1 require File.dirname(__FILE__) + '/../test_helper'
3 class UserRolesControllerTest < ActionController::TestCase
4 fixtures :users, :user_roles
7 # test all routes which lead to this controller
10 { :path => "/user/username/role/rolename/grant", :method => :post },
11 { :controller => "user_roles", :action => "grant", :display_name => "username", :role => "rolename" }
14 { :path => "/user/username/role/rolename/revoke", :method => :post },
15 { :controller => "user_roles", :action => "revoke", :display_name => "username", :role => "rolename" }
20 # test the grant action
22 # Granting should fail when not logged in
23 post :grant, :display_name => users(:normal_user).display_name, :role => "moderator"
24 assert_response :forbidden
26 # Login as an unprivileged user
27 session[:user] = users(:public_user).id
29 # Granting should still fail
30 post :grant, :display_name => users(:normal_user).display_name, :role => "moderator"
31 assert_redirected_to user_path(users(:normal_user).display_name)
32 assert_equal "Only administrators can perform user role management, and you are not an administrator.", flash[:error]
34 # Login as an administrator
35 session[:user] = users(:administrator_user).id
37 UserRole::ALL_ROLES.each do |role|
39 # Granting a role to a non-existent user should fail
40 assert_difference "UserRole.count", 0 do
41 post :grant, :display_name => "non_existent_user", :role => role
43 assert_response :not_found
44 assert_template "user/no_such_user"
45 assert_select "h1", "The user non_existent_user does not exist"
47 # Granting a role from a user that already has it should fail
48 assert_no_difference "UserRole.count" do
49 post :grant, :display_name => users(:super_user).display_name, :role => role
51 assert_redirected_to user_path(users(:super_user).display_name)
52 assert_equal "The user already has role #{role}.", flash[:error]
54 # Granting a role to a user that doesn't have it should work...
55 assert_difference "UserRole.count", 1 do
56 post :grant, :display_name => users(:normal_user).display_name, :role => role
58 assert_redirected_to user_path(users(:normal_user).display_name)
60 # ...but trying a second time should fail
61 assert_no_difference "UserRole.count" do
62 post :grant, :display_name => users(:normal_user).display_name, :role => role
64 assert_redirected_to user_path(users(:normal_user).display_name)
65 assert_equal "The user already has role #{role}.", flash[:error]
69 # Granting a non-existent role should fail
70 assert_difference "UserRole.count", 0 do
71 post :grant, :display_name => users(:normal_user).display_name, :role => "no_such_role"
73 assert_redirected_to user_path(users(:normal_user).display_name)
74 assert_equal "The string `no_such_role' is not a valid role.", flash[:error]
78 # test the revoke action
80 # Revoking should fail when not logged in
81 post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator"
82 assert_response :forbidden
84 # Login as an unprivileged user
85 session[:user] = users(:public_user).id
87 # Revoking should still fail
88 post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator"
89 assert_redirected_to user_path(users(:normal_user).display_name)
90 assert_equal "Only administrators can perform user role management, and you are not an administrator.", flash[:error]
92 # Login as an administrator
93 session[:user] = users(:administrator_user).id
95 UserRole::ALL_ROLES.each do |role|
97 # Removing a role from a non-existent user should fail
98 assert_difference "UserRole.count", 0 do
99 post :revoke, :display_name => "non_existent_user", :role => role
101 assert_response :not_found
102 assert_template "user/no_such_user"
103 assert_select "h1", "The user non_existent_user does not exist"
105 # Removing a role from a user that doesn't have it should fail
106 assert_no_difference "UserRole.count" do
107 post :revoke, :display_name => users(:normal_user).display_name, :role => role
109 assert_redirected_to user_path(users(:normal_user).display_name)
110 assert_equal "The user does not have role #{role}.", flash[:error]
112 # Removing a role' from a user that has it should work...
113 assert_difference "UserRole.count", -1 do
114 post :revoke, :display_name => users(:super_user).display_name, :role => role
116 assert_redirected_to user_path(users(:super_user).display_name)
118 # ...but trying a second time should fail
119 assert_no_difference "UserRole.count" do
120 post :revoke, :display_name => users(:super_user).display_name, :role => role
122 assert_redirected_to user_path(users(:super_user).display_name)
123 assert_equal "The user does not have role #{role}.", flash[:error]
127 # Revoking a non-existent role should fail
128 assert_difference "UserRole.count", 0 do
129 post :revoke, :display_name => users(:normal_user).display_name, :role => "no_such_role"
131 assert_redirected_to user_path(users(:normal_user).display_name)
132 assert_equal "The string `no_such_role' is not a valid role.", flash[:error]