+
+ ##
+ # test that a not found, wrong method with the expand bbox works as expected
+ def test_changeset_expand_bbox_error
+ basic_authorization users(:public_user).display_name, "test"
+
+ # create a new changeset
+ content "<osm><changeset/></osm>"
+ put :create
+ assert_response :success, "Creating of changeset failed."
+ changeset_id = @response.body.to_i
+
+ lon=58.2
+ lat=-0.45
+
+ # Try and put
+ content "<osm><node lon='#{lon}' lat='#{lat}'/></osm>"
+ put :expand_bbox, :id => changeset_id
+ assert_response :method_not_allowed, "shouldn't be able to put a bbox expand"
+
+ # Try to get the update
+ content "<osm><node lon='#{lon}' lat='#{lat}'/></osm>"
+ get :expand_bbox, :id => changeset_id
+ assert_response :method_not_allowed, "shouldn't be able to get a bbox expand"
+
+ # Try to use a hopefully missing changeset
+ content "<osm><node lon='#{lon}' lat='#{lat}'/></osm>"
+ post :expand_bbox, :id => changeset_id+13245
+ assert_response :not_found, "shouldn't be able to do a bbox expand on a nonexistant changeset"
+
+ end
+
+ ##
+ # test the query functionality of changesets
+ def test_query
+ get :query, :bbox => "-10,-10, 10, 10"
+ assert_response :success, "can't get changesets in bbox"
+ assert_changesets [1,4,6]
+
+ get :query, :bbox => "4.5,4.5,4.6,4.6"
+ assert_response :success, "can't get changesets in bbox"
+ assert_changesets [1]
+
+ # not found when looking for changesets of non-existing users
+ get :query, :user => User.maximum(:id) + 1
+ assert_response :not_found
+ get :query, :display_name => " "
+ assert_response :not_found
+
+ # can't get changesets of user 1 without authenticating
+ get :query, :user => users(:normal_user).id
+ assert_response :not_found, "shouldn't be able to get changesets by non-public user (ID)"
+ get :query, :display_name => users(:normal_user).display_name
+ assert_response :not_found, "shouldn't be able to get changesets by non-public user (name)"
+
+ # but this should work
+ basic_authorization "test@openstreetmap.org", "test"
+ get :query, :user => users(:normal_user).id
+ assert_response :success, "can't get changesets by user ID"
+ assert_changesets [1,3,6]
+
+ get :query, :display_name => users(:normal_user).display_name
+ assert_response :success, "can't get changesets by user name"
+ assert_changesets [1,3,6]
+
+ # check that the correct error is given when we provide both UID and name
+ get :query, :user => users(:normal_user).id, :display_name => users(:normal_user).display_name
+ assert_response :bad_request, "should be a bad request to have both ID and name specified"
+
+ get :query, :user => users(:normal_user).id, :open => true
+ assert_response :success, "can't get changesets by user and open"
+ assert_changesets [1]
+
+ get :query, :time => '2007-12-31'
+ assert_response :success, "can't get changesets by time-since"
+ assert_changesets [1,2,4,5,6]
+
+ get :query, :time => '2008-01-01T12:34Z'
+ assert_response :success, "can't get changesets by time-since with hour"
+ assert_changesets [1,2,4,5,6]
+
+ get :query, :time => '2007-12-31T23:59Z,2008-01-01T00:01Z'
+ assert_response :success, "can't get changesets by time-range"
+ assert_changesets [1,5,6]
+
+ get :query, :open => 'true'
+ assert_response :success, "can't get changesets by open-ness"
+ assert_changesets [1,2,4]
+
+ get :query, :closed => 'true'
+ assert_response :success, "can't get changesets by closed-ness"
+ assert_changesets [3,5,6,7]
+
+ get :query, :closed => 'true', :user => users(:normal_user).id
+ assert_response :success, "can't get changesets by closed-ness and user"
+ assert_changesets [3,6]
+
+ get :query, :closed => 'true', :user => users(:public_user).id
+ assert_response :success, "can't get changesets by closed-ness and user"
