ToolJet/test/controllers/apps_controller_test.rb

require 'test_helper'

class AppsControllerTest < ActionDispatch::IntegrationTest
  def setup
    @org = Organization.create({ name: 'ToolJet Test' })
    @admin = User.create({ first_name: 'Admin', email: 'admin@example.com', password: 'password',
                           organization: @org })
    @developer = User.create({ first_name: 'Dev', email: 'dev@example.com', password: 'password',
                               organization: @org })
    @viewer = User.create({ first_name: 'Viewer', email: 'viewer@example.com', password: 'password',
                            organization: @org })
    OrganizationUser.create(organization: @org, user: @admin, role: 'admin')
    OrganizationUser.create(organization: @org, user: @developer, role: 'developer')
    OrganizationUser.create(organization: @org, user: @viewer, role: 'viewer')

    @another_org = Organization.create({ name: 'Another ToolJet Test' })
    @another_org_admin = User.create({ first_name: 'Admin', email: 'admin@domain.com', password: 'password',
                                       organization: @another_org })
    OrganizationUser.create(organization: @another_org, user: @another_org_admin, role: 'admin')
  end

  test 'admins can create apps' do
    assert_difference 'App.count', 1 do
      post apps_url, params: { name: 'Test App' }, as: :json, headers: auth_header(@admin)
    end

    assert_response 200

    get apps_url, headers: { 'Content-Type': 'application/json' }.merge(auth_header(@admin)), xhr: true
    assert_response 200
    assert_equal 1, JSON.parse(response.body)['apps'].count
  end

  test 'developers cannot create apps' do
    assert_no_difference 'App.count' do
      post apps_url, params: { name: 'Test App' }, as: :json, headers: auth_header(@developer)
    end

    assert_response 403
  end

  test 'viewers cannot create apps' do
    assert_no_difference 'App.count' do
      post apps_url, params: { name: 'Test App' }, as: :json, headers: auth_header(@viewer)
    end

    assert_response 403
  end

  test 'all org users can GET app' do
    app = App.create(name: 'Test App', organization: @org)

    get app_url(app.id), headers: { 'Content-Type': 'application/json' }.merge(auth_header(@admin)), xhr: true
    assert_response 200

    get app_url(app.id), headers: { 'Content-Type': 'application/json' }.merge(auth_header(@developer)), xhr: true
    assert_response 200

    get app_url(app.id), headers: { 'Content-Type': 'application/json' }.merge(auth_header(@viewer)), xhr: true
    assert_response 200
  end

  test 'non org users cannot GET app' do
    app = App.create(name: 'Test App', organization: @org)

    get app_url(app.id), headers: { 'Content-Type': 'application/json' }.merge(auth_header(@another_org_admin)),
                         xhr: true
    assert_response 403
  end

  test 'users cannot list another orgs apps' do
    app = App.create(name: 'Test App', organization: @org)

    get apps_url, headers: { 'Content-Type': 'application/json' }.merge(auth_header(@another_org_admin)), xhr: true
    assert_response 200
    assert_equal 0, JSON.parse(response.body)['apps'].size
  end

  test 'org users can list orgs apps' do
    app = App.create(name: 'Test App', organization: @org)

    get apps_url, headers: { 'Content-Type': 'application/json' }.merge(auth_header(@admin)), xhr: true
    assert_response 200
    assert_equal 1, JSON.parse(response.body)['apps'].size

    get apps_url, headers: { 'Content-Type': 'application/json' }.merge(auth_header(@developer)), xhr: true
    assert_response 200
    assert_equal 1, JSON.parse(response.body)['apps'].size

    get apps_url, headers: { 'Content-Type': 'application/json' }.merge(auth_header(@viewer)), xhr: true
    assert_response 200
    assert_equal 1, JSON.parse(response.body)['apps'].size
  end

  test 'anyone can view public apps' do
    app = App.create(name: 'Test App', organization: @org, is_public: true)
    get app_url(app.id), headers: { 'Content-Type': 'application/json' },
                         xhr: true
    assert_response 200
  end
end
Setup Rubocop 2021-04-29 06:41:23 +00:00			`require 'test_helper'`
Feature: Create new apps 2021-04-01 10:59:27 +00:00
			`class AppsControllerTest < ActionDispatch::IntegrationTest`
Setup Rubocop 2021-04-29 06:41:23 +00:00			`def setup`
			`@org = Organization.create({ name: 'ToolJet Test' })`
			`@admin = User.create({ first_name: 'Admin', email: 'admin@example.com', password: 'password',`
			`organization: @org })`
			`@developer = User.create({ first_name: 'Dev', email: 'dev@example.com', password: 'password',`
			`organization: @org })`
			`@viewer = User.create({ first_name: 'Viewer', email: 'viewer@example.com', password: 'password',`
			`organization: @org })`
			`OrganizationUser.create(organization: @org, user: @admin, role: 'admin')`
			`OrganizationUser.create(organization: @org, user: @developer, role: 'developer')`
			`OrganizationUser.create(organization: @org, user: @viewer, role: 'viewer')`

