diff options
-rw-r--r-- | users/app/controllers/users_controller.rb | 5 | ||||
-rw-r--r-- | users/app/controllers/v1/users_controller.rb | 1 | ||||
-rw-r--r-- | users/config/routes.rb | 2 | ||||
-rw-r--r-- | users/test/functional/users_controller_test.rb | 65 | ||||
-rw-r--r-- | users/test/functional/v1/users_controller_test.rb | 70 | ||||
-rw-r--r-- | users/test/support/auth_test_helper.rb | 16 |
6 files changed, 84 insertions, 75 deletions
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb index 98294b9..6664bd7 100644 --- a/users/app/controllers/users_controller.rb +++ b/users/app/controllers/users_controller.rb @@ -27,11 +27,6 @@ class UsersController < UsersBaseController @user = User.new end - def create - @user = User.create(params[:user]) - respond_with @user - end - def show end diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb index e117fc7..fda56f2 100644 --- a/users/app/controllers/v1/users_controller.rb +++ b/users/app/controllers/v1/users_controller.rb @@ -23,7 +23,6 @@ module V1 end def update - @user = User.find_by_param(params[:id]) @user.update_attributes params[:user] if @user.valid? flash[:notice] = t(:user_updated_successfully) diff --git a/users/config/routes.rb b/users/config/routes.rb index 693ae7a..b6d583e 100644 --- a/users/config/routes.rb +++ b/users/config/routes.rb @@ -13,7 +13,7 @@ Rails.application.routes.draw do resources :sessions, :only => [:new, :create, :update] get "signup" => "users#new", :as => "signup" - resources :users do + resources :users, :except => [:create, :update] do resource :overview, :only => [:show] resource :email_settings, :only => [:edit, :update] resources :email_aliases, :only => [:destroy], :id => /.*/ diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb index fd8869a..92a5f6c 100644 --- a/users/test/functional/users_controller_test.rb +++ b/users/test/functional/users_controller_test.rb @@ -79,33 +79,6 @@ class UsersControllerTest < ActionController::TestCase assert_redirected_to users_path end - test "should create new user" do - user_attribs = record_attributes_for :user - user = User.new(user_attribs) - User.expects(:create).with(user_attribs).returns(user) - - - post :create, :user => user_attribs, :format => :json - - - assert_nil session[:user_id] - assert_json_response user - assert_response :success - end - - test "should redirect to signup form on failed attempt" do - user_attribs = record_attributes_for :user - user_attribs.slice!('login') - user = User.new(user_attribs) - assert !user.valid? - User.expects(:create).with(user_attribs).returns(user) - - post :create, :user => user_attribs, :format => :json - - assert_json_error user.errors.messages - assert_response 422 - end - test "should get edit view" do user = find_record :user @@ -115,34 +88,6 @@ class UsersControllerTest < ActionController::TestCase assert_equal user, assigns[:user] end - test "user can change settings" do - user = find_record :user - changed_attribs = record_attributes_for :user_with_settings - user.expects(:attributes=).with(changed_attribs) - user.expects(:changed?).returns(true) - user.expects(:save).returns(true) - - login user - put :update, :user => changed_attribs, :id => user.id, :format => :json - - assert_equal user, assigns[:user] - assert_response 204 - assert_equal " ", @response.body - end - - # Eventually, admin will be able to update some user fields - test "admin cannot update user" do - user = find_record :user - changed_attribs = record_attributes_for :user_with_settings - - login :is_admin? => true - put :update, :user => changed_attribs, :id => user.id, :format => :json - - assert_response :redirect - assert_access_denied - - end - test "admin can destroy user" do user = find_record :user user.expects(:destroy) @@ -162,7 +107,7 @@ class UsersControllerTest < ActionController::TestCase delete :destroy, :id => @current_user.id assert_response :redirect - assert_redirected_to login_path + assert_redirected_to root_path end test "non-admin can't destroy user" do @@ -189,14 +134,6 @@ class UsersControllerTest < ActionController::TestCase assert_access_denied end - test "admin can autocomplete users" do - login :is_admin? => true - get :index, :format => :json - - assert_response :success - assert assigns(:users) - end - test "admin can search users" do login :is_admin? => true get :index, :query => "a" diff --git a/users/test/functional/v1/users_controller_test.rb b/users/test/functional/v1/users_controller_test.rb new file mode 100644 index 0000000..0d44e50 --- /dev/null +++ b/users/test/functional/v1/users_controller_test.rb @@ -0,0 +1,70 @@ +require 'test_helper' + +class V1::UsersControllerTest < ActionController::TestCase + + test "user can change settings" do + user = find_record :user + changed_attribs = record_attributes_for :user_with_settings + user.expects(:update_attributes).with(changed_attribs) + + login user + put :update, :user => changed_attribs, :id => user.id, :format => :json + + assert_equal user, assigns[:user] + assert_response 204 + assert_equal " ", @response.body + end + + test "admin can update user" do + user = find_record :user + changed_attribs = record_attributes_for :user_with_settings + user.expects(:update_attributes).with(changed_attribs) + + login :is_admin? => true + put :update, :user => changed_attribs, :id => user.id, :format => :json + + assert_equal user, assigns[:user] + assert_response 204 + end + + test "user cannot update other user" do + user = find_record :user + login + put :update, :user => record_attributes_for(:user_with_settings), :id => user.id, :format => :json + assert_access_denied + end + + test "should create new user" do + user_attribs = record_attributes_for :user + user = User.new(user_attribs) + User.expects(:create).with(user_attribs).returns(user) + + post :create, :user => user_attribs, :format => :json + + assert_nil session[:user_id] + assert_json_response user + assert_response :success + end + + test "should redirect to signup form on failed attempt" do + user_attribs = record_attributes_for :user + user_attribs.slice!('login') + user = User.new(user_attribs) + assert !user.valid? + User.expects(:create).with(user_attribs).returns(user) + + post :create, :user => user_attribs, :format => :json + + assert_json_error user.errors.messages + assert_response 422 + end + + test "admin can autocomplete users" do + login :is_admin? => true + get :index, :query => 'a', :format => :json + + assert_response :success + assert assigns(:users) + end + +end diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb index c0fcf3a..555b5db 100644 --- a/users/test/support/auth_test_helper.rb +++ b/users/test/support/auth_test_helper.rb @@ -20,10 +20,18 @@ module AuthTestHelper def assert_access_denied(denied = true, logged_in = true) if denied - assert_equal({:alert => "Not authorized"}, flash.to_hash) - # todo: eventually probably eliminate separate conditions - assert_redirected_to login_path if !logged_in - assert_redirected_to root_path if logged_in + if @response.content_type == 'application/json' + assert_json_response('error' => I18n.t(:not_authorized)) + assert_response :unprocessable_entity + else + if logged_in + assert_equal({:alert => I18n.t(:not_authorized)}, flash.to_hash) + assert_redirected_to root_url + else + assert_equal({:alert => I18n.t(:not_authorized_login)}, flash.to_hash) + assert_redirected_to login_url + end + end else assert flash[:alert].blank? end |