unsakini 0.0.0

data/spec/models/user_board_spec.rb

@@ -0,0 +1,193 @@
+require 'rails_helper'
+
+RSpec.describe UserBoard, type: :model do
+
+  it_behaves_like 'encryptable', [:encrypted_password]
+
+  before(:each) do
+    @user = create(:user)
+    @user_2 = create(:user)
+  end
+
+  it "rejects nil board name" do
+    board_count = Board.count
+    user_board_count = UserBoard.count
+    my_board_count = @user.boards.count
+
+    user_board = UserBoard.new(
+      user_id: @user.id,
+      is_admin: true,
+      encrypted_password: Faker::Crypto.md5
+    )
+    expect(user_board.save).to be false
+    expect(@user.boards.count).to eq my_board_count
+    expect(Board.count).to eq(board_count)
+    expect(UserBoard.count).to eq(user_board_count)
+  end
+
+  it "rejects nil encrypted_password" do
+    user_board_count = UserBoard.count
+    my_board_count = @user.boards.count
+    board = create(:board)
+    board_count = Board.count
+
+    user_board = UserBoard.new(
+      user_id: @user.id,
+      board_id: board.id,
+      name: Faker::Name.title,
+      is_admin: true
+    )
+    expect(user_board.save).to be false
+    expect(@user.boards.count).to eq my_board_count
+    expect(Board.count).to eq(board_count)
+    expect(UserBoard.count).to eq(user_board_count)
+  end
+
+  it "creates UserBoard and it's Board" do
+    board_name = Faker::Name.title
+    my_board_count = @user.boards.count
+    board_count = Board.count
+    user_board_count = UserBoard.count
+
+    user_board = UserBoard.new(name: board_name, user_id: @user.id, encrypted_password: Faker::Crypto.md5)
+    expect(user_board.save).to be true
+    expect(@user.boards.count).to eq my_board_count+1
+    expect(Board.count).to eq(board_count+1)
+    expect(UserBoard.count).to eq(user_board_count+1)
+    expect(user_board.board.name).to eq board_name
+  end
+
+  it "updates the board name" do
+    new_board_name = Faker::Name.title
+    board = create(:board)
+    user_board = create(:user_board, {user_id: @user.id, board_id: board.id})
+
+    board = user_board.board
+    user_board.name = new_board_name
+    expect(board.name).not_to eq new_board_name
+    user_board.save
+    board.reload
+    expect(board.name).to eq new_board_name
+
+  end
+
+  it "updates the encrypted_password" do
+    board = create(:board)
+
+    user_board = create(:user_board, {user_id: @user.id, is_admin: true, board_id: board.id })
+
+    old_key = user_board.encrypted_password
+    new_key = Faker::Crypto.md5
+
+    expect(user_board.encrypted_password).not_to eq new_key
+    user_board.encrypted_password = new_key
+    expect(user_board.save).to be true
+    expect(user_board.encrypted_password).to eq new_key
+
+  end
+
+  it "rejects invalid encrypted_password" do
+    board = create(:board)
+    user_board = create(:user_board, {user_id: @user.id, is_admin: true, board_id: board.id})
+
+    old_key = user_board.encrypted_password
+
+    expect(old_key).not_to be_nil
+    user_board.encrypted_password = nil
+    expect(user_board.save).to be false
+    user_board.reload
+    expect(user_board.encrypted_password).to eq old_key
+
+  end
+
+  it "doens't update user_boards.encrypted_password if key is the same" do
+    new_board_name = Faker::Name.title
+    key = Faker::Crypto.md5
+    key2 = Faker::Crypto.md5
+
+    board = create(:board)
+
+    user_board = create(:user_board, {
+                          user_id: @user.id,
+                          board_id: board.id,
+                          is_admin: true,
+                          encrypted_password: key
+    })
+
+    user_board_2 = create(:user_board, {
+                            user_id: @user_2.id,
+                            board_id: board.id,
+                            is_admin: false,
+                            encrypted_password: key2
+    })
+
+    expect(user_board_2.encrypted_password).to eq key2
+    user_board.name = new_board_name
+    user_board.encrypted_password = key
+    user_board.save
+    user_board_2.reload
+    expect(user_board_2.encrypted_password).to eq key2
+
+  end
+
+  it "updates user_boards.encrypted_password if key is new" do
+    new_board_name = Faker::Name.title
+    key = Faker::Crypto.md5
+    key2 = Faker::Crypto.md5
+    new_key = Faker::Crypto.md5
+    board = create(:board)
+    user_board = create(:user_board, {
+                          user_id: @user.id,
+                          board_id: board.id,
+                          is_admin: true,
+                          encrypted_password: key
+    })
+
+    user_board_2 = create(:user_board, {
+                            user_id: @user_2.id,
+                            board_id: board.id,
+                            is_admin: false,
+                            encrypted_password: key2
+    })
+
+    expect(user_board_2.encrypted_password).to eq key2
+    user_board.name = new_board_name
+    user_board.encrypted_password = new_key
+    user_board.save
+    user_board_2.reload
+    expect(user_board_2.encrypted_password).to be_falsy
+
+  end
+
+  it "can be shared to other users" do
+    user_is_sharing_a_board_scenario
+
+    new_key = Faker::Crypto.md5
+
+    user_2_boards_count = @user_2.boards.count
+    user_3_boards_count = @user_3.boards.count
+    user_4_boards_count = @user_4.boards.count
+
+    expect(@user_board.share([@user_2.id, @user_3.id, @user_4.id], new_key)).to be true
+    # todo: check validation
+
+    expect(@user_2.boards.count).to eq(user_2_boards_count+1)
+    expect(@user_3.boards.count).to eq(user_3_boards_count+1)
+    expect(@user_4.boards.count).to eq(user_4_boards_count+1)
+
+    # make sure none of them is assign admin
+    expect(UserBoard.where(
+             is_admin: true,
+             board_id: @board.id,
+             user_id: [@user_2.id, @user_3.id, @user_4.id]
+    ).count).to eq 0
+
+    # make sure all has been shared with
+    expect(UserBoard.where(
+             board_id: @board.id,
+             user_id: [@user_2.id, @user_3.id, @user_4.id]
+    ).count).to eq 3
+
+  end
+
+end

