Move action to render board lists to `Projects::Boards::ListsController`

parent c3880d10
module Projects
module Boards
class ListsController < Boards::ApplicationController
before_action :authorize_admin_list!
before_action :authorize_admin_list!, only: [:create, :update, :destroy, :generate]
before_action :authorize_read_list!, only: [:index]
def index
render json: project.board.lists.as_json(only: [:id, :list_type, :position], methods: [:title], include: { label: { only: [:id, :title, :description, :color, :priority] } })
end
def create
list = ::Boards::Lists::CreateService.new(project, current_user, list_params).execute
......@@ -49,6 +54,10 @@ module Projects
return render_403 unless can?(current_user, :admin_list, project)
end
def authorize_read_list!
return render_403 unless can?(current_user, :read_list, project)
end
def list_params
params.require(:list).permit(:label_id)
end
......
class Projects::BoardsController < Projects::ApplicationController
respond_to :html
before_action :authorize_read_board!, only: [:show]
def show
board = Boards::CreateService.new(project, current_user).execute
respond_to do |format|
format.html
format.json { render json: board.lists.as_json(only: [:id, :list_type, :position], methods: [:title], include: { label: { only: [:id, :title, :description, :color, :priority] } }) }
end
::Boards::CreateService.new(project, current_user).execute
end
private
def authorize_read_board!
unless can?(current_user, :read_board, project)
respond_to do |format|
format.html { return access_denied! }
format.json { return render_403 }
end
end
return access_denied! unless can?(current_user, :read_board, project)
end
end
......@@ -91,6 +91,7 @@ class Ability
rules = [
:read_project,
:read_board,
:read_list,
:read_wiki,
:read_label,
:read_milestone,
......@@ -230,6 +231,7 @@ class Ability
:read_wiki,
:read_issue,
:read_board,
:read_list,
:read_label,
:read_milestone,
:read_project_snippet,
......
......@@ -860,7 +860,7 @@ Rails.application.routes.draw do
scope module: :boards do
resources :issues, only: [:update]
resources :lists, only: [:create, :update, :destroy] do
resources :lists, only: [:index, :create, :update, :destroy] do
collection do
post :generate
end
......
......@@ -11,6 +11,46 @@ describe Projects::Boards::ListsController do
project.team << [guest, :guest]
end
describe 'GET #index' do
it 'returns a successful 200 response' do
read_board_list user: user
expect(response).to have_http_status(200)
expect(response.content_type).to eq 'application/json'
end
it 'returns a list of board lists' do
board = project.create_board
create(:backlog_list, board: board)
create(:list, board: board)
create(:done_list, board: board)
read_board_list user: user
parsed_response = JSON.parse(response.body)
expect(response).to match_response_schema('list', array: true)
expect(parsed_response.length).to eq 3
end
it 'returns a successful 403 response with unauthorized user' do
allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability.abilities).to receive(:allowed?).with(user, :read_list, project).and_return(false)
read_board_list user: user
expect(response).to have_http_status(403)
end
def read_board_list(user:)
sign_in(user)
get :index, namespace_id: project.namespace.to_param,
project_id: project.to_param,
format: :json
end
end
describe 'POST #create' do
let(:label) { create(:label, project: project, name: 'Development') }
......
......@@ -10,64 +10,24 @@ describe Projects::BoardsController do
end
describe 'GET #show' do
context 'when project does not have a board' do
it 'creates a new board' do
expect { read_board }.to change(Board, :count).by(1)
end
it 'creates a new board when project does not have one' do
expect { read_board }.to change(Board, :count).by(1)
end
context 'when format is HTML' do
it 'renders HTML template' do
read_board
it 'renders HTML template' do
read_board
expect(response).to render_template :show
expect(response.content_type).to eq 'text/html'
end
context 'with unauthorized user' do
it 'returns a successful 404 response' do
allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false)
read_board
expect(response).to have_http_status(404)
end
end
expect(response).to render_template :show
expect(response.content_type).to eq 'text/html'
end
context 'when format is JSON' do
it 'returns a successful 200 response' do
read_board format: :json
expect(response).to have_http_status(200)
expect(response.content_type).to eq 'application/json'
end
it 'returns a list of board lists' do
board = project.create_board
create(:backlog_list, board: board)
create(:list, board: board)
create(:done_list, board: board)
read_board format: :json
parsed_response = JSON.parse(response.body)
expect(response).to match_response_schema('list', array: true)
expect(parsed_response.length).to eq 3
end
context 'with unauthorized user' do
it 'returns a successful 403 response' do
allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false)
it 'returns a successful 404 response with unauthorized user' do
allow(Ability.abilities).to receive(:allowed?).with(user, :read_project, project).and_return(true)
allow(Ability.abilities).to receive(:allowed?).with(user, :read_board, project).and_return(false)
read_board format: :json
read_board
expect(response).to have_http_status(403)
end
end
expect(response).to have_http_status(404)
end
def read_board(format: :html)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment