X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/e79fd0763854f8cf41aefd7364c6bdf476280811..9ca382605c3dd9e102a1a78596a59a12dccbc8c8:/test/functional/relation_controller_test.rb diff --git a/test/functional/relation_controller_test.rb b/test/functional/relation_controller_test.rb index d44490036..994235399 100644 --- a/test/functional/relation_controller_test.rb +++ b/test/functional/relation_controller_test.rb @@ -4,14 +4,6 @@ require 'relation_controller' class RelationControllerTest < ActionController::TestCase api_fixtures - def basic_authorization(user, pass) - @request.env["HTTP_AUTHORIZATION"] = "Basic %s" % Base64.encode64("#{user}:#{pass}") - end - - def content(c) - @request.env["RAW_POST_DATA"] = c.to_s - end - # ------------------------------------- # Test reading relations. # ------------------------------------- @@ -85,11 +77,63 @@ class RelationControllerTest < ActionController::TestCase # ------------------------------------- def test_create - basic_authorization "test@openstreetmap.org", "test" + basic_authorization users(:normal_user).email, "test" # put the relation in a dummy fixture changset changeset_id = changesets(:normal_user_first_change).id + # create an relation without members + content "" + put :create + # hope for forbidden, due to user + assert_response :forbidden, + "relation upload should have failed with forbidden" + + ### + # create an relation with a node as member + # This time try with a role attribute in the relation + nid = current_nodes(:used_node_1).id + content "" + + "" + + "" + put :create + # hope for forbidden due to user + assert_response :forbidden, + "relation upload did not return forbidden status" + + ### + # create an relation with a node as member, this time test that we don't + # need a role attribute to be included + nid = current_nodes(:used_node_1).id + content "" + + ""+ + "" + put :create + # hope for forbidden due to user + assert_response :forbidden, + "relation upload did not return forbidden status" + + ### + # create an relation with a way and a node as members + nid = current_nodes(:used_node_1).id + wid = current_ways(:used_way).id + content "" + + "" + + "" + + "" + put :create + # hope for forbidden, due to user + assert_response :forbidden, + "relation upload did not return success status" + + + + ## Now try with the public user + basic_authorization users(:public_user).email, "test" + + # put the relation in a dummy fixture changset + changeset_id = changesets(:public_user_first_change).id + # create an relation without members content "" put :create @@ -108,7 +152,7 @@ class RelationControllerTest < ActionController::TestCase "saved relation does not contain exactly one tag" assert_equal changeset_id, checkrelation.changeset.id, "saved relation does not belong in the changeset it was assigned to" - assert_equal users(:normal_user).id, checkrelation.changeset.user_id, + assert_equal users(:public_user).id, checkrelation.changeset.user_id, "saved relation does not belong to user that created it" assert_equal true, checkrelation.visible, "saved relation is not visible" @@ -117,10 +161,12 @@ class RelationControllerTest < ActionController::TestCase assert_response :success + ### # create an relation with a node as member + # This time try with a role attribute in the relation nid = current_nodes(:used_node_1).id content "" + - "" + + "" + "" put :create # hope for success @@ -138,7 +184,40 @@ class RelationControllerTest < ActionController::TestCase "saved relation does not contain exactly one tag" assert_equal changeset_id, checkrelation.changeset.id, "saved relation does not belong in the changeset it was assigned to" - assert_equal users(:normal_user).id, checkrelation.changeset.user_id, + assert_equal users(:public_user).id, checkrelation.changeset.user_id, + "saved relation does not belong to user that created it" + assert_equal true, checkrelation.visible, + "saved relation is not visible" + # ok the relation is there but can we also retrieve it? + + get :read, :id => relationid + assert_response :success + + + ### + # create an relation with a node as member, this time test that we don't + # need a role attribute to be included + nid = current_nodes(:used_node_1).id + content "" + + ""+ + "" + put :create + # hope for success + assert_response :success, + "relation upload did not return success status" + # read id of created relation and search for it + relationid = @response.body + checkrelation = Relation.find(relationid) + assert_not_nil checkrelation, + "uploaded relation not found in data base after upload" + # compare values + assert_equal checkrelation.members.length, 1, + "saved relation does not contain exactly