Skip to content

Commit

Permalink
fix(permissions): private repositories should be hidden if user don't…
Browse files Browse the repository at this point in the history
… have permissions (closes #262)
  • Loading branch information
Izak88 committed Oct 27, 2017
1 parent 25e3728 commit 82c75bf
Show file tree
Hide file tree
Showing 6 changed files with 82 additions and 20 deletions.
28 changes: 28 additions & 0 deletions e2e/090_repository.e2e.ts
Original file line number Diff line number Diff line change
Expand Up @@ -193,4 +193,32 @@ describe('Repository', () => {
.then(() => element(by.css('.form-input[name="api_url"]')).getAttribute('value'))
.then(txt => expect(txt).to.equals('https://api.github.com2'));
});

it('should redirect to bterm repository, and mark its as private', () => {
return browser.get('/repositories')
.then((): any => browser.wait(() => {
return element.all(by.css('.list-item')).count().then(count => count === 2);
}))
.then((): any => element.all(by.css('.list-item')).first().click())
.then((): any => browser.wait(() => element(by.css(`[name="btn-settings"]`)).isPresent()))
.then((): any => browser.wait(() => {
return ExpectedConditions.elementToBeClickable(element(by.css(`[name="btn-settings"]`)));
}))
.then((): any => element(by.css('[name="btn-settings"]')).click())
.then(() => browser.wait(() => element(by.css('.toggle-button')).isPresent()))
.then((): any => browser.wait(() => element(by.css(`.toggle-button`)).isEnabled()))
.then(() => element(by.css(`.toggle-button`)).click())
.then((): any => browser.wait(() => element(by.css(`[name="save-settings"]`)).isPresent()))
.then((): any => browser.wait(() => element(by.css(`[name="save-settings"]`)).isEnabled()))
.then((): any => browser.wait(() => ExpectedConditions.elementToBeClickable(
element(by.css(`[name="save-settings"]`)))))
.then(() => element(by.css(`[name="save-settings"]`)))
.then(ele => browser.executeScript('arguments[0].scrollIntoView();', ele.getWebElement()))
.then(() => element(by.css(`[name="save-settings"]`)).click())
.then(() => browser.get('/repo/1?tab=settings'))
.then((): any => isLoaded())
.then(() => browser.wait(() => element(by.css('.toggle-button')).isPresent()))
.then(() => element.all(by.css('.toggle-button enabled')).count())
.then(cnt => expect(cnt).to.equals(0));
});
});
36 changes: 30 additions & 6 deletions e2e/130_team.e2e.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,14 @@ describe('Teams', () => {
}));
});

it(`logged in user can see all repositories he has permission to`, () => {
return browser.get('/repositories')
.then(() => isLoaded())
.then(() => delay(1000))
.then((): any => element.all(by.css('.list-item-slim')).count())
.then(cnt => expect(cnt).to.equals(5));
});

it('should add new user', () => {
return browser.get('/team')
.then((): any => browser.wait(() => {
Expand Down Expand Up @@ -48,10 +56,10 @@ describe('Teams', () => {
.then((): any => browser.wait(() => element(by.css(`[name="tab-permissions"]`)).isEnabled()))
.then((): any => element(by.css('[name="tab-permissions"]')).click())
.then((): any => browser.wait(() => {
return element.all(by.css('.border-green')).count().then(count => count === 5);
return element.all(by.css('.border-green')).count().then(count => count === 4);
}))
.then((): any => browser.wait(() => {
return element.all(by.css('.border-red')).count().then(count => count === 0);
return element.all(by.css('.border-red')).count().then(count => count === 1);
}))
.then((): any => browser.wait(() => element.all(by.css(`[name="btn-removePermission"]`))
.first().isPresent()))
Expand All @@ -63,11 +71,11 @@ describe('Teams', () => {
.then(ele => browser.executeScript('arguments[0].scrollIntoView();', ele.getWebElement()))
.then((): any => element.all(by.css('[name="btn-removePermission"]')).first().click())
.then((): any => browser.wait(() => {
return element.all(by.css('.border-green')).count().then(count => count === 4);
return element.all(by.css('.border-green')).count().then(count => count === 3);
}))
.then((): any => browser.wait(() => {
return element.all(by.css('.border-red')).count()
.then(count => count === 1);
.then(count => count === 2);
}))
.then((): any => browser.wait(() => element.all(by.css(`[name="btn-addPermission"]`))
.first().isPresent()))
Expand All @@ -79,10 +87,10 @@ describe('Teams', () => {
.then(ele => browser.executeScript('arguments[0].scrollIntoView();', ele.getWebElement()))
.then((): any => element.all(by.css('[name="btn-addPermission"]')).first().click())
.then((): any => browser.wait(() => {
return element.all(by.css('.border-green')).count().then(count => count === 5);
return element.all(by.css('.border-green')).count().then(count => count === 4);
}))
.then((): any => browser.wait(() => {
return element.all(by.css('.border-red')).count().then(count => count === 0);
return element.all(by.css('.border-red')).count().then(count => count === 1);
}));
});

