+
+ # check that a visible user is returned properly in json
+ get api_user_path(:id => user.id, :format => "json")
+ assert_response :success
+ assert_equal "application/json", response.media_type
+
+ # parse the response
+ js = ActiveSupport::JSON.decode(@response.body)
+ assert_not_nil js
+
+ # check the data that is returned
+ check_json_details(js, user, false)
+ end
+
+ def test_show_oauth1
+ user = create(:user,
+ :home_lat => 12.1, :home_lon => 23.4,
+ :languages => ["en"])
+ good_token = create(:access_token,
+ :user => user,
+ :allow_read_prefs => true)
+ bad_token = create(:access_token,
+ :user => user)
+ other_user = create(:user,
+ :home_lat => 12.1, :home_lon => 23.4,
+ :languages => ["en"])
+
+ # check that we can fetch our own details as XML with read_prefs
+ signed_get api_user_path(:id => user.id), :oauth => { :token => good_token }
+ assert_response :success
+ assert_equal "application/xml", response.media_type
+
+ # check the data that is returned
+ check_xml_details(user, true)
+
+ # check that we can fetch a different user's details as XML with read_prefs
+ signed_get api_user_path(:id => other_user.id), :oauth => { :token => good_token }
+ assert_response :success
+ assert_equal "application/xml", response.media_type
+
+ # check the data that is returned
+ check_xml_details(other_user, false)
+
+ # check that we can fetch our own details as XML without read_prefs
+ signed_get api_user_path(:id => user.id), :oauth => { :token => bad_token }
+ assert_response :success
+ assert_equal "application/xml", response.media_type
+
+ # check the data that is returned
+ check_xml_details(user, false)
+
+ # check that we can fetch our own details as JSON with read_prefs
+ signed_get api_user_path(:id => user.id, :format => "json"), :oauth => { :token => good_token }
+ assert_response :success
+ assert_equal "application/json", response.media_type
+
+ # parse the response
+ js = ActiveSupport::JSON.decode(@response.body)
+ assert_not_nil js
+
+ # check the data that is returned
+ check_json_details(js, user, true)
+
+ # check that we can fetch a different user's details as JSON with read_prefs
+ signed_get api_user_path(:id => other_user.id, :format => "json"), :oauth => { :token => good_token }
+ assert_response :success
+ assert_equal "application/json", response.media_type
+
+ # parse the response
+ js = ActiveSupport::JSON.decode(@response.body)
+ assert_not_nil js
+
+ # check the data that is returned
+ check_json_details(js, other_user, false)
+
+ # check that we can fetch our own details as JSON without read_prefs
+ signed_get api_user_path(:id => other_user.id, :format => "json"), :oauth => { :token => bad_token }
+ assert_response :success
+ assert_equal "application/json", response.media_type
+
+ # parse the response
+ js = ActiveSupport::JSON.decode(@response.body)
+ assert_not_nil js
+
+ # check the data that is returned
+ check_json_details(js, other_user, false)
+ end
+
+ def test_show_oauth2
+ user = create(:user,
+ :home_lat => 12.1, :home_lon => 23.4,
+ :languages => ["en"])
+ good_token = create(:oauth_access_token,
+ :resource_owner_id => user.id,
+ :scopes => %w[read_prefs])
+ bad_token = create(:oauth_access_token,
+ :resource_owner_id => user.id,
+ :scopes => %w[])
+ other_user = create(:user,
+ :home_lat => 12.1, :home_lon => 23.4,
+ :languages => ["en"])
+
+ # check that we can fetch our own details as XML with read_prefs
+ get api_user_path(:id => user.id), :headers => bearer_authorization_header(good_token.token)
+ assert_response :success
+ assert_equal "application/xml", response.media_type
+
+ # check the data that is returned
+ check_xml_details(user, true)
+
+ # check that we can fetch a different user's details as XML with read_prefs
+ get api_user_path(:id => other_user.id), :headers => bearer_authorization_header(good_token.token)
+ assert_response :success
+ assert_equal "application/xml", response.media_type
+
+ # check the data that is returned
+ check_xml_details(other_user, false)
+
+ # check that we can fetch our own details as XML without read_prefs
+ get api_user_path(:id => user.id), :headers => bearer_authorization_header(bad_token.token)
+ assert_response :success
+ assert_equal "application/xml", response.media_type
+
+ # check the data that is returned
+ check_xml_details(user, false)
+
+ # check that we can fetch our own details as JSON with read_prefs
+ get api_user_path(:id => user.id, :format => "json"), :headers => bearer_authorization_header(good_token.token)
+ assert_response :success
+ assert_equal "application/json", response.media_type
+
+ # parse the response
+ js = ActiveSupport::JSON.decode(@response.body)
+ assert_not_nil js
+
+ # check the data that is returned
+ check_json_details(js, user, true)
+
+ # check that we can fetch a different user's details as JSON with read_prefs
+ get api_user_path(:id => other_user.id, :format => "json"), :headers => bearer_authorization_header(good_token.token)
+ assert_response :success
+ assert_equal "application/json", response.media_type
+
+ # parse the response
+ js = ActiveSupport::JSON.decode(@response.body)
+ assert_not_nil js
+
+ # check the data that is returned
+ check_json_details(js, other_user, false)
+
+ # check that we can fetch our own details as JSON without read_prefs
+ get api_user_path(:id => user.id, :format => "json"), :headers => bearer_authorization_header(bad_token.token)
+ assert_response :success
+ assert_equal "application/json", response.media_type
+
+ # parse the response
+ js = ActiveSupport::JSON.decode(@response.body)
+ assert_not_nil js
+
+ # check the data that is returned
+ check_json_details(js, user, false)