3 class UserPreferencesControllerTest < ActionController::TestCase
5 # test all routes which lead to this controller
8 { :path => "/api/0.6/user/preferences", :method => :get },
9 { :controller => "user_preferences", :action => "read" }
12 { :path => "/api/0.6/user/preferences", :method => :put },
13 { :controller => "user_preferences", :action => "update" }
16 { :path => "/api/0.6/user/preferences/key", :method => :get },
17 { :controller => "user_preferences", :action => "read_one", :preference_key => "key" }
20 { :path => "/api/0.6/user/preferences/key", :method => :put },
21 { :controller => "user_preferences", :action => "update_one", :preference_key => "key" }
24 { :path => "/api/0.6/user/preferences/key", :method => :delete },
25 { :controller => "user_preferences", :action => "delete_one", :preference_key => "key" }
32 # first try without auth
34 assert_response :unauthorized, "should be authenticated"
36 # authenticate as a user with no preferences
37 basic_authorization create(:user).email, "test"
41 assert_select "osm" do
42 assert_select "preferences", :count => 1 do
43 assert_select "preference", :count => 0
47 # authenticate as a user with preferences
49 user_preference = create(:user_preference, :user => user)
50 user_preference2 = create(:user_preference, :user => user)
51 basic_authorization user.email, "test"
55 assert_response :success
56 assert_equal "application/xml", @response.content_type
57 assert_select "osm" do
58 assert_select "preferences", :count => 1 do
59 assert_select "preference", :count => 2
60 assert_select "preference[k=\"#{user_preference.k}\"][v=\"#{user_preference.v}\"]", :count => 1
61 assert_select "preference[k=\"#{user_preference2.k}\"][v=\"#{user_preference2.v}\"]", :count => 1
67 # test read_one action
70 create(:user_preference, :user => user, :k => "key", :v => "value")
72 # try a read without auth
73 get :read_one, :params => { :preference_key => "key" }
74 assert_response :unauthorized, "should be authenticated"
76 # authenticate as a user with preferences
77 basic_authorization user.email, "test"
80 get :read_one, :params => { :preference_key => "key" }
81 assert_response :success
82 assert_equal "text/plain", @response.content_type
83 assert_equal "value", @response.body
85 # try the read again for a non-existent key
86 get :read_one, :params => { :preference_key => "unknown_key" }
87 assert_response :not_found
94 create(:user_preference, :user => user, :k => "key", :v => "value")
95 create(:user_preference, :user => user, :k => "some_key", :v => "some_value")
97 # try a put without auth
98 assert_no_difference "UserPreference.count" do
99 put :update, :body => "<osm><preferences><preference k='key' v='new_value'/><preference k='new_key' v='value'/></preferences></osm>"
101 assert_response :unauthorized, "should be authenticated"
102 assert_equal "value", UserPreference.find([user.id, "key"]).v
103 assert_equal "some_value", UserPreference.find([user.id, "some_key"]).v
104 assert_raises ActiveRecord::RecordNotFound do
105 UserPreference.find([user.id, "new_key"])
108 # authenticate as a user with preferences
109 basic_authorization user.email, "test"
112 assert_no_difference "UserPreference.count" do
113 put :update, :body => "<osm><preferences><preference k='key' v='new_value'/><preference k='new_key' v='value'/></preferences></osm>"
115 assert_response :success
116 assert_equal "text/plain", @response.content_type
117 assert_equal "", @response.body
118 assert_equal "new_value", UserPreference.find([user.id, "key"]).v
119 assert_equal "value", UserPreference.find([user.id, "new_key"]).v
120 assert_raises ActiveRecord::RecordNotFound do
121 UserPreference.find([user.id, "some_key"])
124 # try a put with duplicate keys
125 assert_no_difference "UserPreference.count" do
126 put :update, :body => "<osm><preferences><preference k='key' v='value'/><preference k='key' v='newer_value'/></preferences></osm>"
128 assert_response :bad_request
129 assert_equal "text/plain", @response.content_type
130 assert_equal "Duplicate preferences with key key", @response.body
131 assert_equal "new_value", UserPreference.find([user.id, "key"]).v
133 # try a put with invalid content
134 assert_no_difference "UserPreference.count" do
135 put :update, :body => "nonsense"
137 assert_response :bad_request
141 # test update_one action
144 create(:user_preference, :user => user)
146 # try a put without auth
147 assert_no_difference "UserPreference.count" do
148 put :update_one, :params => { :preference_key => "new_key" }, :body => "new_value"
150 assert_response :unauthorized, "should be authenticated"
151 assert_raises ActiveRecord::RecordNotFound do
152 UserPreference.find([user.id, "new_key"])
155 # authenticate as a user with preferences
156 basic_authorization user.email, "test"
158 # try adding a new preference
159 assert_difference "UserPreference.count", 1 do
160 put :update_one, :params => { :preference_key => "new_key" }, :body => "new_value"
162 assert_response :success
163 assert_equal "text/plain", @response.content_type
164 assert_equal "", @response.body
165 assert_equal "new_value", UserPreference.find([user.id, "new_key"]).v
167 # try changing the value of a preference
168 assert_no_difference "UserPreference.count" do
169 put :update_one, :params => { :preference_key => "new_key" }, :body => "newer_value"
171 assert_response :success
172 assert_equal "text/plain", @response.content_type
173 assert_equal "", @response.body
174 assert_equal "newer_value", UserPreference.find([user.id, "new_key"]).v
178 # test delete_one action
181 create(:user_preference, :user => user, :k => "key", :v => "value")
183 # try a delete without auth
184 assert_no_difference "UserPreference.count" do
185 delete :delete_one, :params => { :preference_key => "key" }
187 assert_response :unauthorized, "should be authenticated"
188 assert_equal "value", UserPreference.find([user.id, "key"]).v
190 # authenticate as a user with preferences
191 basic_authorization user.email, "test"
193 # try the delete again
194 assert_difference "UserPreference.count", -1 do
195 get :delete_one, :params => { :preference_key => "key" }
197 assert_response :success
198 assert_equal "text/plain", @response.content_type
199 assert_equal "", @response.body
200 assert_raises ActiveRecord::RecordNotFound do
201 UserPreference.find([user.id, "key"])
204 # try the delete again for the same key
205 assert_no_difference "UserPreference.count" do
206 get :delete_one, :params => { :preference_key => "key" }
208 assert_response :not_found
209 assert_raises ActiveRecord::RecordNotFound do
210 UserPreference.find([user.id, "key"])
214 # Ensure that a valid access token with correct capabilities can be used to
216 def test_read_one_using_token
218 token = create(:access_token, :user => user, :allow_read_prefs => true)
219 create(:user_preference, :user => user, :k => "key", :v => "value")
221 # Hack together an oauth request - an alternative would be to sign the request properly
222 @request.env["oauth.version"] = 1
223 @request.env["oauth.strategies"] = [:token]
224 @request.env["oauth.token"] = token
226 get :read_one, :params => { :preference_key => "key" }
227 assert_response :success
230 # Ensure that a valid access token with incorrect capabilities can't be used
231 # to read preferences even, though the owner of that token could read them
233 def test_read_one_using_token_fail
235 token = create(:access_token, :user => user, :allow_read_prefs => false)
236 create(:user_preference, :user => user, :k => "key", :v => "value")
237 @request.env["oauth.version"] = 1
238 @request.env["oauth.strategies"] = [:token]
239 @request.env["oauth.token"] = token
241 get :read_one, :params => { :preference_key => "key" }
242 assert_response :forbidden