4 class ChangesetCommentsControllerTest < ActionDispatch::IntegrationTest
6 # test all routes which lead to this controller
9 { :path => "/api/0.6/changeset/1/comment", :method => :post },
10 { :controller => "api/changeset_comments", :action => "create", :id => "1" }
13 { :path => "/api/0.6/changeset/comment/1/hide", :method => :post },
14 { :controller => "api/changeset_comments", :action => "destroy", :id => "1" }
17 { :path => "/api/0.6/changeset/comment/1/unhide", :method => :post },
18 { :controller => "api/changeset_comments", :action => "restore", :id => "1" }
23 # create comment success
24 def test_create_comment_success
27 private_user = create(:user, :data_public => false)
28 suspended_user = create(:user, :suspended)
29 deleted_user = create(:user, :deleted)
30 private_user_closed_changeset = create(:changeset, :closed, :user => private_user)
32 auth_header = basic_authorization_header user.email, "test"
34 assert_difference "ChangesetComment.count", 1 do
35 assert_no_difference "ActionMailer::Base.deliveries.size" do
36 perform_enqueued_jobs do
37 post changeset_comment_path(:id => private_user_closed_changeset, :text => "This is a comment"), :headers => auth_header
41 assert_response :success
43 changeset = create(:changeset, :closed, :user => private_user)
44 changeset.subscribers.push(private_user)
45 changeset.subscribers.push(user)
46 changeset.subscribers.push(suspended_user)
47 changeset.subscribers.push(deleted_user)
49 assert_difference "ChangesetComment.count", 1 do
50 assert_difference "ActionMailer::Base.deliveries.size", 1 do
51 perform_enqueued_jobs do
52 post changeset_comment_path(:id => changeset, :text => "This is a comment"), :headers => auth_header
56 assert_response :success
58 email = ActionMailer::Base.deliveries.first
59 assert_equal 1, email.to.length
60 assert_equal "[OpenStreetMap] #{user.display_name} has commented on one of your changesets", email.subject
61 assert_equal private_user.email, email.to.first
63 ActionMailer::Base.deliveries.clear
65 auth_header = basic_authorization_header user2.email, "test"
67 assert_difference "ChangesetComment.count", 1 do
68 assert_difference "ActionMailer::Base.deliveries.size", 2 do
69 perform_enqueued_jobs do
70 post changeset_comment_path(:id => changeset, :text => "This is a comment"), :headers => auth_header
74 assert_response :success
76 email = ActionMailer::Base.deliveries.find { |e| e.to.first == private_user.email }
78 assert_equal 1, email.to.length
79 assert_equal "[OpenStreetMap] #{user2.display_name} has commented on one of your changesets", email.subject
81 email = ActionMailer::Base.deliveries.find { |e| e.to.first == user.email }
83 assert_equal 1, email.to.length
84 assert_equal "[OpenStreetMap] #{user2.display_name} has commented on a changeset you are interested in", email.subject
86 ActionMailer::Base.deliveries.clear
91 def test_create_comment_fail
93 post changeset_comment_path(:id => create(:changeset, :closed), :text => "This is a comment")
94 assert_response :unauthorized
96 auth_header = basic_authorization_header create(:user).email, "test"
99 assert_no_difference "ChangesetComment.count" do
100 post changeset_comment_path(:id => 999111, :text => "This is a comment"), :headers => auth_header
102 assert_response :not_found
104 # not closed changeset
105 assert_no_difference "ChangesetComment.count" do
106 post changeset_comment_path(:id => create(:changeset), :text => "This is a comment"), :headers => auth_header
108 assert_response :conflict
111 assert_no_difference "ChangesetComment.count" do
112 post changeset_comment_path(:id => create(:changeset, :closed)), :headers => auth_header
114 assert_response :bad_request
117 assert_no_difference "ChangesetComment.count" do
118 post changeset_comment_path(:id => create(:changeset, :closed), :text => ""), :headers => auth_header
120 assert_response :bad_request
124 # test hide comment fail
125 def test_destroy_comment_fail
127 comment = create(:changeset_comment)
128 assert comment.visible
