From 98a365c827a2c9c0a1d944d074b74ed8dcf84414 Mon Sep 17 00:00:00 2001 From: Anton Khorev Date: Sun, 9 Feb 2025 18:50:48 +0300 Subject: [PATCH] Test api old element show accessed as moderator --- .../api/old_nodes_controller_test.rb | 39 +++++++----------- .../api/old_relations_controller_test.rb | 41 +++++++------------ .../api/old_ways_controller_test.rb | 39 +++++++----------- 3 files changed, 42 insertions(+), 77 deletions(-) diff --git a/test/controllers/api/old_nodes_controller_test.rb b/test/controllers/api/old_nodes_controller_test.rb index e80d14608..28a04c004 100644 --- a/test/controllers/api/old_nodes_controller_test.rb +++ b/test/controllers/api/old_nodes_controller_test.rb @@ -170,6 +170,20 @@ module Api assert_response :forbidden, "Redacted node shouldn't be visible via the version API, even when logged in and passing flag." end + def test_show_redacted_moderator + node = create(:node, :with_history, :version => 2) + node.old_nodes.find_by(:version => 1).redact!(create(:redaction)) + auth_header = bearer_authorization_header create(:moderator_user) + + get api_node_version_path(node, 1), :headers => auth_header + + assert_response :forbidden, "Redacted node should be gone for moderator, when flag not passed." + + get api_node_version_path(node, 1, :show_redactions => "true"), :headers => auth_header + + assert_response :success, "Redacted node should not be gone for moderator, when flag passed." + end + # Ensure the lat/lon is formatted as a decimal e.g. not 4.0e-05 def test_lat_lon_xml_format old_node = create(:old_node, :latitude => (0.00004 * OldNode::SCALE).to_i, :longitude => (0.00008 * OldNode::SCALE).to_i) @@ -257,31 +271,6 @@ module Api assert_response :success, "should be OK to redact old version as moderator." assert_predicate node_v3.reload, :redacted? - - # check moderator can still see the redacted data, when passing - # the appropriate flag - get api_node_version_path(node_v3.node_id, node_v3.version), :headers => auth_header - assert_response :forbidden, "After redaction, node should be gone for moderator, when flag not passed." - get api_node_version_path(node_v3.node_id, node_v3.version, :show_redactions => "true"), :headers => auth_header - assert_response :success, "After redaction, node should not be gone for moderator, when flag passed." - end - - # testing that if the moderator drops auth, he can't see the - # redacted stuff any more. - def test_redact_node_is_redacted - node = create(:node, :with_history, :version => 4) - node_v3 = node.old_nodes.find_by(:version => 3) - auth_header = bearer_authorization_header create(:moderator_user) - - do_redact_node(node_v3, create(:redaction), auth_header) - assert_response :success, "should be OK to redact old version as moderator." - - # re-auth as non-moderator - auth_header = bearer_authorization_header - - # check can't see the redacted data - get api_node_version_path(node_v3.node_id, node_v3.version), :headers => auth_header - assert_response :forbidden, "Redacted node shouldn't be visible via the version API." end ## diff --git a/test/controllers/api/old_relations_controller_test.rb b/test/controllers/api/old_relations_controller_test.rb index 4225083ba..21c47cf6c 100644 --- a/test/controllers/api/old_relations_controller_test.rb +++ b/test/controllers/api/old_relations_controller_test.rb @@ -170,6 +170,20 @@ module Api assert_response :forbidden, "Redacted relation shouldn't be visible via the version API, even when logged in and passing flag." end + def test_show_redacted_moderator + relation = create(:relation, :with_history, :version => 2) + relation.old_relations.find_by(:version => 1).redact!