Add functional tests for the user_roles controller

diff --git a/app/controllers/user_roles_controller.rb b/app/controllers/user_roles_controller.rb
index cb0425f3237b04d582e10fbc2e302aed51e01ae9..11a1dc41ee28f5c692f1055276f9482ad6785787 100644 (file)
--- a/app/controllers/user_roles_controller.rb
+++ b/app/controllers/user_roles_controller.rb
@@ -22,6 +22,9 @@ class UserRolesController < ApplicationController
   end
 
   private
   end
 
   private

+  ##
+  # require that the user is an administrator, or fill out a helpful error message
+  # and return them to theuser page.

   def require_administrator
     unless @user.administrator?
       flash[:error] = t'user_role.filter.not_an_administrator'
   def require_administrator
     unless @user.administrator?
       flash[:error] = t'user_role.filter.not_an_administrator'


@@ -32,9 +35,10 @@ class UserRolesController < ApplicationController
   ##
   # ensure that there is a "this_user" instance variable
   def lookup_this_user
   ##
   # ensure that there is a "this_user" instance variable
   def lookup_this_user

-    @this_user = User.find_by_display_name(params[:display_name])
-  rescue ActiveRecord::RecordNotFound
-    redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] unless @this_user
+    unless @this_user = User.find_by_display_name(params[:display_name])
+      @not_found_user = params[:display_name]
+      render :template => 'user/no_such_user', :status => :not_found
+    end

   end
 
   ##
   end
 
   ##

diff --git a/test/fixtures/user_roles.yml b/test/fixtures/user_roles.yml
index 113d1627e04f9d9627d6dbce32ccaf6f3ff3f5fd..980d5e89c0fa547b71cca921ffd371d0f288eb25 100644 (file)
--- a/test/fixtures/user_roles.yml
+++ b/test/fixtures/user_roles.yml
@@ -14,3 +14,13 @@ second_moderator:
   user_id: 15
   role: moderator
   granter_id: 6
   user_id: 15
   role: moderator
   granter_id: 6

+
+super_moderator:
+  user_id: 16
+  role: moderator
+  granter_id: 6
+
+super_administrator:
+  user_id: 16
+  role: administrator
+  granter_id: 6

diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
index de99c00b5664867666691e0ea964d85186d96356..c1b7244cb71951e5008d18bbe1de31f401f0d34a 100644 (file)
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@@ -200,3 +200,15 @@ second_moderator_user:
   terms_agreed: "2010-01-01 11:22:33"
   terms_seen: true
   languages: en
   terms_agreed: "2010-01-01 11:22:33"
   terms_seen: true
   languages: en

+
+super_user:
+  id: 16
+  email: super@example.com
+  status: active
+  pass_crypt: <%= Digest::MD5.hexdigest('test') %>
+  creation_time: "2008-05-01 01:23:45"
+  display_name: super
+  data_public: true
+  terms_agreed: "2010-01-01 11:22:33"
+  terms_seen: true
+  languages: en

diff --git a/test/functional/user_roles_controller_test.rb b/test/functional/user_roles_controller_test.rb
index e89230a7f58e86b5483df28b9074f2b9d58bbd6b..ed5d1a17d0302826b8d8dd3fee5e0f8cfbdd7fcf 100644 (file)
--- a/test/functional/user_roles_controller_test.rb
+++ b/test/functional/user_roles_controller_test.rb
@@ -1,6 +1,8 @@
 require File.dirname(__FILE__) + '/../test_helper'
 
 class UserRolesControllerTest < ActionController::TestCase
 require File.dirname(__FILE__) + '/../test_helper'
 
 class UserRolesControllerTest < ActionController::TestCase

+  fixtures :users, :user_roles
+

   ##
   # test all routes which lead to this controller
   def test_routes
   ##
   # test all routes which lead to this controller
   def test_routes


@@ -13,4 +15,124 @@ class UserRolesControllerTest < ActionController::TestCase
       { :controller => "user_roles", :action => "revoke", :display_name => "username", :role => "rolename" }
     )
   end
       { :controller => "user_roles", :action => "revoke", :display_name => "username", :role => "rolename" }
     )
   end

