fix(permissions): private repositories should be hidden if user don't…

… have permissions (closes #262)

e2e/090_repository.e2e.ts

@@ -193,4 +193,32 @@ describe('Repository', () => {
       .then(() => element(by.css('.form-input[name="api_url"]')).getAttribute('value'))
       .then(txt => expect(txt).to.equals('https://api.github.com2'));
   });
+
+  it('should redirect to bterm repository, and mark its as private', () => {
+    return  browser.get('/repositories')
+      .then((): any => browser.wait(() => {
+        return element.all(by.css('.list-item')).count().then(count => count === 2);
+      }))
+      .then((): any => element.all(by.css('.list-item')).first().click())
+      .then((): any => browser.wait(() => element(by.css(`[name="btn-settings"]`)).isPresent()))
+      .then((): any => browser.wait(() => {
+        return ExpectedConditions.elementToBeClickable(element(by.css(`[name="btn-settings"]`)));
+      }))
+      .then((): any => element(by.css('[name="btn-settings"]')).click())
+      .then(() => browser.wait(() => element(by.css('.toggle-button')).isPresent()))
+      .then((): any => browser.wait(() => element(by.css(`.toggle-button`)).isEnabled()))
+      .then(() => element(by.css(`.toggle-button`)).click())
+      .then((): any => browser.wait(() => element(by.css(`[name="save-settings"]`)).isPresent()))
+      .then((): any => browser.wait(() => element(by.css(`[name="save-settings"]`)).isEnabled()))
+      .then((): any => browser.wait(() => ExpectedConditions.elementToBeClickable(
+        element(by.css(`[name="save-settings"]`)))))
+      .then(() => element(by.css(`[name="save-settings"]`)))
+      .then(ele => browser.executeScript('arguments[0].scrollIntoView();', ele.getWebElement()))
+      .then(() => element(by.css(`[name="save-settings"]`)).click())
+      .then(() => browser.get('/repo/1?tab=settings'))
+      .then((): any => isLoaded())
+      .then(() => browser.wait(() => element(by.css('.toggle-button')).isPresent()))
+      .then(() => element.all(by.css('.toggle-button enabled')).count())
+      .then(cnt => expect(cnt).to.equals(0));
+  });
 });

e2e/130_team.e2e.ts

@@ -18,6 +18,14 @@ describe('Teams', () => {
       }));
   });
 
+  it(`logged in user can see all repositories he has permission to`, () => {
+    return browser.get('/repositories')
+      .then(() => isLoaded())
+      .then(() => delay(1000))
+      .then((): any => element.all(by.css('.list-item-slim')).count())
+      .then(cnt => expect(cnt).to.equals(5));
+  });
+
   it('should add new user', () => {
     return browser.get('/team')
       .then((): any => browser.wait(() => {
@@ -48,10 +56,10 @@ describe('Teams', () => {
       .then((): any => browser.wait(() => element(by.css(`[name="tab-permissions"]`)).isEnabled()))
       .then((): any => element(by.css('[name="tab-permissions"]')).click())
       .then((): any => browser.wait(() => {
-        return element.all(by.css('.border-green')).count().then(count => count === 5);
+        return element.all(by.css('.border-green')).count().then(count => count === 4);
       }))
       .then((): any => browser.wait(() => {
-        return element.all(by.css('.border-red')).count().then(count => count === 0);
+        return element.all(by.css('.border-red')).count().then(count => count === 1);
       }))
       .then((): any => browser.wait(() => element.all(by.css(`[name="btn-removePermission"]`))
         .first().isPresent()))
@@ -63,11 +71,11 @@ describe('Teams', () => {
       .then(ele => browser.executeScript('arguments[0].scrollIntoView();', ele.getWebElement()))
       .then((): any => element.all(by.css('[name="btn-removePermission"]')).first().click())
       .then((): any => browser.wait(() => {
-        return element.all(by.css('.border-green')).count().then(count => count === 4);
+        return element.all(by.css('.border-green')).count().then(count => count === 3);
       }))
       .then((): any => browser.wait(() => {
         return element.all(by.css('.border-red')).count()
-          .then(count => count === 1);
+          .then(count => count === 2);
       }))
       .then((): any => browser.wait(() => element.all(by.css(`[name="btn-addPermission"]`))
         .first().isPresent()))
@@ -79,10 +87,10 @@ describe('Teams', () => {
       .then(ele => browser.executeScript('arguments[0].scrollIntoView();', ele.getWebElement()))
       .then((): any => element.all(by.css('[name="btn-addPermission"]')).first().click())
       .then((): any => browser.wait(() => {
-        return element.all(by.css('.border-green')).count().then(count => count === 5);
+        return element.all(by.css('.border-green')).count().then(count => count === 4);
       }))
       .then((): any => browser.wait(() => {
-        return element.all(by.css('.border-red')).count().then(count => count === 0);
+        return element.all(by.css('.border-red')).count().then(count => count === 1);
       }));
   });
 
@@ -140,6 +148,14 @@ describe('Teams', () => {
       .then(present => expect(present).to.equals(false));
   });
 
