+#++
+
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe UsersController do
+  before(:each) do
+    @controller.stub!(:require_admin).and_return(true)
+    @controller.stub!(:check_if_login_required)
+    @controller.stub!(:set_localization)
+    @global_roles = [mock_model(GlobalRole), mock_model(GlobalRole)]
+    GlobalRole.stub!(:all).and_return(@global_roles)
+    user_mock = mock_model User
+    user_mock.stub!(:logged?).and_return(true)
+    User.stub!(:find).with(any_args()).and_return(user_mock)
+
+    disable_log_requesting_user
+  end
+
+  describe "get" do
+    before :each do
+      @params = {"id" => "1"}
+    end
+
+    describe :edit do
+      before :each do
+
+      end
+
+      describe "RESULT" do
+        before :each do
+
+        end
+
+        describe "html" do
+          before :each do
+            get "edit", @params
+          end
+
+          it { response.should be_success }
+          it { assigns(:global_roles).should eql @global_roles }
+          it { response.should render_template "users/edit"}
+        end
+      end
+
+    end
+
+  end
+end

data/spec/factories/global_role_factory.rb

@@ -0,0 +1,16 @@
+#-- copyright
+# OpenProject is a project management system.
+#
+# Copyright (C) 2010-2013 the OpenProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# See doc/COPYRIGHT.rdoc for more details.
+#++
+
+FactoryGirl.define do
+  factory :global_role do |gr|
+    gr.name "global_role"
+  end
+end

data/spec/factories/principal_role_factory.rb

@@ -0,0 +1,17 @@
+#-- copyright
+# OpenProject is a project management system.
+#
+# Copyright (C) 2010-2013 the OpenProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# See doc/COPYRIGHT.rdoc for more details.
+#++
+
+FactoryGirl.define do
+  factory :principal_role do |pr|
+    pr.association :role, :factory => :global_role
+    pr.association :principal, :factory => :user
+  end
+end

data/spec/lib/access_control_spec.rb

@@ -0,0 +1,56 @@
+#-- copyright
+# OpenProject is a project management system.
+#
+# Copyright (C) 2010-2013 the OpenProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# See doc/COPYRIGHT.rdoc for more details.
+#++
+
+require File.expand_path(File.dirname(__FILE__) + "/../spec_helper")
+
+describe Redmine::AccessControl do
+  before(:each) do
+    stash_access_control_permissions
+
+    Redmine::AccessControl.map do |map|
+      map.permission :proj0, {:dont => :care}, :require => :member
+      map.permission :global0, {:dont => :care}, :global => true
+      map.permission :proj1, {:dont => :care}
+
+      map.project_module :global_module do |mod|
+        mod.permission :global1, {:dont => :care}, :global => true
+      end
+
+      map.project_module :project_module do |mod|
+        mod.permission :proj2, {:dont => :care}
+      end
+
+      map.project_module :mixed_module do |mod|
+        mod.permission :proj3, {:dont => :care}
+        mod.permission :global2, {:dont => :care}, :global => true
+      end
+    end
+  end
+
+  after(:each) do
+    restore_access_control_permissions
+  end
+
+  describe "class methods" do
+    describe :global_permissions do
+      it {Redmine::AccessControl.global_permissions.should have(3).items}
+      it {Redmine::AccessControl.global_permissions.collect(&:name).should include(:global0)}
+      it {Redmine::AccessControl.global_permissions.collect(&:name).should include(:global1)}
+      it {Redmine::AccessControl.global_permissions.collect(&:name).should include(:global2)}
+    end
+
+    describe :available_project_modules do
+      it {Redmine::AccessControl.available_project_modules.include?(:global_module).should be_false }
+      it {Redmine::AccessControl.available_project_modules.include?(:global_module).should be_false }
+      it {Redmine::AccessControl.available_project_modules.include?(:mixed_module).should be_true }
+    end
+  end
+end

