Diff
Modified: trunk/lib/api/resources/blobs.rb (3774 => 3775)
--- trunk/lib/api/resources/blobs.rb 2013-11-11 09:16:09 UTC (rev 3774)
+++ trunk/lib/api/resources/blobs.rb 2013-11-11 09:16:49 UTC (rev 3775)
@@ -124,7 +124,10 @@
return rest_response(400, :object => ob) unless success
if opts[:query]['version'].nil?
- update_permissions(ob, permissions, opts[:user])
+ begin
+ update_permissions(ob, permissions, opts[:user])
+ rescue NotAuthorizedException, NotFoundException
+ end
end
end
Modified: trunk/lib/api/resources/packs.rb (3774 => 3775)
--- trunk/lib/api/resources/packs.rb 2013-11-11 09:16:09 UTC (rev 3774)
+++ trunk/lib/api/resources/packs.rb 2013-11-11 09:16:49 UTC (rev 3775)
@@ -69,7 +69,10 @@
return rest_response(400, :object => ob)
end
- update_permissions(ob, permissions, opts[:user])
+ begin
+ update_permissions(ob, permissions, opts[:user])
+ rescue NotAuthorizedException, NotFoundException
+ end
end
rest_get_request(ob, opts[:user], { "id" => ob.id.to_s })
Modified: trunk/lib/api/resources/workflows.rb (3774 => 3775)
--- trunk/lib/api/resources/workflows.rb 2013-11-11 09:16:09 UTC (rev 3774)
+++ trunk/lib/api/resources/workflows.rb 2013-11-11 09:16:49 UTC (rev 3775)
@@ -160,7 +160,10 @@
# Elements to update if we're not dealing with a workflow version
if opts[:query]['version'].nil?
- update_permissions(ob, permissions, opts[:user])
+ begin
+ update_permissions(ob, permissions, opts[:user])
+ rescue NotAuthorizedException, NotFoundException
+ end
end
# Extract internals and stuff
Modified: trunk/lib/rest.rb (3774 => 3775)
--- trunk/lib/rest.rb 2013-11-11 09:16:09 UTC (rev 3774)
+++ trunk/lib/rest.rb 2013-11-11 09:16:49 UTC (rev 3775)
@@ -974,12 +974,12 @@
return
else
- ob.errors.add_to_base("You must be a member of #{group_policy.contributor.title} to use group policy: #{group_policy}")
- raise
+ ob.errors.add_to_base("You must be a member of #{policy.contributor.title} to use group policy: #{group_policy}")
+ raise NotAuthorizedException.new
end
else
ob.errors.add_to_base("#{group_policy} does not appear to be a valid group policy ID")
- raise
+ raise NotFoundException.new
end
else
@@ -1291,3 +1291,6 @@
end
end
end
+
+class NotFoundException < Exception; end
+class NotAuthorizedException < Exception; end
Modified: trunk/test/fixtures/memberships.yml (3774 => 3775)
--- trunk/test/fixtures/memberships.yml 2013-11-11 09:16:09 UTC (rev 3774)
+++ trunk/test/fixtures/memberships.yml 2013-11-11 09:16:49 UTC (rev 3775)
@@ -23,3 +23,10 @@
user_established_at: 2008-03-30 14:08:56
network_established_at: 2008-03-30 14:08:56
+john_invite_only_network:
+ id: 4
+ user_id: 1
+ network_id: 4
+ created_at: 2008-03-30 17:28:56
+ user_established_at: 2008-03-30 17:28:56
+ network_established_at: 2008-03-30 17:28:56
Modified: trunk/test/functional/api_controller_test.rb (3774 => 3775)
--- trunk/test/functional/api_controller_test.rb 2013-11-11 09:16:09 UTC (rev 3774)
+++ trunk/test/functional/api_controller_test.rb 2013-11-11 09:16:49 UTC (rev 3775)
@@ -1131,6 +1131,72 @@
assert_response(:not_found)
end
+ # Group Policies
+
+ test "can create file with group policy" do
+ login_as(:john)
+
+ group_policy = policies(:group_policy)
+
+ # post a file
+ assert_difference('Blob.count', 1) do
+ rest_request(:post, 'file', "<?xml version='1.0'?>
+ <file>
+ <title>A File With a Group Policy</title>
+ <description>Description</description>
+ <license-type>by-sa</license-type>
+ <filename>test.txt</filename>
+ <content-type>text/plain</content-type>
+ <content>#{Base64.encode64("This is the content of this test file.")}</content>
+ <permissions>
+ <group-policy-id>#{group_policy.id}</group-policy-id>
+ </permissions>
+ </file>")
+ end
+
+ assert_response(:success)
+ end
+
+ test "non-existant group policy doesn't error out" do
+ login_as(:john)
+
+ fake_id = Policy.last.id + 100000
+
+ # post a file
+ rest_request(:post, 'file', "<?xml version='1.0'?>
+ <file>
+ <title>A File With a Group Policy</title>
+ <description>Description</description>
+ <license-type>by-sa</license-type>
+ <filename>test.txt</filename>
+ <content-type>text/plain</content-type>
+ <content>#{Base64.encode64("This is the content of this test file.")}</content>
+ <permissions>
+ <group-policy-id>#{fake_id}</group-policy-id>
+ </permissions>
+ </file>")
+ end
+
+ test "non-member using a group policy doesn't error out" do
+ login_as(:jane)
+
+ group_policy = policies(:group_policy)
+
+ # post a file
+ rest_request(:post, 'file', "<?xml version='1.0'?>
+ <file>
+ <title>A File With a Group Policy</title>
+ <description>Description</description>
+ <license-type>by-sa</license-type>
+ <filename>test.txt</filename>
+ <content-type>text/plain</content-type>
+ <content>#{Base64.encode64("This is the content of this test file.")}</content>
+ <permissions>
+ <group-policy-id>#{group_policy.id}</group-policy-id>
+ </permissions>
+ </file>")
+ end
+
# Components
test "can create components" do
@@ -1572,6 +1638,26 @@
assert_response(:success)
end
+ test "can delete component family after deleting a component inside it" do
+ login_as(:john)
+ component = workflows(:private_component_workflow)
+ family = packs(:protected_component_family)
+
+ assert_difference('Workflow.count', -1) do # Component deleted
+ rest_request(:delete, 'workflow', nil, 'id' => component.id)
+ end
+
+ assert_response(:success)
+
+ assert_no_difference('Blob.count') do # Profile not deleted
+ assert_difference('Pack.count', -1) do # Family deleted
+ rest_request(:delete, 'component-family', nil, 'id' => family.id)
+ end
+ end
+
+ assert_response(:success)
+ end
+
test "can't delete component family containing other people's components" do
login_as(:john)