roles_spec.rb | searchcode

/spec/requests/api/roles_spec.rb

https://gitlab.com/aljesusg/manageiqtest
Ruby | 367 lines | 254 code | 86 blank | 27 comment | 6 complexity | 0d34fe256398cdcbc52702bac3756179 MD5 | raw file

#
# Rest API Request Tests - Roles specs
#
# - Query all available features          /api/roles/:id/?expand=features       GET
# - Creating a role                       /api/roles                            POST
# - Creating a role via action            /api/roles                            action "create"
# - Creating multiple roles               /api/roles                            action "create"
# - Edit a role                           /api/roles/:id                        action "edit"
# - Edit multiple roles                   /api/roles                            action "edit"
# - Assign a single feature               /api/roles/:id/features               POST, action "assign"
# - Assign multiple features              /api/roles/:id/features               POST, action "assign"
# - Un-assign a single feature            /api/roles/:id/features               POST, action "unassign"
# - Un-assign multiple features           /api/roles/:id/features               POST, action "unassign"
# - Delete a role                         /api/roles/:id                        DELETE
# - Delete a role by action               /api/roles/:id                        action "delete"
# - Delete multiple roles                 /api/roles                            action "delete"
#
describe ApiController do
  let(:feature_identifiers) do
    %w(vm_explorer ems_infra_tag my_settings_time_profiles
       miq_request_view miq_report_run storage_manager_show_list rbac_role_show)
  end
  let(:expected_attributes) { %w(id name read_only settings) }
  let(:sample_role1) do
    {
      "name"     => "sample_role_1",
      "settings" => {"restrictions" => {"vms" => "user"}},
      "features" => [
        {:identifier => "vm_explorer"},
        {:identifier => "ems_infra_tag"},
        {:identifier => "my_settings_time_profiles"}
      ]
    }
  end
  let(:sample_role2) do
    {
      "name"     => "sample_role_2",
      "settings" => {"restrictions" => {"vms" => "user_or_group"}},
      "features" => [
        {:identifier => "miq_request_view"},
        {:identifier => "miq_report_run"},
        {:identifier => "storage_manager_show_list"}
      ]
    }
  end
  let(:features_list) do
    {
      "features"  => [
        {:identifier => "miq_request_view"},
        {:identifier => "miq_report_run"},
        {:identifier => "storage_manager_show_list"}
      ]
    }
  end

  before(:each) do
    @product_features = feature_identifiers.collect do |identifier|
      FactoryGirl.create(:miq_product_feature, :identifier => identifier)
    end
  end

  def test_features_query(role, role_url, klass, attr = :id)
    api_basic_authorize action_identifier(:roles, :read, :resource_actions, :get)

    run_get role_url, :expand => "features"
    expect(response).to have_http_status(:ok)

    expect(response.parsed_body).to have_key("name")
    expect(response.parsed_body["name"]).to eq(role.name)
    expect(response.parsed_body).to have_key("features")
    expect(response.parsed_body["features"].size).to eq(fetch_value(role.miq_product_features.count))

    expect_result_resources_to_include_data("features", attr.to_s => klass.pluck(attr))
  end

  describe "Features" do
    it "query available features" do
      role = FactoryGirl.create(:miq_user_role,
                                :name                 => "Test Role",
                                :miq_product_features => @product_features)
      test_features_query(role, roles_url(role.id), MiqProductFeature, :identifier)
    end
  end

  describe "Roles create" do
    it "rejects creation without appropriate role" do
      api_basic_authorize

      run_post(roles_url, sample_role1)

      expect(response).to have_http_status(:forbidden)
    end

    it "rejects role creation with id specified" do
      api_basic_authorize collection_action_identifier(:roles, :create)

      run_post(roles_url, "name" => "sample role", "id" => 100)

      expect_bad_request(/id or href should not be specified/i)
    end

    it "supports single role creation" do
      api_basic_authorize collection_action_identifier(:roles, :create)

      run_post(roles_url, sample_role1)

      expect(response).to have_http_status(:ok)
      expect_result_resources_to_include_keys("results", expected_attributes)

      role_id = response.parsed_body["results"].first["id"]

      run_get "#{roles_url}/#{role_id}/", :expand => "features"

      expect(MiqUserRole.exists?(role_id)).to be_truthy
      role = MiqUserRole.find(role_id)

      sample_role1['features'].each do |feature|
        expect(role.allows?(feature)).to be_truthy
      end
    end

