# frozen_string_literal: true #-- copyright # OpenProject is an open source project management software. # Copyright (C) the OpenProject GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License version 3. # # OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: # Copyright (C) 2006-2013 Jean-Philippe Lang # Copyright (C) 2010-2013 the ChiliProject Team # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # # See COPYRIGHT and LICENSE files for more details. #++ require "spec_helper" RSpec.describe WorkPackagesController do before do login_as current_user end let(:project) { create(:project, identifier: "test_project", public: false) } let(:other_project) { build_stubbed(:project) } let(:type) { create(:type) } let(:work_package) { create(:work_package, type:, project:) } let(:current_user) { create(:user) } def self.requires_permission_in_project(&) describe "w/o the permission to see the project/work_package" do before do allow(controller).to receive(:work_package).and_return(nil) call_action end it "renders a 404" do expect(response.response_code).to be === 404 end end describe "with the permission to see the project " \ "with having the necessary permissions" do let(:role) { create(:project_role, permissions: [:view_work_packages]) } before do create(:member, project: work_package.project, principal: current_user, roles: [role]) end instance_eval(&) end end def self.requires_export_permission(&) describe "with the export permission " \ "without a project" do let(:project) { nil } let(:other_project) { build_stubbed(:project) } before do mock_permissions_for(current_user) do |mock| mock.allow_in_project :export_work_packages, project: other_project end end instance_eval(&) end describe "with the export permission " \ "with a project" do before do params[:project_id] = project.id mock_permissions_for(current_user) do |mock| mock.allow_in_project :export_work_packages, project: end end instance_eval(&) end describe "w/o the export permission" do let(:project) { nil } before do mock_permissions_for(current_user, &:forbid_everything) call_action end it "renders a 403" do expect(response.response_code).to eq(403) end end end describe "index" do let(:query) { build_stubbed(:query).tap(&:add_default_filter) } let(:work_packages) { double("work packages").as_null_object } let(:results) { double("results").as_null_object } describe "with valid query" do before do mock_permissions_for(current_user) do |mock| mock.allow_in_project :view_work_packages, project: other_project mock.allow_in_project(:view_work_packages, project:) if project end allow(controller).to receive(:retrieve_query).and_return(query) end describe "html" do let(:call_action) { get("index", params: { project_id: project.id }) } before do call_action end describe "without a project, but with view_work_packages permission on any project" do let(:project) { nil } let(:call_action) { get("index") } it "renders the index template" do expect(response).to render_template("work_packages/index") end end context "with a project" do it "renders the index template" do expect(response).to render_template("work_packages/index") end end end shared_examples_for "export of mime_type" do let(:export_storage) { build_stubbed(:work_packages_export) } let(:call_action) { get("index", params: params.merge(format: mime_type)) } requires_export_permission do before do service_instance = double("service_instance") allow(WorkPackages::Exports::ScheduleService) .to receive(:new) .with(user: current_user) .and_return(service_instance) allow(service_instance) .to receive(:call) .with(query:, mime_type: mime_type.to_sym, params: anything) .and_return(ServiceResult.failure(result: "uuid of the export job")) end it "redirects to the job status" do call_action expect(response).to redirect_to job_status_path("uuid of the export job") end context "with json accept" do it "fulfills the defined should_receives" do request.headers["Accept"] = "application/json" call_action expect(response.body).to eq({ job_id: "uuid of the export job" }.to_json) end end end end describe "csv" do let(:params) { {} } let(:mime_type) { "csv" } it_behaves_like "export of mime_type" end describe "pdf" do let(:params) { {} } let(:mime_type) { "pdf" } it_behaves_like "export of mime_type" end describe "atom" do let(:params) { {} } let(:call_action) { get("index", params: params.merge(format: "atom")) } requires_export_permission do before do # Note: Stubs for methods used to build up the json query results. # TODO RS: Clearly this isn't testing anything, but it all needs to be moved to an API controller anyway. allow(query).to