diff --git a/.gitignore b/.gitignore index b909155..74254e5 100644 --- a/.gitignore +++ b/.gitignore @@ -32,9 +32,10 @@ # ignore IDE files .idea/* -<<<<<<< HEAD -======= # ignore yard doc files .yardoc/* ->>>>>>> 97cb77ae9aa380ac8352b49ae90b0c118aa9d2a2 + +# ignore yard generated documents +/doc/* +!/doc/README_FOR_APP \ No newline at end of file diff --git a/Gemfile b/Gemfile index 2c6c123..6b20e0f 100644 --- a/Gemfile +++ b/Gemfile @@ -104,6 +104,7 @@ group :test do gem 'minitest-rails-capybara' gem 'minitest-reporters' + gem 'rack-test' end # diff --git a/app/admin/token_permission.rb b/app/admin/token_permission.rb deleted file mode 100644 index ed1bd19..0000000 --- a/app/admin/token_permission.rb +++ /dev/null @@ -1,31 +0,0 @@ -ActiveAdmin.register TokenPermission do - permit_params :api_token, :token_permission_type_id, :user_id - - #TODO: make migration to add user_id to the model so we can have the relationship... - - menu priority:25, label: proc{ I18n.t('admin.token_permission')}, parent: "Api" - - index do - column I18n.t('admin.user') do |n| - link_to n.user.email, [:admin,n] - end - column I18n.t('admin.token_permission') do |n| - link_to n.token_permission_type, [:admin, n] - end - actions - end - - show do - attributes_table do - row :user_id - row :token_permission_type_id - row :api_token - end - end - - controller do - def permitted_params - params.permit! - end - end -end diff --git a/app/controllers/api/v0/base_controller.rb b/app/controllers/api/v0/base_controller.rb index 020b268..c3ed859 100644 --- a/app/controllers/api/v0/base_controller.rb +++ b/app/controllers/api/v0/base_controller.rb @@ -103,7 +103,7 @@ def authenticate_token authenticate_with_http_token do |token, options| # reject the empty string as it is our base empty token - if !token = "" + if token != "" @token = token @user = User.find_by(api_token: token) # if no user found, return false, otherwise true @@ -132,6 +132,7 @@ # end # end OrgTokenPermission.where(organisation_id: @user.organisation_id).find_each do |org_token_permission| + logger.debug "#{org_token_permission.token_permission_type.token_type}" if org_token_permission.token_permission_type.token_type == auth_type auth= true end diff --git a/app/controllers/api/v0/guidance_groups_controller.rb b/app/controllers/api/v0/guidance_groups_controller.rb index f28b642..a506a0b 100644 --- a/app/controllers/api/v0/guidance_groups_controller.rb +++ b/app/controllers/api/v0/guidance_groups_controller.rb @@ -22,7 +22,7 @@ def show # check if the user has permission to use the guidances api - if has_auth("guidance") + if has_auth("guidances") # determine if they have authorization to view this guidance group if GuidanceGroup.can_view?(@user, params[:id]) respond_with get_resource @@ -44,7 +44,7 @@ def index - if has_auth("guidance") + if has_auth("guidances") @all_viewable_groups = GuidanceGroup.all_viewable(@user) respond_with @all_viewable_groups else diff --git a/app/controllers/token_permission_types_controller.rb b/app/controllers/token_permission_types_controller.rb index 458ad69..4e1b33a 100644 --- a/app/controllers/token_permission_types_controller.rb +++ b/app/controllers/token_permission_types_controller.rb @@ -2,7 +2,7 @@ def index - if user_signed_in? && user.organisation.token_permission_types.count > 0 + if user_signed_in? && current_user.organisation.token_permission_types.count > 0 @user = current_user respond_to do |format| format.html diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 6025e3b..02c490e 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -17,8 +17,8 @@ mail(to: @user.email, subject: I18n.t('helpers.main_email.access_removed')) end - def api_token_granted_notification(user) - @user = user - mail(to: @user.email, subject: I18n.t('helper.api_mail_subject') - end + def api_token_granted_notification(user) + @user = user + mail(to: @user.email, subject: I18n.t('helper.api_mail_subject')) + end end \ No newline at end of file diff --git a/app/models/token_permission.rb b/app/models/token_permission.rb deleted file mode 100644 index 53d8567..0000000 --- a/app/models/token_permission.rb +++ /dev/null @@ -1,10 +0,0 @@ -class TokenPermission < ActiveRecord::Base - attr_accessible :token_permission_type_id, :token_permission_type, :api_token, :user_id, :user, :as => [:default, :admin] - - #associations between tables - belongs_to :token_permission_type - belongs_to :user - - - -end diff --git a/app/models/user.rb b/app/models/user.rb index 79c4b8d..2c0064b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -14,7 +14,6 @@ has_many :project_groups, :dependent => :destroy has_many :organisations , through: :user_org_roles has_many :user_role_types, through: :user_org_roles - has_many :token_permissions diff --git a/app/views/api/v0/guidance_groups/index.json.jbuilder b/app/views/api/v0/guidance_groups/index.json.jbuilder index b413f7b..cae2288 100644 --- a/app/views/api/v0/guidance_groups/index.json.jbuilder +++ b/app/views/api/v0/guidance_groups/index.json.jbuilder @@ -1,7 +1,7 @@ # builds a json response to api query for a list of guidance groups json.prettify! -json.guidance_group @all_viewable_groups do |guidance_group| +json.guidance_groups @all_viewable_groups do |guidance_group| json.name guidance_group.name json.id guidance_group.id diff --git a/app/views/users/admin_api_update.html.erb b/app/views/users/admin_api_update.html.erb new file mode 100644 index 0000000..e7e94f1 --- /dev/null +++ b/app/views/users/admin_api_update.html.erb @@ -0,0 +1,56 @@ +<%= stylesheet_link_tag "admin" %> + +

+ <%= t('org_admin.users_list') %> +

+ +<%= raw t('org_admin.user_text_html')%> +<% @users = current_user.organisation.users %> + + + + + + + + <% if current_user.organisation.token_permission_types.count > 0 %> + + <% end %> + + + + + <%= form_tag( admin_api_update_users_path, method: :put) do %> + <% @users.each do |user| %> + <% if !user.nil? then%> + + + + + + <% if current_user.organisation.token_permission_types.count > 0 %> + + <% end %> + + <% end %> + <% end %> + + <%= submit_tag "Update API Privleges" %> + <% end %> +
<%= t('org_admin.user_full_name') %><%= t('org_admin.user_name') %><%= t('org_admin.last_logged_in') %><%= t('org_admin.how_many_plans') %><%= t('org_admin.api_privleges') %>
+ <% if !user.name.nil? then%> + <%= user.name %> + <% end %> + + <%= user.email %> + + <% if !user.last_sign_in_at.nil? then%> + <%= l user.last_sign_in_at.to_date, :formats => :short %> + <% end %> + + <% if !user.project_groups.nil? then%> + <%= user.project_groups.count %> + <% end %> + + <%= check_box_tag "user_ids[]", user.id, user.api_token !="" %> +
\ No newline at end of file diff --git a/app/views/users/admin_index.html.erb b/app/views/users/admin_index.html.erb index 33a717e..e7e94f1 100644 --- a/app/views/users/admin_index.html.erb +++ b/app/views/users/admin_index.html.erb @@ -5,8 +5,7 @@ <%= raw t('org_admin.user_text_html')%> -<% @user_roles = current_user.organisation.user_org_roles %> -<% @user_roles = @user_roles.uniq_by {|u| u.user_id } %> +<% @users = current_user.organisation.users %> @@ -22,30 +21,30 @@ <%= form_tag( admin_api_update_users_path, method: :put) do %> - <% @user_roles.each do |user_id| %> - <% if !user_id.user.nil? then%> + <% @users.each do |user| %> + <% if !user.nil? then%> <% if current_user.organisation.token_permission_types.count > 0 %> <% end %> diff --git a/db/schema.rb b/db/schema.rb index 603f825..99132ed 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -122,18 +122,18 @@ t.boolean "published", limit: 1 end - create_table "languages", force: true do |t| - t.string "abbreviation" - t.string "description" - t.string "name" + create_table "languages", force: :cascade do |t| + t.string "abbreviation", limit: 255 + t.string "description", limit: 255 + t.string "name", limit: 255 end - create_table "option_warnings", force: true do |t| - t.integer "organisation_id" - t.integer "option_id" - t.text "text" - t.datetime "created_at" - t.datetime "updated_at" + create_table "option_warnings", force: :cascade do |t| + t.integer "organisation_id", limit: 4 + t.integer "option_id", limit: 4 + t.text "text", limit: 65535 + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end create_table "options", force: :cascade do |t| @@ -294,13 +294,13 @@ t.boolean "published", limit: 1 end - create_table "settings", force: true do |t| - t.string "var", limit: 191, null: false - t.text "value" - t.integer "target_id", null: false - t.string "target_type", limit: 191, null: false - t.datetime "created_at" - t.datetime "updated_at" + create_table "settings", force: :cascade do |t| + t.string "var", limit: 255, null: false + t.text "value", limit: 65535 + t.integer "target_id", limit: 4, null: false + t.string "target_type", limit: 255, null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end add_index "settings", ["target_type", "target_id", "var"], name: "index_settings_on_target_type_and_target_id_and_var", unique: true, using: :btree @@ -340,12 +340,12 @@ t.datetime "updated_at" end - create_table "user_org_roles", force: true do |t| - t.integer "user_id" - t.integer "organisation_id" - t.integer "user_role_type_id" - t.datetime "created_at" - t.datetime "updated_at" + create_table "user_org_roles", force: :cascade do |t| + t.integer "user_id", limit: 4 + t.integer "organisation_id", limit: 4 + t.integer "user_role_type_id", limit: 4 + t.datetime "created_at", null: false + t.datetime "updated_at", null: false end create_table "user_role_types", force: :cascade do |t| @@ -369,29 +369,29 @@ t.datetime "updated_at" end - create_table "users", force: true do |t| - t.string "firstname" - t.string "surname" - t.string "email", limit: 191, default: "", null: false - t.string "orcid_id" - t.string "shibboleth_id" - t.integer "user_type_id" - t.integer "user_status_id" - t.datetime "created_at" - t.datetime "updated_at" - t.string "encrypted_password", default: "" - t.string "reset_password_token", limit: 191 + create_table "users", force: :cascade do |t| + t.string "firstname", limit: 255 + t.string "surname", limit: 255 + t.string "email", limit: 255, default: "", null: false + t.string "orcid_id", limit: 255 + t.string "shibboleth_id", limit: 255 + t.integer "user_type_id", limit: 4 + t.integer "user_status_id", limit: 4 + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.string "encrypted_password", limit: 255, default: "" + t.string "reset_password_token", limit: 255 t.datetime "reset_password_sent_at" t.datetime "remember_created_at" - t.integer "sign_in_count", default: 0 + t.integer "sign_in_count", limit: 4, default: 0 t.datetime "current_sign_in_at" t.datetime "last_sign_in_at" - t.string "current_sign_in_ip" - t.string "last_sign_in_ip" - t.string "confirmation_token", limit: 191 + t.string "current_sign_in_ip", limit: 255 + t.string "last_sign_in_ip", limit: 255 + t.string "confirmation_token", limit: 255 t.datetime "confirmed_at" t.datetime "confirmation_sent_at" - t.string "invitation_token", limit: 191 + t.string "invitation_token", limit: 255 t.datetime "invitation_created_at" t.datetime "invitation_sent_at" t.datetime "invitation_accepted_at" diff --git a/test/fixtures/dmptemplates_guidance_groups.yml b/test/fixtures/dmptemplates_guidance_groups.yml deleted file mode 100644 index f49066a..0000000 --- a/test/fixtures/dmptemplates_guidance_groups.yml +++ /dev/null @@ -1,27 +0,0 @@ -# dcc_template_1: -# guidance_group: dcc_guidance_group_1 -# dmptemplate: dcc_template - -# ahrc_template_1: -# guidance_group: funder_guidance_group_1 -# dmptemplate: ahrc_template - -# bbsrc_template_1: -# guidance_group: funder_guidance_group_2 -# dmptemplate: bbsrc_template - -# aru_template_1: -# guidance_group: institution_guidance_group_1 -# dmptemplate: aru_template - -# au_template_1: -# guidance_group: institution_guidance_group_2 -# dmptemplate: au_template - -# bu_template_1: -# guidance_group: institution_guidance_group_3 -# dmptemplate: bu_template - -# bu_template_2: -# guidance_group: institution_guidance_group_4 -# dmptemplate: bu_template \ No newline at end of file diff --git a/test/fixtures/guidances.yml b/test/fixtures/guidances.yml index d8479f1..0474bd2 100644 --- a/test/fixtures/guidances.yml +++ b/test/fixtures/guidances.yml @@ -168,7 +168,9 @@ text: "sample institution guidance bu 2" themes: embargo_period - +one: + text: "one" + themes: embargo_period diff --git a/test/fixtures/org_token_permissions.yml