proclaim 0.5.5 → 0.5.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8bce2e7e2311f573903511a372524c9f096a0870
-  data.tar.gz: 57f23111baf862cbd0de4f1fa0f3e7c2814ae7b1
+  metadata.gz: 5010df73f9c56158e2848567ff36f237e84416b8
+  data.tar.gz: eb2c9683b06d54f40af0ca609af12c8f0794fae4
 SHA512:
-  metadata.gz: 9219b01cd666a5d4c118c5c038ff11e04178c44ca71de009684ab8f88a189b1ab7a846d4b05d142f02610c8f26173206ad5ca4200c84e1e9b0d5a1542066ef05
-  data.tar.gz: a16ecba90c52f4e95cfd4e6dc795f4a0d9f9c449d2228e43faa7f7afee6e75fa12565cef31685b43d74aa3566ca8f0fbe9842d69c2b7a95e57d207a27599a1b9
+  metadata.gz: 830649b8fad5fc8c4206b1cc96b9ea6730d839a1c4a5638e1601c9327ecd947315d647b1b85ad10275d52e2a463fa4c704e16282c6b7045720247f177218e6b8
+  data.tar.gz: 9f55f501b0639edda86983c4bcef68531df58edd279cf13d5922977510f4cf989bed9991e3f17a4b64acb5146deccf6145ae49eea6f66a29ae113d494a6ea9ce

data/CHANGELOG

@@ -1,3 +1,7 @@
+v 0.5.6
+  - Refactor json responses in controllers
+  - Add a few more corner-case tests
+
 v 0.5.5
   - Add comment count to Post index
 

data/README.md

@@ -33,7 +33,7 @@ Proclaim 0.5 works with Rails 4.2 and on, with Ruby 1.9.3 and on. Add it to your
 Gemfile with:
 
 ```ruby
-gem 'proclaim', "~> 0.5.5"
+gem 'proclaim', "~> 0.5.6"
 ```
 
 Run `bundle install` to install it.

data/VERSION

@@ -1 +1 @@
-0.5.5
+0.5.6

data/app/controllers/proclaim/application_controller.rb

@@ -41,4 +41,38 @@ class Proclaim::ApplicationController < ApplicationController
 	def cache_name_from_url(url)
 		url.match(/[^\/]*?\/[^\/]*\z/)
 	end
+
+	def handleJsonRequest(object, options = {})
+		operation = options[:operation] || true
+		successJson = options[:success_json] || true
+		failureJson = options[:failure_json] || lambda {object.errors.full_messages}
+		unauthorizedStatus = options[:unauthorized_status] || :unauthorized
+
+		begin
+			authorize object
+
+			yield if block_given?
+			return if performed? # Don't continue if the block rendered
+
+			respond_to do |format|
+				if (operation == true) or (operation.respond_to?(:call) and operation.call)
+					if successJson.respond_to? :call
+						successJson = successJson.call
+					end
+
+					format.json { render json: successJson }
+				else
+					if failureJson.respond_to? :call
+						failureJson = failureJson.call
+					end
+
+					format.json { render json: failureJson, status: :unprocessable_entity }
+				end
+			end
+		rescue Pundit::NotAuthorizedError
+			respond_to do |format|
+				format.json { render json: true, status: unauthorizedStatus }
+			end
+		end
+	end
 end

data/app/controllers/proclaim/comments_controller.rb

@@ -9,84 +9,66 @@ module Proclaim
 		def create
 			@comment = Comment.new(comment_params)
 
-			begin
-				authorize @comment
-
-				if antispam_params[:answer] == antispam_params[:solution]
-					subscription = nil
-					params = subscription_params
-					if params and params[:subscribe]
-						subscription = Subscription.new(name: @comment.author,
-						                                email: params[:email],
-						                                post: @comment.post)
-					end
-
-					respond_to do |format|
-						begin
-							Comment.transaction do
-								@comment.save!
-
-								if subscription
-									subscription.save!
-								end
+			subscription = nil
+			if subscription_params and subscription_params[:subscribe]
+				subscription = Subscription.new(name: @comment.author,
+				                                email: subscription_params[:email],
+				                                post: @comment.post)
+			end
 
-								format.json { render_comment_json(@comment) }
-							end
-						rescue ActiveRecord::RecordInvalid
-							errorMessages = Array.new
-							errorMessages += @comment.errors.full_messages
+			errors = Array.new
+			options = Hash.new
+			options[:success_json] = lambda {comment_json(@comment)}
+			options[:failure_json] = lambda {errors}
+			options[:operation] = lambda do
+				respond_to do |format|
+					begin
+						# Wrap saving the comment in a transaction, so if the
+						# subscription fails to save, the comment doesn't save either
+						# (and vice-versa).
+						Comment.transaction do
+							@comment.save!
 