data/spec/lib/global_roles/principal_allowance_evaluator/global_spec.rb

@@ -0,0 +1,84 @@
+#-- copyright
+# OpenProject is a project management system.
+#
+# Copyright (C) 2010-2013 the OpenProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# See doc/COPYRIGHT.rdoc for more details.
+#++
+
+require File.dirname(__FILE__) + '/../../../spec_helper'
+
+describe OpenProject::GlobalRoles::PrincipalAllowanceEvaluator::Global do
+
+  let(:klass) { OpenProject::GlobalRoles::PrincipalAllowanceEvaluator::Global }
+  let(:user) { FactoryGirl.build(:user) }
+  let(:filter) { klass.new user }
+  let(:member) { FactoryGirl.build(:member) }
+  let(:principal_role) { FactoryGirl.build(:principal_role,
+                                       :role => role) }
+  let(:principal_role2) { FactoryGirl.build(:principal_role) }
+  let(:role) { FactoryGirl.build(:global_role) }
+  let(:project) { FactoryGirl.build(:project) }
+
+  describe :granted_for_project? do
+    it { filter.granted_for_project?(member, :action, project).should be_false }
+  end
+
+  describe :denied_for_project? do
+    it { filter.denied_for_project?(member, :action, project).should be_false }
+  end
+
+  describe :granted_for_global? do
+    describe "WHEN checking a Member" do
+      it { filter.granted_for_global?(member, :action, {}).should be_false }
+    end
+
+    describe "WHEN checking a PrincipalRole
+              WHEN the PrincipalRole has a Role that is allowed the action" do
+      before do
+        role.permissions = [:action]
+      end
+
+      it { filter.granted_for_global?(principal_role, :action, {}).should be_true }
+    end
+
+    describe "WHEN checking a PrincipalRole
+              WHEN the PrincipalRole has a Role that is not allowed the action" do
+      it { filter.granted_for_global?(principal_role, :action, {}).should be_false }
+    end
+  end
+
+  describe :denied_for_global? do
+    it { filter.denied_for_global?(principal_role, :action, {}).should be_false }
+  end
+
+  describe :project_granting_candidates do
+    it { filter.project_granting_candidates(project).should =~ [] }
+  end
+
+  describe :global_granting_candidates do
+    describe "WHEN the user has a PrincipalRole assigned" do
+      before do
+        user.principal_roles = [principal_role]
+      end
+
+      it { filter.global_granting_candidates =~ [principal_role] }
+    end
+
+    describe "WHEN the user has multiple PrincipalRole assigned" do
+      before do
+        user.principal_roles = [principal_role, principal_role2]
+      end
+
+      it { filter.global_granting_candidates =~ [principal_role, principal_role2] }
+    end
+
+    describe "WHEN the user has no PrincipalRoles assigned" do
+      it { filter.global_granting_candidates =~ [] }
+    end
+  end
+end
+

data/spec/lib/loader_spec.rb

@@ -0,0 +1,40 @@
+#-- copyright
+# OpenProject is a project management system.
+#
+# Copyright (C) 2010-2013 the OpenProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# See doc/COPYRIGHT.rdoc for more details.
+#++
+
+require File.dirname(__FILE__) + '/../spec_helper'
+
+describe Redmine::DefaultData::Loader do
+
+  describe :load do
+    before :each do
+      stash_access_control_permissions
+      create_non_member_role
+      create_anonymous_role
+      Redmine::DefaultData::Loader.load
+    end
+
+    after(:each) do
+      restore_access_control_permissions
+    end
+
+    #describes only the results of load in the db
+    it {Role.find_by_name(I18n.t(:default_role_manager)).attributes["type"].should eql "Role"}
+
+    if Redmine::VERSION::MAJOR < 1
+      it {Role.find_by_name(I18n.t(:default_role_developper)).attributes["type"].should eql "Role"} #[sic]
+    else
+      it {Role.find_by_name(I18n.t(:default_role_developer)).attributes["type"].should eql "Role"} #[sic]
+    end
+
+    it {Role.find_by_name(I18n.t(:default_role_reporter)).attributes["type"].should eql "Role"}
+  end
+
+end

data/spec/lib/permission_spec.rb

@@ -0,0 +1,41 @@
+#-- copyright
+# OpenProject is a project management system.
+#
+# Copyright (C) 2010-2013 the OpenProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# See doc/COPYRIGHT.rdoc for more details.
+#++
+
+require File.expand_path(File.dirname(__FILE__) + "/../spec_helper")
+
+describe Redmine::AccessControl::Permission do
+  describe "WHEN setting global permission" do
+    describe "creating with", :new do
+      before {@permission = Redmine::AccessControl::Permission.new(:perm, {:cont => [:action]}, {:global => true})}
+      describe :global? do
+        it {@permission.global?.should be_true}
+      end
+    end
+  end
+
+  describe "setting non_global" do
+    describe "creating with", :new do
+      before {@permission = Redmine::AccessControl::Permission.new :perm, {:cont => [:action]}, {:global => false}}
+
+      describe :global? do
+        it {@permission.global?.should be_false}
+      end
+    end
+
+    describe "creating with", :new do
+      before {@permission = Redmine::AccessControl::Permission.new :perm, {:cont => [:action]}, {}}
+
+      describe :global? do
+        it {@permission.global?.should be_false}
+      end
+    end
+  end
+end

