module Api
class UserBlocksControllerTest < ActionDispatch::IntegrationTest
def test_routes
+ assert_routing(
+ { :path => "/api/0.6/user_blocks", :method => :post },
+ { :controller => "api/user_blocks", :action => "create" }
+ )
assert_routing(
{ :path => "/api/0.6/user_blocks/1", :method => :get },
{ :controller => "api/user_blocks", :action => "show", :id => "1" }
end
def test_show
- block = create(:user_block)
+ blocked_user = create(:user)
+ creator_user = create(:moderator_user)
+ block = create(:user_block, :user => blocked_user, :creator => creator_user, :reason => "because running tests")
- get api_user_block_path(:id => block)
+ get api_user_block_path(block)
assert_response :success
- assert_select "user_block[id='#{block.id}']", 1
+ assert_select "osm>user_block", 1 do
+ assert_select ">@id", block.id.to_s
+ assert_select ">user", 1
+ assert_select ">user>@uid", blocked_user.id.to_s
+ assert_select ">creator", 1
+ assert_select ">creator>@uid", creator_user.id.to_s
+ assert_select ">revoker", 0
+ assert_select ">reason", 1
+ assert_select ">reason", "because running tests"
+ end
- get api_user_block_path(:id => block, :format => "json")
+ get api_user_block_path(block, :format => "json")
assert_response :success
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
end
def test_show_not_found
- get api_user_block_path(:id => 123)
+ get api_user_block_path(123)
assert_response :not_found
assert_equal "text/plain", @response.media_type
end
+
+ def test_create_no_permission
+ blocked_user = create(:user)
+ assert_empty blocked_user.blocks
+
+ post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1)
+ assert_response :unauthorized
+ assert_empty blocked_user.blocks
+
+ regular_creator_user = create(:user)
+ auth_header = bearer_authorization_header(regular_creator_user, :scopes => %w[read_prefs])
+ post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1), :headers => auth_header
+ assert_response :forbidden
+ assert_empty blocked_user.blocks
+
+ auth_header = bearer_authorization_header(regular_creator_user, :scopes => %w[read_prefs write_blocks])
+ post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1), :headers => auth_header
+ assert_response :forbidden
+ assert_empty blocked_user.blocks
+
+ moderator_creator_user = create(:moderator_user)
+ auth_header = bearer_authorization_header(moderator_creator_user, :scopes => %w[read_prefs])
+ post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1), :headers => auth_header
+ assert_response :forbidden
+ assert_empty blocked_user.blocks
+ end
+
+ def test_create_invalid_because_no_user
+ blocked_user = create(:user, :deleted)
+ assert_empty blocked_user.blocks
+
+ creator_user = create(:moderator_user)
+ auth_header = bearer_authorization_header(creator_user, :scopes => %w[read_prefs write_blocks])
+ post api_user_blocks_path(:reason => "because", :period => 1), :headers => auth_header
+ assert_response :bad_request
+ assert_equal "text/plain", @response.media_type
+ assert_equal "No user was given", @response.body
+
+ assert_empty blocked_user.blocks
+ end
+
+ def test_create_invalid_because_user_is_unknown
+ creator_user = create(:moderator_user)
+ auth_header = bearer_authorization_header(creator_user, :scopes => %w[read_prefs write_blocks])
+ post api_user_blocks_path(:user => 0, :reason => "because", :period => 1), :headers => auth_header
+ assert_response :not_found
+ assert_equal "text/plain", @response.media_type
+ end
+
+ def test_create_invalid_because_user_is_deleted
+ blocked_user = create(:user, :deleted)
+ assert_empty blocked_user.blocks
+
+ creator_user = create(:moderator_user)
+ auth_header = bearer_authorization_header(creator_user, :scopes => %w[read_prefs write_blocks])
+ post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1), :headers => auth_header
+ assert_response :not_found
+ assert_equal "text/plain", @response.media_type
+
+ assert_empty blocked_user.blocks
+ end
+
+ def test_create_invalid_because_missing_reason
+ create_with_params_and_assert_bad_request("No reason was given", :period => "10")
+ end
+
+ def test_create_invalid_because_missing_period
+ create_with_params_and_assert_bad_request("No period was given", :reason => "because")
+ end
+
+ def test_create_invalid_because_non_numeric_period
+ create_with_params_and_assert_bad_request("Period should be a number of hours", :reason => "because", :period => "one hour")
+ end
+
+ def test_create_invalid_because_negative_period
+ create_with_params_and_assert_bad_request("Period must be between 0 and #{UserBlock::PERIODS.max}", :reason => "go away", :period => "-1")
+ end
+
+ def test_create_invalid_because_excessive_period
+ create_with_params_and_assert_bad_request("Period must be between 0 and #{UserBlock::PERIODS.max}", :reason => "go away", :period => "10000000")
+ end
+
+ def test_create_invalid_because_unknown_needs_view
+ create_with_params_and_assert_bad_request("Needs_view must be true if provided", :reason => "because", :period => "1", :needs_view => "maybe")
+ end
+
+ def test_create_success
+ blocked_user = create(:user)
+ creator_user = create(:moderator_user)
+
+ assert_empty blocked_user.blocks
+ auth_header = bearer_authorization_header(creator_user, :scopes => %w[read_prefs write_blocks])
+ post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => 1), :headers => auth_header
+ assert_response :success
+ assert_equal 1, blocked_user.blocks.length
+
+ block = blocked_user.blocks.take
+ assert_predicate block, :active?
+ assert_equal "because", block.reason
+ assert_equal creator_user, block.creator
+
+ assert_equal "application/xml", @response.media_type
+ assert_select "osm>user_block", 1 do
+ assert_select ">@id", block.id.to_s
+ assert_select ">@needs_view", "false"
+ assert_select ">user", 1
+ assert_select ">user>@uid", blocked_user.id.to_s
+ assert_select ">creator", 1
+ assert_select ">creator>@uid", creator_user.id.to_s
+ assert_select ">revoker", 0
+ assert_select ">reason", 1
+ assert_select ">reason", "because"
+ end
+ end
+
+ def test_create_success_with_needs_view
+ blocked_user = create(:user)
+ creator_user = create(:moderator_user)
+
+ assert_empty blocked_user.blocks
+ auth_header = bearer_authorization_header(creator_user, :scopes => %w[read_prefs write_blocks])
+ post api_user_blocks_path(:user => blocked_user.id, :reason => "because", :period => "1", :needs_view => "true"), :headers => auth_header
+ assert_response :success
+ assert_equal 1, blocked_user.blocks.length
+
+ block = blocked_user.blocks.take
+ assert_predicate block, :active?
+ assert_equal "because", block.reason
+ assert_equal creator_user, block.creator
+
+ assert_equal "application/xml", @response.media_type
+ assert_select "osm>user_block", 1 do
+ assert_select ">@id", block.id.to_s
+ assert_select ">@needs_view", "true"
+ assert_select ">user", 1
+ assert_select ">user>@uid", blocked_user.id.to_s
+ assert_select ">creator", 1
+ assert_select ">creator>@uid", creator_user.id.to_s
+ assert_select ">revoker", 0
+ assert_select ">reason", 1
+ assert_select ">reason", "because"
+ end
+ end
+
+ private
+
+ def create_with_params_and_assert_bad_request(message, **params)
+ blocked_user = create(:user)
+ assert_empty blocked_user.blocks
+
+ moderator_creator_user = create(:moderator_user)
+ auth_header = bearer_authorization_header(moderator_creator_user, :scopes => %w[read_prefs write_blocks])
+
+ post api_user_blocks_path({ :user => blocked_user.id }.merge(params)), :headers => auth_header
+ assert_response :bad_request
+ assert_equal "text/plain", @response.media_type
+ assert_equal message, @response.body
+
+ assert_empty blocked_user.blocks
+ end
end
end
projects / rails.git / blobdiff