+ assert_changesets [7]
+ end
+
+ ##
+ # check that errors are returned if garbage is inserted
+ # into query strings
+ def test_query_invalid
+ [ "abracadabra!",
+ "1,2,3,F",
+ ";drop table users;"
+ ].each do |bbox|
+ get :query, :bbox => bbox
+ assert_response :bad_request, "'#{bbox}' isn't a bbox"
+ end
+
+ [ "now()",
+ "00-00-00",
+ ";drop table users;",
+ ",",
+ "-,-"
+ ].each do |time|
+ get :query, :time => time
+ assert_response :bad_request, "'#{time}' isn't a valid time range"
+ end
+
+ [ "me",
+ "foobar",
+ "-1",
+ "0"
+ ].each do |uid|
+ get :query, :user => uid
+ assert_response :bad_request, "'#{uid}' isn't a valid user ID"
+ end
+ end
+
+ ##
+ # check updating tags on a changeset
+ def test_changeset_update
+ ## First try with the non-public user
+ changeset = changesets(:normal_user_first_change)
+ new_changeset = changeset.to_xml
+ new_tag = XML::Node.new "tag"
+ new_tag['k'] = "tagtesting"
+ new_tag['v'] = "valuetesting"
+ new_changeset.find("//osm/changeset").first << new_tag
+ content new_changeset
+
+ # try without any authorization
+ put :update, :id => changeset.id
+ assert_response :unauthorized
+
+ # try with the wrong authorization
+ basic_authorization users(:public_user).email, "test"
+ put :update, :id => changeset.id
+ assert_response :conflict
+
+ # now this should get an unauthorized
+ basic_authorization users(:normal_user).email, "test"
+ put :update, :id => changeset.id
+ assert_require_public_data "user with their data non-public, shouldn't be able to edit their changeset"
+
+
+ ## Now try with the public user
+ changeset = changesets(:public_user_first_change)
+ new_changeset = changeset.to_xml
+ new_tag = XML::Node.new "tag"
+ new_tag['k'] = "tagtesting"
+ new_tag['v'] = "valuetesting"
+ new_changeset.find("//osm/changeset").first << new_tag
+ content new_changeset
+
+ # try without any authorization
+ @request.env["HTTP_AUTHORIZATION"] = nil
+ put :update, :id => changeset.id
+ assert_response :unauthorized
+
+ # try with the wrong authorization
+ basic_authorization users(:second_public_user).email, "test"
+ put :update, :id => changeset.id
+ assert_response :conflict
+
+ # now this should work...
+ basic_authorization users(:public_user).email, "test"
+ put :update, :id => changeset.id
+ assert_response :success
+
+ assert_select "osm>changeset[id=#{changeset.id}]", 1
+ assert_select "osm>changeset>tag", 2
+ assert_select "osm>changeset>tag[k=tagtesting][v=valuetesting]", 1
+ end
+
+ ##
+ # check that a user different from the one who opened the changeset
+ # can't modify it.
+ def test_changeset_update_invalid
+ basic_authorization users(:public_user).email, "test"
+
+ changeset = changesets(:normal_user_first_change)
+ new_changeset = changeset.to_xml
+ new_tag = XML::Node.new "tag"
+ new_tag['k'] = "testing"
+ new_tag['v'] = "testing"
+ new_changeset.find("//osm/changeset").first << new_tag
+
+ content new_changeset
+ put :update, :id => changeset.id
+ assert_response :conflict
+ end
+
+ ##
+ # check that a changeset can contain a certain max number of changes.
+ ## FIXME should be changed to an integration test due to the with_controller
+ def test_changeset_limits
+ basic_authorization users(:public_user).email, "test"
+
+ # open a new changeset
+ content "<osm><changeset/></osm>"
+ put :create
+ assert_response :success, "can't create a new changeset"
+ cs_id = @response.body.to_i
+
+ # start the counter just short of where the changeset should finish.
+ offset = 10
+ # alter the database to set the counter on the changeset directly,
+ # otherwise it takes about 6 minutes to fill all of them.
+ changeset = Changeset.find(cs_id)
+ changeset.num_changes = Changeset::MAX_ELEMENTS - offset
+ changeset.save!