data/spec/models/user_spec.rb

@@ -0,0 +1,5 @@
+require 'rails_helper'
+
+RSpec.describe User, type: :model do
+  # pending "add some examples to (or delete) #{__FILE__}"
+end

data/spec/rails_helper.rb

@@ -0,0 +1,58 @@
+# This file is copied to spec/ when you run 'rails generate rspec:install'
+ENV['RAILS_ENV'] ||= 'test'
+# require File.expand_path('../../config/environment', __FILE__)
+require File.expand_path("../dummy/config/environment.rb", __FILE__)
+# Prevent database truncation if the environment is production
+abort("The Rails environment is running in production mode!") if Rails.env.production?
+require 'spec_helper'
+require 'rspec/rails'
+# Add additional requires below this line. Rails is not loaded until this point!
+
+# Requires supporting ruby files with custom matchers and macros, etc, in
+# spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are
+# run as spec files by default. This means that files in spec/support that end
+# in _spec.rb will both be required and run as specs, causing the specs to be
+# run twice. It is recommended that you do not name files matching this glob to
+# end with _spec.rb. You can configure this pattern with the --pattern
+# option on the command line or in ~/.rspec, .rspec or `.rspec-local`.
+#
+# The following line is provided for convenience purposes. It has the downside
+# of increasing the boot-up time by auto-requiring all files in the support
+# directory. Alternatively, in the individual `*_spec.rb` files, manually
+# require only the support files necessary.
+#
+# Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f }
+
+# Checks for pending migration and applies them before tests are run.
+# If you are not using ActiveRecord, you can remove this line.
+ActiveRecord::Migration.maintain_test_schema!
+
+RSpec.configure do |config|
+  # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
+  config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+  # If you're not using ActiveRecord, or you'd prefer not to run each of your
+  # examples within a transaction, remove the following line or assign false
+  # instead of true.
+  config.use_transactional_fixtures = true
+
+  # RSpec Rails can automatically mix in different behaviours to your tests
+  # based on their file location, for example enabling you to call `get` and
+  # `post` in specs under `spec/controllers`.
+  #
+  # You can disable this behaviour by removing the line below, and instead
+  # explicitly tag your specs with their type, e.g.:
+  #
+  #     RSpec.describe UsersController, :type => :controller do
+  #       # ...
+  #     end
+  #
+  # The different available types are documented in the features, such as in
+  # https://relishapp.com/rspec/rspec-rails/docs
+  config.infer_spec_type_from_file_location!
+
+  # Filter lines from Rails gems in backtraces.
+  config.filter_rails_from_backtrace!
+  # arbitrary gems may also be filtered via:
+  # config.filter_gems_from_backtrace("gem name")
+end

