@@ -2,11 +2,15 @@ class ProjectsController < ApplicationController restrict_to :user def index - @projects = ProjectManager.all_projects_for_user current_user + @projects = ProjectPermission.find_all_projects_for_user(current_user) end def show - @project = ProjectManager.get_project_for_user(params[:id], current_user) + if @project=ProjectPermission.find_project_for_user(params[:id], current_user) + @project + else + raise AccessDenied + end end def new @@ -14,7 +18,11 @@ class ProjectsController < ApplicationController end def edit - @project = ProjectManager.get_project_for_user(params[:id], current_user) + if @project=ProjectPermission.find_project_for_user(params[:id], current_user) + @project + else + redirect_to "/access_denied.html" + end end def create @@ -45,13 +53,20 @@ class ProjectsController < ApplicationController end def destroy - @project = ProjectManager.get_project_for_user(params[:id], current_user) + if @project=ProjectPermission.find_project_for_user(params[:id], current_user) + @project + else + redirect_to "/access_denied.html" + end @project.destroy redirect_to projects_path end def workspace - @project = ProjectManager.get_project_for_user(params[:id], current_user) - @stories = @project.incomplete_stories + if @project=ProjectPermission.find_project_for_user(params[:id], current_user) + @stories = @project.incomplete_stories + else + redirect_to "/access_denied.html" + end end end app/controllers/projects_controller.rb @@ -184,6 +184,9 @@ private end def find_project - @project = ProjectManager.get_project_for_user(params[:project_id], current_user) + unless @project=ProjectPermission.find_project_for_user(params[:project_id], current_user) + redirect_to "/access_denied.html" + false + end end end app/controllers/stories_controller.rb @@ -1,9 +1,5 @@ class ProjectManager class << self - def all_projects_for_user(user) - ProjectPermission.find_all_projects_for_user(user) - end - def get_project_for_user(project_id, user) if project=ProjectPermission.find_project_for_user(project_id, user) project app/managers/project_manager.rb @@ -9,11 +9,11 @@ describe ProjectsController, "#index" do @user = mock_model(User) login_as @user @projects = stub("projects") - ProjectManager.stub!(:all_projects_for_user).and_return(@projects) + ProjectPermission.stub!(:find_all_projects_for_user).and_return(@projects) end it "asks the project manager for all projects for the current user" do - ProjectManager.should_receive(:all_projects_for_user).with(@user).and_return(@projects) + ProjectPermission.stub!(:find_all_projects_for_user).with(@user).and_return(@projects) get_index end @@ -57,18 +57,18 @@ describe ProjectsController, "#show" do before do @user = mock_model(User) @project = mock_model(Project) - ProjectManager.stub!(:get_project_for_user).and_return(@project) + ProjectPermission.stub!(:find_project_for_user).and_return(@project) login_as @user end - it "asks the ProjectManager to find the requested project for the current user" do - ProjectManager.should_receive(:get_project_for_user).with(@project.id.to_s, @user) + it "asks the ProjectPermission to find the requested project for the current user" do + ProjectPermission.should_receive(:find_project_for_user).with(@project.id.to_s, @user) get_show end describe "a user with proper privileges" do before do - ProjectManager.stub!(:get_project_for_user).and_return(@project) + ProjectPermission.stub!(:find_project_for_user).and_return(@project) end it "assigns the requested project" do @@ -85,7 +85,7 @@ describe ProjectsController, "#show" do describe "a user without proper privileges" do before do - ProjectManager.stub!(:get_project_for_user).and_raise(AccessDenied) + ProjectPermission.stub!(:find_project_for_user).and_return(nil) end it "redirects to the 401 access denied page" do @@ -253,11 +253,11 @@ describe ProjectsController, '#edit' do @user = mock_model(User) login_as @user @project = mock_model(Project) - ProjectManager.stub!(:get_project_for_user).and_return(@project) + ProjectPermission.stub!(:find_project_for_user).and_return(@project) end - it "asks the ProjectManager for the project for the current the current user" do - ProjectManager.get_project_for_user(@project.id.to_s, @user) + it "asks the ProjectPermission for the project for the current the current user" do + ProjectPermission.should_receive(:find_project_for_user).with(@project.id.to_s, @user) get_edit end @@ -276,7 +276,7 @@ describe ProjectsController, '#edit' do describe "when the user doesn't have access to the project" do before do - ProjectManager.stub!(:get_project_for_user).and_raise(AccessDenied) + ProjectPermission.stub!(:find_project_for_user).and_return(nil) end it "redirects to the access denied page" do @@ -295,11 +295,11 @@ describe ProjectsController, '#destroy' do @user = mock_model(User) login_as @user @project = mock_model(Project, :destroy => nil) - ProjectManager.stub!(:get_project_for_user).and_return(@project) + ProjectPermission.stub!(:find_project_for_user).and_return(@project) end - - it "asks the ProjectManager for the project for the current the current user" do - ProjectManager.get_project_for_user(@project.id.to_s, @user) + + it "asks the ProjectPermission for the project for the current the current user" do + ProjectPermission.find_project_for_user(@project.id.to_s, @user) delete_destroy end @@ -324,7 +324,7 @@ describe ProjectsController, '#destroy' do describe "when the user doesn't have access to the project" do before do - ProjectManager.stub!