Merge pull request #71 from af83/4446-spec-features-api-keys

4446 spec features api keys

12 files changed, 162 insertions, 27 deletions

diff --git a/app/policies/api_key_policy.rb b/app/policies/api_key_policy.rb
index bc5c9e433..eb7b84457 100644
--- a/app/policies/api_key_policy.rb
+++ b/app/policies/api_key_policy.rb
@@ -14,6 +14,7 @@ class ApiKeyPolicy < ApplicationPolicy
   end
 
   def update?
-    organisation_match? && user.has_permission?('api_keys.update')
+    record.try(:organisation_id) == user.organisation_id &&
+      user.has_permission?('api_keys.update')
   end
 end
diff --git a/app/views/api_keys/edit.html.slim b/app/views/api_keys/edit.html.slim
index b1bd1858d..9d7d1fdb7 100644
--- a/app/views/api_keys/edit.html.slim
+++ b/app/views/api_keys/edit.html.slim
@@ -5,7 +5,7 @@
              t('last_update', time: l(@api_key.updated_at, format: :short)),
              ''
 
-  / Below is secundary actions & optional contents (filters, ...)
+  / Below are secondary actions & optional content (filters, ...)
   .row.mb-sm
     .col-lg-12.text-right
       = ( policy(@api_key).destroy? ? link_to(t('actions.destroy'), api_key_path(@api_key), :method => :delete, class: 'btn btn-default') : '' )
diff --git a/lib/stif/permission_translator.rb b/lib/stif/permission_translator.rb
index 47ab2840f..fbd03a820 100644
--- a/lib/stif/permission_translator.rb
+++ b/lib/stif/permission_translator.rb
@@ -17,13 +17,13 @@ module Stif
     def all_resources
       %w[
         access_points
-         connection_links calendars
-         footnotes
-         journey_patterns
-         referentials routes routing_constraint_zones
-         time_tables
-         vehicle_journeys
-         api_keys
+        connection_links calendars
+        footnotes
+        journey_patterns
+        referentials routes routing_constraint_zones
+        time_tables
+        vehicle_journeys
+        api_keys
       ]
     end
 
diff --git a/spec/features/api_keys/delete_api_key_feature_spec.rb b/spec/features/api_keys/delete_api_key_feature_spec.rb
new file mode 100644
index 000000000..b58e819a6
--- /dev/null
+++ b/spec/features/api_keys/delete_api_key_feature_spec.rb
@@ -0,0 +1,34 @@
+RSpec.describe 'New API Key', type: :feature do
+  login_user
+
+  describe "api_keys#destroy" do
+
+    let!( :api_key ){ create :api_key, name: SecureRandom.uuid, organisation: @user.organisation }
+
+    let( :edit_label ){ "#{api_key.name} : #{api_key.token}" }
+    let( :destroy_label ){ "Supprimer" }
+
+    xit 'complete workflow' do
+      # /workbenches
+      visit workbenches_path 
+      # the api_key is visible
+      click_link edit_label
+
+      # brings us to correct page
+      expect(page.current_path).to eq(edit_api_key_path(api_key))
+      expect(page).to have_content("Supprimer")
+      # click_link(destroy_label)
+
+      # # check impact on DB
+      # expect(Api::V1::ApiKey.where(id: api_key.id)).to be_empty
+
+      # # check redirect and changed display
+      # expect(page.current_path).to eq(workbenches_path)
+      # # deleted api_key's not shown anymore
+      # expect( page ).not_to have_content(edit_label)
+    end
+
+  end
+
+end
+  
diff --git a/spec/features/api_keys/edit_api_key_feature_spec.rb b/spec/features/api_keys/edit_api_key_feature_spec.rb
new file mode 100644
index 000000000..411c11aaf
--- /dev/null
+++ b/spec/features/api_keys/edit_api_key_feature_spec.rb
@@ -0,0 +1,39 @@
+RSpec.describe 'New API Key', type: :feature do
+  login_user
+
+  describe "api_keys#edit" do
+
+    let!( :api_key ){ create :api_key, name: SecureRandom.uuid, organisation: @user.organisation }
+
+    let( :edit_label ){ "#{api_key.name} : #{api_key.token}" }
+    let( :name_label ){ "Nom" }
+    let( :validate_label ){ "Valider" }
+
+    let( :unique_name ){ SecureRandom.uuid }
+
+    it 'complete workflow' do
+      # /workbenches
+      visit workbenches_path 
+      # api_key's new name does not exist yet
+      expect( page ).not_to have_content(unique_name)
+      # the api_key is visible
+      click_link edit_label
+
+      # brings us to correct page
+      expect(page.current_path).to eq(edit_api_key_path(api_key))
+      fill_in(name_label, with: unique_name)
+      click_button(validate_label)
+
+      # check impact on DB
+      expect(api_key.reload.name).to eq(unique_name)
+
+      # check redirect and changed display
+      expect(page.current_path).to eq(workbenches_path)
+      # changed api_key's name exists now
+      expect( page ).to have_content(unique_name)
+    end
+
+  end
+
+end
+  
diff --git a/spec/features/api_keys/new_api_key_feature_spec.rb b/spec/features/api_keys/new_api_key_feature_spec.rb
new file mode 100644
index 000000000..eba873691
--- /dev/null
+++ b/spec/features/api_keys/new_api_key_feature_spec.rb
@@ -0,0 +1,38 @@
+RSpec.describe 'New API Key', type: :feature do
+  login_user
+
+  describe "api_keys#create" do
+
+    let( :create_label ){ "Créer une clé d'API" }
+    let( :name_label ){ "Nom" }
+    let( :validate_label ){ "Valider" }
+
+    let( :unique_name ){ SecureRandom.uuid }
+    let( :last_api_key ){ Api::V1::ApiKey.last }
+
+
+    it 'complete workflow' do
+      # /workbenches
+      visit workbenches_path 
+      expect(page).to have_link(create_label, href: new_api_key_path)
+      # to be created api_key does not exist yet
+      expect( page ).not_to have_content(unique_name)
+
+      # /api_keys/new
+      click_link create_label 
+      fill_in(name_label, with: unique_name) 
+      click_button validate_label
+
+      # check impact on DB
+      expect(last_api_key.name).to eq(unique_name)
+
+      # check redirect and changed display
+      expect(page.current_path).to eq(workbenches_path)
+      # to be created api_key exists now
+      expect( page ).to have_content(unique_name)
+    end
+
+  end
+
+end
+  
diff --git a/spec/features/line_footnotes_permissions_spec.rb b/spec/features/line_footnotes_permissions_spec.rb
index 4de2a6137..62adbfcd5 100644
--- a/spec/features/line_footnotes_permissions_spec.rb
+++ b/spec/features/line_footnotes_permissions_spec.rb
@@ -1,5 +1,3 @@
-# -*- coding: utf-8 -*-
-
 describe 'Line Footnotes', type: :feature do
   login_user
 
