settings_spec.rb 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227
  1. require 'rails_helper'
  2. RSpec.describe 'Settings', type: :request do
  3. let(:admin) do
  4. create(:admin)
  5. end
  6. let(:admin_api) do
  7. role_api = create(:role)
  8. role_api.permission_grant('admin.api')
  9. create(:admin, roles: [role_api])
  10. end
  11. let(:agent) do
  12. create(:agent)
  13. end
  14. let(:customer) do
  15. create(:customer)
  16. end
  17. describe 'request handling' do
  18. it 'does settings index with nobody' do
  19. # index
  20. get '/api/v1/settings', params: {}, as: :json
  21. expect(response).to have_http_status(:unauthorized)
  22. expect(json_response).to be_a_kind_of(Hash)
  23. expect(json_response['settings']).to be_falsey
  24. # show
  25. setting = Setting.find_by(name: 'product_name')
  26. get "/api/v1/settings/#{setting.id}", params: {}, as: :json
  27. expect(response).to have_http_status(:unauthorized)
  28. expect(json_response['error']).to eq('authentication failed')
  29. end
  30. it 'does settings index with admin' do
  31. # index
  32. authenticated_as(admin)
  33. get '/api/v1/settings', params: {}, as: :json
  34. expect(response).to have_http_status(:ok)
  35. expect(json_response).to be_a_kind_of(Array)
  36. expect(json_response).to be_truthy
  37. hit_api = false
  38. hit_product_name = false
  39. json_response.each do |setting|
  40. if setting['name'] == 'api_token_access'
  41. hit_api = true
  42. end
  43. if setting['name'] == 'product_name'
  44. hit_product_name = true
  45. end
  46. end
  47. expect(hit_api).to eq(true)
  48. expect(hit_product_name).to eq(true)
  49. # show
  50. setting = Setting.find_by(name: 'product_name')
  51. get "/api/v1/settings/#{setting.id}", params: {}, as: :json
  52. expect(response).to have_http_status(:ok)
  53. expect(json_response).to be_a_kind_of(Hash)
  54. expect(json_response['name']).to eq('product_name')
  55. setting = Setting.find_by(name: 'api_token_access')
  56. get "/api/v1/settings/#{setting.id}", params: {}, as: :json
  57. expect(response).to have_http_status(:ok)
  58. expect(json_response).to be_a_kind_of(Hash)
  59. expect(json_response['name']).to eq('api_token_access')
  60. # update
  61. setting = Setting.find_by(name: 'product_name')
  62. params = {
  63. id: setting.id,
  64. name: 'some_new_name',
  65. preferences: {
  66. permission: ['admin.branding', 'admin.some_new_permission'],
  67. some_new_key: true,
  68. }
  69. }
  70. put "/api/v1/settings/#{setting.id}", params: params, as: :json
  71. expect(response).to have_http_status(:ok)
  72. expect(json_response).to be_a_kind_of(Hash)
  73. expect(json_response['name']).to eq('product_name')
  74. expect(json_response['preferences']['permission'].length).to eq(1)
  75. expect(json_response['preferences']['permission'][0]).to eq('admin.branding')
  76. expect(json_response['preferences']['some_new_key']).to eq(true)
  77. # update
  78. setting = Setting.find_by(name: 'api_token_access')
  79. params = {
  80. id: setting.id,
  81. name: 'some_new_name',
  82. preferences: {
  83. permission: ['admin.branding', 'admin.some_new_permission'],
  84. some_new_key: true,
  85. }
  86. }
  87. put "/api/v1/settings/#{setting.id}", params: params, as: :json
  88. expect(response).to have_http_status(:ok)
  89. expect(json_response).to be_a_kind_of(Hash)
  90. expect(json_response['name']).to eq('api_token_access')
  91. expect(json_response['preferences']['permission'].length).to eq(1)
  92. expect(json_response['preferences']['permission'][0]).to eq('admin.api')
  93. expect(json_response['preferences']['some_new_key']).to eq(true)
  94. # delete
  95. setting = Setting.find_by(name: 'product_name')
  96. delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
  97. expect(response).to have_http_status(:unauthorized)
  98. expect(json_response['error']).to eq('Not authorized (feature not possible)')
  99. end
  100. it 'does settings index with admin-api' do
  101. # index
  102. authenticated_as(admin_api)
  103. get '/api/v1/settings', params: {}, as: :json
  104. expect(response).to have_http_status(:ok)
  105. expect(json_response).to be_a_kind_of(Array)
  106. expect(json_response).to be_truthy
  107. hit_api = false
  108. hit_product_name = false
  109. json_response.each do |setting|
  110. if setting['name'] == 'api_token_access'
  111. hit_api = true
  112. end
  113. if setting['name'] == 'product_name'
  114. hit_product_name = true
  115. end
  116. end
  117. expect(hit_api).to eq(true)
  118. expect(hit_product_name).to eq(false)
  119. # show
  120. setting = Setting.find_by(name: 'product_name')
  121. get "/api/v1/settings/#{setting.id}", params: {}, as: :json
  122. expect(response).to have_http_status(:unauthorized)
  123. expect(json_response['error']).to eq('Not authorized (required ["admin.branding"])!')
