From: Anton Khorev Date: Sun, 23 Feb 2025 01:59:26 +0000 (+0300) Subject: Create api changeset comment visibility resource X-Git-Tag: live~190^2~4 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/84a0c76ab2a09a05e10b9057c9087a342db5f7e2?ds=inline Create api changeset comment visibility resource --- diff --git a/app/abilities/api_ability.rb b/app/abilities/api_ability.rb index 9a7bf254a..ef852b69f 100644 --- a/app/abilities/api_ability.rb +++ b/app/abilities/api_ability.rb @@ -40,7 +40,7 @@ class ApiAbility end if user.moderator? - can [:destroy, :restore], ChangesetComment if scopes.include?("write_changeset_comments") + can [:create, :destroy], :changeset_comment_visibility if scopes.include?("write_changeset_comments") can :destroy, Note if scopes.include?("write_notes") diff --git a/app/controllers/api/changeset_comments/visibilities_controller.rb b/app/controllers/api/changeset_comments/visibilities_controller.rb new file mode 100644 index 000000000..397872c11 --- /dev/null +++ b/app/controllers/api/changeset_comments/visibilities_controller.rb @@ -0,0 +1,60 @@ +module Api + module ChangesetComments + class VisibilitiesController < ApiController + before_action :check_api_writable + before_action :authorize + + authorize_resource :class => :changeset_comment_visibility + + before_action :set_request_formats + + ## + # Sets visible flag on comment to true + def create + # Check the arguments are sane + raise OSM::APIBadUserInput, "No id was given" unless params[:changeset_comment_id] + + # Extract the arguments + changeset_comment_id = params[:changeset_comment_id].to_i + + # Find the changeset + comment = ChangesetComment.find(changeset_comment_id) + + # Unhide the comment + comment.update(:visible => true) + + # Return a copy of the updated changeset + @changeset = comment.changeset + + respond_to do |format| + format.xml + format.json + end + end + + ## + # Sets visible flag on comment to false + def destroy + # Check the arguments are sane + raise OSM::APIBadUserInput, "No id was given" unless params[:changeset_comment_id] + + # Extract the arguments + changeset_comment_id = params[:changeset_comment_id].to_i + + # Find the changeset + comment = ChangesetComment.find(changeset_comment_id) + + # Hide the comment + comment.update(:visible => false) + + # Return a copy of the updated changeset + @changeset = comment.changeset + + respond_to do |format| + format.xml + format.json + end + end + end + end +end diff --git a/app/controllers/api/changeset_comments_controller.rb b/app/controllers/api/changeset_comments_controller.rb index 86abff265..2f4a361ba 100644 --- a/app/controllers/api/changeset_comments_controller.rb +++ b/app/controllers/api/changeset_comments_controller.rb @@ -59,56 +59,6 @@ module Api end end - ## - # Sets visible flag on comment to false - def destroy - # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] - - # Extract the arguments - id = params[:id].to_i - - # Find the changeset - comment = ChangesetComment.find(id) - - # Hide the comment - comment.update(:visible => false) - - # Return a copy of the updated changeset - @changeset = comment.changeset - render "api/changesets/show" - - respond_to do |format| - format.xml - format.json - end - end - - ## - # Sets visible flag on comment to true - def restore - # Check the arguments are sane - raise OSM::APIBadUserInput, "No id was given" unless params[:id] - - # Extract the arguments - id = params[:id].to_i - - # Find the changeset - comment = ChangesetComment.find(id) - - # Unhide the comment - comment.update(:visible => true) - - # Return a copy of the updated changeset - @changeset = comment.changeset - render "api/changesets/show" - - respond_to do |format| - format.xml - format.json - end - end - private ## diff --git a/app/controllers/api/changesets_controller.rb b/app/controllers/api/changesets_controller.rb index 517cff473..7f0ee1276 100644 --- a/app/controllers/api/changesets_controller.rb +++ b/app/controllers/api/changesets_controller.rb @@ -63,7 +63,7 @@ module Api @changeset = Changeset.find(params[:id]) if params[:include_discussion].presence @comments = @changeset.comments - @comments = @comments.unscope(:where => :visible) if params[:show_hidden_comments].presence && can?(:restore, ChangesetComment) + @comments = @comments.unscope(:where => :visible) if params[:show_hidden_comments].presence && can?