4 class UserPreferencesControllerTest < ActionController::TestCase
6 # test all routes which lead to this controller
9 { :path => "/api/0.6/user/preferences", :method => :get },
10 { :controller => "api/user_preferences", :action => "index" }
13 { :path => "/api/0.6/user/preferences", :method => :put },
14 { :controller => "api/user_preferences", :action => "update_all" }
17 { :path => "/api/0.6/user/preferences/key", :method => :get },
18 { :controller => "api/user_preferences", :action => "show", :preference_key => "key" }
21 { :path => "/api/0.6/user/preferences/key", :method => :put },
22 { :controller => "api/user_preferences", :action => "update", :preference_key => "key" }
25 { :path => "/api/0.6/user/preferences/key", :method => :delete },
26 { :controller => "api/user_preferences", :action => "destroy", :preference_key => "key" }
31 # test showing all preferences
33 # first try without auth
35 assert_response :unauthorized, "should be authenticated"
37 # authenticate as a user with no preferences
38 basic_authorization create(:user).email, "test"
42 assert_select "osm" do
43 assert_select "preferences", :count => 1 do
44 assert_select "preference", :count => 0
48 # authenticate as a user with preferences
50 user_preference = create(:user_preference, :user => user)
51 user_preference2 = create(:user_preference, :user => user)
52 basic_authorization user.email, "test"
56 assert_response :success
57 assert_equal "application/xml", @response.media_type
58 assert_select "osm" do
59 assert_select "preferences", :count => 1 do
60 assert_select "preference", :count => 2
61 assert_select "preference[k=\"#{user_preference.k}\"][v=\"#{user_preference.v}\"]", :count => 1
62 assert_select "preference[k=\"#{user_preference2.k}\"][v=\"#{user_preference2.v}\"]", :count => 1
68 # test showing one preference
71 create(:user_preference, :user => user, :k => "key", :v => "value")
73 # try a read without auth
74 get :show, :params => { :preference_key => "key" }
75 assert_response :unauthorized, "should be authenticated"
77 # authenticate as a user with preferences
78 basic_authorization user.email, "test"
81 get :show, :params => { :preference_key => "key" }
82 assert_response :success
83 assert_equal "text/plain", @response.media_type
84 assert_equal "value", @response.body
86 # try the read again for a non-existent key
87 get :show, :params => { :preference_key => "unknown_key" }
88 assert_response :not_found
92 # test bulk update action
95 create(:user_preference, :user => user, :k => "key", :v => "value")
96 create(:user_preference, :user => user, :k => "some_key", :v => "some_value")
98 # try a put without auth
99 assert_no_difference "UserPreference.count" do
100 put :update_all, :body => "<osm><preferences><preference k='key' v='new_value'/><preference k='new_key' v='value'/></preferences></osm>"
102 assert_response :unauthorized, "should be authenticated"
103 assert_equal "value", UserPreference.find([user.id, "key"]).v
104 assert_equal "some_value", UserPreference.find([user.id, "some_key"]).v
105 assert_raises ActiveRecord::RecordNotFound do
106 UserPreference.find([user.id, "new_key"])
109 # authenticate as a user with preferences
110 basic_authorization user.email, "test"
113 assert_no_difference "UserPreference.count" do
114 put :update_all, :body => "<osm><preferences><preference k='key' v='new_value'/><preference k='new_key' v='value'/></preferences></osm>"
116 assert_response :success
117 assert_equal "text/plain", @response.media_type
118 assert_equal "", @response.body
119 assert_equal "new_value", UserPreference.find([user.id, "key"]).v
120 assert_equal "value", UserPreference.find([user.id, "new_key"]).v
121 assert_raises ActiveRecord::RecordNotFound do
122 UserPreference.find([user.id, "some_key"])
125 # try a put with duplicate keys
126 assert_no_difference "UserPreference.count" do
127 put :update_all, :body => "<osm><preferences><preference k='key' v='value'/><preference k='key' v='newer_value'/></preferences></osm>"
129 assert_response :bad_request
130 assert_equal "text/plain", @response.media_type
131 assert_equal "Duplicate preferences with key key", @response.body
132 assert_equal "new_value", UserPreference.find([user.id, "key"]).v
134 # try a put with invalid content
135 assert_no_difference "UserPreference.count" do
136 put :update_all, :body => "nonsense"
138 assert_response :bad_request
145 create(:user_preference, :user => user)
147 # try a put without auth
148 assert_no_difference "UserPreference.count" do
149 put :update, :params => { :preference_key => "new_key" }, :body => "new_value"
151 assert_response :unauthorized, "should be authenticated"
152 assert_raises ActiveRecord::RecordNotFound do
153 UserPreference.find([user.id, "new_key"])
156 # authenticate as a user with preferences
157 basic_authorization user.email, "test"
159 # try adding a new preference
160 assert_difference "UserPreference.count", 1 do
161 put :update, :params => { :preference_key => "new_key" }, :body => "new_value"
163 assert_response :success
164 assert_equal "text/plain", @response.media_type
165 assert_equal "", @response.body
166 assert_equal "new_value", UserPreference.find([user.id, "new_key"]).v
168 # try changing the value of a preference
169 assert_no_difference "UserPreference.count" do
170 put :update, :params => { :preference_key => "new_key" }, :body => "newer_value"
172 assert_response :success
173 assert_equal "text/plain", @response.media_type
174 assert_equal "", @response.body
175 assert_equal "newer_value", UserPreference.find([user.id, "new_key"]).v
179 # test destroy action
182 create(:user_preference, :user => user, :k => "key", :v => "value")
184 # try a delete without auth
185 assert_no_difference "UserPreference.count" do
186 delete :destroy, :params => { :preference_key => "key" }
188 assert_response :unauthorized, "should be authenticated"
189 assert_equal "value", UserPreference.find([user.id, "key"]).v
191 # authenticate as a user with preferences
192 basic_authorization user.email, "test"
194 # try the delete again
195 assert_difference "UserPreference.count", -1 do
196 get :destroy, :params => { :preference_key => "key" }
198 assert_response :success
199 assert_equal "text/plain", @response.media_type
200 assert_equal "", @response.body
201 assert_raises ActiveRecord::RecordNotFound do
202 UserPreference.find([user.id, "key"])
205 # try the delete again for the same key
206 assert_no_difference "UserPreference.count" do
207 get :destroy, :params => { :preference_key => "key" }
209 assert_response :not_found
210 assert_raises ActiveRecord::RecordNotFound do
211 UserPreference.find([user.id, "key"])
215 # Ensure that a valid access token with correct capabilities can be used to
217 def test_show_using_token
219 token = create(:access_token, :user => user, :allow_read_prefs => true)
220 create(:user_preference, :user => user, :k => "key", :v => "value")
222 # Hack together an oauth request - an alternative would be to sign the request properly
223 @request.env["oauth.version"] = 1
224 @request.env["oauth.strategies"] = [:token]
225 @request.env["oauth.token"] = token
227 get :show, :params => { :preference_key => "key" }
228 assert_response :success
231 # Ensure that a valid access token with incorrect capabilities can't be used
232 # to read preferences even, though the owner of that token could read them
234 def test_show_using_token_fail
236 token = create(:access_token, :user => user, :allow_read_prefs => false)
237 create(:user_preference, :user => user, :k => "key", :v => "value")
238 @request.env["oauth.version"] = 1
239 @request.env["oauth.strategies"] = [:token]
240 @request.env["oauth.token"] = token
242 get :show, :params => { :preference_key => "key" }
243 assert_response :forbidden