This was a temporary hack to workaround issues with sessions getting
mixed up at the time of the rails 3.1 upgrade, but logs indicate that
whatever the original problem was it is no longer occurring.
if session[:user]
@user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
if session[:user]
@user = User.where(:id => session[:user]).where("status IN ('active', 'confirmed', 'suspended')").first
- if @user.display_name != cookies["_osm_username"]
- logger.info "Session user '#{@user.display_name}' does not match cookie user '#{cookies['_osm_username']}'"
- reset_session
- @user = nil
- elsif @user.status == "suspended"
+ if @user.status == "suspended"
session.delete(:user)
session_expires_automatically
session.delete(:user)
session_expires_automatically
before_filter :authorize_web, :except => [:api_read, :api_details, :api_gpx_files]
before_filter :set_locale, :except => [:api_read, :api_details, :api_gpx_files]
before_filter :require_user, :only => [:account, :go_public, :make_friend, :remove_friend]
before_filter :authorize_web, :except => [:api_read, :api_details, :api_gpx_files]
before_filter :set_locale, :except => [:api_read, :api_details, :api_gpx_files]
before_filter :require_user, :only => [:account, :go_public, :make_friend, :remove_friend]
+ before_filter :require_self, :only => [:account]
before_filter :check_database_readable, :except => [:login, :api_read, :api_details, :api_gpx_files]
before_filter :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public, :make_friend, :remove_friend]
before_filter :check_api_readable, :only => [:api_read, :api_details, :api_gpx_files]
before_filter :check_database_readable, :except => [:login, :api_read, :api_details, :api_gpx_files]
before_filter :check_database_writable, :only => [:new, :account, :confirm, :confirm_email, :lost_password, :reset_password, :go_public, :make_friend, :remove_friend]
before_filter :check_api_readable, :only => [:api_read, :api_details, :api_gpx_files]
token.destroy
session[:user] = user.id
token.destroy
session[:user] = user.id
- cookies.permanent["_osm_username"] = user.display_name
redirect_to referer || welcome_path
end
redirect_to referer || welcome_path
end
end
token.destroy
session[:user] = @user.id
end
token.destroy
session[:user] = @user.id
- cookies.permanent["_osm_username"] = @user.display_name
redirect_to :action => 'account', :display_name => @user.display_name
else
flash[:error] = t 'user.confirm_email.failure'
redirect_to :action => 'account', :display_name => @user.display_name
else
flash[:error] = t 'user.confirm_email.failure'
##
# process a successful login
def successful_login(user)
##
# process a successful login
def successful_login(user)
- cookies.permanent["_osm_username"] = user.display_name
-
session[:user] = user.id
session_expires_after 28.days if session[:remember_me]
session[:user] = user.id
session_expires_after 28.days if session[:remember_me]
- cookies.permanent["_osm_username"] = user.display_name
-
if user.new_email.blank? or user.new_email == user.email
flash.now[:notice] = t 'user.account.flash update success'
else
if user.new_email.blank? or user.new_email == user.email
flash.now[:notice] = t 'user.account.flash update success'
else
+ ##
+ # require that the user in the URL is the logged in user
+ def require_self
+ if params[:display_name] != @user.display_name
+ render :text => "", :status => :forbidden
+ end
+ end
+
##
# ensure that there is a "this_user" instance variable
def lookup_user_by_id
##
# ensure that there is a "this_user" instance variable
def lookup_user_by_id
end
def test_showing_new_diary_entry
end
def test_showing_new_diary_entry
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
get :new
assert_response :redirect
assert_redirected_to :controller => :user, :action => "login", :referer => "/diary/new"
get :new
assert_response :redirect
assert_redirected_to :controller => :user, :action => "login", :referer => "/diary/new"
end
def test_editing_diary_entry
end
def test_editing_diary_entry
- @request.cookies["_osm_username"] = users(:normal_user).display_name
entry = diary_entries(:normal_user_entry_1)
# Make sure that you are redirected to the login page when you are
entry = diary_entries(:normal_user_entry_1)
# Make sure that you are redirected to the login page when you are
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# and when not logged in as the user who wrote the entry
get :view, {:display_name => entry.user.display_name, :id => entry.id}, {'user' => entry.user.id}
assert_response :success
# and when not logged in as the user who wrote the entry
get :view, {:display_name => entry.user.display_name, :id => entry.id}, {'user' => entry.user.id}
assert_response :success
end
def test_edit_diary_entry_i18n
end
def test_edit_diary_entry_i18n
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
get :edit, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {'user' => users(:normal_user).id}
assert_response :success
assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry"
end
def test_create_diary_entry
get :edit, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {'user' => users(:normal_user).id}
assert_response :success
assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry"
end
def test_create_diary_entry