(create(:redaction)) + auth_header = bearer_authorization_header create(:moderator_user) + + get api_relation_version_path(relation, 1), :headers => auth_header + + assert_response :forbidden, "Redacted relation should be gone for moderator, when flag not passed." + + get api_relation_version_path(relation, 1, :show_redactions => "true"), :headers => auth_header + + assert_response :success, "Redacted relation should not be gone for moderator, when flag passed." + end + ## # test the redaction of an old version of a relation, while not being # authorised. @@ -237,39 +251,12 @@ module Api def test_redact_relation_moderator relation = create(:relation, :with_history, :version => 4) relation_v3 = relation.old_relations.find_by(:version => 3) - auth_header = bearer_authorization_header create(:moderator_user) do_redact_relation(relation_v3, create(:redaction), auth_header) assert_response :success, "should be OK to redact old version as moderator." assert_predicate relation_v3.reload, :redacted? - - # check moderator can still see the redacted data, when passing - # the appropriate flag - get api_relation_version_path(relation_v3.relation_id, relation_v3.version), :headers => auth_header - assert_response :forbidden, "After redaction, relation should be gone for moderator, when flag not passed." - get api_relation_version_path(relation_v3.relation_id, relation_v3.version, :show_redactions => "true"), :headers => auth_header - assert_response :success, "After redaction, relation should not be gone for moderator, when flag passed." - end - - # testing that if the moderator drops auth, he can't see the - # redacted stuff any more. - def test_redact_relation_is_redacted - relation = create(:relation, :with_history, :version => 4) - relation_v3 = relation.old_relations.find_by(:version => 3) - - auth_header = bearer_authorization_header create(:moderator_user) - - do_redact_relation(relation_v3, create(:redaction), auth_header) - assert_response :success, "should be OK to redact old version as moderator." - - # re-auth as non-moderator - auth_header = bearer_authorization_header - - # check can't see the redacted data - get api_relation_version_path(relation_v3.relation_id, relation_v3.version), :headers => auth_header - assert_response :forbidden, "Redacted relation shouldn't be visible via the version API." end ## diff --git a/test/controllers/api/old_ways_controller_test.rb b/test/controllers/api/old_ways_controller_test.rb index bd818c377..de4eb1a7b 100644 --- a/test/controllers/api/old_ways_controller_test.rb +++ b/test/controllers/api/old_ways_controller_test.rb @@ -167,6 +167,20 @@ module Api assert_response :forbidden, "Redacted way shouldn't be visible via the version API, even when logged in and passing flag." end + def test_show_redacted_moderator + way = create(:way, :with_history, :version => 2) + way.old_ways.find_by(:version => 1).redact!(create(:redaction)) + auth_header = bearer_authorization_header create(:moderator_user) + + get api_way_version_path(way, 1), :headers => auth_header + + assert_response :forbidden, "Redacted node should be gone for moderator, when flag not passed." + + get api_way_version_path(way, 1, :show_redactions => "true"), :headers => auth_header + + assert_response :success, "Redacted node should not be gone for moderator, when flag passed." + end + ## # check that returned history is the same as getting all # versions of a way from the api. @@ -252,31 +266,6 @@ module Api assert_response :success, "should be OK to redact old version as moderator." assert_predicate way_v3.reload, :redacted? - - # check moderator can still see the redacted data, when passing - # the appropriate flag - get api_way_version_path(way_v3.way_id, way_v3.version), :headers => auth_header - assert_response :forbidden, "After redaction, node should be gone for moderator, when flag not passed." - get api_way_version_path(way_v3.way_id, way_v3.version, :show_redactions => "true"), :headers => auth_header - assert_response :success, "After redaction, node should not be gone for moderator, when flag passed." - end - - # testing that if the moderator drops auth, he can't see the - # redacted stuff any more. - def test_redact_way_is_redacted - way = create(:way, :with_history, :version => 4) - way_v3 = way.old_ways.find_by(:version => 3) - auth_header = bearer_authorization_header create(:moderator_user) - - do_redact_way(way_v3, create(:redaction), auth_header) - assert_response :success, "should be OK to redact old version as moderator." - - # re-auth as non-moderator - auth_header = bearer_authorization_header - - # check can't see the redacted data - get api_way_version_path(way_v3.way_id, way_v3.version), :headers => auth_header - assert_response :forbidden, "Redacted node shouldn't be visible via the version API." end ## -- 2.39.5