+
+ ##
+ # check that the bounding box of a changeset gets updated correctly
+ ## FIXME: This should really be moded to a integration test due to the with_controller
+ def test_changeset_bbox
+ basic_authorization users(:public_user).email, "test"
+
+ # create a new changeset
+ content "<osm><changeset/></osm>"
+ put :create
+ assert_response :success, "Creating of changeset failed."
+ changeset_id = @response.body.to_i
+
+ # add a single node to it
+ with_controller(NodeController.new) do
+ content "<osm><node lon='1' lat='2' changeset='#{changeset_id}'/></osm>"
+ put :create
+ assert_response :success, "Couldn't create node."
+ end
+
+ # get the bounding box back from the changeset
+ get :read, :id => changeset_id
+ assert_response :success, "Couldn't read back changeset."
+ assert_select "osm>changeset[min_lon=1.0]", 1
+ assert_select "osm>changeset[max_lon=1.0]", 1
+ assert_select "osm>changeset[min_lat=2.0]", 1
+ assert_select "osm>changeset[max_lat=2.0]", 1
+
+ # add another node to it
+ with_controller(NodeController.new) do
+ content "<osm><node lon='2' lat='1' changeset='#{changeset_id}'/></osm>"
+ put :create
+ assert_response :success, "Couldn't create second node."
+ end
+
+ # get the bounding box back from the changeset
+ get :read, :id => changeset_id
+ assert_response :success, "Couldn't read back changeset for the second time."
+ assert_select "osm>changeset[min_lon=1.0]", 1
+ assert_select "osm>changeset[max_lon=2.0]", 1
+ assert_select "osm>changeset[min_lat=1.0]", 1
+ assert_select "osm>changeset[max_lat=2.0]", 1
+
+ # add (delete) a way to it, which contains a point at (3,3)
+ with_controller(WayController.new) do
+ content update_changeset(current_ways(:visible_way).to_xml,
+ changeset_id)
+ put :delete, :id => current_ways(:visible_way).id
+ assert_response :success, "Couldn't delete a way."
+ end
+
+ # get the bounding box back from the changeset
+ get :read, :id => changeset_id
+ assert_response :success, "Couldn't read back changeset for the third time."
+ # note that the 3.1 here is because of the bbox overexpansion
+ assert_select "osm>changeset[min_lon=1.0]", 1
+ assert_select "osm>changeset[max_lon=3.1]", 1
+ assert_select "osm>changeset[min_lat=1.0]", 1
+ assert_select "osm>changeset[max_lat=3.1]", 1
+ end
+
+ ##
+ # test that the changeset :include method works as it should
+ def test_changeset_include
+ basic_authorization users(:public_user).display_name, "test"
+
+ # create a new changeset
+ content "<osm><changeset/></osm>"
+ put :create
+ assert_response :success, "Creating of changeset failed."
+ changeset_id = @response.body.to_i
+
+ # NOTE: the include method doesn't over-expand, like inserting
+ # a real method does. this is because we expect the client to
+ # know what it is doing!
+ check_after_include(changeset_id, 1, 1, [ 1, 1, 1, 1])
+ check_after_include(changeset_id, 3, 3, [ 1, 1, 3, 3])
+ check_after_include(changeset_id, 4, 2, [ 1, 1, 4, 3])
+ check_after_include(changeset_id, 2, 2, [ 1, 1, 4, 3])
+ check_after_include(changeset_id, -1, -1, [-1, -1, 4, 3])
+ check_after_include(changeset_id, -2, 5, [-2, -1, 4, 5])
+ end
+
+ ##
+ # test the query functionality of changesets
+ def test_query
+ get :query, :bbox => "-10,-10, 10, 10"
+ assert_response :success, "can't get changesets in bbox"
+ assert_changesets [1,4,6]
+
+ get :query, :bbox => "4.5,4.5,4.6,4.6"
+ assert_response :success, "can't get changesets in bbox"
+ assert_changesets [1]
+
+ # can't get changesets of user 1 without authenticating
+ get :query, :user => users(:normal_user).id
+ assert_response :not_found, "shouldn't be able to get changesets by non-public user"
+
+ # but this should work
+ basic_authorization "test@openstreetmap.org", "test"
+ get :query, :user => users(:normal_user).id
+ assert_response :success, "can't get changesets by user"
+ assert_changesets [1,3,6]
+
+ get :query, :user => users(:normal_user).id, :open => true
+ assert_response :success, "can't get changesets by user and open"
+ assert_changesets [1]
+
+ get :query, :time => '2007-12-31'
+ assert_response :success, "can't get changesets by time-since"
+ assert_changesets [1,2,4,5,6]
+
+ get :query, :time => '2008-01-01T12:34Z'
+ assert_response :success, "can't get changesets by time-since with hour"
+ assert_changesets [1,2,4,5,6]
+
+ get :query, :time => '2007-12-31T23:59Z,2008-01-01T00:01Z'
+ assert_response :success, "can't get changesets by time-range"
+ assert_changesets [1,4,5,6]
+
+ get :query, :open => 'true'
+ assert_response :success, "can't get changesets by open-ness"
+ assert_changesets [1,2,4]
+ end
+
+ ##
+ # check that errors are returned if garbage is inserted
+ # into query strings
+ def test_query_invalid
+ [ "abracadabra!",
+ "1,2,3,F",
+ ";drop table users;"