b/test/fixtures/org_token_permissions.yml new file mode 100644 index 0000000..7f1a3a3 --- /dev/null +++ b/test/fixtures/org_token_permissions.yml @@ -0,0 +1,15 @@ +dcc_one: + token_permission_type: plans_token_type + organisation: dcc + +dcc_two: + token_permission_type: guidances_token_type + organisation: dcc + +aru_one: + token_permission_type: plans_token_type + organisation: aru + +au_one: + token_permission_type: guidances_token_type + organisation: au \ No newline at end of file diff --git a/test/fixtures/token_permission.yml b/test/fixtures/token_permission.yml deleted file mode 100644 index 8a3003c..0000000 --- a/test/fixtures/token_permission.yml +++ /dev/null @@ -1,10 +0,0 @@ -guidances_api_token: - token_permission_type: guidances_token_type - api_token: "guidances_api_token" - user: user_one - -plans_api_token: - token_permission_type: plans_token_type - api_token: "plans_api_token" - user: user_two - diff --git a/test/fixtures/token_permission_type.yml b/test/fixtures/token_permission_type.yml deleted file mode 100644 index 5056f18..0000000 --- a/test/fixtures/token_permission_type.yml +++ /dev/null @@ -1,7 +0,0 @@ -guidances_token_type: - token_type: "guidance" - text_desription: "allows access to the guidance api" - -plans_token_type: - token_type: "plan" - text_desription: "allows access to the plan api" diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index 04d40ab..4d9373a 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -38,3 +38,11 @@ firstname: Many surname: Projects email: many.projects@example.com + +user_dcc: + firstname: "john" + surname: "doe" + email: "me@dcc.net" + user_type_id: 1 + user_status_id: 1 + api_token: "wasd" \ No newline at end of file diff --git a/test/functional/api_projects_controller_test.rb b/test/functional/api_projects_controller_test.rb new file mode 100644 index 0000000..d47d190 --- /dev/null +++ b/test/functional/api_projects_controller_test.rb @@ -0,0 +1,57 @@ +require 'test_helper' +require "rack/test" + +class ApiProjectsControllerTest < ActiveSupport::TestCase + include Rack::Test::Methods + + def app + MyApp.new + end + + @controller = Api::V0::ProjectsController.new + + test "create validates that a user has plans auth" do + # has auth for projects + @user = users(:user_dcc) + post :create, params: {template:{organisation: "Arts and Humanities Research Council"},project:{title:"my project", email:"org_admin@example.com"}} + assert_response :success + + # has no auth for projects + # @user = users(:user_three) + # post :create, params: {template:{organisation: "Arts and Humanities Research Council"},project:{title:"my project", email:"org_admin@example.com"}} + # assert_response 400 + end + + test "create validates that the passed organisation exists" do + flunk + end + + test "create validates that the passed organisation is a funder" do + flunk + end + + test "create validates that the passed organisation has only 1 template" do + flunk + end + + test "create validates that a passed organisation with more than one template specifies template" do + flunk + end + + test "create checks for a guidance and adds it if it exists" do + flunk + end + + test "create checks for guidances and adds them if they exist" do + flunk + end + + test "create invites is user email not already in system" do + flunk + end + + test "create creates a new project when params correct" do + flunk + end + +end \ No newline at end of file
- <% if !user_id.user.name.nil? then%> - <%= user_id.user.name %> + <% if !user.name.nil? then%> + <%= user.name %> <% end %> - <%= user_id.user.email %> + <%= user.email %> - <% if !user_id.user.last_sign_in_at.nil? then%> - <%= l user_id.user.last_sign_in_at.to_date, :formats => :short %> + <% if !user.last_sign_in_at.nil? then%> + <%= l user.last_sign_in_at.to_date, :formats => :short %> <% end %> - <% if !user_id.user.project_groups.nil? then%> - <%= user_id.user.project_groups.count %> + <% if !user.project_groups.nil? then%> + <%= user.project_groups.count %> <% end %> - <%= check_box_tag "user_ids[]", user_id.user.id, user_id.user.api_token !="" %> + <%= check_box_tag "user_ids[]", user.id, user.api_token !="" %>