one member" + assert_equal checkrelation.tags.length, 1, + "saved relation does not contain exactly one tag" + assert_equal changeset_id, checkrelation.changeset.id, + "saved relation does not belong in the changeset it was assigned to" + assert_equal users(:public_user).id, checkrelation.changeset.user_id, "saved relation does not belong to user that created it" assert_equal true, checkrelation.visible, "saved relation is not visible" @@ -147,6 +226,7 @@ class RelationControllerTest < ActionController::TestCase get :read, :id => relationid assert_response :success + ### # create an relation with a way and a node as members nid = current_nodes(:used_node_1).id wid = current_ways(:used_way).id @@ -170,7 +250,7 @@ class RelationControllerTest < ActionController::TestCase "saved relation does not contain exactly one tag" assert_equal changeset_id, checkrelation.changeset.id, "saved relation does not belong in the changeset it was assigned to" - assert_equal users(:normal_user).id, checkrelation.changeset.user_id, + assert_equal users(:public_user).id, checkrelation.changeset.user_id, "saved relation does not belong to user that created it" assert_equal true, checkrelation.visible, "saved relation is not visible" @@ -180,6 +260,68 @@ class RelationControllerTest < ActionController::TestCase end + # ------------------------------------ + # Test updating relations + # ------------------------------------ + + ## + # test that, when tags are updated on a relation, the correct things + # happen to the correct tables and the API gives sensible results. + # this is to test a case that gregory marler noticed and posted to + # josm-dev. + def test_update_relation_tags + basic_authorization "test@example.com", "test" + rel_id = current_relations(:multi_tag_relation).id + cs_id = changesets(:public_user_first_change).id + + with_relation(rel_id) do |rel| + # alter one of the tags + tag = rel.find("//osm/relation/tag").first + tag['v'] = 'some changed value' + update_changeset(rel, cs_id) + + # check that the downloaded tags are the same as the uploaded tags... + new_version = with_update(rel) do |new_rel| + assert_tags_equal rel, new_rel + end + + # check the original one in the current_* table again + with_relation(rel_id) { |r| assert_tags_equal rel, r } + + # now check the version in the history + with_relation(rel_id, new_version) { |r| assert_tags_equal rel, r } + end + end + + ## + # test that, when tags are updated on a relation when using the diff + # upload function, the correct things happen to the correct tables + # and the API gives sensible results. this is to test a case that + # gregory marler noticed and posted to josm-dev. + def test_update_relation_tags_via_upload + basic_authorization "test@example.com", "test" + rel_id = current_relations(:multi_tag_relation).id + cs_id = changesets(:public_user_first_change).id + + with_relation(rel_id) do |rel| + # alter one of the tags + tag = rel.find("//osm/relation/tag").first + tag['v'] = 'some changed value' + update_changeset(rel, cs_id) + + # check that the downloaded tags are the same as the uploaded tags... + new_version = with_update_diff(rel) do |new_rel| + assert_tags_equal rel, new_rel + end + + # check the original one in the current_* table again + with_relation(rel_id) { |r| assert_tags_equal rel, r } + + # now check the version in the history + with_relation(rel_id, new_version) { |r| assert_tags_equal rel, r } + end + end + # ------------------------------------- # Test creating some invalid relations. # ------------------------------------- @@ -200,6 +342,27 @@ class RelationControllerTest < ActionController::TestCase "relation upload with invalid node did not return 'precondition failed'" end + # ------------------------------------- + # Test creating a relation, with some invalid XML + # ------------------------------------- + def test_create_invalid_xml + basic_authorization "test@openstreetmap.org", "test" + + # put the relation in a dummy fixture changeset that works + changeset_id = changesets(:normal_user_first_change).id + + # create some xml that should return an error + content "" + + "" + + "" + put :create + # expect failure + assert_response :bad_request + assert_match(/Cannot parse valid relation from xml string/, @response.body) + assert_match(/The type is not allowed only, /, @response.body) + end + + # ------------------------------------- # Test deleting relations. # ------------------------------------- @@ -208,9 +371,59 @@ class RelationControllerTest < ActionController::TestCase # first try to delete relation without auth delete :delete, :id => current_relations(:visible_relation).id assert_response :unauthorized + + ## First