Merge branch 'develop' of https://github.com/leapcode/leap_web into feature/expose_admin_in_api

author: NavaL <ayoyo@thoughtworks.com> 2016-07-14 15:44:07 +0200
committer: NavaL <ayoyo@thoughtworks.com> 2016-07-14 15:44:07 +0200
commit: e3c2cb91dfef5c39c608b967e702e9de977d1bd2 (patch)
tree: 154dc28dd986bd6e0a48e933c5da46994ffaa0cb /test/functional/api/users_controller_test.rb
parent: e2f19bcfb6dbce77746c2d61715340525b29a592 (diff)
parent: f09e6ec1337962ab279f021a6a6d0ff30479ebe0 (diff)
1 files changed, 135 insertions, 0 deletions
diff --git a/test/functional/api/users_controller_test.rb b/test/functional/api/users_controller_test.rb
new file mode 100644
index 0000000..32afd0a
--- /dev/null
+++ b/test/functional/api/users_controller_test.rb
@@ -0,0 +1,135 @@
+require 'test_helper'
+
+class Api::UsersControllerTest < ApiControllerTest
+
+  test "user can change settings" do
+    user = find_record :user
+    changed_attribs = record_attributes_for :user_with_settings
+    account_settings = stub
+    account_settings.expects(:update).with(changed_attribs)
+    Account.expects(:new).with(user).returns(account_settings)
+
+    login user
+    api_put :update, :user => changed_attribs, :id => user.id, :format => :json
+
+    assert_equal user, assigns[:user]
+    assert_response 204
+    assert @response.body.blank?, "Response should be blank"
+  end
+
+  test "admin can update user" do
+    user = find_record :user
+    changed_attribs = record_attributes_for :user_with_settings
+    account_settings = stub
+    account_settings.expects(:update).with(changed_attribs)
+    Account.expects(:new).with(user).returns(account_settings)
+
+    login :is_admin? => true
+    api_put :update, :user => changed_attribs, :id => user.id, :format => :json
+
+    assert_equal user, assigns[:user]
+    assert_response 204
+  end
+
+  test "user cannot update other user" do
+    user = find_record :user
+    login
+    api_put :update, id: user.id,
+      user: record_attributes_for(:user_with_settings),
+      :format => :json
+    assert_access_denied
+  end
+
+  test "should create new user" do
+    user_attribs = record_attributes_for :user
+    user = User.new(user_attribs)
+    Account.expects(:create).with(user_attribs).returns(user)
+
+    api_post :create, :user => user_attribs, :format => :json
+
+    assert_nil session[:user_id]
+    assert_json_response user
+    assert_response :success
+  end
+
+  test "should redirect to signup form on failed attempt" do
+    user_attribs = record_attributes_for :user
+    user_attribs.slice!('login')
+    user = User.new(user_attribs)
+    assert !user.valid?
+    Account.expects(:create).with(user_attribs).returns(user)
+
+    api_post :create, :user => user_attribs, :format => :json
+
+    assert_json_error user.errors.messages
+    assert_response 422
+  end
+
+  test "admin can autocomplete users" do
+    login :is_admin? => true
+    api_get :index, :query => 'a', :format => :json
+
+    assert_response :success
+    assert assigns(:users)
+  end
+
+  test "create returns forbidden if registration is closed" do
+    user_attribs = record_attributes_for :user
+    with_config(allow_registration: false) do
+      api_post :create, :user => user_attribs, :format => :json
+      assert_response :forbidden
+    end
+  end
+
+  test "admin can show user" do
+    user = FactoryGirl.create :user
+    login :is_admin? => true
+    api_get :show, :id => 0, :login => user.login, :format => :json
+    assert_response :success
+    assert_json_response user
+    api_get :show, :id => user.id, :format => :json
+    assert_response :success
+    assert_json_response user
+    api_get :show, :id => "0", :format => :json
+    assert_response :not_found
+  end
+
+  test "normal users cannot show user" do
+    user = find_record :user
+    login
+    api_get :show, :id => 0, :login => user.login, :format => :json
+    assert_access_denied
+  end
+
+  test "api monitor auth can create and destroy test users" do
+    # should work even with registration off and/or invites required
+    with_config(allow_registration: false, invite_required: true) do
+      monitor_auth do
+        user_attribs = record_attributes_for :test_user
+        api_post :create, :user => user_attribs, :format => :json
+        assert_response :success
+        api_delete :destroy, :id => assigns(:user).id, :format => :json
+        assert_response :success
+      end
+    end
+  end
+
+  test "api monitor auth cannot create normal users" do
+    monitor_auth do
+      user_attribs = record_attributes_for :user
+      api_post :create, :user => user_attribs, :format => :json
+      assert_response :forbidden
+    end
+  end
+
+  test "api monitor auth cannot api_delete normal users" do
+    api_post :create, :user => record_attributes_for(:user), :format => :json
+    assert_response :success
+    normal_user_id = assigns(:user).id
+    monitor_auth do
+      api_delete :destroy, :id => normal_user_id, :format => :json
+      assert_response :forbidden
+    end
+  end
+
+end
author	NavaL <ayoyo@thoughtworks.com>	2016-07-14 15:44:07 +0200
committer	NavaL <ayoyo@thoughtworks.com>	2016-07-14 15:44:07 +0200
commit	e3c2cb91dfef5c39c608b967e702e9de977d1bd2 (patch)
tree	154dc28dd986bd6e0a48e933c5da46994ffaa0cb /test/functional/api/users_controller_test.rb
parent	e2f19bcfb6dbce77746c2d61715340525b29a592 (diff)
parent	f09e6ec1337962ab279f021a6a6d0ff30479ebe0 (diff)