(:create, :changeset_comment_visibility) @comments = @comments.includes(:author) end diff --git a/app/views/api/changeset_comments/visibilities/create.json.jbuilder b/app/views/api/changeset_comments/visibilities/create.json.jbuilder new file mode 100644 index 000000000..c245cd15c --- /dev/null +++ b/app/views/api/changeset_comments/visibilities/create.json.jbuilder @@ -0,0 +1,5 @@ +json.partial! "api/root_attributes" + +json.changeset do + json.partial! "api/changesets/changeset", :changeset => @changeset +end diff --git a/app/views/api/changeset_comments/visibilities/create.xml.builder b/app/views/api/changeset_comments/visibilities/create.xml.builder new file mode 100644 index 000000000..84892f767 --- /dev/null +++ b/app/views/api/changeset_comments/visibilities/create.xml.builder @@ -0,0 +1,5 @@ +xml.instruct! :xml, :version => "1.0" + +xml.osm(OSM::API.new.xml_root_attributes) do |osm| + osm << render(:partial => "api/changesets/changeset", :object => @changeset) +end diff --git a/app/views/api/changeset_comments/visibilities/destroy.json.jbuilder b/app/views/api/changeset_comments/visibilities/destroy.json.jbuilder new file mode 100644 index 000000000..c245cd15c --- /dev/null +++ b/app/views/api/changeset_comments/visibilities/destroy.json.jbuilder @@ -0,0 +1,5 @@ +json.partial! "api/root_attributes" + +json.changeset do + json.partial! "api/changesets/changeset", :changeset => @changeset +end diff --git a/app/views/api/changeset_comments/visibilities/destroy.xml.builder b/app/views/api/changeset_comments/visibilities/destroy.xml.builder new file mode 100644 index 000000000..84892f767 --- /dev/null +++ b/app/views/api/changeset_comments/visibilities/destroy.xml.builder @@ -0,0 +1,5 @@ +xml.instruct! :xml, :version => "1.0" + +xml.osm(OSM::API.new.xml_root_attributes) do |osm| + osm << render(:partial => "api/changesets/changeset", :object => @changeset) +end diff --git a/app/views/changesets/show.html.erb b/app/views/changesets/show.html.erb index 3f0d08476..70b1877b5 100644 --- a/app/views/changesets/show.html.erb +++ b/app/views/changesets/show.html.erb @@ -49,8 +49,8 @@ — <%= tag.button t(".#{comment.visible ? 'hide' : 'unhide'}_comment"), :class => "btn btn-sm small btn-link link-secondary p-0 align-baseline", - :data => { :method => "POST", - :url => comment.visible ? changeset_comment_hide_url(comment) : changeset_comment_unhide_url(comment) } %> + :data => { :method => comment.visible ? "DELETE" : "POST", + :url => api_changeset_comment_visibility_path(comment) } %> <% end %>
diff --git a/config/routes.rb b/config/routes.rb index 7d200da86..3f4a12bd7 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -21,8 +21,6 @@ OpenStreetMap::Application.routes.draw do post "changeset/:id/subscribe" => "changesets#subscribe", :as => :api_changeset_subscribe, :id => /\d+/ post "changeset/:id/unsubscribe" => "changesets#unsubscribe", :as => :api_changeset_unsubscribe, :id => /\d+/ put "changeset/:id/close" => "changesets#close", :as => :changeset_close, :id => /\d+/ - post "changeset/comment/:id/hide" => "changeset_comments#destroy", :as => :changeset_comment_hide, :id => /\d+/ - post "changeset/comment/:id/unhide" => "changeset_comments#restore", :as => :changeset_comment_unhide, :id => /\d+/ end namespace :api, :path => "api/0.6" do @@ -33,7 +31,11 @@ OpenStreetMap::Application.routes.draw do end put "changeset/create" => "changesets#create", :as => nil - resources :changeset_comments, :only => :index + resources :changeset_comments, :id => /\d+/, :only => :index do + resource :visibility, :module => :changeset_comments, :only => [:create, :destroy] + end + post "changeset/comment/:changeset_comment_id/unhide" => "changeset_comments/visibilities#create", :changeset_comment_id => /\d+/, :as => nil + post "changeset/comment/:changeset_comment_id/hide" => "changeset_comments/visibilities#destroy", :changeset_comment_id => /\d+/, :as => nil resources :nodes, :only => [:index, :create] resources :nodes, :path => "node", :id => /\d+/, :only => [:show, :update, :destroy] do diff --git a/test/abilities/api_capability_test.rb b/test/abilities/api_capability_test.rb index 58c8f7fe7..0945b6290 100644 --- a/test/abilities/api_capability_test.rb +++ b/test/abilities/api_capability_test.rb @@ -8,9 +8,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase scopes = Set.new ability = ApiAbility.new user, scopes - [:create, :destroy, :restore].each do |action| - assert ability.cannot? action, ChangesetComment - end + assert