receive(:results).and_return(results) allow(results).to receive_message_chain(:work_packages, :page, :per_page).and_return(work_packages) expect(controller).to receive(:render_feed).with(work_packages, anything) do |*_args| # We need to render something because otherwise # the controller will and it will not find a suitable template controller.render plain: "success" end end it "fulfills the defined should_receives" do call_action end end end end context "with invalid query" do describe "pdf" do let(:call_action) { get("index", params: params.merge(format: "pdf")) } let(:params) { { query_id: "hokusbogus" } } context "when a non-existent query has been previously selected" do before do mock_permissions_for(current_user, &:allow_everything) allow(controller) .to receive(:retrieve_query) .and_raise(ActiveRecord::RecordNotFound) call_action end it "renders a 404" do expect(response.response_code).to be 404 end end end end end describe "index with a broken project reference" do before do get("index", params: { project_id: "project_that_doesnt_exist" }) end it { is_expected.to respond_with :not_found } end describe "show.html" do let(:call_action) { get("show", params: { id: work_package.id.to_s }) } requires_permission_in_project do it "redirects to the full url" do call_action expect(response).to redirect_to("/projects/test_project/work_packages/#{work_package.id}/activity") end end end describe "show.html with semantic identifier", with_settings: { work_packages_identifier: "semantic" } do let(:project) { create(:project, identifier: "TESTPROJ") } let(:call_action) { get("show", params: { id: work_package.display_id.to_s }) } requires_permission_in_project do it "resolves the semantic identifier and redirects to the full url" do call_action expect(response).to redirect_to("/projects/TESTPROJ/work_packages/#{work_package.display_id}/activity") end end end describe "show.pdf" do let(:call_action) { get("show", params: { format: "pdf", id: work_package.id.to_s }) } let(:exporter) { WorkPackage::PDFExport::WorkPackageToPdf } let(:exporter_instance) { instance_double(exporter) } before do allow(exporter).to receive(:new).and_return(exporter_instance) end requires_permission_in_project do it "respond with a pdf" do pdf_data = "foobar" time = DateTime.new(2023, 6, 30, 23, 59) allow(DateTime).to receive(:now).and_return(time) expected_name = [work_package.project.identifier, "##{work_package.id}", work_package.subject, "2023-06-30_23-59"].join("_").tr(" ", "-") expected_type = "application/pdf" pdf_result = double("pdf_result", error?: false, content: pdf_data, title: expected_name, mime_type: expected_type) allow(exporter_instance).to receive(:export!).and_return(pdf_result) expect(controller).to receive(:send_data).with(pdf_data, type: expected_type, filename: expected_name) do |*_args| # We need to render something because otherwise # the controller will and it will not find a suitable template controller.render plain: "success" end call_action end end end describe "show.atom" do let(:call_action) { get("show", params: { format: "atom", id: work_package.id.to_s }) } requires_permission_in_project do it "render the journal/index template" do call_action expect(response).to render_template("journals/index") end end context "when there are internal comments" do render_views let(:admin) { create(:admin) } let(:project) do create(:project, identifier: "test_project", public: false, enabled_internal_comments: true) end before do work_package = create(:work_package, id: 5173, project:) create(:work_package_journal, journable: work_package, user: admin, notes: "internal comment", internal: true, version: 2) end context "and the user does not have permission to see such comments" do it "does not include internal comments" do get("show", params: { format: "atom", id: 5173 }) expect(response.body).not_to include("internal comment") end end context "and the user has permission to see such comments", with_ee: [:internal_comments] do before do login_as admin end it "includes internal comments" do get("show", params: { format: "atom", id: 5173 }) expect(response.body).to include("internal comment") end end end end describe "redirect deep link", with_settings: { login_required?: true } do let(:current_user) { User.anonymous } let(:params) do { project_id: project.id } end it "redirects to collection with query" do get "index", params: params.merge(query_id: 123, query_props: "foo") expect(response).to be_redirect location = "/projects/#{project.id}/work_packages?query_id=123&query_props=foo" expect(response.location).to end_with(CGI.escape(location)) end end end