    it "supports single role creation via action" do
      api_basic_authorize collection_action_identifier(:roles, :create)

      run_post(roles_url, gen_request(:create, sample_role1))

      expect(response).to have_http_status(:ok)
      expect_result_resources_to_include_keys("results", expected_attributes)

      role_id = response.parsed_body["results"].first["id"]
      expect(MiqUserRole.exists?(role_id)).to be_truthy
      role = MiqUserRole.find(role_id)
      sample_role1['features'].each do |feature|
        expect(role.allows?(feature)).to be_truthy
      end
    end

    it "supports multiple role creation" do
      api_basic_authorize collection_action_identifier(:roles, :create)

      run_post(roles_url, gen_request(:create, [sample_role1, sample_role2]))

      expect(response).to have_http_status(:ok)
      expect_result_resources_to_include_keys("results", expected_attributes)

      results = response.parsed_body["results"]
      r1_id = results.first["id"]
      r2_id = results.second["id"]
      expect(MiqUserRole.exists?(r1_id)).to be_truthy
      expect(MiqUserRole.exists?(r2_id)).to be_truthy

      role1 = MiqUserRole.find(r1_id)
      role2 = MiqUserRole.find(r2_id)

      sample_role1['features'].each do |feature|
        expect(role1.allows?(feature)).to be_truthy
      end
      sample_role2['features'].each do |feature|
        expect(role2.allows?(feature)).to be_truthy
      end
    end
  end

  describe "Roles edit" do
    it "rejects role edits without appropriate role" do
      role = FactoryGirl.create(:miq_user_role)
      api_basic_authorize
      run_post(roles_url, gen_request(:edit, "name" => "role name", "href" => roles_url(role.id)))

      expect(response).to have_http_status(:forbidden)
    end

    it "rejects role edits for invalid resources" do
      api_basic_authorize collection_action_identifier(:roles, :edit)

      run_post(roles_url(999_999), gen_request(:edit, "name" => "updated role name"))

      expect(response).to have_http_status(:not_found)
    end

    it "supports single role edit" do
      api_basic_authorize collection_action_identifier(:roles, :edit)

      role = FactoryGirl.create(:miq_user_role)

      run_post(roles_url(role.id), gen_request(:edit, "name"     => "updated role",
                                                      "settings" => {"restrictions"  => {"vms" => "user_or_group"}}))

      expect_single_resource_query("id"       => role.id,
                                   "name"     => "updated role",
                                   "settings" => {"restrictions" => {"vms" => "user_or_group"}})
      expect(role.reload.name).to eq("updated role")
      expect(role.settings[:restrictions][:vms]).to eq(:user_or_group)
    end

    it "supports multiple role edits" do
      api_basic_authorize collection_action_identifier(:roles, :edit)

      r1 = FactoryGirl.create(:miq_user_role, :name => "role1")
      r2 = FactoryGirl.create(:miq_user_role, :name => "role2")

      run_post(roles_url, gen_request(:edit,
                                      [{"href" => roles_url(r1.id), "name" => "updated role1"},
                                       {"href" => roles_url(r2.id), "name" => "updated role2"}]))

      expect_results_to_match_hash("results",
                                   [{"id" => r1.id, "name" => "updated role1"},
                                    {"id" => r2.id, "name" => "updated role2"}])

      expect(r1.reload.name).to eq("updated role1")
      expect(r2.reload.name).to eq("updated role2")
    end
  end

  describe "Role Feature Assignments" do
    it "supports assigning just a single product feature" do
      api_basic_authorize collection_action_identifier(:roles, :edit)
      role = FactoryGirl.create(:miq_user_role, :features => "miq_request_approval")

      new_feature = {:identifier => "miq_request_view"}
      url = "#{roles_url}/#{role.id}/features"
      run_post(url, gen_request(:assign, new_feature))

      expect(response).to have_http_status(:ok)
      expect_result_resources_to_include_keys("results", %w(id name read_only))

      # Refresh the role object
      role = MiqUserRole.find(role.id)

      # Confirm original feature
      expect(role.allows?(:identifier => 'miq_request_approval')).to be_truthy

      # Confirm new feature
      expect(role.allows?(new_feature)).to be_truthy
    end

    it "supports assigning multiple product features" do
      api_basic_authorize collection_action_identifier(:roles, :edit)
      role = FactoryGirl.create(:miq_user_role, :features => "miq_request_approval")

      url = "#{roles_url}/#{role.id}/features"
      run_post(url, gen_request(:assign, features_list))

      expect(response).to have_http_status(:ok)
      expect_result_resources_to_include_keys("results", %w(id name read_only))