130 post changeset_comment_hide_path(:id => comment)
131 assert_response :unauthorized
132 assert comment.reload.visible
134 auth_header = basic_authorization_header create(:user).email, "test"
137 post changeset_comment_hide_path(:id => comment), :headers => auth_header
138 assert_response :forbidden
139 assert comment.reload.visible
141 auth_header = basic_authorization_header create(:moderator_user).email, "test"
144 post changeset_comment_hide_path(:id => 999111), :headers => auth_header
145 assert_response :not_found
146 assert comment.reload.visible
150 # test hide comment succes
151 def test_hide_comment_success
152 comment = create(:changeset_comment)
153 assert comment.visible
155 auth_header = basic_authorization_header create(:moderator_user).email, "test"
157 post changeset_comment_hide_path(:id => comment), :headers => auth_header
158 assert_response :success
159 assert_not comment.reload.visible
163 # test unhide comment fail
164 def test_restore_comment_fail
166 comment = create(:changeset_comment, :visible => false)
167 assert_not comment.visible
169 post changeset_comment_unhide_path(:id => comment)
170 assert_response :unauthorized
171 assert_not comment.reload.visible
173 auth_header = basic_authorization_header create(:user).email, "test"
176 post changeset_comment_unhide_path(:id => comment), :headers => auth_header
177 assert_response :forbidden
178 assert_not comment.reload.visible
180 auth_header = basic_authorization_header create(:moderator_user).email, "test"
183 post changeset_comment_unhide_path(:id => 999111), :headers => auth_header
184 assert_response :not_found
185 assert_not comment.reload.visible
189 # test unhide comment succes
190 def test_unhide_comment_success
191 comment = create(:changeset_comment, :visible => false)
192 assert_not comment.visible
194 auth_header = basic_authorization_header create(:moderator_user).email, "test"
196 post changeset_comment_unhide_path(:id => comment), :headers => auth_header
197 assert_response :success
198 assert comment.reload.visible
201 # This test ensures that token capabilities behave correctly for a method that
202 # requires the terms to have been agreed.
203 # (This would be better as an integration or system testcase, since the changeset_comment
204 # create method is simply a stand-in for any method that requires terms agreement.
205 # But writing oauth tests is hard, and so it's easier to put in a controller test.)
206 def test_api_write_and_terms_agreed_via_token
207 user = create(:user, :terms_agreed => nil)
208 token = create(:access_token, :user => user, :allow_write_api => true)
209 changeset = create(:changeset, :closed)
211 assert_difference "ChangesetComment.count", 0 do
212 signed_post changeset_comment_path(:id => changeset), :params => { :text => "This is a comment" }, :oauth => { :token => token }
214 assert_response :forbidden
216 # Try again, after agreement with the terms
217 user.terms_agreed = Time.now.utc
220 assert_difference "ChangesetComment.count", 1 do
221 signed_post changeset_comment_path(:id => changeset), :params => { :text => "This is a comment" }, :oauth => { :token => token }
223 assert_response :success
226 # This test does the same as above, but with basic auth, to similarly test that the
227 # abilities take into account terms agreement too.
228 def test_api_write_and_terms_agreed_via_basic_auth
229 user = create(:user, :terms_agreed => nil)
230 changeset = create(:changeset, :closed)
232 auth_header = basic_authorization_header user.email, "test"
234 assert_difference "ChangesetComment.count", 0 do
235 post changeset_comment_path(:id => changeset, :text => "This is a comment"), :headers => auth_header
237 assert_response :forbidden
239 # Try again, after agreement with the terms
240 user.terms_agreed = Time.now.utc
243 assert_difference "ChangesetComment.count", 1 do
244 post changeset_comment_path(:id => changeset, :text => "This is a comment"), :headers => auth_header
246 assert_response :success