Expand Down Expand Up @@ -140,6 +148,14 @@ describe('Teams', () => {
.then(present => expect(present).to.equals(false));
});

it(`as annonymous user can see public repositories`, () => {
return browser.get('/repositories')
.then(() => isLoaded())
.then(() => delay(1000))
.then((): any => element.all(by.css('.list-item-slim')).count())
.then(cnt => expect(cnt).to.equals(4));
});

it(`logout admin user and login with non admin user`, () => {
return browser.get('/login')
.then(() => isLoaded())
Expand All @@ -149,6 +165,14 @@ describe('Teams', () => {
.then(() => isLoaded());
});

it(`logged in user can see all repositories he has permission to`, () => {
return browser.get('/repositories')
.then(() => isLoaded())
.then(() => delay(1000))
.then((): any => element.all(by.css('.list-item-slim')).count())
.then(cnt => expect(cnt).to.equals(4));
});

it(`non admin user should see dashboard`, () => {
return browser.get('/')
.then(() => isLoaded())
Expand Down
2 changes: 2 additions & 0 deletions src/api/db/repository.ts
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,8 @@ export function getRepositories(keyword: string, userId?: string): Promise<any[]
.andWhere(function() {
this.where('permissions.permission', true).orWhere('public', true);
});
} else {
q.where('repositories.public', true);
}
}).fetchAll({ withRelated: [{'permissions': (query) => {
if (userId) {
Expand Down
4 changes: 2 additions & 2 deletions src/app/components/app-user/app-user.component.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -139,8 +139,8 @@ describe('User Component', () => {
fixture.detectChanges();
const de = fixture.debugElement.query(By.css('h1'));
expect(de.nativeElement.textContent).toBe('Permissions');
expect(fixture.componentInstance.restrictedRepositories.length).toBe(1);
expect(fixture.componentInstance.repositories.length).toBe(2);
expect(fixture.componentInstance.restrictedRepositories.length).toBe(0);
expect(fixture.componentInstance.repositories.length).toBe(3);
});
});

Expand Down
25 changes: 15 additions & 10 deletions src/app/components/app-user/app-user.component.ts
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,9 @@ export class AppUserComponent implements OnInit {
});

this.route.params
.switchMap((params: Params) => this.api.getRepositories(''))
.switchMap((params: Params) => this.api.getRepositories('', this.loggedUser.id))
.subscribe(repositories => {
this.repositories =
repositories.filter(r => r.permissions.findIndex(p => p.permission) !== -1);
this.repositories = repositories;
this.repositories.forEach((repo: any, i) => {
this.api.getBadge(repo.id).subscribe(badge => {
if (badge.ok) {
Expand All @@ -82,13 +81,19 @@ export class AppUserComponent implements OnInit {
});
});

this.restrictedRepositories =
repositories.filter(r => r.permissions.findIndex(p => !p.permission) !== -1);
this.restrictedRepositories.forEach((repo: any, i) => {
this.api.getBadge(repo.id).subscribe(badge => {
if (badge.ok) {
this.restrictedRepositories[i].status_badge = badge._body;
}
this.api.getRepositories('', this.user.id).subscribe(userRepositories => {
this.restrictedRepositories =
repositories.filter(r => userRepositories.findIndex(ur => ur.id === r.id) === -1);

this.restrictedRepositories.forEach((repo: any, i) => {
this.api.getBadge(repo.id).subscribe(badge => {
if (badge.ok) {
this.restrictedRepositories[i].status_badge = badge._body;
}
});
});
this.repositories = this.repositories.filter(r => {
return this.restrictedRepositories.findIndex(rr => rr.id === r.id) === -1;
});
});
});
Expand Down
7 changes: 5 additions & 2 deletions tests/unit/060_api-routes.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,9 @@ describe('Api Server Routes Unit Tests', () => {
return sendGetRequest({}, `api/repositories?keyword=`).then(repo => {
expect(repo['data'][0]['full_name']).to.equal('Izak88/bterm');
expect(repo['data'][0]['id']).to.equal(1);
expect(repo['data'][1]['full_name']).to.equal('jkuri/d3-bundle');
expect(repo['data'][1]['id']).to.equal(2);
expect(repo['data'][1]['full_name']).to.equal('izak88/d3-bundle');
expect(repo['data'][1]['id']).to.equal(5);
expect(repo['data'].length).to.equal(2);
});
});

Expand All @@ -51,6 +52,7 @@ describe('Api Server Routes Unit Tests', () => {
expect(repo['data'][0]['id']).to.equal(1);
expect(repo['data'][1]['full_name']).to.equal('jkuri/d3-bundle');
expect(repo['data'][1]['id']).to.equal(2);
expect(repo['data'].length).to.equal(5);
});
});

Expand All @@ -60,6 +62,7 @@ describe('Api Server Routes Unit Tests', () => {
expect(repo['data'][0]['id']).to.equal(1);
expect(repo['data'][1]['full_name']).to.equal('izak88/d3-bundle');
expect(repo['data'][1]['id']).to.equal(5);
expect(repo['data'].length).to.equal(2);
});
});

Expand Down

0 comments on commit 82c75bf

Please sign in to comment.