Added logged_in column to permission table. Fixed up some tests. prep…

…aring for using a csv file to test permissions using request (intergration) tests. modified: Gemfile.lock modified: app/controllers/permissions_controller.rb modified: app/models/permission.rb modified: app/models/user.rb modified: db/migrate/20121126232916_add_admin_to_users.rb new file: db/migrate/20130205030911_add_logged_in_to_permissions.rb modified: db/schema.rb modified: spec/controllers/permissions_controller_spec.rb modified: spec/controllers/tags_controller_spec.rb modified: spec/factories/audio_recording_factory.rb modified: spec/factories/permission_factory.rb modified: spec/factories/progress_factory.rb modified: spec/factories/saved_search_factory.rb modified: spec/models/permission_spec.rb modified: spec/requests/projects_controllers_spec.rb new file: spec/requests/request_truth_table.csv modified: spec/support/api_examples_create.rb modified: spec/support/api_examples_update.rb
QutEcoacoustics · Feb 5, 2013 · db1abf4 · db1abf4
1 parent 8c3be6d
commit db1abf4
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 21 deletions.
diff --git a/app/controllers/permissions_controller.rb b/app/controllers/permissions_controller.rb
@@ -51,19 +51,19 @@ def create
   # PUT /permissions/1
   # PUT /permissions/1.json
   def update
-    #@permission = Permission.find(params[:id])
-    #
-    #respond_to do |format|
-    #  if @permission.update_attributes(params[:permission])
-    #    format.json { head :no_content }
-    #  else
-    #    format.json { render json: @permission.errors, status: :unprocessable_entity }
-    #  end
-    #end
+    @permission = Permission.find(params[:id])
 
     respond_to do |format|
-      format.json { head :bad_request }
+      if @permission.update_attributes(params[:permission])
+        format.json { head :no_content }
+      else
+        format.json { render json: @permission.errors, status: :unprocessable_entity }
+      end
     end
+
+    #respond_to do |format|
+    #  format.json { head :bad_request }
+    #end
   end
 
   # DELETE /permissions/1

diff --git a/app/models/permission.rb b/app/models/permission.rb
@@ -6,7 +6,7 @@ class Permission < ActiveRecord::Base
   belongs_to :permissionable, :polymorphic => true
 
   # attr
-  attr_accessible :user_id, :level, :permissionable_type, :permissionable_id
+  attr_accessible :user_id, :level, :logged_in, :permissionable_type, :permissionable_id
 
   # userstamp
   stampable
@@ -18,20 +18,34 @@ class Permission < ActiveRecord::Base
   validates :level, :inclusion => {in: AVAILABLE_LEVELS}, :presence => true
 
   # validation
-  validate :anonymous_permission_can_only_be_read_or_none
+  validate :check_invalid_combinations
 
   # custom validation methods
-  def anonymous_permission_can_only_be_read_or_none
-    return unless self.user.nil?
-
-    return if self.reader? || self.none?
-
-    errors.add(:level, "The permission level can only be 'read' or 'none' for anonymous permissions")
+  def check_invalid_combinations
+    # any logged in user can be an owner? No
+    if self.logged_in && self.owner? && self.user.blank?
+      errors.add(:user_id, "Owner permissions must be specified with a user id.")
+    end
+
+    # any anonymous user can be an owner? No
+    if !self.logged_in && self.owner? && self.user.blank?
+      errors.add(:level, "Anonymous users cannot have owners permission.")
+    end
+
+    # any anonymous user can be an owner? No
+    if !self.logged_in && self.writer? && self.user.blank?
+      errors.add(:level, "Anonymous users cannot have writer permission.")
+    end
+
+    # not logged in and user id specified is not allowed
+    if !self.logged_in && !self.user.blank?
+      errors.add(:user_id, "Permissions cannot have a user id and not be logged in.")
+    end
   end
 
   # methods
   def anonymous?
-    self.user.nil?
+    self.user.blank?
   end
 
   # http://stackoverflow.com/questions/11569940/inclusion-validation-fails-when-provided-a-symbol-instead-of-a-string

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -39,7 +39,6 @@ class User < ActiveRecord::Base
   has_many :bookmarks, :foreign_key => :creator_id
   has_many :saved_searches, :foreign_key => :creator_id
 
-
   # validation
   #validates_presence_of :display_name
   validates :user_name, presence: true, uniqueness: { case_sensitive: false },
@@ -54,7 +53,6 @@ class User < ActiveRecord::Base
 
   #friendly_id :display_name, :use_slug => true, :strip_non_ascii => true
 
-
   # special validation skip
   # these methods allow a temporary skip of exclusion validation. this is used for seeding users into the database
   # TODO: does this need some protection?