Merge pull request ManageIQ#14659 from imtayadeway/api/bug/delete-pol…

…icies Allow policies to be deleted via DELETE
mzazrivec · Apr 7, 2017 · 0e5e8dc · 0e5e8dc
2 parents a374504 + d12546c
commit 0e5e8dc
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 7 deletions.
diff --git a/config/api.yml b/config/api.yml
@@ -1074,7 +1074,7 @@
     :options:
     - :collection
     - :subcollection
-    :verbs: *gp
+    :verbs: *gpd
     :klass: MiqPolicy
     :subcollections:
     - :conditions

diff --git a/spec/requests/api/policies_spec.rb b/spec/requests/api/policies_spec.rb
@@ -391,12 +391,69 @@ def test_policy_profile_query(object, object_policy_profiles_url)
       expect(response.parsed_body["error"]["message"]).to include(miq_policy_contents.keys.join(", "))
     end
 
-    it "deletes policy" do
-      api_basic_authorize collection_action_identifier(:policies, :delete)
-      run_post(policies_url, gen_request(:delete, "href" => policies_url(miq_policy.id)))
-      policy_id = response.parsed_body["results"].first["id"]
-      expect(MiqPolicy.exists?(policy_id)).to be_falsey
-      expect(response).to have_http_status(:ok)
+    describe "POST /api/policies/:id with 'delete' action" do
+      it "can delete a policy with appropriate role" do
+        api_basic_authorize(action_identifier(:policies, :delete))
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect { run_post(policies_url(policy.id), :action => "delete") }.to change(MiqPolicy, :count).by(-1)
+
+        expect(response).to have_http_status(:ok)
+      end
+
+      it "will not delete a policy without an appropriate role" do
+        api_basic_authorize
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect { run_post(policies_url(policy.id), :action => "delete") }.not_to change(MiqPolicy, :count)
+
+        expect(response).to have_http_status(:forbidden)
+      end
+    end
+
+    describe "POST /api/policies with 'delete' action" do
+      it "can delete a policy with appropriate role" do
+        api_basic_authorize(collection_action_identifier(:policies, :delete))
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect do
+          run_post(policies_url, :action => "delete", :resources => [{:id => policy.id}])
+        end.to change(MiqPolicy, :count).by(-1)
+
+        expect(response.parsed_body).to include("results" => [a_hash_including("success" => true)])
+        expect(response).to have_http_status(:ok)
+      end
+
+      it "will not delete a policy without an appropriate role" do
+        api_basic_authorize
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect do
+          run_post(policies_url, :action => "delete", :resources => [{:id => policy.id}])
+        end.not_to change(MiqPolicy, :count)
+
+        expect(response).to have_http_status(:forbidden)
+      end
+    end
+
+    describe "DELETE /api/policies/:id" do
+      it "can delete a policy with appropriate role" do
+        api_basic_authorize(action_identifier(:policies, :delete, :resource_actions, :delete))
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect { run_delete(policies_url(policy.id)) }.to change(MiqPolicy, :count).by(-1)
+
+        expect(response).to have_http_status(:no_content)
+      end
+
+      it "will not delete a policy without an appropriate role" do
+        api_basic_authorize
+        policy = FactoryGirl.create(:miq_policy)
+
+        expect { run_delete(policies_url(policy.id)) }.not_to change(MiqPolicy, :count)
+
+        expect(response).to have_http_status(:forbidden)
+      end
     end
 
     it "edits policy actions events and conditions" do