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Make sure that you are redirected to the login page when you
# are not logged in
get :new
# Make sure that you are redirected to the login page when you
# are not logged in
get :new
end
def test_creating_diary_comment
end
def test_creating_diary_comment
- @request.cookies["_osm_username"] = users(:public_user).display_name
entry = diary_entries(:normal_user_entry_1)
# Make sure that you are denied when you are not logged in
entry = diary_entries(:normal_user_entry_1)
# Make sure that you are denied when you are not logged in
assert_response :forbidden
assert_equal true, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
assert_response :forbidden
assert_equal true, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Now try as a normal user
post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id
assert_equal true, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
# Now try as a normal user
post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id
assert_equal true, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
- @request.cookies["_osm_username"] = users(:administrator_user).display_name
-
# Finally try as an administrator
post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {:user => users(:administrator_user).id}
assert_response :redirect
# Finally try as an administrator
post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {:user => users(:administrator_user).id}
assert_response :redirect
assert_response :forbidden
assert_equal true, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
assert_response :forbidden
assert_equal true, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Now try as a normal user
post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id
assert_equal true, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
# Now try as a normal user
post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id
assert_equal true, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
- @request.cookies["_osm_username"] = users(:administrator_user).display_name
-
# Finally try as an administrator
post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}, {:user => users(:administrator_user).id}
assert_response :redirect
# Finally try as an administrator
post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}, {:user => users(:administrator_user).id}
assert_response :redirect
# Login as a normal user
session[:user] = users(:normal_user).id
# Login as a normal user
session[:user] = users(:normal_user).id
- cookies["_osm_username"] = users(:normal_user).display_name
# Check that the new message page loads
get :new, :display_name => users(:public_user).display_name
# Check that the new message page loads
get :new, :display_name => users(:public_user).display_name
# Login as the wrong user
session[:user] = users(:second_public_user).id
# Login as the wrong user
session[:user] = users(:second_public_user).id
- cookies["_osm_username"] = users(:second_public_user).display_name
# Check that we can't reply to somebody else's message
get :reply, :message_id => messages(:unread_message).id
# Check that we can't reply to somebody else's message
get :reply, :message_id => messages(:unread_message).id
# Login as the right user
session[:user] = users(:public_user).id
# Login as the right user
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
# Check that the message reply page loads
get :reply, :message_id => messages(:unread_message).id
# Check that the message reply page loads
get :reply, :message_id => messages(:unread_message).id
# Login as the wrong user
session[:user] = users(:second_public_user).id
# Login as the wrong user
session[:user] = users(:second_public_user).id
- cookies["_osm_username"] = users(:second_public_user).display_name
# Check that we can't read the message
get :read, :message_id => messages(:unread_message).id
# Check that we can't read the message
get :read, :message_id => messages(:unread_message).id
# Login as the message sender
session[:user] = users(:normal_user).id
# Login as the message sender
session[:user] = users(:normal_user).id
- cookies["_osm_username"] = users(:normal_user).display_name
# Check that the message sender can read the message
get :read, :message_id => messages(:unread_message).id
# Check that the message sender can read the message
get :read, :message_id => messages(:unread_message).id
# Login as the message recipient
session[:user] = users(:public_user).id
# Login as the message recipient
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
# Check that the message recipient can read the message
get :read, :message_id => messages(:unread_message).id
# Check that the message recipient can read the message
get :read, :message_id => messages(:unread_message).id
# Login
session[:user] = users(:normal_user).id
# Login
session[:user] = users(:normal_user).id
- cookies["_osm_username"] = users(:normal_user).display_name
# Check that we can view our inbox when logged in
get :inbox, :display_name => users(:normal_user).display_name
# Check that we can view our inbox when logged in
get :inbox, :display_name => users(:normal_user).display_name
# Login
session[:user] = users(:normal_user).id
# Login
session[:user] = users(:normal_user).id