      # Refresh the role object
      role = MiqUserRole.find(role.id)

      # Confirm original feature
      expect(role.allows?(:identifier => 'miq_request_approval')).to be_truthy

      # Confirm new features
      features_list['features'].each do |feature|
        expect(role.allows?(feature)).to be_truthy
      end
    end

    it "supports un-assigning just a single product feature" do
      api_basic_authorize collection_action_identifier(:roles, :edit)
      role = FactoryGirl.create(:miq_user_role, :miq_product_features => @product_features)

      removed_feature = {:identifier => "ems_infra_tag"}
      url = "#{roles_url}/#{role.id}/features"
      run_post(url, gen_request(:unassign, removed_feature))

      expect(response).to have_http_status(:ok)
      # Confirm that we've only removed ems_infra_tag
      expect_result_resources_to_include_keys("results", %w(id name read_only))

      # Refresh the role object
      role = MiqUserRole.find(role.id)

      @product_features.each do |feature|
        expect(role.allows?(feature)).to be_truthy unless feature[:identifier].eql?('ems_infra_tag')
        expect(role.allows?(feature)).to be_falsey if feature[:identifier].eql?('ems_infra_tag')
      end
    end

    it "supports un-assigning multiple product features" do
      api_basic_authorize collection_action_identifier(:roles, :edit)
      role = FactoryGirl.create(:miq_user_role, :miq_product_features => @product_features)

      url = "#{roles_url}/#{role.id}/features"
      run_post(url, gen_request(:unassign, features_list))

      expect(response).to have_http_status(:ok)
      expect_result_resources_to_include_keys("results", %w(id name read_only))

      # Refresh the role object
      role = MiqUserRole.find(role.id)

      # Confirm requested features removed first, and others remain
      @product_features.each do |feature|
        expect(role.allows?(feature)).to be_truthy unless features_list['features'].find do |removed_feature|
          removed_feature[:identifier] == feature[:identifier]
        end
        expect(role.allows?(feature)).to be_falsey if features_list['features'].find do |removed_feature|
          removed_feature[:identifier] == feature[:identifier]
        end
      end
    end
  end

  describe "Roles delete" do
    it "rejects role deletion, by post action, without appropriate role" do
      api_basic_authorize

      run_post(roles_url, gen_request(:delete, "name" => "role name", "href" => roles_url(100)))

      expect(response).to have_http_status(:forbidden)
    end

    it "rejects role deletion without appropriate role" do
      api_basic_authorize

      run_delete(roles_url(100))

      expect(response).to have_http_status(:forbidden)
    end

    it "rejects role deletes for invalid roles" do
      api_basic_authorize collection_action_identifier(:roles, :delete)

      run_delete(roles_url(999_999))

      expect(response).to have_http_status(:not_found)
    end

    it "supports single role delete" do
      api_basic_authorize collection_action_identifier(:roles, :delete)

      role = FactoryGirl.create(:miq_user_role, :name => "role1")

      run_delete(roles_url(role.id))

      expect(response).to have_http_status(:no_content)
      expect(MiqUserRole.exists?(role.id)).to be_falsey
    end

    it "supports single role delete action" do
      api_basic_authorize collection_action_identifier(:roles, :delete)

      role = FactoryGirl.create(:miq_user_role, :name => "role1")

      run_post(roles_url(role.id), gen_request(:delete))

      expect(response).to have_http_status(:ok)
      expect(MiqUserRole.exists?(role.id)).to be_falsey
    end

    it "supports multiple role deletes" do
      api_basic_authorize collection_action_identifier(:roles, :delete)

      r1 = FactoryGirl.create(:miq_user_role, :name => "role name 1")
      r2 = FactoryGirl.create(:miq_user_role, :name => "role name 2")

      run_post(roles_url, gen_request(:delete,
                                      [{"href" => roles_url(r1.id)},
                                       {"href" => roles_url(r2.id)}]))

      expect(response).to have_http_status(:ok)
      expect(MiqUserRole.exists?(r1.id)).to be_falsey
      expect(MiqUserRole.exists?(r2.id)).to be_falsey
    end
  end
end