 							if subscription
-								errorMessages += subscription.errors.full_messages
+								subscription.save!
 							end
 
-							format.json { render json: errorMessages, status: :unprocessable_entity }
+							return true
 						end
+					rescue ActiveRecord::RecordInvalid
+						errors += @comment.errors.full_messages
+
+						if subscription
+							errors += subscription.errors.full_messages
+						end
+
+						return false
 					end
-				else
+				end
+			end
+
+			# Don't leak that the post actually exists. Turn the "unauthorized"
+			# into a "not found"
+			options[:unauthorized_status] = :not_found
+
+			handleJsonRequest(@comment, options) do
+				if antispam_params[:answer] != antispam_params[:solution]
 					respond_to do |format|
 						format.json { render json: ["Antispam question wasn't answered correctly"], status: :unprocessable_entity }
 					end
 				end
-			rescue Pundit::NotAuthorizedError
-				respond_to do |format|
-					# Don't leak that the post actually exists. Turn the
-					# "unauthorized" into a "not found"
-					format.json { render json: true, status: :not_found }
-				end
 			end
 		end
 
 		def update
-			begin
-				authorize @comment
-
-				respond_to do |format|
-					if @comment.update(comment_params)
-						format.json { render_comment_json(@comment) }
-					else
-						format.json { render json: @comment.errors.full_messages, status: :unprocessable_entity }
-					end
-				end
-			rescue Pundit::NotAuthorizedError
-				respond_to do |format|
-					format.json { render json: true, status: :unauthorized }
-				end
-			end
+			handleJsonRequest(@comment,
+			                  operation: lambda {@comment.update(comment_params)},
+			                  success_json: lambda {comment_json(@comment)})
 		end
 
 		def destroy
-			begin
-				authorize @comment
-
-				respond_to do |format|
-					@comment.destroy
-					format.json { render json: true, status: :ok }
-				end
-			rescue Pundit::NotAuthorizedError
-				respond_to do |format|
-					format.json { render json: true, status: :unauthorized }
-				end
+			handleJsonRequest(@comment) do
+				@comment.destroy
 			end
 		end
 
@@ -96,10 +78,10 @@ module Proclaim
 			@comment = Comment.find(params[:id])
 		end
 
-		def render_comment_json(comment)
-			render json: {
-				id: comment.id,
-				html: comment_to_html(comment)
+		def comment_json(comment)
+			return {
+					id: comment.id,
+					html: comment_to_html(comment)
 			}
 		end
 

data/app/controllers/proclaim/images_controller.rb

@@ -7,40 +7,18 @@ module Proclaim
 		def create
 			@image = Image.new(post_id: image_params[:post_id])
 
-			begin
-				authorize @image
-
+			handleJsonRequest(@image,
+			                  operation: lambda {@image.save},
+			                  success_json: lambda {@image.image.url}) do
 				@image.image = image_params[:image]
-
-				respond_to do |format|
-					if @image.save
-						format.json { render json: @image.image.url }
-					else
-						format.json { render json: @image.errors.full_messages, status: :unprocessable_entity }
-					end
-				end
-			rescue Pundit::NotAuthorizedError
-				respond_to do |format|
-					format.json { render json: true, status: :unauthorized }
-				end
 			end
 		end
 
 		def cache
 			@image = Image.new
 
-			begin
-				authorize @image
-
+			handleJsonRequest(@image, success_json: lambda {@image.image.url}) do
 				@image.image = file_params[:file]
-
-				respond_to do |format|
-					format.json { render json: @image.image.url }
-				end
-			rescue Pundit::NotAuthorizedError
-				respond_to do |format|
-					format.json { render json: true, status: :unauthorized }
-				end
 			end
 		end
 
@@ -59,37 +37,18 @@ module Proclaim
 				@image = Image.find(image_id)
 			end
 
-			begin
-				authorize @image
-
+			handleJsonRequest(@image, success_json: {id: image_id}) do
 				if @image.new_record?
 					@image.image.remove!
 				end
-
-				respond_to do |format|
-					format.json { render json: {id: image_id}, status: :ok }
-				end
-			rescue Pundit::NotAuthorizedError
-				respond_to do |format|
-					format.json { render json: true, status: :unauthorized }
-				end
 			end
 		end
 
 		def destroy
 			@image = Image.find(params[:id])
 