- cookies["_osm_username"] = users(:normal_user).display_name
# Check that we can view our outbox when logged in
get :outbox, :display_name => users(:normal_user).display_name
# Check that we can view our outbox when logged in
get :outbox, :display_name => users(:normal_user).display_name
# Login as a user with no messages
session[:user] = users(:second_public_user).id
# Login as a user with no messages
session[:user] = users(:second_public_user).id
- cookies["_osm_username"] = users(:second_public_user).display_name
# Check that marking a message we didn't send or receive fails
post :mark, :message_id => messages(:read_message).id
# Check that marking a message we didn't send or receive fails
post :mark, :message_id => messages(:read_message).id
# Login as the message recipient
session[:user] = users(:public_user).id
# Login as the message recipient
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
# Check that the marking a message read works
post :mark, :message_id => messages(:unread_message).id, :mark => "read"
# Check that the marking a message read works
post :mark, :message_id => messages(:unread_message).id, :mark => "read"
# Login as a user with no messages
session[:user] = users(:second_public_user).id
# Login as a user with no messages
session[:user] = users(:second_public_user).id
- cookies["_osm_username"] = users(:second_public_user).display_name
# Check that deleting a message we didn't send or receive fails
post :delete, :message_id => messages(:read_message).id
# Check that deleting a message we didn't send or receive fails
post :delete, :message_id => messages(:read_message).id
# Login as the message recipient
session[:user] = users(:normal_user).id
# Login as the message recipient
session[:user] = users(:normal_user).id
- cookies["_osm_username"] = users(:normal_user).display_name
# Check that the deleting a received message works
post :delete, :message_id => messages(:read_message).id
# Check that the deleting a received message works
post :delete, :message_id => messages(:read_message).id
def test_moderators_can_create
session[:user] = users(:moderator_user).id
def test_moderators_can_create
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
post :create, :redaction => { :title => "Foo", :description => "Description here." }
assert_response :redirect
post :create, :redaction => { :title => "Foo", :description => "Description here." }
assert_response :redirect
def test_non_moderators_cant_create
session[:user] = users(:public_user).id
def test_non_moderators_cant_create
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
post :create, :redaction => { :title => "Foo", :description => "Description here." }
assert_response :forbidden
post :create, :redaction => { :title => "Foo", :description => "Description here." }
assert_response :forbidden
def test_moderators_can_delete_empty
session[:user] = users(:moderator_user).id
def test_moderators_can_delete_empty
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
# remove all elements from the redaction
redaction = redactions(:example)
# remove all elements from the redaction
redaction = redactions(:example)
def test_moderators_cant_delete_nonempty
session[:user] = users(:moderator_user).id
def test_moderators_cant_delete_nonempty
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
# leave elements in the redaction
redaction = redactions(:example)
# leave elements in the redaction
redaction = redactions(:example)
def test_non_moderators_cant_delete
session[:user] = users(:public_user).id
def test_non_moderators_cant_delete
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
delete :destroy, :id => redactions(:example).id
assert_response :forbidden
delete :destroy, :id => redactions(:example).id
assert_response :forbidden
def test_moderators_can_edit
session[:user] = users(:moderator_user).id
def test_moderators_can_edit
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
get :edit, :id => redactions(:example).id
assert_response :success
get :edit, :id => redactions(:example).id
assert_response :success
def test_non_moderators_cant_edit
session[:user] = users(:public_user).id
def test_non_moderators_cant_edit
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
get :edit, :id => redactions(:example).id
assert_response :redirect
get :edit, :id => redactions(:example).id
assert_response :redirect
def test_moderators_can_update
session[:user] = users(:moderator_user).id
def test_moderators_can_update
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
redaction = redactions(:example)
redaction = redactions(:example)
def test_non_moderators_cant_update
session[:user] = users(:public_user).id
def test_non_moderators_cant_update
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
redaction = redactions(:example)
redaction = redactions(:example)
# test the right editor gets used when the user hasn't set a preference
def test_edit_without_preference
# test the right editor gets used when the user hasn't set a preference
def test_edit_without_preference
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
get(:edit, nil, { 'user' => users(:public_user).id })
assert_response :success
assert_template :partial => "_#{DEFAULT_EDITOR}", :count => 1
get(:edit, nil, { 'user' => users(:public_user).id })