(:get_project_for_user).and_raise(AccessDenied) + ProjectPermission.stub!(:find_project_for_user).and_raise(AccessDenied) end it "redirects to the access denied page" do @@ -333,3 +333,39 @@ describe ProjectsController, '#destroy' do end end end + +describe ProjectsController, '#workspace' do + def get_workspace(params={}) + get :workspace, params.reverse_merge(:id => @project.id) + end + + before do + @user = mock_model(User) + login_as @user + end + + describe 'when the user has access to the project' do + before do + @project = mock_model(Project, :incomplete_stories => []) + ProjectPermission.stub!(:find_project_for_user).and_return(@project) + end + + it "assigns @stories" do + @stories = mock(:stories) + @project.should_receive(:incomplete_stories).with().and_return(@stories) + get_workspace + assigns(:stories).should == @stories + end + end + + describe 'when the user does not have access to the project' do + before do + ProjectPermission.stub!(:find_project_for_user).and_return(nil) + end + + it "redirects to access_denied" do + get_workspace + response.should redirect_to("/access_denied.html") + end + end +end \ No newline at end of file spec/controllers/projects_controller_spec.rb @@ -9,7 +9,7 @@ describe StoriesController, '#edit' do stub_login_for StoriesController @project = stub("project") @stories = stub("stories", :find => nil) - ProjectManager.stub!(:get_project_for_user).and_return(@project) + ProjectPermission.stub!(:find_project_for_user).and_return(@project) @project.stub!(:stories).and_return(@stories) end spec/controllers/stories_controller/stories_controller_edit_spec.rb @@ -12,7 +12,7 @@ describe StoriesController, "user with privileges requesting #index " do @user.stub!(:has_privilege?).and_return(true) @stories_index_presenter = stub("story index presenter") StoriesIndexPresenter.stub!(:new).and_return(@stories_index_presenter) - ProjectManager.stub!(:get_project_for_user).and_return(@project) + ProjectPermission.stub!(:find_project_for_user).and_return(@project) end it "returns successful" do spec/controllers/stories_controller/stories_controller_index_spec.rb @@ -10,7 +10,7 @@ describe StoriesController, '#reorder' do @project = mock_model(Project) @story_ids = [ "3", "2", "", "1"] @renderer = mock("remote site renderer", :render_notice => nil, :render_error => nil) - ProjectManager.stub!(:get_project_for_user).and_return(@project) + ProjectPermission.stub!(:find_project_for_user).and_return(@project) RemoteSiteRenderer.stub!(:new).and_return(@renderer) Story.stub!(:reorder) controller.expect_render(:update).and_yield(@page) spec/controllers/stories_controller/stories_controller_reorder_spec.rb @@ -11,7 +11,7 @@ describe StoriesController, '#update' do @stories = stub("stories", :find => @story) @project = stub("project", :stories => @stories) @story_params = { 'summary' => 'foo' } - ProjectManager.stub!(:get_project_for_user).and_return(@project) + ProjectPermission.stub!(:find_project_for_user).and_return(@project) end it "finds the requested story" do spec/controllers/stories_controller/stories_controller_update_spec.rb @@ -1,60 +1,5 @@ require File.dirname(__FILE__) + '/../spec_helper' -describe ProjectManager, '.all_projects_for_user' do - def all_projects_for_user - ProjectManager.all_projects_for_user @user - end - - before do - @user = mock_model(User) - @projects = stub("projects") - ProjectPermission.stub!(:find_all_projects_for_user) - end - - it "finds and returns all projects the passed in user has permissions on" do - ProjectPermission.should_receive(:find_all_projects_for_user).with(@user).and_return(@projects) - all_projects_for_user.should == @projects - end -end - -describe ProjectManager, '.get_project_for_user' do - def get_project_for_user - ProjectManager.get_project_for_user(@project.id, @user) - end - - before do - @user = mock_model(User) - @project = mock_model(Project) - ProjectPermission.stub!(:find_project_for_user).and_return(@project) - end - - it "finds the requested project for the passed in user" do - ProjectPermission.should_receive(:find_project_for_user).with(@project.id, @user).and_return(@project) - get_project_for_user - end - - describe "when the requested project cannot be found for the user" do - before do - ProjectPermission.stub!(:find_project_for_user).and_return(nil) - end - - it "raise an AccessDenied exception" do - lambda{ - get_project_for_user - }.should raise_error(AccessDenied) - end - end - - describe "when the requested project is found" do - before do - ProjectPermission.stub!(:find_project_for_user).and_return(@project) - end - - it "returns the project" do - get_project_for_user.should == @project - end - end -end describe ProjectManager, ".update_project_for_user" do def update_project_for_user(&blk) spec/managers/project_manager_spec.rb spec/controllers/projects_controller/projects_controller_workspace_spec.rb 93c3c214996d46b74623beb7ad5ab1aecf1d8fca Zach Dennis zach.dennis@gmail.com http://github.com/zdennis/strac/commit/ddb2369418758a5ae72c344cd89e0801fa9980fe ddb2369418758a5ae72c344cd89e0801fa9980fe 2008-05-05T06:07:50-07:00 2008-05-05T06:07:50-07:00 inlined ProjectManager#find_project_for_user and ProjectManager#find_all_projects_for_user in the ProjectsController and StoriesController b7fa7a9edd2bd4e2a04258c62af4391e9d308e8f Zach Dennis zach.dennis@gmail.com