+  it(`as annonymous user can see public repositories`, () => {
+    return browser.get('/repositories')
+      .then(() => isLoaded())
+      .then(() => delay(1000))
+      .then((): any => element.all(by.css('.list-item-slim')).count())
+      .then(cnt => expect(cnt).to.equals(4));
+  });
+
   it(`logout admin user and login with non admin user`, () => {
     return browser.get('/login')
       .then(() => isLoaded())
@@ -149,6 +165,14 @@ describe('Teams', () => {
       .then(() => isLoaded());
   });
 
+  it(`logged in user can see all repositories he has permission to`, () => {
+    return browser.get('/repositories')
+      .then(() => isLoaded())
+      .then(() => delay(1000))
+      .then((): any => element.all(by.css('.list-item-slim')).count())
+      .then(cnt => expect(cnt).to.equals(4));
+  });
+
   it(`non admin user should see dashboard`, () => {
     return browser.get('/')
       .then(() => isLoaded())

src/api/db/repository.ts

@@ -152,6 +152,8 @@ export function getRepositories(keyword: string, userId?: string): Promise<any[]
         .andWhere(function() {
           this.where('permissions.permission', true).orWhere('public', true);
         });
+      } else {
+        q.where('repositories.public', true);
       }
     }).fetchAll({ withRelated: [{'permissions': (query) => {
       if (userId) {

src/app/components/app-user/app-user.component.spec.ts

@@ -139,8 +139,8 @@ describe('User Component', () => {
       fixture.detectChanges();
       const de = fixture.debugElement.query(By.css('h1'));
       expect(de.nativeElement.textContent).toBe('Permissions');
-      expect(fixture.componentInstance.restrictedRepositories.length).toBe(1);
-      expect(fixture.componentInstance.repositories.length).toBe(2);
+      expect(fixture.componentInstance.restrictedRepositories.length).toBe(0);
+      expect(fixture.componentInstance.repositories.length).toBe(3);
     });
   });
 

src/app/components/app-user/app-user.component.ts

@@ -70,10 +70,9 @@ export class AppUserComponent implements OnInit {
       });
 
     this.route.params
-      .switchMap((params: Params) => this.api.getRepositories(''))
+      .switchMap((params: Params) => this.api.getRepositories('', this.loggedUser.id))
       .subscribe(repositories => {
-        this.repositories =
-          repositories.filter(r => r.permissions.findIndex(p => p.permission) !== -1);
+        this.repositories = repositories;
         this.repositories.forEach((repo: any, i) => {
           this.api.getBadge(repo.id).subscribe(badge => {
             if (badge.ok) {
@@ -82,13 +81,19 @@ export class AppUserComponent implements OnInit {
           });
         });
 
-        this.restrictedRepositories =
-          repositories.filter(r => r.permissions.findIndex(p => !p.permission) !== -1);
-        this.restrictedRepositories.forEach((repo: any, i) => {
-          this.api.getBadge(repo.id).subscribe(badge => {
-            if (badge.ok) {
-              this.restrictedRepositories[i].status_badge = badge._body;
-            }
+        this.api.getRepositories('', this.user.id).subscribe(userRepositories => {
+          this.restrictedRepositories =
+            repositories.filter(r => userRepositories.findIndex(ur => ur.id === r.id) === -1);
+
+          this.restrictedRepositories.forEach((repo: any, i) => {
+            this.api.getBadge(repo.id).subscribe(badge => {
+              if (badge.ok) {
+                this.restrictedRepositories[i].status_badge = badge._body;
+              }
+            });
+          });
+          this.repositories = this.repositories.filter(r => {
+            return this.restrictedRepositories.findIndex(rr => rr.id === r.id) === -1;
           });
         });
       });

tests/unit/060_api-routes.spec.ts

@@ -40,8 +40,9 @@ describe('Api Server Routes Unit Tests', () => {
       return sendGetRequest({}, `api/repositories?keyword=`).then(repo => {
         expect(repo['data'][0]['full_name']).to.equal('Izak88/bterm');
         expect(repo['data'][0]['id']).to.equal(1);
-        expect(repo['data'][1]['full_name']).to.equal('jkuri/d3-bundle');
-        expect(repo['data'][1]['id']).to.equal(2);
+        expect(repo['data'][1]['full_name']).to.equal('izak88/d3-bundle');
+        expect(repo['data'][1]['id']).to.equal(5);
+        expect(repo['data'].length).to.equal(2);
       });
     });
 
@@ -51,6 +52,7 @@ describe('Api Server Routes Unit Tests', () => {
         expect(repo['data'][0]['id']).to.equal(1);
         expect(repo['data'][1]['full_name']).to.equal('jkuri/d3-bundle');
         expect(repo['data'][1]['id']).to.equal(2);
+        expect(repo['data'].length).to.equal(5);
       });
     });
 
@@ -60,6 +62,7 @@ describe('Api Server Routes Unit Tests', () => {
         expect(repo['data'][0]['id']).to.equal(1);
         expect(repo['data'][1]['full_name']).to.equal('izak88/d3-bundle');
         expect(repo['data'][1]['id']).to.equal(5);
+        expect(repo['data'].length).to.equal(2);
       });
     });