assert_response :success
assert_template :partial => "_#{DEFAULT_EDITOR}", :count => 1
# and when they have...
def test_edit_with_preference
# and when they have...
def test_edit_with_preference
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
user = users(:public_user)
user.preferred_editor = "potlatch"
user.save!
user = users(:public_user)
user.preferred_editor = "potlatch"
user.save!
end
def test_edit_with_node
end
def test_edit_with_node
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
user = users(:public_user)
node = current_nodes(:visible_node)
user = users(:public_user)
node = current_nodes(:visible_node)
end
def test_edit_with_way
end
def test_edit_with_way
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
user = users(:public_user)
way = current_ways(:visible_way)
user = users(:public_user)
way = current_ways(:visible_way)
end
def test_edit_with_gpx
end
def test_edit_with_gpx
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
user = users(:public_user)
gpx = gpx_files(:public_trace_file)
user = users(:public_user)
gpx = gpx_files(:public_trace_file)
# Check that I can get mine
def test_list_mine
# Check that I can get mine
def test_list_mine
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# First try to get it when not logged in
get :mine
assert_redirected_to :controller => 'user', :action => 'login', :referer => '/traces/mine'
# First try to get it when not logged in
get :mine
assert_redirected_to :controller => 'user', :action => 'login', :referer => '/traces/mine'
get :list, :display_name => users(:public_user).display_name
check_trace_list users(:public_user).traces.public
get :list, :display_name => users(:public_user).display_name
check_trace_list users(:public_user).traces.public
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Should still see only public ones when authenticated as another user
get :list, {:display_name => users(:public_user).display_name}, {:user => users(:normal_user).id}
check_trace_list users(:public_user).traces.public
# Should still see only public ones when authenticated as another user
get :list, {:display_name => users(:public_user).display_name}, {:user => users(:normal_user).id}
check_trace_list users(:public_user).traces.public
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# Should see all traces when authenticated as the target user
get :list, {:display_name => users(:public_user).display_name}, {:user => users(:public_user).id}
check_trace_list users(:public_user).traces
# Should see all traces when authenticated as the target user
get :list, {:display_name => users(:public_user).display_name}, {:user => users(:public_user).id}
check_trace_list users(:public_user).traces
get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}
check_trace_view gpx_files(:public_trace_file)
get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}
check_trace_view gpx_files(:public_trace_file)
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# Now with some other user, which should work since the trace is public
get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
check_trace_view gpx_files(:public_trace_file)
# Now with some other user, which should work since the trace is public
get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
check_trace_view gpx_files(:public_trace_file)
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# And finally we should be able to do it with the owner of the trace
get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
check_trace_view gpx_files(:public_trace_file)
# And finally we should be able to do it with the owner of the trace
get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
check_trace_view gpx_files(:public_trace_file)
assert_response :redirect
assert_redirected_to :action => :list
assert_response :redirect
assert_redirected_to :action => :list
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Now with some other user, which should work since the trace is anon
get :view, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :list
# Now with some other user, which should work since the trace is anon
get :view, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :list
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# And finally we should be able to do it with the owner of the trace
get :view, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:public_user).id}
check_trace_view gpx_files(:anon_trace_file)
# And finally we should be able to do it with the owner of the trace
get :view, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:public_user).id}
check_trace_view gpx_files(:anon_trace_file)
assert_response :redirect
assert_redirected_to :action => :list
assert_response :redirect
assert_redirected_to :action => :list
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# Now with some other user, which should work since the trace is public
get :view, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id}
assert_response :redirect
# Now with some other user, which should work since the trace is public
get :view, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id}
assert_response :redirect
get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}
check_trace_data gpx_files(:public_trace_file)
get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}
check_trace_data gpx_files(:public_trace_file)
