4 class OldNodesControllerTest < ActionDispatch::IntegrationTest
6 # test all routes which lead to this controller
9 { :path => "/api/0.6/node/1/history", :method => :get },
10 { :controller => "api/old_nodes", :action => "index", :node_id => "1" }
13 { :path => "/api/0.6/node/1/history.json", :method => :get },
14 { :controller => "api/old_nodes", :action => "index", :node_id => "1", :format => "json" }
17 { :path => "/api/0.6/node/1/2", :method => :get },
18 { :controller => "api/old_nodes", :action => "show", :node_id => "1", :version => "2" }
21 { :path => "/api/0.6/node/1/2.json", :method => :get },
22 { :controller => "api/old_nodes", :action => "show", :node_id => "1", :version => "2", :format => "json" }
25 { :path => "/api/0.6/node/1/2/redact", :method => :post },
26 { :controller => "api/old_nodes", :action => "redact", :node_id => "1", :version => "2" }
31 node = create(:node, :version => 2)
32 create(:old_node, :node_id => node.id, :version => 1, :latitude => 60 * OldNode::SCALE, :longitude => 30 * OldNode::SCALE)
33 create(:old_node, :node_id => node.id, :version => 2, :latitude => 61 * OldNode::SCALE, :longitude => 31 * OldNode::SCALE)
35 get api_node_versions_path(node)
37 assert_response :success
38 assert_dom "osm:root", 1 do
39 assert_dom "> node", 2 do |dom_nodes|
40 assert_dom dom_nodes[0], "> @id", node.id.to_s
41 assert_dom dom_nodes[0], "> @version", "1"
42 assert_dom dom_nodes[0], "> @lat", "60.0000000"
43 assert_dom dom_nodes[0], "> @lon", "30.0000000"
45 assert_dom dom_nodes[1], "> @id", node.id.to_s
46 assert_dom dom_nodes[1], "> @version", "2"
47 assert_dom dom_nodes[1], "> @lat", "61.0000000"
48 assert_dom dom_nodes[1], "> @lon", "31.0000000"
54 # test that redacted nodes aren't visible in the history
55 def test_index_redacted_unauthorised
56 node = create(:node, :with_history, :version => 2)
57 node.old_nodes.find_by(:version => 1).redact!(create(:redaction))
59 get api_node_versions_path(node)
61 assert_response :success, "Redaction shouldn't have stopped history working."
62 assert_dom "osm node[id='#{node.id}'][version='1']", 0,
63 "redacted node #{node.id} version 1 shouldn't be present in the history."
65 get api_node_versions_path(node, :show_redactions => "true")
67 assert_response :success, "Redaction shouldn't have stopped history working."
68 assert_dom "osm node[id='#{node.id}'][version='1']", 0,
69 "redacted node #{node.id} version 1 shouldn't be present in the history when passing flag."
72 def test_index_redacted_normal_user
73 node = create(:node, :with_history, :version => 2)
74 node.old_nodes.find_by(:version => 1).redact!(create(:redaction))
76 get api_node_versions_path(node), :headers => bearer_authorization_header
78 assert_response :success, "Redaction shouldn't have stopped history working."
79 assert_dom "osm node[id='#{node.id}'][version='1']", 0,
80 "redacted node #{node.id} version 1 shouldn't be present in the history, even when logged in."
82 get api_node_versions_path(node, :show_redactions => "true"), :headers => bearer_authorization_header
84 assert_response :success, "Redaction shouldn't have stopped history working."
85 assert_dom "osm node[id='#{node.id}'][version='1']", 0,
86 "redacted node #{node.id} version 1 shouldn't be present in the history, even when logged in and passing flag."
89 def test_index_redacted_moderator
90 node = create(:node, :with_history, :version => 2)
91 node.old_nodes.find_by(:version => 1).redact!(create(:redaction))
92 auth_header = bearer_authorization_header create(:moderator_user)
94 get api_node_versions_path(node), :headers => auth_header
96 assert_response :success, "Redaction shouldn't have stopped history working."
97 assert_dom "osm node[id='#{node.id}'][version='1']", 0,
98 "node #{node.id} version 1 should not be present in the history for moderators when not passing flag."
100 get api_node_versions_path(node, :show_redactions => "true"), :headers => auth_header
102 assert_response :success, "Redaction shouldn't have stopped history working."
103 assert_dom "osm node[id='#{node.id}'][version='1']", 1,
104 "node #{node.id} version 1 should still be present in the history for moderators when passing flag."
