Merge pull request #749 from gtanzillo/enable-add-edit-policy-profiles

Enable add and edit resource for /api/policy_profiles endpoint (cherry picked from commit 32ea08e) Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1806702
ManageIQ · Feb 24, 2020 · c330a9c · c330a9c
1 parent b5cecae
commit c330a9c
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 7 deletions.
diff --git a/app/controllers/api/policy_profiles_controller.rb b/app/controllers/api/policy_profiles_controller.rb
@@ -1,5 +1,17 @@
 module Api
   class PolicyProfilesController < BaseController
     include Subcollections::Policies
+
+    def edit_resource(type, id, _data = {})
+      raise ForbiddenError if collection_class(:policy_profiles).find(id).read_only?
+
+      super
+    end
+
+    def delete_resource(type, id, _data = {})
+      raise ForbiddenError if collection_class(:policy_profiles).find(id).read_only?
+
+      super
+    end
   end
 end
diff --git a/config/api.yml b/config/api.yml
@@ -2173,7 +2173,7 @@
     :options:
     - :collection
     - :subcollection
-    :verbs: *gp
+    :verbs: *gpppd
     :klass: MiqPolicySet
     :subcollections:
     - :policies
@@ -2184,27 +2184,24 @@
       :post:
       - :name: query
         :identifier: policy_profile_view
-      - :name: add
+      - :name: create
         :identifier: profile_new
-        :disabled: true
       - :name: edit
         :identifier: profile_edit
-        :disabled: true
       - :name: delete
         :identifier: profile_delete
-        :disabled: true
     :resource_actions:
       :get:
       - :name: read
         :identifier: policy_profile_view
       :post:
       - :name: edit
         :identifier: profile_edit
-        :disabled: true
+      - :name: delete
+        :identifier: profile_delete
       :delete:
       - :name: delete
         :identifier: profile_delete
-        :disabled: true
     :policies_subcollection_actions:
       :post:
       - :name: assign

diff --git a/spec/requests/policies_spec.rb b/spec/requests/policies_spec.rb
@@ -131,6 +131,10 @@ def test_policy_profile_query(object, api_object_policy_profiles_url)
 
   context "Policy Profile collection" do
     let(:policy_profile)     { ps1 }
+    let(:new_policy_profile) do
+      {:name => "New Policy Profile", :description => "My Profile", :mode => "compliance"}
+    end
+
 
     it "query invalid policy profile" do
       api_basic_authorize action_identifier(:policy_profiles, :read, :resource_actions, :get)
@@ -181,6 +185,77 @@ def test_policy_profile_query(object, api_object_policy_profiles_url)
       )
       expect_result_resources_to_include_data("policies", "guid" => p_guids)
     end
+
+    it "creates policy_profiles" do
+      api_basic_authorize collection_action_identifier(:policy_profiles, :create)
+      post(api_policy_profiles_url, :params => new_policy_profile.merge(:action => "create"))
+
+      expect(response.parsed_body["results"].first["name"]).to eq("New Policy Profile")
+      expect(response.parsed_body["results"].first["mode"]).to eq("compliance")
+
+      policy_profile = MiqPolicySet.find(response.parsed_body["results"].first["id"])
+      expect(policy_profile).to be_truthy
+      expect(response).to have_http_status(:ok)
+    end
+
+    it "edits a policy_profile" do
+      policy_profile = FactoryBot.create(:miq_policy_set, :description => "Policy Set")
+
+      api_basic_authorize resource_action_identifier(:policy_profiles, :edit)
+      post(api_policy_profile_url(nil, policy_profile), :params => gen_request(:edit, :name => "New Name"))
+
+      expect(response).to have_http_status(:ok)
+
+      policy_profile.reload
+      expect(policy_profile.name).to eq("New Name")
+    end
+
+    it "editing a non-existing policy_profile" do
+      api_basic_authorize resource_action_identifier(:policy_profiles, :edit)
+      post(api_policy_profile_url(nil, 99_999), :params => gen_request(:edit, :name => "New Name"))
+
+      expect(response).to have_http_status(:not_found)
+    end
+
+    it "does not allow editing a read_only policy_profile" do
+      policy_profile = FactoryBot.create(:miq_policy_set, :description => "Policy Set", :read_only => true)
+
+      api_basic_authorize resource_action_identifier(:policy_profiles, :edit)
+      post(api_policy_profile_url(nil, policy_profile), :params => gen_request(:edit, :name => "New Name"))
+
+      expect(response).to have_http_status(:forbidden)
+    end
+
+    it "POST deletes a policy_profile" do
+      policy_profile = FactoryBot.create(:miq_policy_set, :description => "Policy Set")
+
+      api_basic_authorize resource_action_identifier(:policy_profiles, :delete)
+      post(api_policy_profile_url(nil, policy_profile), :params => gen_request(:delete))
+
+      expect(response).to have_http_status(:ok)
+
+      expect(MiqPolicySet.exists?(policy_profile.id)).to be_falsey
+    end
+
+    it "DELETE deletes a policy_profile" do
+      policy_profile = FactoryBot.create(:miq_policy_set, :description => "Policy Set")
+      api_basic_authorize resource_action_identifier(:policy_profiles, :delete, :delete)
+      delete(api_policy_profile_url(nil, policy_profile))
+
+      expect(response).to have_http_status(:no_content)
+
+      expect(MiqPolicySet.exists?(policy_profile.id)).to be_falsey
+    end
+
+    it "DELETE does not allow deleting a read_only policy_profile" do
+      policy_profile = FactoryBot.create(:miq_policy_set, :description => "Policy Set", :read_only => true)
+      api_basic_authorize resource_action_identifier(:policy_profiles, :delete, :delete)
+      delete(api_policy_profile_url(nil, policy_profile))
+
+      expect(response).to have_http_status(:forbidden)
+
+      expect(MiqPolicySet.exists?(policy_profile.id)).to be_truthy
+    end
   end
 
   context "Provider policies subcollection" do