  124. setting = Setting.find_by(name: 'api_token_access')
  125. get "/api/v1/settings/#{setting.id}", params: {}, as: :json
  126. expect(response).to have_http_status(:ok)
  127. expect(json_response).to be_a_kind_of(Hash)
  128. expect(json_response['name']).to eq('api_token_access')
  129. # update
  130. setting = Setting.find_by(name: 'product_name')
  131. params = {
  132. id: setting.id,
  133. name: 'some_new_name',
  134. preferences: {
  135. permission: ['admin.branding', 'admin.some_new_permission'],
  136. some_new_key: true,
  137. }
  138. }
  139. put "/api/v1/settings/#{setting.id}", params: params, as: :json
  140. expect(response).to have_http_status(:unauthorized)
  141. expect(json_response['error']).to eq('Not authorized (required ["admin.branding"])!')
  142. # update
  143. setting = Setting.find_by(name: 'api_token_access')
  144. params = {
  145. id: setting.id,
  146. name: 'some_new_name',
  147. preferences: {
  148. permission: ['admin.branding', 'admin.some_new_permission'],
  149. some_new_key: true,
  150. }
  151. }
  152. put "/api/v1/settings/#{setting.id}", params: params, as: :json
  153. expect(response).to have_http_status(:ok)
  154. expect(json_response).to be_a_kind_of(Hash)
  155. expect(json_response['name']).to eq('api_token_access')
  156. expect(json_response['preferences']['permission'].length).to eq(1)
  157. expect(json_response['preferences']['permission'][0]).to eq('admin.api')
  158. expect(json_response['preferences']['some_new_key']).to eq(true)
  159. # delete
  160. setting = Setting.find_by(name: 'product_name')
  161. delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
  162. expect(response).to have_http_status(:unauthorized)
  163. expect(json_response['error']).to eq('Not authorized (feature not possible)')
  164. end
  165. it 'does settings index with agent' do
  166. # index
  167. authenticated_as(agent)
  168. get '/api/v1/settings', params: {}, as: :json
  169. expect(response).to have_http_status(:unauthorized)
  170. expect(json_response).to be_a_kind_of(Hash)
  171. expect(json_response['settings']).to be_falsey
  172. expect(json_response['error']).to eq('Not authorized (user)!')
  173. # show
  174. setting = Setting.find_by(name: 'product_name')
  175. get "/api/v1/settings/#{setting.id}", params: {}, as: :json
  176. expect(response).to have_http_status(:unauthorized)
  177. expect(json_response['error']).to eq('Not authorized (user)!')
  178. end
  179. it 'does settings index with customer' do
  180. # index
  181. authenticated_as(customer)
  182. get '/api/v1/settings', params: {}, as: :json
  183. expect(response).to have_http_status(:unauthorized)
  184. expect(json_response).to be_a_kind_of(Hash)
  185. expect(json_response['settings']).to be_falsey
  186. expect(json_response['error']).to eq('Not authorized (user)!')
  187. # show
  188. setting = Setting.find_by(name: 'product_name')
  189. get "/api/v1/settings/#{setting.id}", params: {}, as: :json
  190. expect(response).to have_http_status(:unauthorized)
  191. expect(json_response['error']).to eq('Not authorized (user)!')
  192. # delete
  193. setting = Setting.find_by(name: 'product_name')
  194. delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
  195. expect(response).to have_http_status(:unauthorized)
  196. expect(json_response['error']).to eq('Not authorized (user)!')
  197. end
  198. end
  199. end