data/spec/models/global_role_spec.rb

@@ -0,0 +1,175 @@
+#-- copyright
+# OpenProject is a project management system.
+#
+# Copyright (C) 2010-2013 the OpenProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# See doc/COPYRIGHT.rdoc for more details.
+#++
+
+require File.expand_path(File.dirname(__FILE__) + "/../spec_helper")
+
+describe GlobalRole do
+  before {GlobalRole.create :name => "globalrole", :permissions => ["permissions"]} # for validate_uniqueness_of
+
+  it {should have_many :principals}
+  it {should have_many :principal_roles}
+  it {should validate_presence_of :name}
+  it {should validate_uniqueness_of :name}
+  it {should ensure_length_of(:name).is_at_most(30)}
+
+  describe "attributes" do
+    before {@role = GlobalRole.new}
+
+    subject {@role}
+
+    it {should respond_to :name}
+    it {should respond_to :permissions}
+    it {should respond_to :position}
+  end
+
+  describe "class methods" do
+    describe "WITH available global permissions defined" do
+      before (:each) do
+        @permission_options = [:perm1, :perm2, :perm3]
+        Redmine::AccessControl.stub!(:global_permissions).and_return(@permission_options)
+      end
+
+      describe :setable_permissions do
+        it {GlobalRole.setable_permissions.should eql @permission_options}
+      end
+    end
+  end
+
+  describe "instance methods" do
+    before (:each) do
+      @role = GlobalRole.new
+
+      if costs_plugin_loaded?
+        @perm = Object.new
+        Redmine::AccessControl.stub!(:permission).and_return @perm
+        @perm.stub!(:inherited_by).and_return([])
+        @perm.stub!(:name).and_return(:perm)
+        @perm.stub!(:inherits).and_return([])
+      end
+    end
+
+    describe "WITH no attributes set" do
+      before (:each) do
+        @role = GlobalRole.new
+      end
+
+      describe :permissions do
+        subject {@role.permissions}
+
+        it {should be_an_instance_of(Array)}
+        it {should have(0).items}
+      end
+
+      describe :permissions= do
+        describe "WITH parameter" do
+          before {@role.should_receive(:write_attribute).with(:permissions, [:perm1, :perm2])}
+
+          it "should write permissions" do
+            @role.permissions = [:perm1, :perm2]
+          end
+
+          it "should write permissions only once" do
+            @role.permissions = [:perm1, :perm2, :perm2]
+          end
+
+          it "should write permissions as symbols" do
+            @role.permissions = ["perm1", "perm2"]
+          end
+
+          it "should remove empty perms" do
+            @role.permissions = [:perm1, :perm2, "", nil]
+          end
+        end
+
+        describe "WITHOUT parameter" do
+          before {@role.should_receive(:write_attribute).with(:permissions, nil)}
+
+          it "should write permissions" do
+            @role.permissions = nil
+          end
+        end
+      end
+
+      describe :has_permission? do
+        it {@role.has_permission?(:perm).should be_false}
+      end
+
+      describe :allowed_to? do
+        describe "WITH requested permission" do
+          it {@role.allowed_to?(:perm1).should be_false}
+        end
+      end
+    end
+
+    describe "WITH set permissions" do
+      before{ @role = GlobalRole.new :permissions => [:perm1, :perm2, :perm3]}
+
+      describe :has_permission? do
+        it {@role.has_permission?(:perm1).should be_true}
+        it {@role.has_permission?("perm1").should be_true}
+        it {@role.has_permission?(:perm5).should be_false}
+      end
+
+      describe :allowed_to? do
+        describe "WITH requested permission" do
+          it {@role.allowed_to?(:perm1).should be_true}
+          it {@role.allowed_to?(:perm5).should be_false}
+        end
+      end
+    end
+
+    describe "WITH available global permissions defined" do
+      before (:each) do
+        @role = GlobalRole.new
+        @permission_options = [:perm1, :perm2, :perm3]
+        Redmine::AccessControl.stub!(:global_permissions).and_return(@permission_options)
+      end
+
+      describe :setable_permissions do
+        it {@role.setable_permissions.should eql @permission_options}
+      end
+    end
+
+    describe "WITH set name" do
+      before{ @role = GlobalRole.new :name => "name"}
+
+      describe :to_s do
+        it {@role.to_s.should eql("name")}
+      end
+    end
+
+    describe :destroy do
+      before {@role = GlobalRole.create :name => "global"}
+
+      it {@role.destroy}
+    end
+
+    describe :assignable do
+      it {@role.assignable.should be_false}
+    end
+
+    describe :assignable= do
+      it {lambda {@role.assignable = true}.should raise_error ArgumentError}
+      it {lambda {@role.assignable = false}.should_not raise_error ArgumentError}
+    end
+
+    describe :assignable_to? do
+      before(:each) do
+        @role = FactoryGirl.build(:global_role)
+        @user = FactoryGirl.build(:user)
+      end
+      it "always true global roles for now" do
+        @role.assignable_to?(@user).should be_true
+      end
+    end
+  end
+
+end