X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/945ff7911ca51dc250ffaba71f62821b5c0c0a95..66d74a8c2c5713cc6c8e22d2a6db3b64de2ae875:/test/controllers/changeset_controller_test.rb diff --git a/test/controllers/changeset_controller_test.rb b/test/controllers/changeset_controller_test.rb index 4db952ab9..9d39a8555 100644 --- a/test/controllers/changeset_controller_test.rb +++ b/test/controllers/changeset_controller_test.rb @@ -3,7 +3,6 @@ require "changeset_controller" class ChangesetControllerTest < ActionController::TestCase api_fixtures - fixtures :friends, :changeset_comments, :changesets_subscribers ## # test all routes which lead to this controller @@ -99,7 +98,7 @@ class ChangesetControllerTest < ActionController::TestCase # ----------------------- def test_create - basic_authorization users(:normal_user).email, "test" + basic_authorization create(:user, :data_public => false).email, "test" # Create the first user's changeset content "" + "" + @@ -107,7 +106,7 @@ class ChangesetControllerTest < ActionController::TestCase put :create assert_require_public_data - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" # Create the first user's changeset content "" + "" + @@ -134,13 +133,13 @@ class ChangesetControllerTest < ActionController::TestCase end def test_create_invalid - basic_authorization users(:normal_user).email, "test" + basic_authorization create(:user, :data_public => false).email, "test" content "" put :create assert_require_public_data ## Try the public user - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" content "" put :create assert_response :bad_request, "creating a invalid changeset should fail" @@ -151,24 +150,24 @@ class ChangesetControllerTest < ActionController::TestCase put :create assert_response :unauthorized, "shouldn't be able to create a changeset with no auth" - ## Now try to with the non-public user - basic_authorization users(:normal_user).email, "test" + ## Now try to with a non-public user + basic_authorization create(:user, :data_public => false).email, "test" put :create assert_require_public_data - ## Try the inactive user - basic_authorization users(:inactive_user).email, "test" + ## Try an inactive user + basic_authorization create(:user, :pending).email, "test" put :create assert_inactive_user - ## Now try to use the public user - basic_authorization users(:public_user).email, "test" + ## Now try to use a normal user + basic_authorization create(:user).email, "test" put :create assert_response :bad_request, "creating a changeset with no content should fail" end def test_create_wrong_method - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" get :create assert_response :method_not_allowed post :create @@ -197,6 +196,7 @@ class ChangesetControllerTest < ActionController::TestCase assert_select "osm>changeset>discussion>comment", 0 changeset_id = changesets(:normal_user_closed_change).id + create_list(:changeset_comment, 3, :changeset_id => changeset_id) get :read, :id => changeset_id, :include_discussion => true assert_response :success, "cannot get closed changeset with comments" @@ -228,12 +228,12 @@ class ChangesetControllerTest < ActionController::TestCase assert_response :unauthorized ## Try using the non-public user - basic_authorization users(:normal_user).email, "test" + basic_authorization changesets(:normal_user_first_change).user.email, "test" put :close, :id => changesets(:normal_user_first_change).id assert_require_public_data ## The try with the public user - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id put :close, :id => cs_id @@ -248,7 +248,7 @@ class ChangesetControllerTest < ActionController::TestCase ## # test that a different user can't close another user's changeset def test_close_invalid - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" put :close, :id => changesets(:normal_user_first_change).id assert_response :conflict @@ -258,7 +258,7 @@ class ChangesetControllerTest < ActionController::TestCase ## # test that you can't close using another method def test_close_method_invalid - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id get :close, :id => cs_id @@ -284,7 +284,7 @@ class ChangesetControllerTest < ActionController::TestCase end # Now try with auth - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" cs_ids.each do |id| begin put :close, :id => id @@ -330,7 +330,7 @@ EOF "shouldnn't be able to upload a simple valid diff to changeset: #{@response.body}" ## Now try with a private user - basic_authorization users(:normal_user).email, "test" + basic_authorization changesets(:normal_user_first_change).user.email, "test" changeset_id = changesets(:normal_user_first_change).id # simple diff to change a node, way and relation by removing @@ -360,7 +360,7 @@ EOF "can't upload a simple valid diff to changeset: #{@response.body}" ## Now try with the public user - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" changeset_id = changesets(:public_user_first_change).id # simple diff to change a node, way and relation by removing @@ -398,7 +398,7 @@ EOF ## # upload something which creates new objects using placeholders def