4 module ChangesetComments
5 class VisibilitiesControllerTest < ActionDispatch::IntegrationTest
7 # test all routes which lead to this controller
10 { :path => "/api/0.6/changeset_comments/1/visibility", :method => :post },
11 { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1" }
14 { :path => "/api/0.6/changeset_comments/1/visibility.json", :method => :post },
15 { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1", :format => "json" }
18 { :path => "/api/0.6/changeset_comments/1/visibility", :method => :delete },
19 { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1" }
22 { :path => "/api/0.6/changeset_comments/1/visibility.json", :method => :delete },
23 { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1", :format => "json" }
27 { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1" },
28 { :path => "/api/0.6/changeset/comment/1/unhide", :method => :post }
31 { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1", :format => "json" },
32 { :path => "/api/0.6/changeset/comment/1/unhide.json", :method => :post }
35 { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1" },
36 { :path => "/api/0.6/changeset/comment/1/hide", :method => :post }
39 { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1", :format => "json" },
40 { :path => "/api/0.6/changeset/comment/1/hide.json", :method => :post }
44 def test_create_by_unauthorized
45 comment = create(:changeset_comment, :visible => false)
47 post api_changeset_comment_visibility_path(comment)
49 assert_response :unauthorized
50 assert_not comment.reload.visible
53 def test_create_by_normal_user
54 comment = create(:changeset_comment, :visible => false)
55 auth_header = bearer_authorization_header
57 post api_changeset_comment_visibility_path(comment), :headers => auth_header
59 assert_response :forbidden
60 assert_not comment.reload.visible
63 def test_create_on_missing_comment
64 auth_header = bearer_authorization_header create(:moderator_user)
66 post api_changeset_comment_visibility_path(999111), :headers => auth_header
68 assert_response :not_found
71 def test_create_without_required_scope
72 comment = create(:changeset_comment, :visible => false)
73 auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs]
75 post api_changeset_comment_visibility_path(comment), :headers => auth_header
77 assert_response :forbidden
78 assert_not comment.reload.visible
81 def test_create_with_write_changeset_comments_scope
82 comment = create(:changeset_comment, :visible => false)
83 auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
85 post api_changeset_comment_visibility_path(comment), :headers => auth_header
87 check_successful_response_xml(comment, :comment_visible => true)
90 def test_create_with_write_changeset_comments_scope_json
91 comment = create(:changeset_comment, :visible => false)
92 auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
94 post api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
96 assert_response :success
97 assert_equal "application/json", response.media_type
98 js = ActiveSupport::JSON.decode(@response.body)
99 assert_not_nil js["changeset"]
100 assert_equal comment.changeset_id, js["changeset"]["id"]
101 assert_equal 1, js["changeset"]["comments_count"]
103 assert comment.reload.visible
106 def test_create_with_write_api_scope
107 comment = create(:changeset_comment, :visible => false)
108 auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
110 post api_changeset_comment_visibility_path(comment), :headers => auth_header
112 check_successful_response_xml(comment, :comment_visible => true)
115 def test_create_with_write_api_scope_json
116 comment = create(:changeset_comment, :visible => false)
117 auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
119 post api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
121 assert_response :success
122 js = ActiveSupport::JSON.decode(@response.body)
123 assert_equal "application/json", response.media_type
124 assert_not_nil js["changeset"]
125 assert_equal comment.changeset_id, js["changeset"]["id"]
126 assert_equal 1, js["changeset"]["comments_count"]
128 assert comment.reload.visible
131 def test_destroy_by_unauthorized
132 comment = create(:changeset_comment)
134 delete api_changeset_comment_visibility_path(comment)
136 assert_response :unauthorized
137 assert comment.reload.visible
140 def test_destroy_by_normal_user
141 comment = create(:changeset_comment)
142 auth_header = bearer_authorization_header
144 delete api_changeset_comment_visibility_path(comment), :headers => auth_header
146 assert_response :forbidden
147 assert comment.reload.visible
150 def test_destroy_on_missing_comment
151 auth_header = bearer_authorization_header create(:moderator_user)
153 delete api_changeset_comment_visibility_path(999111), :headers => auth_header
155 assert_response :not_found
158 def test_destroy_without_required_scope
159 comment = create(:changeset_comment)
160 auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs]
162 delete api_changeset_comment_visibility_path(comment), :headers => auth_header
164 assert_response :forbidden
165 assert comment.reload.visible
168 def test_destroy_with_write_changeset_comments_scope
169 comment = create(:changeset_comment)
170 auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
172 delete api_changeset_comment_visibility_path(comment), :headers => auth_header
174 check_successful_response_xml(comment, :comment_visible => false)
177 def test_destroy_with_write_changeset_comments_scope_json
178 comment = create(:changeset_comment)
179 auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments]
181 delete api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
183 assert_response :success
184 assert_equal "application/json", response.media_type
185 js = ActiveSupport::JSON.decode(@response.body)
186 assert_not_nil js["changeset"]
187 assert_equal comment.changeset_id, js["changeset"]["id"]
188 assert_equal 0, js["changeset"]["comments_count"]
190 assert_not comment.reload.visible
193 def test_destroy_with_write_api_scope
194 comment = create(:changeset_comment)
195 auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
197 delete api_changeset_comment_visibility_path(comment), :headers => auth_header
199 check_successful_response_xml(comment, :comment_visible => false)
202 def test_destroy_with_write_api_scope_json
203 comment = create(:changeset_comment)
204 auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api]
206 delete api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header
208 assert_response :success
209 assert_equal "application/json", response.media_type
210 js = ActiveSupport::JSON.decode(@response.body)
211 assert_not_nil js["changeset"]
212 assert_equal comment.changeset_id, js["changeset"]["id"]
213 assert_equal 0, js["changeset"]["comments_count"]
215 assert_not comment.reload.visible
220 def check_successful_response_xml(comment, comment_visible:)
221 assert_response :success
222 assert_equal "application/xml", response.media_type
223 assert_dom "osm", 1 do
224 assert_dom "> changeset", 1 do
225 assert_dom "> @id", comment.changeset_id.to_s
226 assert_dom "> @comments_count", comment_visible ? "1" : "0"
230 assert_equal comment_visible, comment.reload.visible
projects / rails.git / blob