+
+ with_controller(NodeController.new) do
+ # create a new node
+ content "<osm><node changeset='#{cs_id}' lat='0.0' lon='0.0'/></osm>"
+ put :create
+ assert_response :success, "can't create a new node"
+ node_id = @response.body.to_i
+
+ get :read, :id => node_id
+ assert_response :success, "can't read back new node"
+ node_doc = XML::Parser.string(@response.body).parse
+ node_xml = node_doc.find("//osm/node").first
+
+ # loop until we fill the changeset with nodes
+ offset.times do |i|
+ node_xml['lat'] = rand.to_s
+ node_xml['lon'] = rand.to_s
+ node_xml['version'] = (i+1).to_s
+
+ content node_doc
+ put :update, :id => node_id
+ assert_response :success, "attempt #{i} should have succeeded"
+ end
+
+ # trying again should fail
+ node_xml['lat'] = rand.to_s
+ node_xml['lon'] = rand.to_s
+ node_xml['version'] = offset.to_s
+
+ content node_doc
+ put :update, :id => node_id
+ assert_response :conflict, "final attempt should have failed"
+ end
+
+ changeset = Changeset.find(cs_id)
+ assert_equal Changeset::MAX_ELEMENTS + 1, changeset.num_changes
+
+ # check that the changeset is now closed as well
+ assert(!changeset.is_open?,
+ "changeset should have been auto-closed by exceeding " +
+ "element limit.")
+ end
+
+ ##
+ # This should display the last 20 changesets closed.
+ def test_list
+ changesets = Changeset.find(:all, :order => "created_at DESC", :conditions => ['num_changes > 0'], :limit=> 20)
+ assert changesets.size <= 20
+ get :list, {:format => "html"}
+ assert_response :success
+ assert_template "list"
+ # Now check that all 20 (or however many were returned) changesets are in the html
+ assert_select "h1", :text => "Changesets", :count => 1
+ assert_select "div[id='changeset_list'] ul", :count => changesets.size
+ changesets.each do |changeset|
+ # FIXME this test needs rewriting - test for table contents
+ end
+ end
+
+ ##
+ # Checks the display of the user changesets listing
+ def test_list_user
+ user = users(:public_user)
+ get :list, {:format => "html", :display_name => user.display_name}
+ assert_response :success
+ assert_template "changeset/_user"
+ ## FIXME need to add more checks to see which if edits are actually shown if your data is public
+ end
+
+ ##
+ # Check the not found of the list user changesets
+ def test_list_user_not_found
+ get :list, {:format => "html", :display_name => "Some random user"}
+ assert_response :not_found
+ assert_template 'user/no_such_user'
+ end
+
+ ##
+ # This should display the last 20 changesets closed.
+ def test_feed
+ changesets = Changeset.find(:all, :order => "created_at DESC", :conditions => ['num_changes > 0'], :limit=> 20)
+ assert changesets.size <= 20
+ get :feed, {:format => "atom"}
+ assert_response :success
+ assert_template "list"
+ # Now check that all 20 (or however many were returned) changesets are in the html
+ assert_select "feed", :count => 1
+ assert_select "entry", :count => changesets.size
+ changesets.each do |changeset|
+ # FIXME this test needs rewriting - test for feed contents
+ end
+ end
+
+ ##
+ # Checks the display of the user changesets feed
+ def test_feed_user
+ user = users(:public_user)
+ get :feed, {:format => "atom", :display_name => user.display_name}
+ assert_response :success
+ assert_template "changeset/_user"
+ ## FIXME need to add more checks to see which if edits are actually shown if your data is public
+ end
+
+ ##
+ # Check the not found of the user changesets feed
+ def test_feed_user_not_found
+ get :feed, {:format => "atom", :display_name => "Some random user"}
+ assert_response :not_found
+ end
+
+ ##
+ # check that the changeset download for a changeset with a redacted
+ # element in it doesn't contain that element.
+ def test_diff_download_redacted
+ changeset_id = changesets(:public_user_first_change).id
+
+ get :download, :id => changeset_id
+ assert_response :success
+
+ assert_select "osmChange", 1
+ # this changeset contains node 17 in versions 1 & 2, but 1 should
+ # be hidden.
+ assert_select "osmChange node[id=17]", 1
+ assert_select "osmChange node[id=17][version=1]", 0
+ end