diff --git a/app/contracts/oauth/applications/delete_contract.rb b/app/contracts/oauth/applications/delete_contract.rb index ba4c2368d031..1d7ce6f5dab3 100644 --- a/app/contracts/oauth/applications/delete_contract.rb +++ b/app/contracts/oauth/applications/delete_contract.rb @@ -29,7 +29,7 @@ module OAuth module Applications class DeleteContract < ::DeleteContract - delete_permission -> { !model.builtin? && user.active_admin? } + delete_permission -> { !model.builtin? && user.admin? } end end end diff --git a/app/contracts/oauth/applications/update_contract.rb b/app/contracts/oauth/applications/update_contract.rb index 7c4cd202483f..48f436d14fef 100644 --- a/app/contracts/oauth/applications/update_contract.rb +++ b/app/contracts/oauth/applications/update_contract.rb @@ -29,6 +29,13 @@ module OAuth module Applications class UpdateContract < BaseContract + validate :application_is_not_builtin + + def application_is_not_builtin + if model.builtin? + errors.add(:base, :unchangeable) + end + end end end end diff --git a/spec/contracts/oauth/applications/base_contract_spec.rb b/spec/contracts/oauth/applications/base_contract_spec.rb new file mode 100644 index 000000000000..1aa2a9111fb9 --- /dev/null +++ b/spec/contracts/oauth/applications/base_contract_spec.rb @@ -0,0 +1,96 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + +require "spec_helper" +require_relative "shared_examples" + +RSpec.describe OAuth::Applications::BaseContract, type: :model do # rubocop:disable RSpec/SpecFilePathFormat + let(:user) { create(:admin) } + + subject { described_class.new(application, user).validate } + + describe ":user" do + let(:application) { create(:oauth_application) } + + context "if user is admin" do + it_behaves_like "oauth application contract is valid" + end + + context "if user is not admin" do + let(:user) { create(:user) } + + it_behaves_like "oauth application contract is invalid" + end + end + + describe ":integration" do + context "if only integration id and not integration type is given" do + let(:application) { create(:oauth_application, integration_id: 1) } + + it_behaves_like "oauth application contract is invalid" + end + + context "if only integration type and not integration id is given" do + let(:application) { create(:oauth_application, integration_type: "Storages::NextcloudStorage") } + + it_behaves_like "oauth application contract is invalid" + end + + context "if both integration type and integration id is given" do + let(:storage) { create(:nextcloud_storage) } + let(:application) { create(:oauth_application, integration: storage) } + + it_behaves_like "oauth application contract is valid" + end + end + + describe ":client_credentials_user_id" do + let(:secret) { "my_secret" } + + context "if no client credential user is defined" do + let(:application) { build_stubbed(:oauth_application, secret:) } + + it_behaves_like "oauth application contract is valid" + end + + context "if client credential user is defined and present" do + let(:auth_user) { create(:user) } + let(:application) { build_stubbed(:oauth_application, secret:, client_credentials_user_id: auth_user.id) } + + it_behaves_like "oauth application contract is valid" + end + + context "if client credential user is defined and not present" do + let(:application) { build_stubbed(:oauth_application, secret:, client_credentials_user_id: "1337") } + + it_behaves_like "oauth application contract is invalid" + end + end +end diff --git a/spec/contracts/oauth/applications/create_contract_spec.rb b/spec/contracts/oauth/applications/create_contract_spec.rb new file mode 100644 index 000000000000..c0d00a938e5e --- /dev/null +++ b/spec/contracts/oauth/applications/create_contract_spec.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + +require "spec_helper" +require_relative "shared_examples" + +RSpec.describe OAuth::Applications::CreateContract, type: :model do # rubocop:disable RSpec/SpecFilePathFormat + let(:user) { create(:admin) } + + subject { described_class.new(application, user).validate } + + context "if no owner is given" do + let(:application) { create(:oauth_application, owner: nil) } + + it_behaves_like "oauth application contract is invalid" + end + + context "if owner is given" do + let(:application) { create(:oauth_application, owner: user) } + + it_behaves_like "oauth application contract is valid" + end +end diff --git a/spec/contracts/oauth/applications/delete_contract_spec.rb b/spec/contracts/oauth/applications/delete_contract_spec.rb new file mode 100644 index 000000000000..91e1cedff4ee --- /dev/null +++ b/spec/contracts/oauth/applications/delete_contract_spec.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + +require "spec_helper" +require_relative "shared_examples" + +RSpec.describe OAuth::Applications::DeleteContract, type: :model do # rubocop:disable RSpec/SpecFilePathFormat + subject { described_class.new(application, user).validate } + + context "if oauth application is builtin" do + let(:user) { create(:admin) } + let(:application) { create(:oauth_application, builtin: true) } + + it_behaves_like "oauth application contract is invalid" + end + + context "if user is no admin" do + let(:user) { create(:user) } + let(:application) { create(:oauth_application) } + + it_behaves_like "oauth application contract is invalid" + end +end diff --git a/spec/contracts/oauth/applications/shared_examples.rb b/spec/contracts/oauth/applications/shared_examples.rb new file mode 100644 index 000000000000..17094c0f0a40 --- /dev/null +++ b/spec/contracts/oauth/applications/shared_examples.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + +RSpec.shared_examples_for "oauth application contract is invalid" do + it { expect(subject).to be_falsey } +end + +RSpec.shared_examples_for "oauth application contract is valid" do + it { expect(subject).to be_truthy } +end diff --git a/spec/contracts/oauth/applications/update_contract_spec.rb b/spec/contracts/oauth/applications/update_contract_spec.rb new file mode 100644 index 000000000000..1474dfd97b16 --- /dev/null +++ b/spec/contracts/oauth/applications/update_contract_spec.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: true + +#-- copyright +# OpenProject is an open source project management software. +# Copyright (C) the OpenProject GmbH +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License version 3. +# +# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows: +# Copyright (C) 2006-2013 Jean-Philippe Lang +# Copyright (C) 2010-2013 the ChiliProject Team +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# See COPYRIGHT and LICENSE files for more details. +#++ + +require "spec_helper" +require_relative "shared_examples" + +RSpec.describe OAuth::Applications::UpdateContract, type: :model do # rubocop:disable RSpec/SpecFilePathFormat + subject { described_class.new(application, user).validate } + + context "if application is builtin" do + let(:user) { create(:admin) } + let(:application) { create(:oauth_application, builtin: true) } + + it_behaves_like "oauth application contract is invalid" + end +end