try with the private user, to make sure that you get a forbidden + basic_authorization(users(:normal_user).email, "test") + + # this shouldn't work, as we should need the payload... + delete :delete, :id => current_relations(:visible_relation).id + assert_response :forbidden - # now set auth - basic_authorization("test@openstreetmap.org", "test"); + # try to delete without specifying a changeset + content "" + delete :delete, :id => current_relations(:visible_relation).id + assert_response :forbidden + + # try to delete with an invalid (closed) changeset + content update_changeset(current_relations(:visible_relation).to_xml, + changesets(:normal_user_closed_change).id) + delete :delete, :id => current_relations(:visible_relation).id + assert_response :forbidden + + # try to delete with an invalid (non-existent) changeset + content update_changeset(current_relations(:visible_relation).to_xml,0) + delete :delete, :id => current_relations(:visible_relation).id + assert_response :forbidden + + # this won't work because the relation is in-use by another relation + content(relations(:used_relation).to_xml) + delete :delete, :id => current_relations(:used_relation).id + assert_response :forbidden + + # this should work when we provide the appropriate payload... + content(relations(:visible_relation).to_xml) + delete :delete, :id => current_relations(:visible_relation).id + assert_response :forbidden + + # this won't work since the relation is already deleted + content(relations(:invisible_relation).to_xml) + delete :delete, :id => current_relations(:invisible_relation).id + assert_response :forbidden + + # this works now because the relation which was using this one + # has been deleted. + content(relations(:used_relation).to_xml) + delete :delete, :id => current_relations(:used_relation).id + assert_response :forbidden + + # this won't work since the relation never existed + delete :delete, :id => 0 + assert_response :forbidden + + + + # now set auth for the private user + basic_authorization(users(:public_user).email, "test"); # this shouldn't work, as we should need the payload... delete :delete, :id => current_relations(:visible_relation).id @@ -219,7 +432,8 @@ class RelationControllerTest < ActionController::TestCase # try to delete without specifying a changeset content "" delete :delete, :id => current_relations(:visible_relation).id - assert_response :conflict + assert_response :bad_request + assert_match(/You are missing the required changeset in the relation/, @response.body) # try to delete with an invalid (closed) changeset content update_changeset(current_relations(:visible_relation).to_xml, @@ -232,15 +446,27 @@ class RelationControllerTest < ActionController::TestCase delete :delete, :id => current_relations(:visible_relation).id assert_response :conflict - # this won't work because the relation is in-use by another relation + # this won't work because the relation is in a changeset owned by someone else content(relations(:used_relation).to_xml) delete :delete, :id => current_relations(:used_relation).id + assert_response :conflict, + "shouldn't be able to delete a relation in a changeset owned by someone else (#{@response.body})" + + # this won't work because the relation in the payload is different to that passed + content(relations(:public_used_relation).to_xml) + delete :delete, :id => current_relations(:used_relation).id + assert_not_equal relations(:public_used_relation).id, current_relations(:used_relation).id + assert_response :bad_request, "shouldn't be able to delete a relation when payload is different to the url" + + # this won't work because the relation is in-use by another relation + content(relations(:public_used_relation).to_xml) + delete :delete, :id => current_relations(:public_used_relation).id assert_response :precondition_failed, "shouldn't be able to delete a relation used in a relation (#{@response.body})" # this should work when we provide the appropriate payload... - content(relations(:visible_relation).to_xml) - delete :delete, :id => current_relations(:visible_relation).id + content(relations(:multi_tag_relation).to_xml) + delete :delete, :id => current_relations(:multi_tag_relation).id assert_response :success # valid delete should return the new version number, which should @@ -255,8 +481,8 @@ class RelationControllerTest < ActionController::TestCase # this works now because the relation which was using this one # has been deleted. - content(relations(:used_relation).to_xml) - delete :delete, :id => current_relations(:used_relation).id + content(relations(:public_used_relation).to_xml) + delete :delete, :id => current_relations(:public_used_relation).id