			`@another_org = Organization.create({ name: 'Another ToolJet Test' })`
			`@another_org_admin = User.create({ first_name: 'Admin', email: 'admin@domain.com', password: 'password',`
			`organization: @another_org })`
			`OrganizationUser.create(organization: @another_org, user: @another_org_admin, role: 'admin')`
			`end`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00
Setup Rubocop 2021-04-29 06:41:23 +00:00			`test 'admins can create apps' do`
			`assert_difference 'App.count', 1 do`
			`post apps_url, params: { name: 'Test App' }, as: :json, headers: auth_header(@admin)`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00			`end`

Setup Rubocop 2021-04-29 06:41:23 +00:00			`assert_response 200`

			`get apps_url, headers: { 'Content-Type': 'application/json' }.merge(auth_header(@admin)), xhr: true`
			`assert_response 200`
			`assert_equal 1, JSON.parse(response.body)['apps'].count`
			`end`

			`test 'developers cannot create apps' do`
			`assert_no_difference 'App.count' do`
			`post apps_url, params: { name: 'Test App' }, as: :json, headers: auth_header(@developer)`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00			`end`

Setup Rubocop 2021-04-29 06:41:23 +00:00			`assert_response 403`
			`end`

			`test 'viewers cannot create apps' do`
			`assert_no_difference 'App.count' do`
			`post apps_url, params: { name: 'Test App' }, as: :json, headers: auth_header(@viewer)`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00			`end`

Setup Rubocop 2021-04-29 06:41:23 +00:00			`assert_response 403`
			`end`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00
Setup Rubocop 2021-04-29 06:41:23 +00:00			`test 'all org users can GET app' do`
			`app = App.create(name: 'Test App', organization: @org)`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00
Setup Rubocop 2021-04-29 06:41:23 +00:00			`get app_url(app.id), headers: { 'Content-Type': 'application/json' }.merge(auth_header(@admin)), xhr: true`
			`assert_response 200`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00
Setup Rubocop 2021-04-29 06:41:23 +00:00			`get app_url(app.id), headers: { 'Content-Type': 'application/json' }.merge(auth_header(@developer)), xhr: true`
			`assert_response 200`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00
Setup Rubocop 2021-04-29 06:41:23 +00:00			`get app_url(app.id), headers: { 'Content-Type': 'application/json' }.merge(auth_header(@viewer)), xhr: true`
			`assert_response 200`
			`end`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00
Setup Rubocop 2021-04-29 06:41:23 +00:00			`test 'non org users cannot GET app' do`
			`app = App.create(name: 'Test App', organization: @org)`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00
Setup Rubocop 2021-04-29 06:41:23 +00:00			`get app_url(app.id), headers: { 'Content-Type': 'application/json' }.merge(auth_header(@another_org_admin)),`
			`xhr: true`
			`assert_response 403`
			`end`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00
Setup Rubocop 2021-04-29 06:41:23 +00:00			`test 'users cannot list another orgs apps' do`
			`app = App.create(name: 'Test App', organization: @org)`
Setup pundit authorization, add tests for apps controller 2021-04-25 12:35:36 +00:00
Setup Rubocop 2021-04-29 06:41:23 +00:00			`get apps_url, headers: { 'Content-Type': 'application/json' }.merge(auth_header(@another_org_admin)), xhr: true`
			`assert_response 200`
			`assert_equal 0, JSON.parse(response.body)['apps'].size`
			`end`

			`test 'org users can list orgs apps' do`
			`app = App.create(name: 'Test App', organization: @org)`

			`get apps_url, headers: { 'Content-Type': 'application/json' }.merge(auth_header(@admin)), xhr: true`
			`assert_response 200`
			`assert_equal 1, JSON.parse(response.body)['apps'].size`

			`get apps_url, headers: { 'Content-Type': 'application/json' }.merge(auth_header(@developer)), xhr: true`
			`assert_response 200`
			`assert_equal 1, JSON.parse(response.body)['apps'].size`

			`get apps_url, headers: { 'Content-Type': 'application/json' }.merge(auth_header(@viewer)), xhr: true`
			`assert_response 200`
			`assert_equal 1, JSON.parse(response.body)['apps'].size`
			`end`
Feature: Public applications 🎉 2021-05-07 08:25:09 +00:00
			`test 'anyone can view public apps' do`
			`app = App.create(name: 'Test App', organization: @org, is_public: true)`
			`get app_url(app.id), headers: { 'Content-Type': 'application/json' },`
			`xhr: true`
			`assert_response 200`
			`end`
Setup Rubocop 2021-04-29 06:41:23 +00:00			`end`