108 node = create(:node, :version => 2)
109 create(:old_node, :node_id => node.id, :version => 1, :latitude => 60 * OldNode::SCALE, :longitude => 30 * OldNode::SCALE)
110 create(:old_node, :node_id => node.id, :version => 2, :latitude => 61 * OldNode::SCALE, :longitude => 31 * OldNode::SCALE)
112 get api_node_version_path(node, 1)
114 assert_response :success
115 assert_dom "osm:root", 1 do
116 assert_dom "> node", 1 do
117 assert_dom "> @id", node.id.to_s
118 assert_dom "> @version", "1"
119 assert_dom "> @lat", "60.0000000"
120 assert_dom "> @lon", "30.0000000"
124 get api_node_version_path(node, 2)
126 assert_response :success
127 assert_dom "osm:root", 1 do
128 assert_dom "> node", 1 do
129 assert_dom "> @id", node.id.to_s
130 assert_dom "> @version", "2"
131 assert_dom "> @lat", "61.0000000"
132 assert_dom "> @lon", "31.0000000"
137 def test_show_not_found
138 check_not_found_id_version(70000, 312344)
139 check_not_found_id_version(-1, -13)
140 check_not_found_id_version(create(:node).id, 24354)
141 check_not_found_id_version(24356, create(:node).version)
145 # test that redacted nodes aren't visible, regardless of
146 # authorisation except as moderator...
147 def test_show_redacted_unauthorised
148 node = create(:node, :with_history, :version => 2)
149 node.old_nodes.find_by(:version => 1).redact!(create(:redaction))
151 get api_node_version_path(node, 1)
153 assert_response :forbidden, "Redacted node shouldn't be visible via the version API."
155 get api_node_version_path(node, 1, :show_redactions => "true")
157 assert_response :forbidden, "Redacted node shouldn't be visible via the version API when passing flag."
160 def test_show_redacted_normal_user
161 node = create(:node, :with_history, :version => 2)
162 node.old_nodes.find_by(:version => 1).redact!(create(:redaction))
164 get api_node_version_path(node, 1), :headers => bearer_authorization_header
166 assert_response :forbidden, "Redacted node shouldn't be visible via the version API, even when logged in."
168 get api_node_version_path(node, 1, :show_redactions => "true"), :headers => bearer_authorization_header
170 assert_response :forbidden, "Redacted node shouldn't be visible via the version API, even when logged in and passing flag."
173 # Ensure the lat/lon is formatted as a decimal e.g. not 4.0e-05
174 def test_lat_lon_xml_format
175 old_node = create(:old_node, :latitude => (0.00004 * OldNode::SCALE).to_i, :longitude => (0.00008 * OldNode::SCALE).to_i)
177 get api_node_versions_path(old_node.node_id)
178 assert_match(/lat="0.0000400"/, response.body)
179 assert_match(/lon="0.0000800"/, response.body)
183 # test the redaction of an old version of a node, while not being
185 def test_redact_node_unauthorised
186 node = create(:node, :with_history, :version => 4)
187 node_v3 = node.old_nodes.find_by(:version => 3)
189 do_redact_node(node_v3,
191 assert_response :unauthorized, "should need to be authenticated to redact."
195 # test the redaction of an old version of a node, while being
196 # authorised as a normal user.
197 def test_redact_node_normal_user
198 auth_header = bearer_authorization_header
200 node = create(:node, :with_history, :version => 4)
201 node_v3 = node.old_nodes.find_by(:version => 3)
203 do_redact_node(node_v3,
206 assert_response :forbidden, "should need to be moderator to redact."
210 # test that, even as moderator, the current version of a node
212 def test_redact_node_current_version
213 auth_header = bearer_authorization_header create(:moderator_user)
215 node = create(:node, :with_history, :version => 4)
216 node_v4 = node.old_nodes.find_by(:version => 4)
218 do_redact_node(node_v4,
221 assert_response :bad_request, "shouldn't be OK to redact current version as moderator."
224 def test_redact_node_by_regular_without_write_redactions_scope
225 auth_header = bearer_authorization_header(create(:user), :scopes => %w[read_prefs write_api])
226 do_redact_redactable_node(auth_header)
227 assert_response :forbidden, "should need to be moderator to redact."
230 def test_redact_node_by_regular_with_write_redactions_scope
231 auth_header = bearer_authorization_header(create(:user), :scopes => %w[write_redactions])
232 do_redact_redactable_node(auth_header)
233 assert_response :forbidden, "should need to be moderator to redact."
236 def test_redact_node_by_moderator_without_write_redactions_scope
237 auth_header = bearer_authorization_header(create(:moderator_user), :scopes => %w[read_prefs write_api])
238 do_redact_redactable_node(auth_header)
239 assert_response :forbidden, "should need to have write_redactions scope to redact."
242 def test_redact_node_by_moderator_with_write_redactions_scope
243 auth_header = bearer_authorization_header(create(:moderator_user), :scopes => %w[write_redactions])
244 do_redact_redactable_node(auth_header)
245 assert_response :success, "should be OK to redact old version as moderator with write_redactions scope."
249 # test the redaction of an old version of a node, while being
250 # authorised as a moderator.
