From: Tom Hughes Date: Fri, 1 Mar 2024 19:23:51 +0000 (+0000) Subject: Merge remote-tracking branch 'upstream/pull/4324' X-Git-Tag: live~747 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/664d02982cbaa8b1223ef03047b6134ff1ffbdac Merge remote-tracking branch 'upstream/pull/4324' --- 664d02982cbaa8b1223ef03047b6134ff1ffbdac diff --cc app/controllers/browse_controller.rb index 82cbe6f98,e842d4872..db291f6eb --- a/app/controllers/browse_controller.rb +++ b/app/controllers/browse_controller.rb @@@ -57,5 -58,30 +58,11 @@@ class BrowseController < ApplicationCon render :action => "not_found", :status => :not_found end - def changeset - @type = "changeset" - @changeset = Changeset.find(params[:id]) - @comments = if current_user&.moderator? - @changeset.comments.unscope(:where => :visible).includes(:author) - else - @changeset.comments.includes(:author) - end - @node_pages, @nodes = paginate(:old_nodes, :conditions => { :changeset_id => @changeset.id }, :per_page => 20, :parameter => "node_page") - @way_pages, @ways = paginate(:old_ways, :conditions => { :changeset_id => @changeset.id }, :per_page => 20, :parameter => "way_page") - @relation_pages, @relations = paginate(:old_relations, :conditions => { :changeset_id => @changeset.id }, :per_page => 20, :parameter => "relation_page") - if @changeset.user.active? && @changeset.user.data_public? - @next_by_user = @changeset.user.changesets.where("id > ?", @changeset.id).reorder(:id => :asc).first - @prev_by_user = @changeset.user.changesets.where("id < ?", @changeset.id).reorder(:id => :desc).first - end - rescue ActiveRecord::RecordNotFound - render :action => "not_found", :status => :not_found - end - def query; end + + private + + def require_moderator_for_unredacted_history + deny_access(nil) if params[:show_redactions] && !current_user&.moderator? + end end diff --cc test/controllers/browse_controller_test.rb index e74345f6a,312caca51..fcdd7c752 --- a/test/controllers/browse_controller_test.rb +++ b/test/controllers/browse_controller_test.rb @@@ -207,4 -283,123 +256,85 @@@ class BrowseControllerTest < ActionDisp assert_response :success assert_template "browse/query" end + + def test_anonymous_user_feature_page_secondary_actions + node = create(:node, :with_history) + get node_path(:id => node) + assert_response :success + assert_select ".secondary-actions a", :text => "View Details", :count => 0 + assert_select ".secondary-actions a", :text => "View History", :count => 1 + assert_select ".secondary-actions a", :text => "View Unredacted History", :count => 0 + end + + def test_regular_user_feature_page_secondary_actions + session_for(create(:user)) + node = create(:node, :with_history) + get node_path(:id => node) + assert_response :success + assert_select ".secondary-actions a", :text => "View Details", :count => 0 + assert_select ".secondary-actions a", :text => "View History", :count => 1 + assert_select ".secondary-actions a", :text => "View Unredacted History", :count => 0 + end + + def test_moderator_user_feature_page_secondary_actions + session_for(create(:moderator_user)) + node = create(:node, :with_history) + get node_path(:id => node) + assert_response :success + assert_select ".secondary-actions a", :text => "View Details", :count => 0 + assert_select ".secondary-actions a", :text => "View History", :count => 1 + assert_select ".secondary-actions a", :text => "View Unredacted History", :count => 1 + end + + def test_anonymous_user_history_page_secondary_actions + node = create(:node, :with_history) + get node_history_path(:id => node) + assert_response :success + assert_select ".secondary-actions a", :text => "View Details", :count => 1 + assert_select ".secondary-actions a", :text => "View History", :count => 0 + assert_select ".secondary-actions a", :text => "View Unredacted History", :count => 0 + end + + def test_regular_user_history_page_secondary_actions + session_for(create(:user)) + node = create(:node, :with_history) + get node_history_path(:id => node) + assert_response :success + assert_select ".secondary-actions a", :text => "View Details", :count => 1 + assert_select ".secondary-actions a", :text => "View History", :count => 0 + assert_select ".secondary-actions a", :text => "View Unredacted History", :count => 0 + end + + def test_moderator_user_history_page_secondary_actions + session_for(create(:moderator_user)) + node = create(:node, :with_history) + get node_history_path(:id => node) + assert_response :success + assert_select ".secondary-actions a", :text => "View Details", :count => 1 + assert_select ".secondary-actions a", :text => "View History", :count => 0 + assert_select ".secondary-actions a", :text => "View Unredacted History", :count => 1 + end + + def test_anonymous_user_unredacted_history_page_secondary_actions + node = create(:node, :with_history) + get node_history_path(:id => node, :params => { :show_redactions => true }) + assert_response :redirect + end + + def test_regular_user_unredacted_history_page_secondary_actions + session_for(create(:user)) + node = create(:node, :with_history) + get node_history_path(:id => node, :params => { :show_redactions => true }) + assert_response :redirect + end + + def test_moderator_user_unredacted_history_page_secondary_actions + session_for(create(:moderator_user)) + node = create(:node, :with_history) + get node_history_path(:id => node, :params => { :show_redactions => true }) + assert_response :success + assert_select ".secondary-actions a", :text => "View Details", :count => 1 + assert_select ".secondary-actions a", :text => "View History", :count => 1 + assert_select ".secondary-actions a", :text => "View Unredacted History", :count => 0 + end - - private - - # This is a convenience method for most of the above checks - # First we check that when we don't have an id, it will correctly return a 404 - # then we check that we get the correct 404 when a non-existant id is passed - # then we check that it will get a successful response, when we do pass an id - def browse_check(path, id, template) - path_method = method(path) - - assert_raise ActionController::UrlGenerationError do - get path_method.call - end - - assert_raise ActionController::UrlGenerationError do - get path_method.call(:id => -10) # we won't have an id that's negative - end - - get path_method.call(:id => 0) - assert_response :not_found - assert_template "browse/not_found" - assert_template :layout => "map" - - get path_method.call(:id => 0), :xhr => true - assert_response :not_found - assert_template "browse/not_found" - assert_template :layout => "xhr" - - get path_method.call(:id => id) - assert_response :success - assert_template template - assert_template :layout => "map" - - get path_method.call(:id => id), :xhr => true - assert_response :success - assert_template template - assert_template :layout => "xhr" - end end