Add endpoint to create new project boards

4214d386 · Douglas Barbosa Alexandre · f41eeaac · 4214d386 · 4214d386 · 4214d386
Commit 4214d386 authored Oct 05, 2016 by Douglas Barbosa Alexandre
4 changed files
--- a/app/controllers/projects/boards_controller.rb
+++ b/app/controllers/projects/boards_controller.rb
@@ -2,6 +2,7 @@ class Projects::BoardsController < Projects::ApplicationController
  include IssuableCollections
  before_action :authorize_read_board!, only: [:index, :show]
+  before_action :authorize_admin_board!, only: [:create]
  def index
    @boards = ::Boards::ListService.new(project, current_user).execute
@@ -25,10 +26,32 @@ class Projects::BoardsController < Projects::ApplicationController
    end
  end
+  def create
+    board = ::Boards::CreateService.new(project, current_user, board_params).execute
+    respond_to do |format|
+      format.json do
+        if board.valid?
+          render json: serialize_as_json(board)
+        else
+          render json: board.errors, status: :unprocessable_entity
+        end
+      end
+    end
+  end
  private
+  def authorize_admin_board!
+    return render_404 unless can?(current_user, :admin_board, project)
+  end
  def authorize_read_board!
-    return access_denied! unless can?(current_user, :read_board, project)
+    return render_404 unless can?(current_user, :read_board, project)
+  end
+  def board_params
+    params.require(:board).permit(:name)
  end
  def serialize_as_json(resource)

--- a/app/policies/project_policy.rb
+++ b/app/policies/project_policy.rb
@@ -91,6 +91,7 @@ class ProjectPolicy < BasePolicy
    can! :update_container_image
    can! :create_environment
    can! :create_deployment
+    can! :admin_board
  end
  def master_access!

--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -459,7 +459,7 @@ resources :namespaces, path: '/', constraints: { id: /[a-zA-Z.0-9_\-]+/ }, only:
        end
      end
-      resources :boards, only: [:index, :show] do
+      resources :boards, only: [:index, :show, :create] do
        scope module: :boards do
          resources :issues, only: [:update]

--- a/spec/controllers/projects/boards_controller_spec.rb
+++ b/spec/controllers/projects/boards_controller_spec.rb
@@ -21,6 +21,20 @@ describe Projects::BoardsController do
        expect(response).to render_template :index
        expect(response.content_type).to eq 'text/html'
      end
+      context 'with unauthorized user' do
+        before do
+          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+          allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+        end
+        it 'returns a not found 404 response' do
+          list_boards
+          expect(response).to have_http_status(404)
+          expect(response.content_type).to eq 'text/html'
+        end
+      end
    end
    context 'when format is JSON' do
@@ -34,18 +48,19 @@ describe Projects::BoardsController do
        expect(response).to match_response_schema('boards')
        expect(parsed_response.length).to eq 2
      end
-    end
-    context 'with unauthorized user' do
+      context 'with unauthorized user' do
-      before do
+        before do
-        allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
-        allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+          allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
-      end
+        end
-      it 'returns a not found 404 response' do
+        it 'returns a not found 404 response' do
-        list_boards
+          list_boards format: :json
-        expect(response).to have_http_status(404)
+          expect(response).to have_http_status(404)
+          expect(response.content_type).to eq 'application/json'
+        end
      end
    end
@@ -66,6 +81,20 @@ describe Projects::BoardsController do
        expect(response).to render_template :show
        expect(response.content_type).to eq 'text/html'
      end
+      context 'with unauthorized user' do
+        before do
+          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+          allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+        end
+        it 'returns a not found 404 response' do
+          read_board board: board
+          expect(response).to have_http_status(404)
+          expect(response.content_type).to eq 'text/html'
+        end
+      end
    end
    context 'when format is JSON' do
@@ -74,18 +103,19 @@ describe Projects::BoardsController do
        expect(response).to match_response_schema('board')
      end
-    end
-    context 'with unauthorized user' do
+      context 'with unauthorized user' do
-      before do
+        before do
-        allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+          allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
-        allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
+          allow(Ability).to receive(:allowed?).with(user, :read_board, project).and_return(false)
-      end
+        end
-      it 'returns a not found 404 response' do
+        it 'returns a not found 404 response' do
-        read_board board: board
+          read_board board: board, format: :json
-        expect(response).to have_http_status(404)
+          expect(response).to have_http_status(404)
+          expect(response.content_type).to eq 'application/json'
+        end
      end
    end
@@ -106,4 +136,49 @@ describe Projects::BoardsController do
                 format: format
    end
  end
+  describe 'POST create' do
+    context 'with valid params' do
+      it 'returns a successful 200 response' do
+        create_board name: 'Backend'
+        expect(response).to have_http_status(200)
+      end
+      it 'returns the created board' do
+        create_board name: 'Backend'
+        expect(response).to match_response_schema('board')
+      end
+    end
+    context 'with invalid params' do
+      it 'returns an unprocessable entity 422 response' do
+        create_board name: nil
+        expect(response).to have_http_status(422)
+      end
+    end
+    context 'with unauthorized user' do
+      before do
+        allow(Ability).to receive(:allowed?).with(user, :read_project, project).and_return(true)
+        allow(Ability).to receive(:allowed?).with(user, :admin_board, project).and_return(false)
+      end
+      it 'returns a not found 404 response' do
+        create_board name: 'Backend'
+        expect(response.content_type).to eq 'application/json'
+        expect(response).to have_http_status(404)
+      end
+    end
+    def create_board(name:)
+      post :create, namespace_id: project.namespace.to_param,
+                    project_id: project.to_param,
+                    board: { name: name },
+                    format: :json
+    end
+  end
 end