bterkuile/mozo-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use safe dynamic finders of simply stored for suppliers sections

Browse Source
This commit is contained in:
Benjamin ter Kuile
2012-12-07 13:25:51 +01:00
parent 180b6deb4d
commit fa68893510
5 changed files with 206 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Gemfile
+2 -1
View File
@@ -59,7 +59,8 @@ end
group :test do
gem 'pry'
gem 'steak'
#gem 'rb-fsevent', :require => false if RUBY_PLATFORM =~ /darwin/i
gem 'rb-fsevent', :require => false if RUBY_PLATFORM =~ /darwin/i
gem 'ruby_gntp'
gem 'guard-rspec'
gem 'factory_girl_rails'
end
Gemfile.lock
+4
View File
@@ -180,6 +180,7 @@ GEM
rdoc (~> 3.4)
thor (>= 0.14.6, < 2.0)
rake (10.0.2)
rb-fsevent (0.9.2)
rdoc (3.12)
json (~> 1.4)
rest-client (1.6.7)
@@ -200,6 +201,7 @@ GEM
rspec-core (~> 2.12.0)
rspec-expectations (~> 2.12.0)
rspec-mocks (~> 2.12.0)
ruby_gntp (0.3.4)
rubyzip (0.9.9)
sass (3.2.3)
sass-rails (3.2.5)
@@ -274,8 +276,10 @@ DEPENDENCIES
pry-remote
rack-cors
rails (= 3.2.9)
rb-fsevent
rqrcode
rspec-rails
ruby_gntp
sass-rails (~> 3.2.3)
simple_form
simply_stored!
app/controllers/suppliers/sections_controller.rb
+8 -8
View File
@@ -18,7 +18,7 @@ module Suppliers
# GET /sections/1
# GET /sections/1.json
def show
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
respond_to do |format|
format.html # show.html.erb
@@ -40,7 +40,7 @@ module Suppliers
# GET /sections/1/edit
def edit
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
end
# POST /sections
@@ -63,7 +63,7 @@ module Suppliers
# PUT /sections/1
# PUT /sections/1.json
def update
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
respond_to do |format|
if @section.update_attributes(params[:section])
@@ -79,7 +79,7 @@ module Suppliers
# DELETE /sections/1
# DELETE /sections/1.json
def destroy
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
@section.destroy
respond_to do |format|
@@ -91,7 +91,7 @@ module Suppliers
# GET /sections/1/manage_tables
# GET /sections/1/manage_tables.json
def manage_tables
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
respond_to do |format|
format.html # show.html.erb
@@ -102,7 +102,7 @@ module Suppliers
# GET /sections/1/tables_view
# GET /sections/1/tables_view.json
def tables_view
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
respond_to do |format|
format.html # show.html.erb
@@ -114,7 +114,7 @@ module Suppliers
# POST /sections/1/add_tables {number_start: 1423, number_end: 234234}
def add_tables
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
number_start = params[:number_start].to_i
number_end = params[:number_end].to_i
for table_number in number_start..number_end
@@ -130,7 +130,7 @@ module Suppliers
# POST /sections/1/arrange_tables {number_start: 1423, number_end: 234234}
def arrange_tables
@section = Section.find_by_supplier_and_id(current_supplier, params[:id])
@section = Section.find_by_supplier_id_and_id!(current_supplier.id, params[:id])
case params[:option]
when 'distributed' then @section.arrange_tables_in_grid
when 'by_row' then @section.arrange_tables_in_rows_of(params[:row_count].to_i)
app/models/section.rb
+1 -7
View File
@@ -14,13 +14,7 @@ class Section
validates :title, presence: true
validates :supplier_id, presence: true
# Probably faster to directly retreive the document and return nil
# if the supplier does not match
def self.find_by_supplier_and_id(supplier, id)
section = find(id)
return nil unless section.supplier_id == supplier.id
section
end
view :by_supplier_id_and_id, key: [:supplier_id, :_id]
def occupied_tables
return @occupied_tables if @occupied_tables.present?
