diff --git a/devops-service/db/mongo/models/project.rb b/devops-service/db/mongo/models/project.rb index da52ce5..a4a4a23 100644 --- a/devops-service/db/mongo/models/project.rb +++ b/devops-service/db/mongo/models/project.rb @@ -81,11 +81,14 @@ module Devops Project.create_roles_response(res) end + # user could be a String or an Array of strings. + # if env is nil, add given user(s) to all project's envs, + # otherwise only to specified one. def add_authorized_user user, env=nil return if user.nil? new_users = ( user.is_a?(Array) ? user : [ user ] ) environments = env.nil? ? self.deploy_envs : [ self.deploy_env(env) ] - environments .each do |e| + environments.each do |e| e.add_users new_users Devops::Db.connector.set_project_deploy_env_field(self.id, e.identifier, {users: e.users}) end diff --git a/devops-service/spec/models/project_spec.rb b/devops-service/spec/models/project_spec.rb index c721912..bed0128 100644 --- a/devops-service/spec/models/project_spec.rb +++ b/devops-service/spec/models/project_spec.rb @@ -114,4 +114,161 @@ RSpec.describe Devops::Model::Project, type: :model do end end + describe '#add_authorized_user' do + before do + allow(Devops::Db).to receive_message_chain('connector.set_project_deploy_env_field') + end + let(:env1) { build(:deploy_env_ec2, identifier: 'foo') } + let(:env2) { build(:deploy_env_ec2, identifier: 'bar') } + let(:project) { build(:project, deploy_envs: [env1, env2]) } + + it 'returns nil if user is nil' do + expect(project.add_authorized_user(nil)).to be_nil + end + + context "when env isn't given" do + context 'when user is a String' do + it 'adds given user to all envs' do + project.add_authorized_user('John') + expect(env1.users).to match_array(%w(root John)) + expect(env2.users).to match_array(%w(root John)) + end + end + + context 'when user is an Array of strings' do + it 'adds given users to all envs' do + project.add_authorized_user(['John', 'Matz']) + expect(env1.users).to match_array(%w(root John Matz)) + expect(env2.users).to match_array(%w(root John Matz)) + end + end + end + + context 'when env is given' do + context 'when user is a String' do + it 'adds given user to given env' do + project.add_authorized_user('John', 'bar') + expect(env1.users).to match_array(%w(root)) + expect(env2.users).to match_array(%w(root John)) + end + end + + context 'when user is an Array of strings' do + it 'adds given users to all envs' do + project.add_authorized_user(['John', 'Matz'], 'bar') + expect(env1.users).to match_array(%w(root)) + expect(env2.users).to match_array(%w(root John Matz)) + end + end + end + end + + describe '#remove_authorized_user' do + before do + allow(Devops::Db).to receive_message_chain('connector.set_project_deploy_env_field') + end + let(:env1) { build(:deploy_env_ec2, identifier: 'foo', users: %w(root John Matz)) } + let(:env2) { build(:deploy_env_ec2, identifier: 'bar', users: %w(root John Matz)) } + let(:project) { build(:project, deploy_envs: [env1, env2]) } + + it 'returns nil if user is nil' do + expect(project.remove_authorized_user(nil)).to be_nil + end + + context "when env isn't given" do + context 'when user is a String' do + it 'adds given user to all envs' do + project.remove_authorized_user('John') + expect(env1.users).to match_array(%w(root Matz)) + expect(env2.users).to match_array(%w(root Matz)) + end + end + + context 'when user is an Array of strings' do + it 'adds given users to all envs' do + project.remove_authorized_user(['John', 'Matz']) + expect(env1.users).to match_array(%w(root)) + expect(env2.users).to match_array(%w(root)) + end + end + end + + context 'when env is given' do + context 'when user is a String' do + it 'adds given user to given env' do + project.remove_authorized_user('John', 'bar') + expect(env1.users).to match_array(%w(root John Matz)) + expect(env2.users).to match_array(%w(root Matz)) + end + end + + context 'when user is an Array of strings' do + it 'adds given users to all envs' do + project.remove_authorized_user(['John', 'Matz'], 'bar') + expect(env1.users).to match_array(%w(root John Matz)) + expect(env2.users).to match_array(%w(root)) + end + end + end + end + + describe '#check_authorization' do + subject { project.check_authorization(@user || 'Matz', 'foo') } + + it 'returns true for root user' do + @user = 'root' + expect(subject).to be true + end + + it "returns false if env's users don't include given user" do + expect(subject).to be false + end + + it "returns true if env's users include given user" do + project.deploy_env('foo').users = %w(root Matz) + expect(subject).to be true + end + + it 'returns false if there is no such env' do + expect(project.check_authorization('root', 'wrong')).to be false + end + end + + describe '#delete_deploy_env' do + it 'removes env' do + allow(Devops::Db).to receive_message_chain('connector.remove_deploy_env_from_project') + expect(Devops::Db).to receive_message_chain('connector.remove_deploy_env_from_project').with(project.id, 'foo') + project.delete_deploy_env('foo') + expect(project.deploy_envs).to match_array [] + end + end + + describe '#to_hash' do + subject { project.to_hash } + it 'returns hash' do + expect(subject).to be_a(Hash) + end + + it 'contains project id under name key' do + expect(subject['name']).to eq project.id + end + + it 'contains deploy_envs converted to hashes' do + expect(subject['deploy_envs']).to be_an_array_of(Hash) + end + + it 'also contains descriptions and run_list' do + expect(subject).to include('description', 'run_list') + end + + it 'contains archived key if project is archived' do + project.archived = true + expect(subject).to include('archived') + end + + it "doesn't contain archived if project isn't archived" do + expect(subject).not_to include('archived') + end + end + end \ No newline at end of file