+ ].each do |bbox|
+ get :query, :bbox => bbox
+ assert_response :bad_request, "'#{bbox}' isn't a bbox"
+ end
+
+ [ "now()",
+ "00-00-00",
+ ";drop table users;",
+ ",",
+ "-,-"
+ ].each do |time|
+ get :query, :time => time
+ assert_response :bad_request, "'#{time}' isn't a valid time range"
+ end
+
+ [ "me",
+ "foobar",
+ "-1",
+ "0"
+ ].each do |uid|
+ get :query, :user => uid
+ assert_response :bad_request, "'#{uid}' isn't a valid user ID"
+ end
+ end
+
+ ##
+ # check updating tags on a changeset
+ def test_changeset_update
+ ## First try with the non-public user
+ changeset = changesets(:normal_user_first_change)
+ new_changeset = changeset.to_xml
+ new_tag = XML::Node.new "tag"
+ new_tag['k'] = "tagtesting"
+ new_tag['v'] = "valuetesting"
+ new_changeset.find("//osm/changeset").first << new_tag
+ content new_changeset
+
+ # try without any authorization
+ put :update, :id => changeset.id
+ assert_response :unauthorized
+
+ # try with the wrong authorization
+ basic_authorization users(:public_user).email, "test"
+ put :update, :id => changeset.id
+ assert_response :conflict
+
+ # now this should get an unauthorized
+ basic_authorization users(:normal_user).email, "test"
+ put :update, :id => changeset.id
+ assert_require_public_data "user with their data non-public, shouldn't be able to edit their changeset"
+
+
+ ## Now try with the public user
+ changeset = changesets(:public_user_first_change)
+ new_changeset = changeset.to_xml
+ new_tag = XML::Node.new "tag"
+ new_tag['k'] = "tagtesting"
+ new_tag['v'] = "valuetesting"
+ new_changeset.find("//osm/changeset").first << new_tag
+ content new_changeset
+
+ # try without any authorization
+ @request.env["HTTP_AUTHORIZATION"] = nil
+ put :update, :id => changeset.id
+ assert_response :unauthorized
+
+ # try with the wrong authorization
+ basic_authorization users(:second_public_user).email, "test"
+ put :update, :id => changeset.id
+ assert_response :conflict
+
+ # now this should work...
+ basic_authorization users(:public_user).email, "test"
+ put :update, :id => changeset.id
+ assert_response :success
+
+ assert_select "osm>changeset[id=#{changeset.id}]", 1
+ assert_select "osm>changeset>tag", 2
+ assert_select "osm>changeset>tag[k=tagtesting][v=valuetesting]", 1
+ end
+
+ ##
+ # check that a user different from the one who opened the changeset
+ # can't modify it.
+ def test_changeset_update_invalid
+ basic_authorization users(:public_user).email, "test"
+
+ changeset = changesets(:normal_user_first_change)
+ new_changeset = changeset.to_xml
+ new_tag = XML::Node.new "tag"
+ new_tag['k'] = "testing"
+ new_tag['v'] = "testing"
+ new_changeset.find("//osm/changeset").first << new_tag
+
+ content new_changeset
+ put :update, :id => changeset.id
+ assert_response :conflict
+ end
+
+ ##
+ # check that a changeset can contain a certain max number of changes.
+ ## FIXME should be changed to an integration test due to the with_controller
+ def test_changeset_limits
+ basic_authorization users(:public_user).email, "test"
+
+ # open a new changeset
+ content "<osm><changeset/></osm>"
+ put :create
+ assert_response :success, "can't create a new changeset"
+ cs_id = @response.body.to_i
+
+ # start the counter just short of where the changeset should finish.
+ offset = 10
+ # alter the database to set the counter on the changeset directly,
+ # otherwise it takes about 6 minutes to fill all of them.
+ changeset = Changeset.find(cs_id)
+ changeset.num_changes = Changeset::MAX_ELEMENTS - offset
+ changeset.save!
+
+ with_controller(NodeController.new) do
+ # create a new node
+ content "<osm><node changeset='#{cs_id}' lat='0.0' lon='0.0'/></osm>"
+ put :create
+ assert_response :success, "can't create a new node"
+ node_id = @response.body.to_i
+
+ get :read, :id => node_id
+ assert_response :success, "can't read back new node"
+ node_doc = XML::Parser.string(@response.body).parse
+ node_xml = node_doc.find("//osm/node").first
+
+ # loop until we fill the changeset with nodes
+ offset.times do |i|
+ node_xml['lat'] = rand.to_s
+ node_xml['lon'] = rand.to_s
+ node_xml['version'] = (i+1).to_s
+
+ content node_doc
+ put :update, :id => node_id
+ assert_response :success, "attempt #{i} should have succeeded"
+ end
+
+ # trying again should fail
+ node_xml['lat'] = rand.to_s
+ node_xml['lon'] = rand.to_s
+ node_xml['version'] = offset.to_s
+
+ content node_doc
+ put :update, :id => node_id
+ assert_response :conflict, "final attempt should have failed"
+ end
+
+ changeset = Changeset.find(cs_id)
+ assert_equal Changeset::MAX_ELEMENTS + 1, changeset.num_changes
+
+ # check that the changeset is now closed as well
+ assert(!changeset.is_open?,
+ "changeset should have been auto-closed by exceeding " +
+ "element limit.")
+ end