+
+  ##
+  # test the grant action
+  def test_grant
+    # Granting should fail when not logged in
+    post :grant, :display_name => users(:normal_user).display_name, :role => "moderator"
+    assert_response :forbidden
+
+    # Login as an unprivileged user
+    session[:user] = users(:public_user).id
+    cookies["_osm_username"] = users(:public_user).display_name
+
+    # Granting should still fail
+    post :grant, :display_name => users(:normal_user).display_name, :role => "moderator"
+    assert_redirected_to user_path(users(:normal_user).display_name)
+    assert_equal "Only administrators can perform user role management, and you are not an administrator.", flash[:error]
+
+    # Login as an administrator
+    session[:user] = users(:administrator_user).id
+    cookies["_osm_username"] = users(:administrator_user).display_name
+
+    UserRole::ALL_ROLES.each do |role|
+
+      # Granting a role to a non-existent user should fail
+      assert_difference "UserRole.count", 0 do
+        post :grant, :display_name => "non_existent_user", :role => role
+      end
+      assert_response :not_found
+      assert_template "user/no_such_user"
+      assert_select "h2", "The user non_existent_user does not exist"
+
+      # Granting a role from a user that already has it should fail
+      assert_no_difference "UserRole.count" do
+        post :grant, :display_name => users(:super_user).display_name, :role => role
+      end
+      assert_redirected_to user_path(users(:super_user).display_name)
+      assert_equal "The user already has role #{role}.", flash[:error]
+
+      # Granting a role to a user that doesn't have it should work...
+      assert_difference "UserRole.count", 1 do
+        post :grant, :display_name => users(:normal_user).display_name, :role => role
+      end
+      assert_redirected_to user_path(users(:normal_user).display_name)
+
+      # ...but trying a second time should fail
+      assert_no_difference "UserRole.count" do
+        post :grant, :display_name => users(:normal_user).display_name, :role => role
+      end
+      assert_redirected_to user_path(users(:normal_user).display_name)
+      assert_equal "The user already has role #{role}.", flash[:error]
+
+    end
+
+    # Granting a non-existent role should fail
+    assert_difference "UserRole.count", 0 do
+      post :grant, :display_name => users(:normal_user).display_name, :role => "no_such_role"
+    end
+    assert_redirected_to user_path(users(:normal_user).display_name)
+    assert_equal "The string `no_such_role' is not a valid role.", flash[:error]
+  end
+
+  ##
+  # test the revoke action
+  def test_revoke
+    # Revoking should fail when not logged in
+    post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator"
+    assert_response :forbidden
+
+    # Login as an unprivileged user
+    session[:user] = users(:public_user).id
+    cookies["_osm_username"] = users(:public_user).display_name
+
+    # Revoking should still fail
+    post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator"
+    assert_redirected_to user_path(users(:normal_user).display_name)
+    assert_equal "Only administrators can perform user role management, and you are not an administrator.", flash[:error]
+
+    # Login as an administrator
+    session[:user] = users(:administrator_user).id
+    cookies["_osm_username"] = users(:administrator_user).display_name
+
+    UserRole::ALL_ROLES.each do |role|
+
+      # Removing a role from a non-existent user should fail
+      assert_difference "UserRole.count", 0 do
+        post :revoke, :display_name => "non_existent_user", :role => role
+      end
+      assert_response :not_found
+      assert_template "user/no_such_user"
+      assert_select "h2", "The user non_existent_user does not exist"
+
+      # Removing a role from a user that doesn't have it should fail
+      assert_no_difference "UserRole.count" do
+        post :revoke, :display_name => users(:normal_user).display_name, :role => role
+      end
+      assert_redirected_to user_path(users(:normal_user).display_name)
+      assert_equal "The user does not have role #{role}.", flash[:error]
+
+      # Removing a role' from a user that has it should work...
+      assert_difference "UserRole.count", -1 do
+        post :revoke, :display_name => users(:super_user).display_name, :role => role
+      end
+      assert_redirected_to user_path(users(:super_user).display_name)
+
+      # ...but trying a second time should fail
+      assert_no_difference "UserRole.count" do
+        post :revoke, :display_name => users(:super_user).display_name, :role => role
+      end
+      assert_redirected_to user_path(users(:super_user).display_name)
+      assert_equal "The user does not have role #{role}.", flash[:error]
+
+    end
+
+    # Revoking a non-existent role should fail
+    assert_difference "UserRole.count", 0 do
+      post :revoke, :display_name => users(:normal_user).display_name, :role => "no_such_role"
+    end
+    assert_redirected_to user_path(users(:normal_user).display_name)
+    assert_equal "The string `no_such_role' is not a valid role.", flash[:error]
+  end

 end
 end

diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index bc0b7573b2527aae482c3757abb36343c261d89d..9f04bd1d6ec5ff7e31e15e9538d4efae7c338930 100644 (file)
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -155,7 +155,7 @@ class UserTest < ActiveSupport::TestCase
   end
 
   def test_visible
   end
 
   def test_visible

-    assert_equal 13, User.visible.count
+    assert_equal 14, User.visible.count

     assert_raise ActiveRecord::RecordNotFound do
       User.visible.find(users(:suspended_user).id)
     end
     assert_raise ActiveRecord::RecordNotFound do
       User.visible.find(users(:suspended_user).id)
     end


@@ -165,7 +165,7 @@ class UserTest < ActiveSupport::TestCase
   end
 
   def test_active
   end
 
   def test_active

-    assert_equal 12, User.active.count
+    assert_equal 13, User.active.count

     assert_raise ActiveRecord::RecordNotFound do
       User.active.find(users(:inactive_user).id)
     end
     assert_raise ActiveRecord::RecordNotFound do
       User.active.find(users(:inactive_user).id)
     end


@@ -178,7 +178,7 @@ class UserTest < ActiveSupport::TestCase
   end
 
   def test_public
   end
 
   def test_public

-    assert_equal 14, User.public.count
+    assert_equal 15, User.public.count

     assert_raise ActiveRecord::RecordNotFound do
       User.public.find(users(:normal_user).id)
     end
     assert_raise ActiveRecord::RecordNotFound do
       User.public.find(users(:normal_user).id)
     end