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# Now with some other user, which should work since the trace is public
get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
check_trace_data gpx_files(:public_trace_file)
# Now with some other user, which should work since the trace is public
get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
check_trace_data gpx_files(:public_trace_file)
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# And finally we should be able to do it with the owner of the trace
get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
check_trace_data gpx_files(:public_trace_file)
# And finally we should be able to do it with the owner of the trace
get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
check_trace_data gpx_files(:public_trace_file)
get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}
assert_response :not_found
get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}
assert_response :not_found
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Now with some other user, which should work since the trace is anon
get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:normal_user).id}
assert_response :not_found
# Now with some other user, which should work since the trace is anon
get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:normal_user).id}
assert_response :not_found
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# And finally we should be able to do it with the owner of the trace
get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:public_user).id}
check_trace_data gpx_files(:anon_trace_file)
# And finally we should be able to do it with the owner of the trace
get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:public_user).id}
check_trace_data gpx_files(:anon_trace_file)
get :data, {:display_name => users(:public_user).display_name, :id => 0}
assert_response :not_found
get :data, {:display_name => users(:public_user).display_name, :id => 0}
assert_response :not_found
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# Now with some other user, which should work since the trace is public
get :data, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id}
assert_response :not_found
# Now with some other user, which should work since the trace is public
get :data, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id}
assert_response :not_found
assert_response :redirect
assert_redirected_to :controller => :user, :action => :login, :referer => trace_edit_path(:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id)
assert_response :redirect
assert_redirected_to :controller => :user, :action => :login, :referer => trace_edit_path(:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id)
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# Now with some other user, which should fail
get :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
assert_response :forbidden
# Now with some other user, which should fail
get :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
assert_response :forbidden
get :edit, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id}, {:user => users(:public_user).id}
assert_response :not_found
get :edit, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id}, {:user => users(:public_user).id}
assert_response :not_found
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Finally with a trace that we are allowed to edit
get :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
assert_response :success
# Finally with a trace that we are allowed to edit
get :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
assert_response :success
post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}
assert_response :forbidden
post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}
assert_response :forbidden
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# Now with some other user, which should fail
post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}, {:user => users(:public_user).id}
assert_response :forbidden
# Now with some other user, which should fail
post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}, {:user => users(:public_user).id}
assert_response :forbidden
post :edit, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id, :trace => new_details}, {:user => users(:public_user).id}
assert_response :not_found
post :edit, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id, :trace => new_details}, {:user => users(:public_user).id}
assert_response :not_found
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Finally with a trace that we are allowed to edit
post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}, {:user => users(:normal_user).id}
assert_response :redirect
# Finally with a trace that we are allowed to edit
post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}, {:user => users(:normal_user).id}
assert_response :redirect
post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id,}
assert_response :forbidden
post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id,}
assert_response :forbidden
- @request.cookies["_osm_username"] = users(:public_user).display_name
-
# Now with some other user, which should fail
post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
assert_response :forbidden
# Now with some other user, which should fail
post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