-			begin
-				authorize @image
-
-				respond_to do |format|
-					@image.destroy
-					format.json { render json: true, status: :ok }
-				end
-			rescue Pundit::NotAuthorizedError
-				respond_to do |format|
-					format.json { render json: true, status: :unauthorized }
-				end
+			handleJsonRequest(@image) do
+				@image.destroy
 			end
 		end
 

data/app/views/proclaim/comments/_form.html.erb

@@ -27,8 +27,6 @@
 	<%= f.label :body %><br />
 	<%= f.text_area :body, rows: 7, cols: 50 %><br />
 
-
-
 	<% if comment.new_record? %>
 		<%= label namespace_space+"antispam", "answer", "Spam bots can't do math. What is #{random_number_1} + #{random_number_2}?" %><br />
 		<%= text_field "antispam", "answer", id: namespace_space+"antispam_answer" %><br />

data/lib/proclaim/version.rb

@@ -1,3 +1,3 @@
 module Proclaim
-  VERSION = "0.5.5"
+  VERSION = "0.5.6"
 end

data/test/controllers/proclaim/comments_controller_test.rb

@@ -88,7 +88,7 @@ module Proclaim
 			assert_update_comment newComment
 		end
 
-		test "should not root update comment if not logged in" do
+		test "should not update root comment if not logged in" do
 			newComment = FactoryGirl.create(:comment)
 			refute_update_comment newComment
 		end

data/test/controllers/proclaim/images_controller_test.rb

@@ -45,6 +45,36 @@ module Proclaim
 			assert_response :unauthorized
 		end
 
+		test "should not create image without a post" do
+			user = FactoryGirl.create(:user)
+			sign_in user
+
+			image = FactoryGirl.build(:image, post: nil, image: nil)
+
+			assert_no_difference('Image.count') do
+				post :create, format: :json, image: {
+					image: Rack::Test::UploadedFile.new(File.join(Rails.root, '../', 'support', 'images', 'test.jpg'))
+				}
+			end
+
+			assert_response :unprocessable_entity
+		end
+
+		test "should not create image without actual image" do
+			user = FactoryGirl.create(:user)
+			sign_in user
+
+			image = FactoryGirl.build(:image, image: nil)
+
+			assert_no_difference('Image.count') do
+				post :create, format: :json, image: {
+					post_id: image.post_id
+				}
+			end
+
+			assert_response :unprocessable_entity
+		end
+
 		test "should cache image if logged in" do
 			user = FactoryGirl.create(:user)
 			sign_in user
@@ -93,7 +123,7 @@ module Proclaim
 			assert_response :unauthorized
 		end
 
-		test "should not destroy image if logged in but return ID" do
+		test "discard should not destroy image if logged in but return ID" do
 			user = FactoryGirl.create(:user)
 			sign_in user
 
@@ -110,11 +140,24 @@ module Proclaim
 			assert_equal image.id.to_s, json["id"]
 		end
 
+		test "should destroy image if logged in" do
+			user = FactoryGirl.create(:user)
+			sign_in user
+
+			image = FactoryGirl.create(:image)
+
+			assert_difference('Image.count', -1) do
+				delete :destroy, format: :json, id: image.id
+			end
+
+			assert_response :success
+		end
+
 		test "should not destroy image if not logged in" do
 			image = FactoryGirl.create(:image)
 
 			assert_no_difference('Image.count') do
-				post :discard, format: :json, file: image.image.url
+				delete :destroy, format: :json, id: image.id
 			end
 
 			assert_response :unauthorized

data/test/controllers/proclaim/posts_controller_test.rb

@@ -125,6 +125,44 @@ module Proclaim
 			assert assigns(:post).published?
 		end
 
+		test "should not create post without title" do
+			user = FactoryGirl.create(:user)
+			sign_in user
+
+			newPost = FactoryGirl.build(:post)
+
+			assert_no_difference('Post.count') do
+				post :create, post: {
+					author_id: newPost.author_id,
+					body: newPost.body
+					# Leave off title
+				}
+			end
+
+			assert assigns(:post).errors.any?,
+			       "Expected an error due to lack of post title"
+			assert_template :new, "Expected new view to be rendered again"
+		end
+
+		test "should not create post without body" do
+			user = FactoryGirl.create(:user)
+			sign_in user
+
+			newPost = FactoryGirl.build(:post)
+
+			assert_no_difference('Post.count') do
+				post :create, post: {
+					author_id: newPost.author_id,
+					title: newPost.title
+					# Leave off body
+				}
+			end
+
+			assert assigns(:post).errors.any?,
+			       "Expected an error due to lack of post body"
+			assert_template :new, "Expected new view to be rendered again"
+		end
+
 		test "should upload images when creating post" do
 			user = FactoryGirl.create(:user)
 			sign_in user
@@ -367,6 +405,38 @@ module Proclaim
 			assert_match /not authorized/, flash[:error]
 		end
 