ability.cannot? :create, ChangesetComment + assert ability.cannot? :create, :changeset_comment_visibility + assert ability.cannot? :destroy, :changeset_comment_visibility end test "as a normal user with write_changeset_comments scope" do @@ -18,13 +18,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase scopes = Set.new %w[write_changeset_comments] ability = ApiAbility.new user, scopes - [:destroy, :restore].each do |action| - assert ability.cannot? action, ChangesetComment - end - - [:create].each do |action| - assert ability.can? action, ChangesetComment - end + assert ability.can? :create, ChangesetComment + assert ability.cannot? :create, :changeset_comment_visibility + assert ability.cannot? :destroy, :changeset_comment_visibility end test "as a moderator without scopes" do @@ -32,9 +28,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase scopes = Set.new ability = ApiAbility.new user, scopes - [:create, :destroy, :restore].each do |action| - assert ability.cannot? action, ChangesetComment - end + assert ability.cannot? :create, ChangesetComment + assert ability.cannot? :create, :changeset_comment_visibility + assert ability.cannot? :destroy, :changeset_comment_visibility end test "as a moderator with write_changeset_comments scope" do @@ -42,9 +38,9 @@ class ChangesetCommentApiCapabilityTest < ActiveSupport::TestCase scopes = Set.new %w[write_changeset_comments] ability = ApiAbility.new user, scopes - [:create, :destroy, :restore].each do |action| - assert ability.can? action, ChangesetComment - end + assert ability.can? :create, ChangesetComment + assert ability.can? :create, :changeset_comment_visibility + assert ability.can? :destroy, :changeset_comment_visibility end end diff --git a/test/controllers/api/changeset_comments/visibilities_controller_test.rb b/test/controllers/api/changeset_comments/visibilities_controller_test.rb new file mode 100644 index 000000000..97ac9f3da --- /dev/null +++ b/test/controllers/api/changeset_comments/visibilities_controller_test.rb @@ -0,0 +1,255 @@ +require "test_helper" + +module Api + module ChangesetComments + class VisibilitiesControllerTest < ActionDispatch::IntegrationTest + ## + # test all routes which lead to this controller + def test_routes + assert_routing( + { :path => "/api/0.6/changeset_comments/1/visibility", :method => :post }, + { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1" } + ) + assert_routing( + { :path => "/api/0.6/changeset_comments/1/visibility.json", :method => :post }, + { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1", :format => "json" } + ) + assert_routing( + { :path => "/api/0.6/changeset_comments/1/visibility", :method => :delete }, + { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1" } + ) + assert_routing( + { :path => "/api/0.6/changeset_comments/1/visibility.json", :method => :delete }, + { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1", :format => "json" } + ) + + assert_recognizes( + { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1" }, + { :path => "/api/0.6/changeset/comment/1/unhide", :method => :post } + ) + assert_recognizes( + { :controller => "api/changeset_comments/visibilities", :action => "create", :changeset_comment_id => "1", :format => "json" }, + { :path => "/api/0.6/changeset/comment/1/unhide.json", :method => :post } + ) + assert_recognizes( + { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1" }, + { :path => "/api/0.6/changeset/comment/1/hide", :method => :post } + ) + assert_recognizes( + { :controller => "api/changeset_comments/visibilities", :action => "destroy", :changeset_comment_id => "1", :format => "json" }, + { :path => "/api/0.6/changeset/comment/1/hide.json", :method => :post } + ) + end + + def test_create_by_unauthorized + comment = create(:changeset_comment, :visible => false) + + post api_changeset_comment_visibility_path(comment) + + assert_response :unauthorized + assert_not comment.reload.visible + end + + def test_create_by_normal_user + comment = create(:changeset_comment, :visible => false) + auth_header = bearer_authorization_header + + post api_changeset_comment_visibility_path(comment), :headers => auth_header + + assert_response :forbidden + assert_not comment.reload.visible + end + + def test_create_on_missing_comment + auth_header = bearer_authorization_header create(:moderator_user) + + post api_changeset_comment_visibility_path(999111), :headers => auth_header + + assert_response :not_found + end + + def test_create_without_required_scope + comment = create(:changeset_comment, :visible => false) + auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs] + + post api_changeset_comment_visibility_path(comment), :headers => auth_header + + assert_response :forbidden + assert_not comment.reload.visible + end + + def test_create_with_write_changeset_comments_scope + comment = create(:changeset_comment, :visible => false) + auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments] + + post api_changeset_comment_visibility_path(comment), :headers => auth_header + + assert_response :success + assert_equal "application/xml", response.media_type + assert_dom "osm", 1 do + assert_dom "> changeset", 1 do + assert_dom "> @id", comment.changeset_id.to_s + assert_dom "> @comments_count", "1" + end + end + + assert comment.reload.visible + end + + def test_create_with_write_changeset_comments_scope_json + comment = create(:changeset_comment, :visible => false) + auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments] + + post api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header + + assert_response :success + assert_equal "application/json", response.media_type + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js["changeset"] + assert_equal comment.changeset_id, js["changeset"]["id"] + assert_equal 1, js["changeset"]["comments_count"] + + assert comment.reload.visible + end + + def test_create_with_write_api_scope + comment = create(:changeset_comment, :visible => false) + auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api] + + post api_changeset_comment_visibility_path(comment), :headers => auth_header + + assert_response :success + assert_equal "application/xml", response.media_type + assert_dom "osm", 1 do + assert_dom "> changeset", 1 do + assert_dom "> @id", comment.changeset_id.to_s + assert_dom "> @comments_count", "1" + end + end + + assert comment.reload.visible + end + + def test_create_with_write_api_scope_json + comment = create(:changeset_comment, :visible => false) + auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api] + + post api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header + + assert_response :success + js = ActiveSupport::JSON.decode(@response.body) + assert_equal "application/json", response.media_type + assert_not_nil js["changeset"] + assert_equal comment.changeset_id, js["changeset"]["id"] + assert_equal 1, js["changeset"]["comments_count"] + + assert comment.reload.visible + end + + def test_destroy_by_unauthorized + comment = create(:changeset_comment) + + delete api_changeset_comment_visibility_path(comment) + + assert_response :unauthorized + assert comment.reload.visible + end + + def test_destroy_by_normal_user + comment = create(:changeset_comment) + auth_header = bearer_authorization_header + + delete api_changeset_comment_visibility_path(comment), :headers => auth_header + + assert_response :forbidden + assert comment.reload.visible + end + + def test_destroy_on_missing_comment + auth_header = bearer_authorization_header create(:moderator_user) + + delete api_changeset_comment_visibility_path(999111), :headers => auth_header + + assert_response :not_found + end + + def test_destroy_without_required_scope + comment = create(:changeset_comment) + auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs] + + delete api_changeset_comment_visibility_path(comment), :headers => auth_header + + assert_response :forbidden + assert comment.reload.visible + end + + def test_destroy_with_write_changeset_comments_scope + comment = create(:changeset_comment) + auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments] + + delete api_changeset_comment_visibility_path(comment), :headers => auth_header + + assert_response :success + assert_equal "application/xml", response.media_type + assert_dom "osm", 1 do + assert_dom "> changeset", 1 do + assert_dom "> @id", comment.changeset_id.to_s + assert_dom "> @comments_count", "0" + end + end + + assert_not comment.reload.visible + end + + def test_destroy_with_write_changeset_comments_scope_json + comment = create(:changeset_comment) + auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments] + + delete api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header + + assert_response :success + assert_equal "application/json", response.media_type + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js["changeset"] + assert_equal