spec/controllers/suppliers/sections_controller_spec.rb
+191
View File
@@ -0,0 +1,191 @@
# encoding: UTF-8
require 'spec_helper'
describe Suppliers::SectionsController do
before :each do
@supplier = Supplier.find_by_email('supplier@qwaiter.com') || Supplier.create(name: 'Supplier', email: 'supplier@qwaiter.com', password: 'secret')
sign_in @supplier
end
describe "GET #index" do
it "populates an array of sections" do
base_section = @supplier.sections.first
section = create :section, supplier: @supplier
get :index
assigns(:sections).should =~[base_section, section].compact
end
it "does not include sections from another supplier" do
base_section = @supplier.sections.first
section1 = create :section, supplier: @supplier
section2 = create :section
get :index
assigns(:sections).should =~[base_section, section1].compact
end
it "should render without errors when no objects are present" do
get :index
expect{ render_template :index }.not_to raise_error
end
it "renders the :index view" do
get :index
response.should render_template :index
end
end
describe "GET #show" do
it "assigns the requested section to @section" do
section = create :section, supplier: @supplier
get :show, id: section
assigns(:section).should eq(section)
end
it "should not display a section of another supplier" do
section = create :section
get :show, id: section
response.status.should == 404
end
it "renders the #show view" do
section = create :section, supplier: @supplier
get :show, id: section
response.should render_template :show
end
end
describe "GET #new" do
it "assigns a new section to @section" do
get :new
assigns(:section).should be_a Section
end
it "renders the #show view" do
get :new
response.should render_template :new
end
end
describe "POST #create" do
context "with valid attributes" do
it "creates a new section" do
expect{
post :create, section: attributes_for(:section, supplier: @supplier)
}.to change(Section, :count).by(2)
end
it "redirects to the new section" do
post :create, section: attributes_for(:section, title: 'Created section 45', supplier: @supplier)
response.should redirect_to [:suppliers, Section.find_by_title('Created section 45')]
end
it "should not be possible to create a section for another supplier" do
supplier2 = create :supplier
post :create, section: attributes_for(:section, title: 'Trying to hack', supplier: supplier2)
Section.find_by_title('Trying to hack').supplier_id.should == @supplier.id
end
end
context "with invalid attributes" do
it "does not save the new section" do
expect{
post :create, section: {title: ''}
}.to_not change(Section, :count)
end
it "re-renders the new method" do
post :create, section: {title: ''}
response.should render_template :new
end
end
end
describe 'PUT update' do
before :each do
@section = create :section, supplier: @supplier
end
context "valid attributes" do
it "located the requested section" do
put :update, id: @section, section: attributes_for(:section, supplier: @supplier)
@section.reload
assigns(:section).should eq(@section)
end
it "changes @section's attributes" do
put :update, id: @section, section: attributes_for(:section, title: "ChangedByTest", supplier: @supplier)
@section.reload
@section.title.should eq("ChangedByTest")
end
it "redirects to the updated section" do
put :update, id: @section, section: attributes_for(:section, supplier: @supplier)
response.should redirect_to [:suppliers, @section]
end
it "should not be possible to update a section to another supplier" do
supplier2 = create :supplier
put :update, id: @section, section: attributes_for(:section, title: "Trying to hack", supplier: supplier2)
Section.find_by_title('Trying to hack').supplier_id.should == @supplier.id
end
it "should not be possible to update a section of another supplier" do
section = create :section, title: 'Other supplier section'
put :update, id: section, section: {title: "Trying to hack"}
section.reload
section.title.should == 'Other supplier section'
end
end
context "invalid attributes" do
it "locates the requested section" do
put :update, id: @section, section: {title: ''}
assigns(:section).should eq(@section)
end
it "re-renders the edit method" do
put :update, id: @section, section: {title: ''}
response.should render_template :edit
end
end
end
describe 'DELETE destroy' do
before :each do
@section = create :section, supplier: @supplier
end
it "deletes the section" do
expect{
delete :destroy, id: @section
}.to change(Section, :count).by(-1)
end
it "redirects to sections#index" do
delete :destroy, id: @section
response.should redirect_to [:suppliers, :sections]
end
it "should not be possible to delete a section of another supplier" do
section = create :section
expect{
delete :destroy, id: section
}.to_not change(Section, :count)
end
end
describe 'GET #manage_tables' do
pending "Add tests"
end
describe 'GET #tables_view' do
pending "Add tests"
end
describe 'POST #add_tables' do
pending "Add tests"
end
describe 'POST #arrange_tables' do
pending "Add tests"
end
end