assert_response :forbidden
post :delete, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id}, {:user => users(:public_user).id}
assert_response :not_found
post :delete, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id}, {:user => users(:public_user).id}
assert_response :not_found
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Finally with a trace that we are allowed to delete
post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
assert_response :redirect
# Finally with a trace that we are allowed to delete
post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
assert_response :redirect
# Login as the blocked user
session[:user] = users(:blocked_user).id
# Login as the blocked user
session[:user] = users(:blocked_user).id
- cookies["_osm_username"] = users(:blocked_user).display_name
# Now viewing it should mark it as seen
get :show, :id => user_blocks(:active_block)
# Now viewing it should mark it as seen
get :show, :id => user_blocks(:active_block)
# Login as a normal user
session[:user] = users(:public_user).id
# Login as a normal user
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
# Check that normal users can't load the block creation page
get :new, :display_name => users(:normal_user).display_name
# Check that normal users can't load the block creation page
get :new, :display_name => users(:normal_user).display_name
# Login as a moderator
session[:user] = users(:moderator_user).id
# Login as a moderator
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
# Check that the block creation page loads for moderators
get :new, :display_name => users(:normal_user).display_name
# Check that the block creation page loads for moderators
get :new, :display_name => users(:normal_user).display_name
# Login as a normal user
session[:user] = users(:public_user).id
# Login as a normal user
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
# Check that normal users can't load the block edit page
get :edit, :id => user_blocks(:active_block).id
# Check that normal users can't load the block edit page
get :edit, :id => user_blocks(:active_block).id
# Login as a moderator
session[:user] = users(:moderator_user).id
# Login as a moderator
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
# Check that the block edit page loads for moderators
get :edit, :id => user_blocks(:active_block).id
# Check that the block edit page loads for moderators
get :edit, :id => user_blocks(:active_block).id
# Login as a normal user
session[:user] = users(:public_user).id
# Login as a normal user
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
# Check that normal users can't create blocks
post :create
# Check that normal users can't create blocks
post :create
# Login as a moderator
session[:user] = users(:moderator_user).id
# Login as a moderator
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
# A bogus block period should result in an error
assert_no_difference "UserBlock.count" do
# A bogus block period should result in an error
assert_no_difference "UserBlock.count" do
# Login as a normal user
session[:user] = users(:public_user).id
# Login as a normal user
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
# Check that normal users can't update blocks
put :update, :id => user_blocks(:active_block).id
# Check that normal users can't update blocks
put :update, :id => user_blocks(:active_block).id
# Login as the wrong moderator
session[:user] = users(:second_moderator_user).id
# Login as the wrong moderator
session[:user] = users(:second_moderator_user).id
- cookies["_osm_username"] = users(:second_moderator_user).display_name
# Check that only the person who created a block can update it
assert_no_difference "UserBlock.count" do
# Check that only the person who created a block can update it
assert_no_difference "UserBlock.count" do
# Login as the correct moderator
session[:user] = users(:moderator_user).id
# Login as the correct moderator
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
# A bogus block period should result in an error
assert_no_difference "UserBlock.count" do
# A bogus block period should result in an error
assert_no_difference "UserBlock.count" do
# Login as a normal user
session[:user] = users(:public_user).id
# Login as a normal user
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
# Check that normal users can't load the block revoke page
get :revoke, :id => user_blocks(:active_block).id
# Check that normal users can't load the block revoke page
get :revoke, :id => user_blocks(:active_block).id
# Login as a moderator
session[:user] = users(:moderator_user).id
# Login as a moderator
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
# Check that the block revoke page loads for moderators
get :revoke, :id => user_blocks(:active_block).id
# Check that the block revoke page loads for moderators
get :revoke, :id => user_blocks(:active_block).id
def test_user_terms_seen
user = users(:normal_user)
def test_user_terms_seen
user = users(:normal_user)
- # Set the username cookie
- @request.cookies["_osm_username"] = user.display_name
-
get :terms, {}, { "user" => user }
assert_response :redirect
assert_redirected_to :action => :account, :display_name => user.display_name
end
def test_user_go_public
get :terms, {}, { "user" => user }
assert_response :redirect