assert_response :success, "should be able to delete a relation used in an old relation (#{@response.body})" @@ -338,11 +564,11 @@ class RelationControllerTest < ActionController::TestCase ## # check that relations are ordered def test_relation_member_ordering - basic_authorization("test@openstreetmap.org", "test"); - + basic_authorization(users(:public_user).email, "test") + doc_str = < - + @@ -387,11 +613,32 @@ OSM ## # check that relations can contain duplicate members def test_relation_member_duplicates - basic_authorization("test@openstreetmap.org", "test"); + ## First try with the private user + basic_authorization(users(:normal_user).email, "test"); + + doc_str = < + + + + + + + +OSM + doc = XML::Parser.string(doc_str).parse + + content doc + put :create + assert_response :forbidden + + + ## Now try with the public user + basic_authorization(users(:public_user).email, "test"); doc_str = < - + @@ -439,8 +686,21 @@ OSM # create a changeset and yield to the caller to set it up, then assert # that the changeset bounding box is +bbox+. def check_changeset_modify(bbox) - basic_authorization("test@openstreetmap.org", "test"); + ## First test with the private user to check that you get a forbidden + basic_authorization(users(:normal_user).email, "test"); + + # create a new changeset for this operation, so we are assured + # that the bounding box will be newly-generated. + changeset_id = with_controller(ChangesetController.new) do + content "" + put :create + assert_response :forbidden, "shouldn't be able to create changeset for modify test, as should get forbidden" + end + + ## Now do the whole thing with the public user + basic_authorization(users(:public_user).email, "test") + # create a new changeset for this operation, so we are assured # that the bounding box will be newly-generated. changeset_id = with_controller(ChangesetController.new) do @@ -466,6 +726,101 @@ OSM end end + ## + # yields the relation with the given +id+ (and optional +version+ + # to read from the history tables) into the block. the parsed XML + # doc is returned. + def with_relation(id, ver = nil) + if ver.nil? + get :read, :id => id + else + with_controller(OldRelationController.new) do + get :version, :id => id, :version => ver + end + end + assert_response :success + yield xml_parse(@response.body) + end + + ## + # updates the relation (XML) +rel+ and + # yields the new version of that relation into the block. + # the parsed XML doc is retured. + def with_update(rel) + rel_id = rel.find("//osm/relation").first["id"].to_i + content rel + put :update, :id => rel_id + assert_response :success, "can't update relation: #{@response.body}" + version = @response.body.to_i + + # now get the new version + get :read, :id => rel_id + assert_response :success + new_rel = xml_parse(@response.body) + + yield new_rel + + return version + end + + ## + # updates the relation (XML) +rel+ via the diff-upload API and + # yields the new version of that relation into the block. + # the parsed XML doc is retured. + def with_update_diff(rel) + rel_id = rel.find("//osm/relation").first["id"].to_i + cs_id = rel.find("//osm/relation").first['changeset'].to_i + version = nil + + with_controller(ChangesetController.new) do + doc = OSM::API.new.get_xml_doc + change = XML::Node.new 'osmChange' + doc.root = change + modify = XML::Node.new 'modify' + change << modify + modify << doc.import(rel.find("//osm/relation").first) + + content doc.to_s + post :upload, :id => cs_id + assert_response :success, "can't upload diff relation: #{@response.body}" + version = xml_parse(@response.body).find("//diffResult/relation").first["new_version"].to_i + end + + # now get the new version + get :read, :id => rel_id + assert_response :success + new_rel = xml_parse(@response.body) + + yield new_rel + + return version + end + + ## + # returns a k->v hash of tags from an xml doc + def get_tags_as_hash(a) + a.find("//osm/relation/tag").inject({}) do |h,v| + h[v['k']] = v['v'] + h + end + end + + ## + # assert that all tags on relation documents +a+ and +b+ + # are equal + def assert_tags_equal(a, b) + # turn the XML doc into tags hashes + a_tags = get_tags_as_hash(a) + b_tags = get_tags_as_hash(b) + + assert_equal a_tags.keys, b_tags.keys, "Tag keys should be identical." + a_tags.each do |k, v| + assert_equal v, b_tags[k], + "Tags which were not altered should be the same. " + + "#{a_tags.inspect} != #{b_tags.inspect}" + end + end + ## # update the changeset_id of a node element def update_changeset(xml, changeset_id) @@ -482,8 +837,7 @@ OSM ## # parse some xml def xml_parse(xml) - parser = XML::Parser.new - parser.string = xml + parser = XML::Parser.string(xml) parser.parse end end