test_upload_create_valid - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id # simple diff to create a node way and relation using placeholders @@ -461,7 +461,7 @@ EOF # test a complex delete where we delete elements which rely on eachother # in the same transaction. def test_upload_delete - basic_authorization users(:public_user).display_name, "test" + basic_authorization changesets(:public_user_first_change).user.display_name, "test" diff = XML::Document.new diff.root = XML::Node.new "osmChange" @@ -502,7 +502,7 @@ EOF # test uploading a delete with no lat/lon, as they are optional in # the osmChange spec. def test_upload_nolatlon_delete - basic_authorization users(:public_user).display_name, "test" + basic_authorization changesets(:public_user_first_change).user.display_name, "test" node = current_nodes(:public_visible_node) cs = changesets(:public_user_first_change) @@ -523,7 +523,7 @@ EOF def test_repeated_changeset_create 30.times do - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" # create a temporary changeset content "" + @@ -537,7 +537,7 @@ EOF end def test_upload_large_changeset - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" # create a changeset content "" @@ -591,7 +591,8 @@ EOF # test that deleting stuff in a transaction doesn't bypass the checks # to ensure that used elements are not deleted. def test_upload_delete_invalid - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" + cs = changesets(:public_user_first_change) diff = XML::Document.new diff.root = XML::Node.new "osmChange" @@ -603,7 +604,7 @@ EOF # upload it content diff - post :upload, :id => 2 + post :upload, :id => cs.id assert_response :precondition_failed, "shouldn't be able to upload a invalid deletion diff: #{@response.body}" assert_equal "Precondition failed: Way 3 is still used by relations 1.", @response.body @@ -617,7 +618,8 @@ EOF ## # test that a conditional delete of an in use object works. def test_upload_delete_if_unused - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" + cs = changesets(:public_user_first_change) diff = XML::Document.new diff.root = XML::Node.new "osmChange" @@ -630,7 +632,7 @@ EOF # upload it content diff - post :upload, :id => 2 + post :upload, :id => cs.id assert_response :success, "can't do a conditional delete of in use objects: #{@response.body}" @@ -667,7 +669,7 @@ EOF ## # upload an element with a really long tag value def test_upload_invalid_too_long_tag - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id # simple diff to create a node way and relation using placeholders @@ -675,7 +677,7 @@ EOF - + @@ -692,7 +694,7 @@ EOF # upload something which creates new objects and inserts them into # existing containers using placeholders. def test_upload_complex - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id # simple diff to create a node way and relation using placeholders @@ -748,7 +750,7 @@ EOF # create a diff which references several changesets, which should cause # a rollback and none of the diff gets committed def test_upload_invalid_changesets - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id # simple diff to create a node way and relation using placeholders @@ -795,7 +797,7 @@ EOF ## # upload multiple versions of the same element in the same diff. def test_upload_multiple_valid - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id # change the location of a node multiple times, each time referencing @@ -832,7 +834,7 @@ EOF # upload multiple versions of the same element in the same diff, but # keep the version numbers the same. def test_upload_multiple_duplicate - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id diff = <" + "" + @@ -1137,7 +1139,7 @@ EOF ## # test what happens if a diff is uploaded adding a node to a way. def test_upload_way_extend - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" content "" + "" + @@ -1176,13 +1178,12 @@ EOF ## # test for more issues in #1568 def test_upload_empty_invalid - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" ["", "", "", - "" - ].each do |diff| + ""].each do |diff| # upload it content diff post :upload, :id => changesets(:public_user_first_change).id @@ -1194,7 +1195,8 @@ EOF ## # test that the X-Error-Format header works to request XML errors def test_upload_xml_errors - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" + cs = changesets(:public_user_first_change) # try and delete a node that is in use diff = XML::Document.new @@ -1206,7 +1208,7 @@ EOF # upload it content diff error_format "xml" - post :upload, :id => 2 + post :upload, :id => cs.id assert_response :success, "failed to return error in XML format" @@ -1220,8 +1222,8 @@ EOF # when we make some simple changes we get the same changes back from the # diff download. def test_diff_download_simple - ## First try with the normal user, which should get a forbidden - basic_authorization(users(:normal_user).email, "test") + ## First try with a non-public user, which should get a forbidden + basic_authorization(create(:user, :data_public => false).email, "test") # create a temporary changeset content "" + @@ -1230,8 +1232,8 @@ EOF put :create