assert_redirected_to :action => :account, :display_name => user.display_name
end
def test_user_go_public
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
post :go_public, {}, { :user => users(:normal_user) }
assert_response :redirect
assert_redirected_to :action => :account, :display_name => users(:normal_user).display_name
post :go_public, {}, { :user => users(:normal_user) }
assert_response :redirect
assert_redirected_to :action => :account, :display_name => users(:normal_user).display_name
# validation errors being reported
user = users(:normal_user)
# validation errors being reported
user = users(:normal_user)
- # Set the username cookie
- @request.cookies["_osm_username"] = user.display_name
-
# Make sure that you are redirected to the login page when
# you are not logged in
get :account, { :display_name => user.display_name }
assert_response :redirect
assert_redirected_to :controller => :user, :action => "login", :referer => "/user/test/account"
# Make sure that you are redirected to the login page when
# you are not logged in
get :account, { :display_name => user.display_name }
assert_response :redirect
assert_redirected_to :controller => :user, :action => "login", :referer => "/user/test/account"
- # Make sure that you are redirected to the login page when
- # you are not logged in as the right user
+ # Make sure that you are blocked when not logged in as the right user
get :account, { :display_name => user.display_name }, { "user" => users(:public_user).id }
get :account, { :display_name => user.display_name }, { "user" => users(:public_user).id }
- assert_response :redirect
- assert_redirected_to :controller => :user, :action => "login", :referer => "/user/test/account"
+ assert_response :forbidden
# Make sure we get the page when we are logged in as the right user
get :account, { :display_name => user.display_name }, { "user" => user }
# Make sure we get the page when we are logged in as the right user
get :account, { :display_name => user.display_name }, { "user" => user }
assert_select "form#accountForm > fieldset > div.form-row > div#user_description_container > div#user_description_content > textarea#user_description", user.description
# Changing name to one that exists should fail
assert_select "form#accountForm > fieldset > div.form-row > div#user_description_container > div#user_description_content > textarea#user_description", user.description
# Changing name to one that exists should fail
- user.display_name = users(:public_user).display_name
- post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
+ new_attributes = user.attributes.dup.merge(:display_name => users(:public_user).display_name)
+ post :account, { :display_name => user.display_name, :user => new_attributes }, { "user" => user.id }
assert_response :success
assert_template :account
assert_select "div#notice", false
assert_response :success
assert_template :account
assert_select "div#notice", false
assert_select "form#accountForm > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
# Changing name to one that exists should fail, regardless of case
assert_select "form#accountForm > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
# Changing name to one that exists should fail, regardless of case
- user.display_name = users(:public_user).display_name.upcase
- post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
+ new_attributes = user.attributes.dup.merge(:display_name => users(:public_user).display_name.upcase)
+ post :account, { :display_name => user.display_name, :user => new_attributes }, { "user" => user.id }
assert_response :success
assert_template :account
assert_select "div#notice", false
assert_response :success
assert_template :account
assert_select "div#notice", false
assert_select "form#accountForm > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
# Changing name to one that doesn't exist should work
assert_select "form#accountForm > fieldset > div.form-row > div.field_with_errors > input#user_display_name"
# Changing name to one that doesn't exist should work
- user.display_name = "new tester"
- post :account, { :display_name => user.display_name, :user => user.attributes }, { "user" => user.id }
+ new_attributes = user.attributes.dup.merge(:display_name => "new tester")
+ post :account, { :display_name => user.display_name, :user => new_attributes }, { "user" => user.id }
assert_response :success
assert_template :account
assert_select "div#errorExplanation", false
assert_select "div#notice", /^User information updated successfully/
assert_response :success
assert_template :account
assert_select "div#errorExplanation", false
assert_select "div#notice", /^User information updated successfully/
- assert_select "form#accountForm > fieldset > div.form-row > input#user_display_name[value=?]", user.display_name
+ assert_select "form#accountForm > fieldset > div.form-row > input#user_display_name[value=?]", "new tester"
- # Need to update cookies now to stay valid
- @request.cookies["_osm_username"] = user.display_name
+ # Record the change of name
+ user.display_name = "new tester"
# Changing email to one that exists should fail
user.new_email = users(:public_user).email
# Changing email to one that exists should fail
user.new_email = users(:public_user).email
# Login as a normal user
session[:user] = users(:normal_user).id