diff --git a/spec/features/referential_lines_spec.rb b/spec/features/referential_lines_spec.rb
index 95fc596fd..e8cc8e0e1 100644
--- a/spec/features/referential_lines_spec.rb
+++ b/spec/features/referential_lines_spec.rb
@@ -1,6 +1,3 @@
-# -*- coding: utf-8 -*-
-require 'spec_helper'
-
 describe 'ReferentialLines', type: :feature do
   login_user
   let!(:referential_metadata) { create :referential_metadata, referential: referential }
diff --git a/spec/features/referentials_spec.rb b/spec/features/referentials_spec.rb
index a38577aba..9af0ed32e 100644
--- a/spec/features/referentials_spec.rb
+++ b/spec/features/referentials_spec.rb
@@ -1,4 +1,3 @@
-# -*- coding: utf-8 -*-
 describe "Referentials", :type => :feature do
   login_user
 
diff --git a/spec/lib/stif/netex_file_spec.rb b/spec/lib/stif/netex_file_spec.rb
index d84807fe5..ef69b994c 100644
--- a/spec/lib/stif/netex_file_spec.rb
+++ b/spec/lib/stif/netex_file_spec.rb
@@ -1,5 +1,3 @@
-require "rails_helper"
-
 RSpec.describe STIF::NetexFile do
 
   let( :zip_file ){ fixtures_path 'OFFRE_TRANSDEV_2017030112251.zip' }
diff --git a/spec/lib/stif/permission_translator_spec.rb b/spec/lib/stif/permission_translator_spec.rb
index 9675382e6..652dd2de2 100644
--- a/spec/lib/stif/permission_translator_spec.rb
+++ b/spec/lib/stif/permission_translator_spec.rb
@@ -1,4 +1,3 @@
-# coding: utf-8
 RSpec.describe Stif::PermissionTranslator do
 
   context "No SSO Permissions" do
diff --git a/spec/policies/api_key_policy_spec.rb b/spec/policies/api_key_policy_spec.rb
index 5b9d59fa3..f0242978e 100644
--- a/spec/policies/api_key_policy_spec.rb
+++ b/spec/policies/api_key_policy_spec.rb
@@ -1,28 +1,60 @@
-require 'rails_helper'
-
 RSpec.describe ApiKeyPolicy do
 
-  let(:user) { User.new }
+  let( :record ){ build_stubbed :api_key }
+  before { stub_policy_scope(record) }
 
   subject { described_class }
 
-  permissions ".scope" do
-    pending "add some examples to (or delete) #{__FILE__}"
+  permissions :index? do
+    it_behaves_like 'always allowed'
   end
 
   permissions :show? do
-    pending "add some examples to (or delete) #{__FILE__}"
+    it_behaves_like 'always allowed'
   end
 
   permissions :create? do
-    pending "add some examples to (or delete) #{__FILE__}"
+    context 'permission absent → ' do
+      it "denies a user without organisation" do
+        expect_it.not_to permit(user_context, record)
+      end
+    end
+    context 'permission present → '  do
+      it 'allows a user with a different organisation' do
+        add_permissions('api_keys.create', for_user: user)
+        expect_it.to permit(user_context, record)
+      end
+    end
   end
 
   permissions :update? do
-    pending "add some examples to (or delete) #{__FILE__}"
+    context 'permission absent → ' do
+      it "denies a user with a different organisation" do
+        expect_it.not_to permit(user_context, record)
+      end
+      it 'and also a user with the same organisation' do
+        user.organisation_id = record.organisation_id
+        expect_it.not_to permit(user_context, record)
+      end
+    end
+
+    context 'permission present → '  do
+      before do
+        add_permissions('api_keys.update', for_user: user)
+      end
+
+      it 'denies a user with a different organisation' do
+        expect_it.not_to permit(user_context, record)
+      end
+
+      it 'but allows it for a user with the same organisation' do
+        user.organisation_id = record.organisation_id
+        expect_it.to permit(user_context, record)
+      end
+    end
   end
 
   permissions :destroy? do
-    pending "add some examples to (or delete) #{__FILE__}"
+    it_behaves_like 'permitted policy and same organisation', 'api_keys.destroy'
   end
 end