data/spec/requests/api/api_boards_spec.rb

@@ -0,0 +1,238 @@
+require 'rails_helper'
+
+RSpec.describe "Api::Boards", type: :request do
+
+  let(:valid_board_params) {
+    {
+      :board => {:name => "board name"},
+      :encrypted_password => Faker::Crypto.md5
+    }
+  }
+  let(:invalid_board_name_param) {
+    {
+      :board => {:name => nil},
+      :encrypted_password => Faker::Crypto.md5
+    }
+  }
+  let(:invalid_encrypted_password_param) {
+    {
+      :board => {:name => "board name"},
+      :encrypted_password => nil
+    }
+  }
+
+  describe "GET /api/boards" do
+    before(:each) do
+      user_has_board_scenario
+    end
+    it "returns http unauthorized" do
+      get api_boards_path
+      expect(response).to have_http_status(:unauthorized)
+    end
+    it "returns current user's boards" do
+      get api_boards_path, headers: auth_headers(@user)
+      expect(response).to have_http_status(:ok)
+      expect(body_to_json('0')).to match_json_schema(:board)
+      expect(response.body).to be_json_eql(serialize(@user.user_boards.all))
+    end
+  end
+
+  describe "POST /api/boards" do
+
+    before(:each) do
+      create_board_scenario
+    end
+
+    it "returns http unauthorized" do
+      post api_boards_path
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it "rejects invalid board name" do
+      prev_boards_count = @user.boards.count
+      preve_user_boards_count = @user.user_boards.count
+      post api_boards_path, params: invalid_board_name_param, headers: auth_headers(@user), as: :json
+      expect(response).to have_http_status(:unprocessable_entity)
+      expect(@user.boards.count).to eq(prev_boards_count)
+      expect(@user.user_boards.count).to eq(preve_user_boards_count)
+    end
+
+    it "rejects invalid encrypted_password" do
+      prev_boards_count = @user.boards.count
+      preve_user_boards_count = @user.user_boards.count
+      post api_boards_path, params: invalid_encrypted_password_param, headers: auth_headers(@user), as: :json
+      expect(response).to have_http_status(:unprocessable_entity)
+      expect(@user.boards.count).to eq(prev_boards_count)
+      expect(@user.user_boards.count).to eq(preve_user_boards_count)
+    end
+
+    it "creates new board" do
+      prev_boards_count = @user.boards.count
+      preve_user_boards_count = @user.user_boards.count
+      post api_boards_path, params: valid_board_params, headers: auth_headers(@user), as: :json
+      expect(response).to have_http_status(:created)
+      expect(parse_json(response.body)).to match_json_schema(:board)
+      expect(body_to_json["board"]["name"]).to eq(valid_board_params[:board][:name])
+      expect(body_to_json["encrypted_password"]).to eq(valid_board_params[:encrypted_password])
+      expect(body_to_json["is_admin"]).to be true
+    end
+  end
+
+  context "My Boards" do
+
+    before(:each) do
+      user_has_shared_board_scenario
+    end
+
+    describe "GET /api/boards/:id" do
+
+      it "returns http unauthorized" do
+        get api_board_path(@board)
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it "returns http not_found" do
+        get api_board_path({id: 1000000}), headers: auth_headers(@user)
+        expect(response).to have_http_status(:not_found)
+      end
+
+      it "returns http forbidden" do
+        get api_board_path(@board), headers: auth_headers(@user_2)
+        expect(response).to have_http_status(:forbidden)
+      end
+
+      it "returns board resource" do
+        # debugger
+        get api_board_path(@board), headers: auth_headers(@user)
+        # debugger
+        expect(response).to have_http_status(:ok)
+        expect(response.body).to match_json_schema(:board)
+        expect(response.body).to be_json_eql(serialize(@user_board))
+      end
+    end
+
+    describe "PUT /api/boards/:id" do
+
+      it "returns http unauthorized" do
+        put api_board_path(@board)
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it "returns http forbidden" do
+        put api_board_path(@board), params: valid_board_params, headers: auth_headers(@user_2), as: :json
+        expect(response).to have_http_status(:forbidden)
+      end
+
+      it "returns http not_found" do
+        put api_board_path({id: 1000000}), params: valid_board_params, headers: auth_headers(@user), as: :json
+        expect(response).to have_http_status(:not_found)
+      end
+
+      it "rejects invalide encrypted_password" do