# Login as a normal user
session[:user] = users(:normal_user).id
- cookies["_osm_username"] = users(:normal_user).display_name
# Test the normal user
get :view, {:display_name => "test"}
# Test the normal user
get :view, {:display_name => "test"}
# Login as a moderator
session[:user] = users(:moderator_user).id
# Login as a moderator
session[:user] = users(:moderator_user).id
- cookies["_osm_username"] = users(:moderator_user).display_name
# Test the normal user
get :view, {:display_name => "test"}
# Test the normal user
get :view, {:display_name => "test"}
# Check that the users aren't already friends
assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
# Check that the users aren't already friends
assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
- # Set the username cookie
- @request.cookies["_osm_username"] = user.display_name
-
# When not logged in a GET should ask us to login
get :make_friend, {:display_name => friend.display_name}
assert_redirected_to :controller => :user, :action => "login", :referer => make_friend_path(:display_name => friend.display_name)
# When not logged in a GET should ask us to login
get :make_friend, {:display_name => friend.display_name}
assert_redirected_to :controller => :user, :action => "login", :referer => make_friend_path(:display_name => friend.display_name)
# Check that the users are friends
assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
# Check that the users are friends
assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
- # Set the username cookie
- @request.cookies["_osm_username"] = user.display_name
-
# When not logged in a GET should ask us to login
get :remove_friend, {:display_name => friend.display_name}
assert_redirected_to :controller => :user, :action => "login", :referer => remove_friend_path(:display_name => friend.display_name)
# When not logged in a GET should ask us to login
get :remove_friend, {:display_name => friend.display_name}
assert_redirected_to :controller => :user, :action => "login", :referer => remove_friend_path(:display_name => friend.display_name)
assert_response :redirect
assert_redirected_to :action => :login, :referer => set_status_user_path(:status => "suspended")
assert_response :redirect
assert_redirected_to :action => :login, :referer => set_status_user_path(:status => "suspended")
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Now try as a normal user
get :set_status, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
# Now try as a normal user
get :set_status, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
- @request.cookies["_osm_username"] = users(:administrator_user).display_name
-
# Finally try as an administrator
get :set_status, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:administrator_user).id}
assert_response :redirect
# Finally try as an administrator
get :set_status, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:administrator_user).id}
assert_response :redirect
assert_response :redirect
assert_redirected_to :action => :login, :referer => delete_user_path(:status => "suspended")
assert_response :redirect
assert_redirected_to :action => :login, :referer => delete_user_path(:status => "suspended")
- @request.cookies["_osm_username"] = users(:normal_user).display_name
-
# Now try as a normal user
get :delete, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
# Now try as a normal user
get :delete, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:normal_user).id}
assert_response :redirect
assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
- @request.cookies["_osm_username"] = users(:administrator_user).display_name
-
# Finally try as an administrator
get :delete, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:administrator_user).id}
assert_response :redirect
# Finally try as an administrator
get :delete, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:administrator_user).id}
assert_response :redirect
# Login as an unprivileged user
session[:user] = users(:public_user).id
# Login as an unprivileged user
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
# Granting should still fail
post :grant, :display_name => users(:normal_user).display_name, :role => "moderator"
# Granting should still fail
post :grant, :display_name => users(:normal_user).display_name, :role => "moderator"
# Login as an administrator
session[:user] = users(:administrator_user).id
# Login as an administrator
session[:user] = users(:administrator_user).id
- cookies["_osm_username"] = users(:administrator_user).display_name
UserRole::ALL_ROLES.each do |role|
UserRole::ALL_ROLES.each do |role|
# Login as an unprivileged user
session[:user] = users(:public_user).id
# Login as an unprivileged user
session[:user] = users(:public_user).id
- cookies["_osm_username"] = users(:public_user).display_name
# Revoking should still fail
post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator"
# Revoking should still fail
post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator"
# Login as an administrator
session[:user] = users(:administrator_user).id
# Login as an administrator
session[:user] = users(:administrator_user).id
- cookies["_osm_username"] = users(:administrator_user).display_name
UserRole::ALL_ROLES.each do |role|
UserRole::ALL_ROLES.each do |role|
projects / rails.git / commitdiff