comment.changeset_id, js["changeset"]["id"] + assert_equal 0, js["changeset"]["comments_count"] + + assert_not comment.reload.visible + end + + def test_destroy_with_write_api_scope + comment = create(:changeset_comment) + auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api] + + delete api_changeset_comment_visibility_path(comment), :headers => auth_header + + assert_response :success + assert_equal "application/xml", response.media_type + assert_dom "osm", 1 do + assert_dom "> changeset", 1 do + assert_dom "> @id", comment.changeset_id.to_s + assert_dom "> @comments_count", "0" + end + end + + assert_not comment.reload.visible + end + + def test_destroy_with_write_api_scope_json + comment = create(:changeset_comment) + auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api] + + delete api_changeset_comment_visibility_path(comment, :format => "json"), :headers => auth_header + + assert_response :success + assert_equal "application/json", response.media_type + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js["changeset"] + assert_equal comment.changeset_id, js["changeset"]["id"] + assert_equal 0, js["changeset"]["comments_count"] + + assert_not comment.reload.visible + end + end + end +end diff --git a/test/controllers/api/changeset_comments_controller_test.rb b/test/controllers/api/changeset_comments_controller_test.rb index fcb53600e..b16ea4502 100644 --- a/test/controllers/api/changeset_comments_controller_test.rb +++ b/test/controllers/api/changeset_comments_controller_test.rb @@ -21,22 +21,6 @@ module Api { :path => "/api/0.6/changeset/1/comment.json", :method => :post }, { :controller => "api/changeset_comments", :action => "create", :changeset_id => "1", :format => "json" } ) - assert_routing( - { :path => "/api/0.6/changeset/comment/1/hide", :method => :post }, - { :controller => "api/changeset_comments", :action => "destroy", :id => "1" } - ) - assert_routing( - { :path => "/api/0.6/changeset/comment/1/hide.json", :method => :post }, - { :controller => "api/changeset_comments", :action => "destroy", :id => "1", :format => "json" } - ) - assert_routing( - { :path => "/api/0.6/changeset/comment/1/unhide", :method => :post }, - { :controller => "api/changeset_comments", :action => "restore", :id => "1" } - ) - assert_routing( - { :path => "/api/0.6/changeset/comment/1/unhide.json", :method => :post }, - { :controller => "api/changeset_comments", :action => "restore", :id => "1", :format => "json" } - ) end def test_index @@ -353,216 +337,6 @@ module Api end end - def test_hide_by_unauthorized - comment = create(:changeset_comment) - - post changeset_comment_hide_path(comment) - - assert_response :unauthorized - assert comment.reload.visible - end - - def test_hide_by_normal_user - comment = create(:changeset_comment) - auth_header = bearer_authorization_header - - post changeset_comment_hide_path(comment), :headers => auth_header - - assert_response :forbidden - assert comment.reload.visible - end - - def test_hide_missing_comment - auth_header = bearer_authorization_header create(:moderator_user) - - post changeset_comment_hide_path(999111), :headers => auth_header - - assert_response :not_found - end - - def test_hide_without_required_scope - comment = create(:changeset_comment) - auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs] - - post changeset_comment_hide_path(comment), :headers => auth_header - - assert_response :forbidden - assert comment.reload.visible - end - - def test_hide_with_write_changeset_comments_scope - comment = create(:changeset_comment) - auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments] - - post changeset_comment_hide_path(comment), :headers => auth_header - - assert_response :success - assert_equal "application/xml", response.media_type - assert_dom "osm", 1 do - assert_dom "> changeset", 1 do - assert_dom "> @id", comment.changeset_id.to_s - assert_dom "> @comments_count", "0" - end - end - - assert_not comment.reload.visible - end - - def test_hide_with_write_changeset_comments_scope_json - comment = create(:changeset_comment) - auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments] - - post changeset_comment_hide_path(comment, :format => "json"), :headers => auth_header - - assert_response :success - assert_equal "application/json", response.media_type - js = ActiveSupport::JSON.decode(@response.body) - assert_not_nil js["changeset"] - assert_equal comment.changeset_id, js["changeset"]["id"] - assert_equal 