+		test "should not update post without title" do
+			user = FactoryGirl.create(:user)
+			sign_in user
+
+			newPost = FactoryGirl.create(:post)
+
+			patch :update, id: newPost, post: {
+				author_id: newPost.author_id,
+				title: "" # Remove title
+			}
+
+			assert assigns(:post).errors.any?,
+			       "Expected an error due to lack of post title"
+			assert_template :edit, "Expected edit view to be rendered again"
+		end
+
+		test "should not update post without body" do
+			user = FactoryGirl.create(:user)
+			sign_in user
+
+			newPost = FactoryGirl.create(:post)
+
+			patch :update, id: newPost, post: {
+				author_id: newPost.author_id,
+				body: "" # Remove body
+			}
+
+			assert assigns(:post).errors.any?,
+			       "Expected an error due to lack of post body"
+			assert_template :edit, "Expected edit view to be rendered again"
+		end
+
 		test "should destroy post if logged in" do
 			user = FactoryGirl.create(:user)
 			sign_in user

data/test/controllers/proclaim/subscriptions_controller_test.rb

@@ -48,6 +48,12 @@ module Proclaim
 			assert_equal subscription, assigns(:subscription)
 		end
 
+		test "show should return not found is token is invalid" do
+			assert_raises ActiveRecord::RecordNotFound do
+				get :show, token: 12345
+			end
+		end
+
 		test "should get new if logged in" do
 			user = FactoryGirl.create(:user)
 			sign_in user

data/test/integration/with_javascript/comment_test.rb

@@ -240,6 +240,44 @@ class CommentTest < ActionDispatch::IntegrationTest
 		       "The old child comment body should be gone!"
 	end
 
+	test "edit should show error without author" do
+		user = FactoryGirl.create(:user)
+		sign_in user
+
+		comment = FactoryGirl.create(:published_comment)
+
+		visit proclaim.post_path(comment.post)
+
+		@show_page.comment_edit_link(comment).click
+
+		within("#edit_comment_#{comment.id}") do
+			fill_in 'Author', with: "" # An empty author should result in an error
+		end
+
+		@show_page.edit_comment_submit_button(comment).click
+
+		assert page.has_css?('div.error')
+	end
+
+	test "edit should show error without body" do
+		user = FactoryGirl.create(:user)
+		sign_in user
+
+		comment = FactoryGirl.create(:published_comment)
+
+		visit proclaim.post_path(comment.post)
+
+		@show_page.comment_edit_link(comment).click
+
+		within("#edit_comment_#{comment.id}") do
+			fill_in 'Body', with: "" # An empty body should result in an error
+		end
+
+		@show_page.edit_comment_submit_button(comment).click
+
+		assert page.has_css?('div.error')
+	end
+
 	test "should not have option to delete if not logged in" do
 		comment = FactoryGirl.create(:published_comment)
 

data/test/integration/with_javascript/post_form_test.rb

@@ -181,7 +181,7 @@ class PostFormTest < ActionDispatch::IntegrationTest
 		assert page.has_no_text?("&quot;quotes&quot;"), "Show page should not be showing HTML entities in title!"
 	end
 
-	test "should show error without title" do
+	test "new should show error without title" do
 		user = FactoryGirl.create(:user)
 		sign_in user
 
@@ -203,7 +203,7 @@ class PostFormTest < ActionDispatch::IntegrationTest
 		end
 	end
 
-	test "should show error without body" do
+	test "new should show error without body" do
 		user = FactoryGirl.create(:user)
 		sign_in user
 

data/test/models/proclaim/subscription_test.rb

@@ -53,6 +53,12 @@ module Proclaim
 			assert_equal subscription2, Subscription.from_token(token2)
 		end
 
