BigW Consortium Gitlab

Move action to render board lists to `Projects::Boards::ListsController`

parent c3880d10
module Projects module Projects
module Boards module Boards
class ListsController < Boards::ApplicationController class ListsController < Boards::ApplicationController
before_action :authorize_admin_list! before_action :authorize_admin_list!, only: [:create, :update, :destroy, :generate]
before_action :authorize_read_list!, only: [:index]
def index
render json: project.board.lists.as_json(only: [:id, :list_type, :position], methods: [:title], include: { label: { only: [:id, :title, :description, :color, :priority] } })
end
def create def create
list = ::Boards::Lists::CreateService.new(project, current_user, list_params).execute list = ::Boards::Lists::CreateService.new(project, current_user, list_params).execute
...@@ -49,6 +54,10 @@ module Projects ...@@ -49,6 +54,10 @@ module Projects
return render_403 unless can?(current_user, :admin_list, project) return render_403 unless can?(current_user, :admin_list, project)
end end
def authorize_read_list!
return render_403 unless can?(current_user, :read_list, project)
end
def list_params def list_params
params.require(:list).permit(:label_id) params.require(:list).permit(:label_id)
end end
......
class Projects::BoardsController < Projects::ApplicationController class Projects::BoardsController < Projects::ApplicationController
respond_to :html
before_action :authorize_read_board!, only: [:show] before_action :authorize_read_board!, only: [:show]
def show def show
board = Boards::CreateService.new(project, current_user).execute ::Boards::CreateService.new(project, current_user).execute
respond_to do |format|
format.html
format.json { render json: board.lists.as_json(only: [:id, :list_type, :position], methods: [:title], include: { label: { only: [:id, :title, :description, :color, :priority] } }) }
end
end end
private private
def authorize_read_board! def authorize_read_board!
unless can?(current_user, :read_board, project) return access_denied! unless can?(current_user, :read_board, project)
respond_to do |format|
format.html { return access_denied! }
format.json { return render_403 }
end
end
end end
end end
...@@ -91,6 +91,7 @@ class Ability ...@@ -91,6 +91,7 @@ class Ability
rules = [ rules = [
:read_project, :read_project,
:read_board, :read_board,
:read_list,
:read_wiki, :read_wiki,
:read_label, :read_label,
:read_milestone, :read_milestone,
...@@ -230,6 +231,7 @@ class Ability ...@@ -230,6 +231,7 @@ class Ability
:read_wiki, :read_wiki,
:read_issue, :read_issue,
:read_board, :read_board,
:read_list,
:read_label, :read_label,
:read_milestone, :read_milestone,
:read_project_snippet, :read_project_snippet,
......
...@@ -860,7 +860,7 @@ Rails.application.routes.draw do ...@@ -860,7 +860,7 @@ Rails.application.routes.draw do
scope module: :boards do scope module: :boards do
resources :issues, only: [:update] resources :issues, only: [:update]
resources :lists, only: [:create, :update, :destroy] do resources :lists, only: [:index, :create, :update, :destroy] do
collection do collection do
post :generate post :generate
end end
......
...@@ -11,6 +11,46 @@ describe Projects::Boards::ListsController do ...@@ -11,6 +11,46 @@ describe Projects::Boards::ListsController do
project.team << [guest, :guest] project.team << [guest, :guest]
end end
describe 'GET #index' do
it 'returns a successful 200 response' do
read_board_list user: user
expect(response).to have_http_status(200)
expect(response.content_type).to eq 'application/json'
end
it 'returns a list of board lists' do
board = project.create_board
create(:backlog_list, board: board)
create(:list, board: board)
create(:done_list, board: board)
read_board_list user: user
parsed_response = JSON.parse(response.body)
expect(response).to match_response_schema('list', array: true)
expect(parsed_response.length).to eq 3
end
it 'returns a successful 403 response with unauthorized user' do
allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability.abilities).to receive(:allowed?).with(user, :read_list, project).and_return(false)
read_board_list user: user
expect(response).to have_http_status(403)
end
def read_board_list(user:)
sign_in(user)
get :index, namespace_id: project.namespace.to_param,
project_id: project.to_param,
format: :json
end
end
describe 'POST #create' do describe 'POST #create' do
let(:label) { create(:label, project: project, name: 'Development') } let(:label) { create(:label, project: project, name: 'Development') }
......
...@@ -10,13 +10,10 @@ describe Projects::BoardsController do ...@@ -10,13 +10,10 @@ describe Projects::BoardsController do
end end
describe 'GET #show' do describe 'GET #show' do
context 'when project does not have a board' do it 'creates a new board when project does not have one' do
it 'creates a new board' do
expect { read_board }.to change(Board, :count).by(1) expect { read_board }.to change(Board, :count).by(1)
end end
end
context 'when format is HTML' do
it 'renders HTML template' do it 'renders HTML template' do
read_board read_board
...@@ -24,8 +21,7 @@ describe Projects::BoardsController do ...@@ -24,8 +21,7 @@ describe Projects::BoardsController do
expect(response.content_type).to eq 'text/html' expect(response.content_type).to eq 'text/html'
end end
context 'with unauthorized user' do it 'returns a successful 404 response with unauthorized user' do
it 'returns a successful 404 response' do
allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true) allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false) allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false)
...@@ -33,42 +29,6 @@ describe Projects::BoardsController do ...@@ -33,42 +29,6 @@ describe Projects::BoardsController do
expect(response).to have_http_status(404) expect(response).to have_http_status(404)
end end
end
end
context 'when format is JSON' do
it 'returns a successful 200 response' do
read_board format: :json
expect(response).to have_http_status(200)
expect(response.content_type).to eq 'application/json'
end
it 'returns a list of board lists' do
board = project.create_board
create(:backlog_list, board: board)
create(:list, board: board)
create(:done_list, board: board)
read_board format: :json
parsed_response = JSON.parse(response.body)
expect(response).to match_response_schema('list', array: true)
expect(parsed_response.length).to eq 3
end
context 'with unauthorized user' do
it 'returns a successful 403 response' do
allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false)
read_board format: :json
expect(response).to have_http_status(403)
end
end
end
def read_board(format: :html) def read_board(format: :html)
get :show, namespace_id: project.namespace.to_param, get :show, namespace_id: project.namespace.to_param,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment