Introduce responses_for_space_restricted_single_endpoint test helper

Signed-off-by: Brian Butz <bbutz@pivotal.io>

Author: Urse Searle

spec/request/events_spec.rb

@@ -240,27 +240,17 @@
         end
 
         let(:expected_codes_and_responses) do
-          h = Hash.new(
-            code: 200,
-            response_object: event_json
+          responses_for_space_restricted_single_endpoint(
+            event_json,
+            permitted_roles: %w(
+              admin
+              admin_read_only
+              global_auditor
+              org_auditor
+              space_auditor
+              space_developer
+            )
           )
-          h['space_manager'] = {
-            code: 404,
-            response_object: []
-          }
-          h['org_manager'] = {
-            code: 404,
-            response_object: []
-          }
-          h['org_billing_manager'] = {
-            code: 404,
-            response_object: []
-          }
-          h['no_role'] = {
-            code: 404,
-            response_object: []
-          }
-          h.freeze
         end
 
         it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS

spec/request/roles_spec.rb

@@ -1330,11 +1330,7 @@ def make_space_role_for_current_user(type)
       end
 
       let(:expected_codes_and_responses) do
-        h = Hash.new(code: 200, response_object: expected_response)
-        h['org_auditor'] = { code: 404 }
-        h['org_billing_manager'] = { code: 404 }
-        h['no_role'] = { code: 404 }
-        h
+        responses_for_space_restricted_single_endpoint(expected_response)
       end
 
       before do

spec/request/service_credential_bindings_spec.rb

@@ -363,42 +363,12 @@ def check_filtered_bindings(*bindings)
     let(:api_call) { ->(user_headers) { get "/v3/service_credential_bindings/#{key.guid}", nil, user_headers } }
     let(:expected_object) { expected_json(key) }
 
-    context 'global roles' do
+    describe 'permissions' do
       let(:expected_codes_and_responses) do
-        Hash.new({ code: 200, response_object: expected_object })
+        responses_for_space_restricted_single_endpoint(expected_object)
       end
 
-      it_behaves_like 'permissions for single object endpoint', GLOBAL_SCOPES
-    end
-
-    context 'local roles' do
-      context 'user is in the original space of the service instance' do
-        let(:expected_codes_and_responses) do
-          Hash.new({ code: 200, response_object: expected_object }).tap do |h|
-            h['org_auditor'] = { code: 404 }
-            h['org_billing_manager'] = { code: 404 }
-            h['no_role'] = { code: 404 }
-          end
-        end
-
-        it_behaves_like 'permissions for single object endpoint', LOCAL_ROLES
-      end
-
-      context 'user is in a space that the service instance is shared to' do
-        let(:instance) { VCAP::CloudController::ManagedServiceInstance.make(space: other_space) }
-
-        before do
-          instance.add_shared_space(space)
-        end
-
-        let(:api_call) { ->(user_headers) { get "/v3/service_credential_bindings/#{key.guid}", nil, user_headers } }
-
-        let(:expected_codes_and_responses) do
-          Hash.new(code: 404)
-        end
-
-        it_behaves_like 'permissions for single object endpoint', LOCAL_ROLES
-      end
+      it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
     end
 
     describe 'query params' do
@@ -432,48 +402,12 @@ def check_filtered_bindings(*bindings)
     let(:api_call) { ->(user_headers) { get "/v3/service_credential_bindings/#{app_binding.guid}", nil, user_headers } }
     let(:expected_object) { expected_json(app_binding) }
 
-    context 'global roles' do
+    describe 'permissions' do
       let(:expected_codes_and_responses) do
-        Hash.new({ code: 200, response_object: expected_object })
+        responses_for_space_restricted_single_endpoint(expected_object)
       end
 
-      it_behaves_like 'permissions for single object endpoint', GLOBAL_SCOPES
-    end
-
-    context 'local roles' do
-      let(:expected_codes_and_responses) do
-        Hash.new({ code: 200, response_object: expected_object }).tap do |h|
-          h['org_auditor'] = { code: 404 }
-          h['org_billing_manager'] = { code: 404 }
-          h['no_role'] = { code: 404 }
-        end
-      end
-
-      context 'user is in the original space of the service instance' do
-        it_behaves_like 'permissions for single object endpoint', LOCAL_ROLES
-      end
-
-      context 'user is in a space that the service instance is shared to' do
-        let(:instance) { VCAP::CloudController::ManagedServiceInstance.make(space: other_space) }
-
-        before do
-          instance.add_shared_space(space)
-        end
-
-        context 'the app is in the users space' do
-          it_behaves_like 'permissions for single object endpoint', LOCAL_ROLES
-        end
-
-        context 'the app is not in the users space' do
-          let(:app_to_bind_to) { VCAP::CloudController::AppModel.make(space: other_space) }
-
-          let(:expected_codes_and_responses) do
-            Hash.new(code: 404)
-          end
-
-          it_behaves_like 'permissions for single object endpoint', LOCAL_ROLES
-        end
-      end
+      it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
     end
 
     describe 'include' do
@@ -725,11 +659,7 @@ def check_filtered_bindings(*bindings)
 
       it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS do
         let(:expected_codes_and_responses) do
-          Hash.new(code: 200, response_object: binding_params).tap do |h|
-            h['org_auditor'] = { code: 404 }
-            h['org_billing_manager'] = { code: 404 }
-            h['no_role'] = { code: 404 }
-          end
+          responses_for_space_restricted_single_endpoint(binding_params)
         end
       end
 

spec/request/service_instances_spec.rb

@@ -25,14 +25,9 @@
       let(:guid) { instance.guid }
 
       let(:expected_codes_and_responses) do
-        Hash.new(
-          code: 200,
-          response_object: create_managed_json(instance),
-        ).tap do |h|
-          h['org_auditor'] = { code: 404 }
-          h['org_billing_manager'] = { code: 404 }
-          h['no_role'] = { code: 404 }
-        end
+        responses_for_space_restricted_single_endpoint(
+          create_managed_json(instance)
+        )
       end
 
       it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
@@ -43,14 +38,9 @@
       let(:guid) { instance.guid }
 
       let(:expected_codes_and_responses) do
-        h = Hash.new(
-          code: 200,
-          response_object: create_user_provided_json(instance),
+        responses_for_space_restricted_single_endpoint(
+          create_user_provided_json(instance)
         )
-        h['org_auditor'] = { code: 404 }
-        h['org_billing_manager'] = { code: 404 }
-        h['no_role'] = { code: 404 }
-        h
       end
 
       it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
@@ -66,15 +56,9 @@
       end
 
       let(:expected_codes_and_responses) do
-        h = Hash.new(
-          code: 200,
-          response_object: create_managed_json(instance),
+        responses_for_space_restricted_single_endpoint(
+          create_managed_json(instance)
         )
-
-        h['org_auditor'] = { code: 404 }
-        h['org_billing_manager'] = { code: 404 }
-        h['no_role'] = { code: 404 }
-        h
       end
 
       it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
@@ -3600,14 +3584,7 @@ def check_filtered_instances(*instances)
         end
 
         let(:expected_codes_and_responses) do
-          Hash.new(
-            code: 200,
-            response_object: expected_response,
-          ).tap do |h|
-            h['org_auditor'] = { code: 404 }
-            h['org_billing_manager'] = { code: 404 }
-            h['no_role'] = { code: 404 }
-          end
+          responses_for_space_restricted_single_endpoint(expected_response)
         end
       end
     end
@@ -3725,14 +3702,9 @@ def create_bindings(instance, space:, count:)
           }
         }
       }
-      let(:usage_summary_response) { { code: 200, response_object: response_object } }
 
       let(:expected_codes_and_responses) do
-        Hash.new(usage_summary_response).tap do |h|
-          h['org_auditor'] = { code: 404 }
-          h['org_billing_manager'] = { code: 404 }
-          h['no_role'] = { code: 404 }
-        end
+        responses_for_space_restricted_single_endpoint(response_object)
       end
 
       it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS

spec/request/service_offerings_spec.rb

@@ -106,14 +106,17 @@
         let(:space) { broker_space }
 
         let(:expected_codes_and_responses) do
-          h = Hash.new(code: 404)
-          h['admin'] = successful_response
-          h['admin_read_only'] = successful_response
-          h['global_auditor'] = successful_response
-          h['space_developer'] = successful_response
-          h['space_manager'] = successful_response
-          h['space_auditor'] = successful_response
-          h
+          responses_for_space_restricted_single_endpoint(
+            create_offering_json(service_offering),
+            permitted_roles: %w(
+              admin
+              admin_read_only
+              global_auditor
+              space_developer
+              space_manager
+              space_auditor
+            )
+          )
         end
 
         it_behaves_like 'permissions for single object endpoint', COMPLETE_PERMISSIONS

spec/request/service_plan_visibility_spec.rb

@@ -60,28 +60,36 @@
         VCAP::CloudController::ServicePlan.make(public: false, service: offering)
       end
 