+		test "an invalid token should raise a NotFound" do
+			assert_raises ActiveRecord::RecordNotFound do
+				Subscription.from_token("123456")
+			end
+		end
+
 		test "should require valid post or none at all" do
 			# Post 12345 doesn't exist
 			subscription = FactoryGirl.build(:subscription, post_id: 12345)

data/test/policies/application_policy_test.rb

@@ -0,0 +1,87 @@
+require 'test_helper'
+
+class ApplicationPolicyTest < ActiveSupport::TestCase
+	test "application index" do
+		user = FactoryGirl.create(:user)
+
+		# Verify that a user cannot visit the index by default
+		policy = ApplicationPolicy.new(user, nil)
+		refute policy.index?, "A user should be not able to visit the index by default"
+
+		# Verify that a guest cannot visit the index by default
+		policy = ApplicationPolicy.new(nil, nil)
+		refute policy.index?, "A guest should not be able to visit the index by default"
+	end
+
+	test "application show" do
+		user = FactoryGirl.create(:user)
+
+		# Verify that a user cannot view an object by default
+		policy = ApplicationPolicy.new(user, nil)
+		refute policy.show?, "A user should be not able to view an object by default"
+
+		# Verify that a guest cannot view an object by default
+		policy = ApplicationPolicy.new(nil, nil)
+		refute policy.show?, "A guest should not be able to view an object by default"
+	end
+
+	test "application create" do
+		user = FactoryGirl.create(:user)
+
+		# Verify that a user cannot create an object by default
+		policy = ApplicationPolicy.new(user, nil)
+		refute policy.create?, "A user should be not able to create an object by default"
+
+		# Verify that a guest cannot create an object by default
+		policy = ApplicationPolicy.new(nil, nil)
+		refute policy.create?, "A guest should not be able to create an object by default"
+	end
+
+	test "application new" do
+		user = FactoryGirl.create(:user)
+
+		# Verify that a user cannot visit the new action by default
+		policy = ApplicationPolicy.new(user, nil)
+		refute policy.new?, "A user should be not able to visit the new action by default"
+
+		# Verify that a guest cannot visit the new action by default
+		policy = ApplicationPolicy.new(nil, nil)
+		refute policy.new?, "A guest should not be able to visit the new action by default"
+	end
+
+	test "application update" do
+		user = FactoryGirl.create(:user)
+
+		# Verify that a user cannot update an object by default
+		policy = ApplicationPolicy.new(user, nil)
+		refute policy.update?, "A user should be not able to update an object by default"
+
+		# Verify that a guest cannot update an object by default
+		policy = ApplicationPolicy.new(nil, nil)
+		refute policy.update?, "A guest should not be able to update an object by default"
+	end
+
+	test "application edit" do
+		user = FactoryGirl.create(:user)
+
+		# Verify that a user cannot visit the edit action by default
+		policy = ApplicationPolicy.new(user, nil)
+		refute policy.edit?, "A user should be not able to visit the edit action by default"
+
+		# Verify that a guest cannot visit the edit action by default
+		policy = ApplicationPolicy.new(nil, nil)
+		refute policy.edit?, "A guest should not be able to visit the edit action by default"
+	end
+
+	test "application destroy" do
+		user = FactoryGirl.create(:user)
+
+		# Verify that a user cannot destroy an object by default
+		policy = ApplicationPolicy.new(user, nil)
+		refute policy.destroy?, "A user should be not able to destroy an object by default"
+
+		# Verify that a guest cannot destroy an object by default
+		policy = ApplicationPolicy.new(nil, nil)
+		refute policy.destroy?, "A guest should not be able to destroy an object by default"
+	end
+end

data/test/proclaim_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 
 class ProclaimTest < ActiveSupport::TestCase
-  test "truth" do
-    assert_kind_of Module, Proclaim
-  end
+	test "truth" do
+		assert_kind_of Module, Proclaim
+	end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: proclaim
 version: !ruby/object:Gem::Version
-  version: 0.5.5
+  version: 0.5.6
 platform: ruby
 authors:
 - Kyle Fazzari
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-29 00:00:00.000000000 Z
+date: 2015-07-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -505,6 +505,7 @@ files:
 - test/models/proclaim/image_test.rb
 - test/models/proclaim/post_test.rb
 - test/models/proclaim/subscription_test.rb
+- test/policies/application_policy_test.rb
 - test/policies/proclaim/comment_policy_test.rb
 - test/policies/proclaim/image_policy_test.rb
 - test/policies/proclaim/post_policy_test.rb
@@ -601,6 +602,7 @@ test_files:
 - test/dummy/config/initializers/cookies_serializer.rb
 - test/dummy/config/initializers/inflections.rb
 - test/dummy/README.rdoc
+- test/policies/application_policy_test.rb
 - test/policies/proclaim/subscription_policy_test.rb
 - test/policies/proclaim/post_policy_test.rb
 - test/policies/proclaim/image_policy_test.rb