+        put api_board_path(@board), params: invalid_encrypted_password_param, headers: auth_headers(@user), as: :json
+        expect(response).to have_http_status(:unprocessable_entity)
+        @board.reload
+        @user_board.reload
+        expect(@board.name).not_to eq(invalid_encrypted_password_param[:board][:name])
+        expect(@user_board.encrypted_password).not_to eq(invalid_encrypted_password_param[:encrypted_password])
+      end
+
+      it "accepts invalid board name" do
+        put api_board_path(@board), params: invalid_board_name_param, headers: auth_headers(@user), as: :json
+        expect(response).to have_http_status(:ok)
+        @board.reload
+        @user_board.reload
+        expect(@board.name).not_to be_falsy
+        expect(@user_board.encrypted_password).to eq(invalid_board_name_param[:encrypted_password])
+      end
+
+      it "updates the board resource" do
+        put api_board_path(@board), params: valid_board_params, headers: auth_headers(@user), as: :json
+        expect(response).to have_http_status(:ok)
+        expect(response.body).to match_json_schema(:board)
+        expect(body_to_json['board']['name']).to eq(valid_board_params[:board][:name])
+        expect(body_to_json['encrypted_password']).to eq(valid_board_params[:encrypted_password])
+        @user_board.reload
+        expect(response.body).to be_json_eql(serialize(@user_board))
+        expect(@board.user_boards.where.not(encrypted_password: '').first).to eq @user_board
+        expect(@board.user_boards.where.not(encrypted_password: '').count).to eq 1
+        expect(@shared_board.user_boards.where.not(encrypted_password: '').all).not_to be_nil
+      end
+    end
+
+    describe "DELETE /api/boards/:id" do
+
+      it "returns http unauthorized" do
+        delete api_board_path(@board)
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it "returns http forbidden if not board owner" do
+        delete api_board_path(@board), headers: auth_headers(@user_2), as: :json
+        expect(response).to have_http_status(:forbidden)
+      end
+
+      it "returns http not_found" do
+        delete api_board_path({id: 1000000}), headers: auth_headers(@user), as: :json
+        expect(response).to have_http_status(:not_found)
+      end
+
+      it "deletes the board resource and its post and comments" do
+        expect(Board.find_by_id(@board.id)).not_to be_nil
+        expect(UserBoard.where(board_id: @board.id).all).not_to be_empty
+        expect(Post.where(board_id: @board.id).all).not_to be_empty
+        expect(Comment.where(post_id: @post.id).all).not_to be_empty
+        expect{delete api_board_path(@board), headers: auth_headers(@user), as: :json}
+        .to change{@user.boards.count}.by(-1)
+        expect(response).to have_http_status(:ok)
+        expect(Board.find_by_id(@board.id)).to be_nil
+        expect(UserBoard.where(board_id: @board.id).all).to be_empty
+        expect(Post.where(board_id: @board.id).all).to be_empty
+        expect(Comment.where(post_id: @post.id).all).to be_empty
+      end
+    end
+  end
+
+  context "Shared Board" do
+
+    before(:each) do
+      user_has_shared_board_scenario
+    end
+
+    describe "GET /api/boards/:id" do
+
+      it "returns http unauthorized" do
+        get api_board_path(@shared_board)
+        expect(response).to have_http_status(:unauthorized)
+      end
+
+      it "returns board resource" do
+        get api_board_path(@shared_board), headers: auth_headers(@user_2)
+        expect(response).to have_http_status(:ok)
+        expect(response.body).to match_json_schema(:board)
+        expect(response.body).to be_json_eql(serialize(@shared_user_board_2))
+      end
+    end
+
+    describe "PUT /api/boards/:id" do
+      it "updates the board resource" do
+        put api_board_path(@shared_board), params: valid_board_params, headers: auth_headers(@user_2), as: :json
+        expect(response).to have_http_status(:forbidden)
+        @shared_board.reload
+        expect(@shared_board.name).not_to eq(valid_board_params[:board][:name])
+        expect(@shared_user_board_2.encrypted_password).not_to eq(valid_board_params[:encrypted_password])
+      end
+    end
+
+    describe "DELETE /api/boards/:id" do
+
+      it "returns http forbidden if not board owner" do
+        delete api_board_path(@shared_board), headers: auth_headers(@user_2), as: :json
+        expect(response).to have_http_status(:forbidden)
+        expect(Board.find(@shared_board.id)).not_to be_nil
+      end
+    end
+
+  end
+
+end