0, js["changeset"]["comments_count"] - - assert_not comment.reload.visible - end - - def test_hide_with_write_api_scope - comment = create(:changeset_comment) - auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api] - - post changeset_comment_hide_path(comment), :headers => auth_header - - assert_response :success - assert_equal "application/xml", response.media_type - assert_dom "osm", 1 do - assert_dom "> changeset", 1 do - assert_dom "> @id", comment.changeset_id.to_s - assert_dom "> @comments_count", "0" - end - end - - assert_not comment.reload.visible - end - - def test_hide_with_write_api_scope_json - comment = create(:changeset_comment) - auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api] - - post changeset_comment_hide_path(comment, :format => "json"), :headers => auth_header - - assert_response :success - assert_equal "application/json", response.media_type - js = ActiveSupport::JSON.decode(@response.body) - assert_not_nil js["changeset"] - assert_equal comment.changeset_id, js["changeset"]["id"] - assert_equal 0, js["changeset"]["comments_count"] - - assert_not comment.reload.visible - end - - def test_unhide_by_unauthorized - comment = create(:changeset_comment, :visible => false) - - post changeset_comment_unhide_path(comment) - - assert_response :unauthorized - assert_not comment.reload.visible - end - - def test_unhide_by_normal_user - comment = create(:changeset_comment, :visible => false) - auth_header = bearer_authorization_header - - post changeset_comment_unhide_path(comment), :headers => auth_header - - assert_response :forbidden - assert_not comment.reload.visible - end - - def test_unhide_missing_comment - auth_header = bearer_authorization_header create(:moderator_user) - - post changeset_comment_unhide_path(999111), :headers => auth_header - - assert_response :not_found - end - - def test_unhide_without_required_scope - comment = create(:changeset_comment, :visible => false) - auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[read_prefs] - - post changeset_comment_unhide_path(comment), :headers => auth_header - - assert_response :forbidden - assert_not comment.reload.visible - end - - def test_unhide_with_write_changeset_comments_scope - comment = create(:changeset_comment, :visible => false) - auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments] - - post changeset_comment_unhide_path(comment), :headers => auth_header - - assert_response :success - assert_equal "application/xml", response.media_type - assert_dom "osm", 1 do - assert_dom "> changeset", 1 do - assert_dom "> @id", comment.changeset_id.to_s - assert_dom "> @comments_count", "1" - end - end - - assert comment.reload.visible - end - - def test_unhide_with_write_changeset_comments_scope_json - comment = create(:changeset_comment, :visible => false) - auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_changeset_comments] - - post changeset_comment_unhide_path(comment, :format => "json"), :headers => auth_header - - assert_response :success - assert_equal "application/json", response.media_type - js = ActiveSupport::JSON.decode(@response.body) - assert_not_nil js["changeset"] - assert_equal comment.changeset_id, js["changeset"]["id"] - assert_equal 1, js["changeset"]["comments_count"] - - assert comment.reload.visible - end - - def test_unhide_with_write_api_scope - comment = create(:changeset_comment, :visible => false) - auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api] - - post changeset_comment_unhide_path(comment), :headers => auth_header - - assert_response :success - assert_equal "application/xml", response.media_type - assert_dom "osm", 1 do - assert_dom "> changeset", 1 do - assert_dom "> @id", comment.changeset_id.to_s - assert_dom "> @comments_count", "1" - end - end - - assert comment.reload.visible - end - - def test_unhide_with_write_api_scope_json - comment = create(:changeset_comment, :visible => false) - auth_header = bearer_authorization_header create(:moderator_user), :scopes => %w[write_api] - - post changeset_comment_unhide_path(comment, :format => "json"), :headers => auth_header - - assert_response :success - js = ActiveSupport::JSON.decode(@response.body) - assert_equal "application/json", response.media_type - assert_not_nil js["changeset"] - assert_equal comment.changeset_id, js["changeset"]["id"] - assert_equal 1, js["changeset"]["comments_count"] - - assert comment.reload.visible - end - private ##