251 def test_redact_node_moderator
252 node = create(:node, :with_history, :version => 4)
253 node_v3 = node.old_nodes.find_by(:version => 3)
254 auth_header = bearer_authorization_header create(:moderator_user)
256 do_redact_node(node_v3, create(:redaction), auth_header)
258 assert_response :success, "should be OK to redact old version as moderator."
259 assert_predicate node_v3.reload, :redacted?
261 # check moderator can still see the redacted data, when passing
262 # the appropriate flag
263 get api_node_version_path(node_v3.node_id, node_v3.version), :headers => auth_header
264 assert_response :forbidden, "After redaction, node should be gone for moderator, when flag not passed."
265 get api_node_version_path(node_v3.node_id, node_v3.version, :show_redactions => "true"), :headers => auth_header
266 assert_response :success, "After redaction, node should not be gone for moderator, when flag passed."
269 # testing that if the moderator drops auth, he can't see the
270 # redacted stuff any more.
271 def test_redact_node_is_redacted
272 node = create(:node, :with_history, :version => 4)
273 node_v3 = node.old_nodes.find_by(:version => 3)
274 auth_header = bearer_authorization_header create(:moderator_user)
276 do_redact_node(node_v3, create(:redaction), auth_header)
277 assert_response :success, "should be OK to redact old version as moderator."
279 # re-auth as non-moderator
280 auth_header = bearer_authorization_header
282 # check can't see the redacted data
283 get api_node_version_path(node_v3.node_id, node_v3.version), :headers => auth_header
284 assert_response :forbidden, "Redacted node shouldn't be visible via the version API."
288 # test the unredaction of an old version of a node, while not being
290 def test_unredact_node_unauthorised
291 node = create(:node, :with_history, :version => 2)
292 node_v1 = node.old_nodes.find_by(:version => 1)
293 node_v1.redact!(create(:redaction))
295 post node_version_redact_path(node_v1.node_id, node_v1.version)
296 assert_response :unauthorized, "should need to be authenticated to unredact."
300 # test the unredaction of an old version of a node, while being
301 # authorised as a normal user.
302 def test_unredact_node_normal_user
304 node = create(:node, :with_history, :version => 2)
305 node_v1 = node.old_nodes.find_by(:version => 1)
306 node_v1.redact!(create(:redaction))
308 auth_header = bearer_authorization_header user
310 post node_version_redact_path(node_v1.node_id, node_v1.version), :headers => auth_header
311 assert_response :forbidden, "should need to be moderator to unredact."
315 # test the unredaction of an old version of a node, while being
316 # authorised as a moderator.
317 def test_unredact_node_moderator
318 moderator_user = create(:moderator_user)
319 node = create(:node, :with_history, :version => 2)
320 node_v1 = node.old_nodes.find_by(:version => 1)
321 node_v1.redact!(create(:redaction))
323 auth_header = bearer_authorization_header moderator_user
325 post node_version_redact_path(node_v1.node_id, node_v1.version), :headers => auth_header
326 assert_response :success, "should be OK to unredact old version as moderator."
328 # check moderator can now see the redacted data, when not
329 # passing the aspecial flag
330 get api_node_version_path(node_v1.node_id, node_v1.version), :headers => auth_header
331 assert_response :success, "After unredaction, node should not be gone for moderator."
333 # and when accessed via history
334 get api_node_versions_path(node)
335 assert_response :success, "Unredaction shouldn't have stopped history working."
336 assert_select "osm node[id='#{node_v1.node_id}'][version='#{node_v1.version}']", 1,
337 "node #{node_v1.node_id} version #{node_v1.version} should now be present in the history for moderators without passing flag."
339 auth_header = bearer_authorization_header
341 # check normal user can now see the redacted data
342 get api_node_version_path(node_v1.node_id, node_v1.version), :headers => auth_header
343 assert_response :success, "After unredaction, node should be visible to normal users."
345 # and when accessed via history
346 get api_node_versions_path(node)
347 assert_response :success, "Unredaction shouldn't have stopped history working."
348 assert_select "osm node[id='#{node_v1.node_id}'][version='#{node_v1.version}']", 1,
349 "node #{node_v1.node_id} version #{node_v1.version} should now be present in the history for normal users without passing flag."
354 def do_redact_redactable_node(headers = {})
355 node = create(:node, :with_history, :version => 4)
356 node_v3 = node.old_nodes.find_by(:version => 3)
357 do_redact_node(node_v3, create(:redaction), headers)
360 def do_redact_node(node, redaction, headers = {})
361 get api_node_version_path(node.node_id, node.version), :headers => headers
362 assert_response :success, "should be able to get version #{node.version} of node #{node.node_id}."
365 post node_version_redact_path(node.node_id, node.version), :params => { :redaction => redaction.id }, :headers => headers
368 def check_not_found_id_version(id, version)
369 get api_node_version_path(id, version)
370 assert_response :not_found
371 rescue ActionController::UrlGenerationError => e
372 assert_match(/No route matches/, e.to_s)