data/spec/requests/api/api_share_board_spec.rb

@@ -0,0 +1,167 @@
+require 'rails_helper'
+
+RSpec.describe "Api::ShareBoard", type: :request do
+
+  before(:each) do
+    user_is_sharing_a_board_scenario
+  end
+
+  describe "POST /api/share/board/:id" do
+
+    it "returns http unauthorized status" do
+      post(
+        api_share_board_path,
+        as: :json
+      )
+
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    it "returns http forbidden status when not board owner" do
+      post(
+        api_share_board_path,
+        headers: auth_headers(@user_2),
+        params: @payload,
+        as: :json
+      )
+      expect(response).to have_http_status(:forbidden)
+    end
+
+    it "returns http forbidden status when not board owner" do
+      post(
+        api_share_board_path,
+        headers: auth_headers(@user_2),
+        params: @payload_wo_posts,
+        as: :json
+      )
+      expect(response).to have_http_status(:forbidden)
+    end
+
+    it "returns unprocessable_entity http status if empty payload" do
+      post(
+        api_share_board_path,
+        headers: auth_headers(@user),
+        params: {},
+        as: :json
+      )
+      expect(response).to have_http_status(:unprocessable_entity)
+    end
+
+    it "returns unprocessable_entity http status if no encrypted_password" do
+      post(
+        api_share_board_path,
+        headers: auth_headers(@user),
+        params: @payload_wo_encrypted_password,
+        as: :json
+      )
+      expect(response).to have_http_status(:unprocessable_entity)
+    end
+
+    it "returns unprocessable_entity http status if no shared user ids" do
+      post(
+        api_share_board_path,
+        headers: auth_headers(@user),
+        params: @payload_wo_shared_user_ids,
+        as: :json
+      )
+      expect(response).to have_http_status(:unprocessable_entity)
+    end
+
+    it "returns unprocessable_entity http status if contains invalid post" do
+      post(
+        api_share_board_path,
+        headers: auth_headers(@user),
+        params: @payload_w_invalid_post,
+        as: :json
+      )
+      expect(response).to have_http_status(:unprocessable_entity)
+    end
+
+    it "returns unprocessable_entity http status if contains invalid comment" do
+      post(
+        api_share_board_path,
+        headers: auth_headers(@user),
+        params: @payload_w_invalid_comment,
+        as: :json
+      )
+      expect(response).to have_http_status(:unprocessable_entity)
+    end
+
+
+    it "should successfully share board even if no comments" do |variable|
+      user_2_boards_count = @user_2.boards.count
+      user_3_boards_count = @user_3.boards.count
+      user_4_boards_count = @user_4.boards.count
+
+      prev_post_hash = @post.attributes
+      prev_comment_hash = @comment.attributes
+
+      post(
+        api_share_board_path,
+        headers: auth_headers(@user),
+        params: @payload_wo_comments,
+        as: :json
+      )
+
+      expect(response).to have_http_status(:ok)
+      expect(@user_2.boards.count).to eq(user_2_boards_count+1)
+      expect(@user_3.boards.count).to eq(user_3_boards_count+1)
+      expect(@user_4.boards.count).to eq(user_4_boards_count+1)
+
+      expect(@post.reload.title).to eq @payload_wo_comments[:posts][0][:title.to_s]
+      expect(@post.reload.content).to eq @payload_wo_comments[:posts][0][:content.to_s]
+
+    end
+
+
+    it "should successfully share board even if no posts" do |variable|
+      user_2_boards_count = @user_2.boards.count
+      user_3_boards_count = @user_3.boards.count
+      user_4_boards_count = @user_4.boards.count
+
+      prev_post_hash = @post.attributes
+      prev_comment_hash = @comment.attributes
+
+      post(
+        api_share_board_path,
+        headers: auth_headers(@user),
+        params: @payload_wo_posts,
+        as: :json
+      )
+
+      expect(response).to have_http_status(:ok)
+      expect(@user_2.boards.count).to eq(user_2_boards_count+1)
+      expect(@user_3.boards.count).to eq(user_3_boards_count+1)
+      expect(@user_4.boards.count).to eq(user_4_boards_count+1)
+
+    end
+
+    it "should successfully share valid payload" do |variable|
+      user_2_boards_count = @user_2.boards.count
+      user_3_boards_count = @user_3.boards.count
+      user_4_boards_count = @user_4.boards.count
+
+      prev_post_hash = @post.attributes
+      prev_comment_hash = @comment.attributes
+
+      post(
+        api_share_board_path,
+        headers: auth_headers(@user),
+        params: @payload,
+        as: :json
+      )
+
+      expect(response).to have_http_status(:ok)
+      expect(@user_2.boards.count).to eq(user_2_boards_count+1)
+      expect(@user_3.boards.count).to eq(user_3_boards_count+1)
+      expect(@user_4.boards.count).to eq(user_4_boards_count+1)
+
+      expect(@post.reload.title).to eq @payload[:posts][0][:title.to_s]
+      expect(@post.reload.content).to eq @payload[:posts][0][:content.to_s]
+      expect(@comment.reload.content).to eq @payload[:posts][0][:comments][0][:content.to_s]
+
+    end
+
+  end
+
+end