assert_response :forbidden - ## Now try with the public user - basic_authorization(users(:public_user).email, "test") + ## Now try with a normal user + basic_authorization(create(:user).email, "test") # create a temporary changeset content "" + @@ -1277,7 +1279,7 @@ EOF # # NOTE: the error turned out to be something else completely! def test_josm_upload - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # create a temporary changeset content "" + @@ -1336,7 +1338,7 @@ OSMFILE # when we make some complex changes we get the same changes back from the # diff download. def test_diff_download_complex - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # create a temporary changeset content "" + @@ -1389,7 +1391,10 @@ EOF end def test_changeset_download + tag = create(:old_node_tag, :old_node => nodes(:used_node_2)) + get :download, :id => changesets(:normal_user_first_change).id + assert_response :success assert_template nil # print @response.body @@ -1397,7 +1402,7 @@ EOF assert_select "osmChange[version='#{API_VERSION}'][generator='#{GENERATOR}']" do assert_select "create", :count => 5 assert_select "create>node[id='#{nodes(:used_node_2).node_id}'][visible='#{nodes(:used_node_2).visible?}'][version='#{nodes(:used_node_2).version}']" do - assert_select "tag[k='#{node_tags(:t3).k}'][v='#{node_tags(:t3).v}']" + assert_select "tag[k='#{tag.k}'][v='#{tag.v}']" end assert_select "create>node[id='#{nodes(:visible_node).node_id}']" end @@ -1407,7 +1412,7 @@ EOF # check that the bounding box of a changeset gets updated correctly # FIXME: This should really be moded to a integration test due to the with_controller def test_changeset_bbox - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" # create a new changeset content "" @@ -1466,7 +1471,7 @@ EOF ## # test that the changeset :include method works as it should def test_changeset_include - basic_authorization users(:public_user).display_name, "test" + basic_authorization create(:user).display_name, "test" # create a new changeset content "" @@ -1488,7 +1493,7 @@ EOF ## # test that a not found, wrong method with the expand bbox works as expected def test_changeset_expand_bbox_error - basic_authorization users(:public_user).display_name, "test" + basic_authorization create(:user).display_name, "test" # create a new changeset content "" @@ -1598,8 +1603,7 @@ EOF def test_query_invalid ["abracadabra!", "1,2,3,F", - ";drop table users;" - ].each do |bbox| + ";drop table users;"].each do |bbox| get :query, :bbox => bbox assert_response :bad_request, "'#{bbox}' isn't a bbox" end @@ -1608,8 +1612,7 @@ EOF "00-00-00", ";drop table users;", ",", - "-,-" - ].each do |time| + "-,-"].each do |time| get :query, :time => time assert_response :bad_request, "'#{time}' isn't a valid time range" end @@ -1617,8 +1620,7 @@ EOF ["me", "foobar", "-1", - "0" - ].each do |uid| + "0"].each do |uid| get :query, :user => uid assert_response :bad_request, "'#{uid}' isn't a valid user ID" end @@ -1627,7 +1629,7 @@ EOF ## # check updating tags on a changeset def test_changeset_update - ## First try with the non-public user + ## First try with a non-public user changeset = changesets(:normal_user_first_change) new_changeset = changeset.to_xml new_tag = XML::Node.new "tag" @@ -1641,17 +1643,18 @@ EOF assert_response :unauthorized # try with the wrong authorization - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" put :update, :id => changeset.id assert_response :conflict # now this should get an unauthorized - basic_authorization users(:normal_user).email, "test" + basic_authorization changeset.user.email, "test" put :update, :id => changeset.id assert_require_public_data "user with their data non-public, shouldn't be able to edit their changeset" ## Now try with the public user changeset = changesets(:public_user_first_change) + create(:changeset_tag, :changeset => changeset) new_changeset = changeset.to_xml new_tag = XML::Node.new "tag" new_tag["k"] = "tagtesting" @@ -1665,12 +1668,12 @@ EOF assert_response :unauthorized # try with the wrong authorization - basic_authorization users(:second_public_user).email, "test" + basic_authorization create(:user).email, "test" put :update, :id => changeset.id assert_response :conflict # now this should work... - basic_authorization users(:public_user).email, "test" + basic_authorization changeset.user.email, "test" put :update, :id => changeset.id assert_response :success @@ -1683,7 +1686,7 @@ EOF # check that a user different from the one who opened the changeset # can't modify it. def test_changeset_update_invalid - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" changeset = changesets(:normal_user_first_change) new_changeset = changeset.to_xml @@ -1701,7 +1704,7 @@ EOF # check that a changeset can contain a certain max number of changes. ## FIXME should be changed to an integration test due to the with_controller def test_changeset_limits - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" # open a new changeset content "" @@ -1989,9 +1992,15 @@ EOF end assert_response :success + changeset = changesets(:normal_user_subscribed_change) + changeset.subscribers.push(users(:normal_user)) + changeset.subscribers.push(users(:public_user)) + changeset.subscribers.push(users(:suspended_user)) + changeset.subscribers.push(users(:deleted_user)) + assert_difference "ChangesetComment.count", 1 do assert_difference "ActionMailer::Base.deliveries.size", 1 do - post :comment, :id => changesets(:normal_user_subscribed_change).id, :text => "This is a comment" + post :comment, :id => changeset.id, :text => "This is a comment" end end assert_response :success @@ -2007,7 +2016,7 @@ EOF assert_difference "ChangesetComment.count", 1 do assert_difference "ActionMailer::Base.deliveries.size", 2 do - post :comment, :id => changesets(:normal_user_subscribed_change).id, :text => "This is a comment" + post :comment, :id => changeset.id, :text => "This is a comment" end end assert_response :success @@ -2032,7 +2041,7 @@ EOF post :comment, :id => changesets(:normal_user_closed_change).id, :text => "This is a comment" assert_response :unauthorized - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # bad changeset id assert_no_difference "ChangesetComment.count" do @@ -2062,7 +2071,7 @@ EOF ## # test subscribe success def test_subscribe_success - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") changeset = changesets(:normal_user_closed_change) assert_difference "changeset.subscribers.count", 1 do @@ -2074,6 +2083,8 @@ EOF ## # test subscribe fail def test_subscribe_fail + user = create(:user) + # unauthorized changeset = changesets(:normal_user_closed_change) assert_no_difference "changeset.subscribers.count" do @@ -2081,7 +2092,7 @@ EOF end assert_response :unauthorized - basic_authorization(users(:public_user).email, "test") + basic_authorization(user.email, "test") # bad changeset id assert_no_difference "changeset.subscribers.count" do @@ -2098,6 +2109,7 @@ EOF # trying to subscribe when already subscribed changeset = changesets(:normal_user_subscribed_change) + changeset.subscribers.push(user) assert_no_difference "changeset.subscribers.count" do post :subscribe, :id => changeset.id end @@ -2107,8 +2119,10 @@ EOF ## # test unsubscribe success def test_unsubscribe_success - basic_authorization(users(:public_user).email, "test") + user = create(:user) + basic_authorization(user.email, "test") changeset = changesets(:normal_user_subscribed_change) + changeset.subscribers.push(user) assert_difference "changeset.subscribers.count", -1 do post :unsubscribe, :id => changeset.id @@ -2126,7 +2140,7 @@ EOF end assert_response :unauthorized - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # bad changeset id assert_no_difference "changeset.subscribers.count" do @@ -2153,21 +2167,21 @@ EOF # test hide comment fail def test_hide_comment_fail # unauthorized - comment = changeset_comments(:normal_comment_1) + comment = create(:changeset_comment) assert_equal true, comment.visible post :hide_comment, :id => comment.id assert_response :unauthorized assert_equal true, comment.reload.visible - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # not a moderator post :hide_comment, :id => comment.id assert_response :forbidden assert_equal true, comment.reload.visible - basic_authorization(users(:moderator_user).email, "test") + basic_authorization(create(:moderator_user).email, "test") # bad comment id post :hide_comment, :id => 999111 @@ -2178,10 +2192,10 @@ EOF ## # test hide comment succes def test_hide_comment_success - comment = changeset_comments(:normal_comment_1) + comment = create(:changeset_comment) assert_equal true, comment.visible - basic_authorization(users(:moderator_user).email, "test") + basic_authorization(create(:moderator_user).email, "test") post :hide_comment, :id => comment.id assert_response :success @@ -2192,21 +2206,21 @@ EOF # test unhide comment fail def test_unhide_comment_fail # unauthorized - comment = changeset_comments(:hidden_comment) + comment = create(:changeset_comment, :visible => false) assert_equal false, comment.visible post :unhide_comment, :id => comment.id assert_response :unauthorized assert_equal false, comment.reload.visible - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # not a moderator post :unhide_comment, :id => comment.id assert_response :forbidden assert_equal false, comment.reload.visible - basic_authorization(users(:moderator_user).email, "test") + basic_authorization(create(:moderator_user).email, "test") # bad comment id post :unhide_comment, :id => 999111 @@ -2217,10 +2231,10 @@ EOF ## # test unhide comment succes def test_unhide_comment_success - comment = changeset_comments(:hidden_comment) + comment = create(:changeset_comment, :visible => false) assert_equal false, comment.visible - basic_authorization(users(:moderator_user).email, "test") + basic_authorization(create(:moderator_user).email, "test") post :unhide_comment, :id => comment.id assert_response :success @@ -2230,6 +2244,8 @@ EOF ## # test comments feed def test_comments_feed + create_list(:changeset_comment, 3, :changeset_id => changesets(:normal_user_closed_change).id) + get :comments_feed, :format => "rss" assert_response :success assert_equal "application/rss+xml", @response.content_type