From 38a610fd316c4d5143c2af2e71f73da6f249ac45 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Tue, 20 Mar 2012 17:02:43 +0000 Subject: [PATCH] Add functional tests for the user_roles controller --- app/controllers/user_roles_controller.rb | 10 +- test/fixtures/user_roles.yml | 10 ++ test/fixtures/users.yml | 12 ++ test/functional/user_roles_controller_test.rb | 122 ++++++++++++++++++ test/unit/user_test.rb | 6 +- 5 files changed, 154 insertions(+), 6 deletions(-) diff --git a/app/controllers/user_roles_controller.rb b/app/controllers/user_roles_controller.rb index cb0425f32..11a1dc41e 100644 --- a/app/controllers/user_roles_controller.rb +++ b/app/controllers/user_roles_controller.rb @@ -22,6 +22,9 @@ class UserRolesController < ApplicationController end private + ## + # require that the user is an administrator, or fill out a helpful error message + # and return them to theuser page. def require_administrator unless @user.administrator? flash[:error] = t'user_role.filter.not_an_administrator' @@ -32,9 +35,10 @@ class UserRolesController < ApplicationController ## # ensure that there is a "this_user" instance variable def lookup_this_user - @this_user = User.find_by_display_name(params[:display_name]) - rescue ActiveRecord::RecordNotFound - redirect_to :controller => 'user', :action => 'view', :display_name => params[:display_name] unless @this_user + unless @this_user = User.find_by_display_name(params[:display_name]) + @not_found_user = params[:display_name] + render :template => 'user/no_such_user', :status => :not_found + end end ## diff --git a/test/fixtures/user_roles.yml b/test/fixtures/user_roles.yml index 113d1627e..980d5e89c 100644 --- a/test/fixtures/user_roles.yml +++ b/test/fixtures/user_roles.yml @@ -14,3 +14,13 @@ second_moderator: user_id: 15 role: moderator granter_id: 6 + +super_moderator: + user_id: 16 + role: moderator + granter_id: 6 + +super_administrator: + user_id: 16 + role: administrator + granter_id: 6 diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml index de99c00b5..c1b7244cb 100644 --- a/test/fixtures/users.yml +++ b/test/fixtures/users.yml @@ -200,3 +200,15 @@ second_moderator_user: terms_agreed: "2010-01-01 11:22:33" terms_seen: true languages: en + +super_user: + id: 16 + email: super@example.com + status: active + pass_crypt: <%= Digest::MD5.hexdigest('test') %> + creation_time: "2008-05-01 01:23:45" + display_name: super + data_public: true + terms_agreed: "2010-01-01 11:22:33" + terms_seen: true + languages: en diff --git a/test/functional/user_roles_controller_test.rb b/test/functional/user_roles_controller_test.rb index e89230a7f..ed5d1a17d 100644 --- a/test/functional/user_roles_controller_test.rb +++ b/test/functional/user_roles_controller_test.rb @@ -1,6 +1,8 @@ require File.dirname(__FILE__) + '/../test_helper' class UserRolesControllerTest < ActionController::TestCase + fixtures :users, :user_roles + ## # test all routes which lead to this controller def test_routes @@ -13,4 +15,124 @@ class UserRolesControllerTest < ActionController::TestCase { :controller => "user_roles", :action => "revoke", :display_name => "username", :role => "rolename" } ) end + + ## + # test the grant action + def test_grant + # Granting should fail when not logged in + post :grant, :display_name => users(:normal_user).display_name, :role => "moderator" + assert_response :forbidden + + # Login as an unprivileged user + session[:user] = users(:public_user).id + cookies["_osm_username"] = users(:public_user).display_name + + # Granting should still fail + post :grant, :display_name => users(:normal_user).display_name, :role => "moderator" + assert_redirected_to user_path(users(:normal_user).display_name) + assert_equal "Only administrators can perform user role management, and you are not an administrator.", flash[:error] + + # Login as an administrator + session[:user] = users(:administrator_user).id + cookies["_osm_username"] = users(:administrator_user).display_name + + UserRole::ALL_ROLES.each do |role| + + # Granting a role to a non-existent user should fail + assert_difference "UserRole.count", 0 do + post :grant, :display_name => "non_existent_user", :role => role + end + assert_response :not_found + assert_template "user/no_such_user" + assert_select "h2", "The user non_existent_user does not exist" + + # Granting a role from a user that already has it should fail + assert_no_difference "UserRole.count" do + post :grant, :display_name => users(:super_user).display_name, :role => role + end + assert_redirected_to user_path(users(:super_user).display_name) + assert_equal "The user already has role #{role}.", flash[:error] + + # Granting a role to a user that doesn't have it should work... + assert_difference "UserRole.count", 1 do + post :grant, :display_name => users(:normal_user).display_name, :role => role + end + assert_redirected_to user_path(users(:normal_user).display_name) + + # ...but trying a second time should fail + assert_no_difference "UserRole.count" do + post :grant, :display_name => users(:normal_user).display_name, :role => role + end + assert_redirected_to user_path(users(:normal_user).display_name) + assert_equal "The user already has role #{role}.", flash[:error] + + end + + # Granting a non-existent role should fail + assert_difference "UserRole.count", 0 do + post :grant, :display_name => users(:normal_user).display_name, :role => "no_such_role" + end + assert_redirected_to user_path(users(:normal_user).display_name) + assert_equal "The string `no_such_role' is not a valid role.", flash[:error] + end + + ## + # test the revoke action + def test_revoke + # Revoking should fail when not logged in + post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator" + assert_response :forbidden + + # Login as an unprivileged user + session[:user] = users(:public_user).id + cookies["_osm_username"] = users(:public_user).display_name + + # Revoking should still fail + post :revoke, :display_name => users(:normal_user).display_name, :role => "moderator" + assert_redirected_to user_path(users(:normal_user).display_name) + assert_equal "Only administrators can perform user role management, and you are not an administrator.", flash[:error] + + # Login as an administrator + session[:user] = users(:administrator_user).id + cookies["_osm_username"] = users(:administrator_user).display_name + + UserRole::ALL_ROLES.each do |role| + + # Removing a role from a non-existent user should fail + assert_difference "UserRole.count", 0 do + post :revoke, :display_name => "non_existent_user", :role => role + end + assert_response :not_found + assert_template "user/no_such_user" + assert_select "h2", "The user non_existent_user does not exist" + + # Removing a role from a user that doesn't have it should fail + assert_no_difference "UserRole.count" do + post :revoke, :display_name => users(:normal_user).display_name, :role => role + end + assert_redirected_to user_path(users(:normal_user).display_name) + assert_equal "The user does not have role #{role}.", flash[:error] + + # Removing a role' from a user that has it should work... + assert_difference "UserRole.count", -1 do + post :revoke, :display_name => users(:super_user).display_name, :role => role + end + assert_redirected_to user_path(users(:super_user).display_name) + + # ...but trying a second time should fail + assert_no_difference "UserRole.count" do + post :revoke, :display_name => users(:super_user).display_name, :role => role + end + assert_redirected_to user_path(users(:super_user).display_name) + assert_equal "The user does not have role #{role}.", flash[:error] + + end + + # Revoking a non-existent role should fail + assert_difference "UserRole.count", 0 do + post :revoke, :display_name => users(:normal_user).display_name, :role => "no_such_role" + end + assert_redirected_to user_path(users(:normal_user).display_name) + assert_equal "The string `no_such_role' is not a valid role.", flash[:error] + end end diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index bc0b7573b..9f04bd1d6 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -155,7 +155,7 @@ class UserTest < ActiveSupport::TestCase end def test_visible - assert_equal 13, User.visible.count + assert_equal 14, User.visible.count assert_raise ActiveRecord::RecordNotFound do User.visible.find(users(:suspended_user).id) end @@ -165,7 +165,7 @@ class UserTest < ActiveSupport::TestCase end def test_active - assert_equal 12, User.active.count + assert_equal 13, User.active.count assert_raise ActiveRecord::RecordNotFound do User.active.find(users(:inactive_user).id) end @@ -178,7 +178,7 @@ class UserTest < ActiveSupport::TestCase end def test_public - assert_equal 14, User.public.count + assert_equal 15, User.public.count assert_raise ActiveRecord::RecordNotFound do User.public.find(users(:normal_user).id) end -- 2.39.5