-      let(:space_response) {
+      let(:response_object) do
         {
-          code: 200,
-          response_object: {
-            'type' => 'space',
-            'space' => {
-              'guid' => space.guid,
-              'name' => space.name
-            }
+          'type' => 'space',
+          'space' => {
+            'guid' => space.guid,
+            'name' => space.name
           }
         }
-      }
-      let(:expected_codes_and_responses) {
-        Hash.new(code: 404).tap do |h|
-          h['admin'] = space_response
-          h['admin_read_only'] = space_response
-          h['global_auditor'] = space_response
-          h['space_developer'] = space_response
-          h['space_manager'] = space_response
-          h['space_auditor'] = space_response
-        end
-      }
+      end
+
+      let(:space_response) do
+        {
+          code: 200,
+          response_object: response_object
+        }
+      end
+
+      let(:expected_codes_and_responses) do
+        responses_for_space_restricted_single_endpoint(
+          response_object,
+          permitted_roles: %w(
+            admin
+            admin_read_only
+            global_auditor
+            space_developer
+            space_manager
+            space_auditor
+          )
+        )
+      end
 
       it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
     end

spec/request/service_plans_spec.rb

@@ -79,13 +79,17 @@
         let(:guid) { service_plan.guid }
 
         let(:expected_codes_and_responses) do
-          Hash.new(code: 200, response_objects: create_plan_json(service_plan)).tap do |r|
-            r['unauthenticated'] = { code: 404 }
-            r['no_role'] = { code: 404 }
-            r['org_billing_manager'] = { code: 404 }
-            r['org_auditor'] = { code: 404 }
-            r['org_manager'] = { code: 404 }
-          end
+          responses_for_space_restricted_single_endpoint(
+            create_plan_json(service_plan),
+            permitted_roles: %w(
+              admin
+              admin_read_only
+              global_auditor
+              space_developer
+              space_manager
+              space_auditor
+            )
+          )
         end
 
         it_behaves_like 'permissions for single object endpoint', COMPLETE_PERMISSIONS

spec/request/service_route_bindings_spec.rb

@@ -724,15 +724,7 @@
     end
 
     let(:expected_codes_and_responses) do
-      Hash.new(code: 404).tap do |h|
-        h['admin'] = { code: 200, response_object: expected_body }
-        h['admin_read_only'] = { code: 200, response_object: expected_body }
-        h['global_auditor'] = { code: 200, response_object: expected_body }
-        h['space_developer'] = { code: 200, response_object: expected_body }
-        h['space_manager'] = { code: 200, response_object: expected_body }
-        h['space_auditor'] = { code: 200, response_object: expected_body }
-        h['org_manager'] = { code: 200, response_object: expected_body }
-      end
+      responses_for_space_restricted_single_endpoint(expected_body)
     end
 
     context 'user-provided service instance' do

spec/request/space_features_spec.rb

@@ -26,11 +26,7 @@
     end
 
     let(:expected_codes_and_responses) do
-      h = Hash.new(code: 200, response_object: space_features_json)
-      h['org_auditor'] = { code: 404 }
-      h['org_billing_manager'] = { code: 404 }
-      h['no_role'] = { code: 404 }
-      h
+      responses_for_space_restricted_single_endpoint(space_features_json)
     end
 
     it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS
@@ -50,11 +46,7 @@
     end
 
     let(:expected_codes_and_responses) do
-      h = Hash.new(code: 200, response_object: space_ssh_feature_json)
-      h['org_auditor'] = { code: 404 }
-      h['org_billing_manager'] = { code: 404 }
-      h['no_role'] = { code: 404 }
-      h
+      responses_for_space_restricted_single_endpoint(space_ssh_feature_json)
     end
 
     it_behaves_like 'permissions for single object endpoint', ALL_PERMISSIONS