summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--users/app/controllers/users_controller.rb5
-rw-r--r--users/app/controllers/v1/users_controller.rb1
-rw-r--r--users/config/routes.rb2
-rw-r--r--users/test/functional/users_controller_test.rb65
-rw-r--r--users/test/functional/v1/users_controller_test.rb70
-rw-r--r--users/test/support/auth_test_helper.rb16
6 files changed, 84 insertions, 75 deletions
diff --git a/users/app/controllers/users_controller.rb b/users/app/controllers/users_controller.rb
index 98294b9..6664bd7 100644
--- a/users/app/controllers/users_controller.rb
+++ b/users/app/controllers/users_controller.rb
@@ -27,11 +27,6 @@ class UsersController < UsersBaseController
@user = User.new
end
- def create
- @user = User.create(params[:user])
- respond_with @user
- end
-
def show
end
diff --git a/users/app/controllers/v1/users_controller.rb b/users/app/controllers/v1/users_controller.rb
index e117fc7..fda56f2 100644
--- a/users/app/controllers/v1/users_controller.rb
+++ b/users/app/controllers/v1/users_controller.rb
@@ -23,7 +23,6 @@ module V1
end
def update
- @user = User.find_by_param(params[:id])
@user.update_attributes params[:user]
if @user.valid?
flash[:notice] = t(:user_updated_successfully)
diff --git a/users/config/routes.rb b/users/config/routes.rb
index 693ae7a..b6d583e 100644
--- a/users/config/routes.rb
+++ b/users/config/routes.rb
@@ -13,7 +13,7 @@ Rails.application.routes.draw do
resources :sessions, :only => [:new, :create, :update]
get "signup" => "users#new", :as => "signup"
- resources :users do
+ resources :users, :except => [:create, :update] do
resource :overview, :only => [:show]
resource :email_settings, :only => [:edit, :update]
resources :email_aliases, :only => [:destroy], :id => /.*/
diff --git a/users/test/functional/users_controller_test.rb b/users/test/functional/users_controller_test.rb
index fd8869a..92a5f6c 100644
--- a/users/test/functional/users_controller_test.rb
+++ b/users/test/functional/users_controller_test.rb
@@ -79,33 +79,6 @@ class UsersControllerTest < ActionController::TestCase
assert_redirected_to users_path
end
- test "should create new user" do
- user_attribs = record_attributes_for :user
- user = User.new(user_attribs)
- User.expects(:create).with(user_attribs).returns(user)
-
-
- post :create, :user => user_attribs, :format => :json
-
-
- assert_nil session[:user_id]
- assert_json_response user
- assert_response :success
- end
-
- test "should redirect to signup form on failed attempt" do
- user_attribs = record_attributes_for :user
- user_attribs.slice!('login')
- user = User.new(user_attribs)
- assert !user.valid?
- User.expects(:create).with(user_attribs).returns(user)
-
- post :create, :user => user_attribs, :format => :json
-
- assert_json_error user.errors.messages
- assert_response 422
- end
-
test "should get edit view" do
user = find_record :user
@@ -115,34 +88,6 @@ class UsersControllerTest < ActionController::TestCase
assert_equal user, assigns[:user]
end
- test "user can change settings" do
- user = find_record :user
- changed_attribs = record_attributes_for :user_with_settings
- user.expects(:attributes=).with(changed_attribs)
- user.expects(:changed?).returns(true)
- user.expects(:save).returns(true)
-
- login user
- put :update, :user => changed_attribs, :id => user.id, :format => :json
-
- assert_equal user, assigns[:user]
- assert_response 204
- assert_equal " ", @response.body
- end
-
- # Eventually, admin will be able to update some user fields
- test "admin cannot update user" do
- user = find_record :user
- changed_attribs = record_attributes_for :user_with_settings
-
- login :is_admin? => true
- put :update, :user => changed_attribs, :id => user.id, :format => :json
-
- assert_response :redirect
- assert_access_denied
-
- end
-
test "admin can destroy user" do
user = find_record :user
user.expects(:destroy)
@@ -162,7 +107,7 @@ class UsersControllerTest < ActionController::TestCase
delete :destroy, :id => @current_user.id
assert_response :redirect
- assert_redirected_to login_path
+ assert_redirected_to root_path
end
test "non-admin can't destroy user" do
@@ -189,14 +134,6 @@ class UsersControllerTest < ActionController::TestCase
assert_access_denied
end
- test "admin can autocomplete users" do
- login :is_admin? => true
- get :index, :format => :json
-
- assert_response :success
- assert assigns(:users)
- end
-
test "admin can search users" do
login :is_admin? => true
get :index, :query => "a"
diff --git a/users/test/functional/v1/users_controller_test.rb b/users/test/functional/v1/users_controller_test.rb
new file mode 100644
index 0000000..0d44e50
--- /dev/null
+++ b/users/test/functional/v1/users_controller_test.rb
@@ -0,0 +1,70 @@
+require 'test_helper'
+
+class V1::UsersControllerTest < ActionController::TestCase
+
+ test "user can change settings" do
+ user = find_record :user
+ changed_attribs = record_attributes_for :user_with_settings
+ user.expects(:update_attributes).with(changed_attribs)
+
+ login user
+ put :update, :user => changed_attribs, :id => user.id, :format => :json
+
+ assert_equal user, assigns[:user]
+ assert_response 204
+ assert_equal " ", @response.body
+ end
+
+ test "admin can update user" do
+ user = find_record :user
+ changed_attribs = record_attributes_for :user_with_settings
+ user.expects(:update_attributes).with(changed_attribs)
+
+ login :is_admin? => true
+ put :update, :user => changed_attribs, :id => user.id, :format => :json
+
+ assert_equal user, assigns[:user]
+ assert_response 204
+ end
+
+ test "user cannot update other user" do
+ user = find_record :user
+ login
+ put :update, :user => record_attributes_for(:user_with_settings), :id => user.id, :format => :json
+ assert_access_denied
+ end
+
+ test "should create new user" do
+ user_attribs = record_attributes_for :user
+ user = User.new(user_attribs)
+ User.expects(:create).with(user_attribs).returns(user)
+
+ post :create, :user => user_attribs, :format => :json
+
+ assert_nil session[:user_id]
+ assert_json_response user
+ assert_response :success
+ end
+
+ test "should redirect to signup form on failed attempt" do
+ user_attribs = record_attributes_for :user
+ user_attribs.slice!('login')
+ user = User.new(user_attribs)
+ assert !user.valid?
+ User.expects(:create).with(user_attribs).returns(user)
+
+ post :create, :user => user_attribs, :format => :json
+
+ assert_json_error user.errors.messages
+ assert_response 422
+ end
+
+ test "admin can autocomplete users" do
+ login :is_admin? => true
+ get :index, :query => 'a', :format => :json
+
+ assert_response :success
+ assert assigns(:users)
+ end
+
+end
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index c0fcf3a..555b5db 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -20,10 +20,18 @@ module AuthTestHelper
def assert_access_denied(denied = true, logged_in = true)
if denied
- assert_equal({:alert => "Not authorized"}, flash.to_hash)
- # todo: eventually probably eliminate separate conditions
- assert_redirected_to login_path if !logged_in
- assert_redirected_to root_path if logged_in
+ if @response.content_type == 'application/json'
+ assert_json_response('error' => I18n.t(:not_authorized))
+ assert_response :unprocessable_entity
+ else
+ if logged_in
+ assert_equal({:alert => I18n.t(:not_authorized)}, flash.to_hash)
+ assert_redirected_to root_url
+ else
+ assert_equal({:alert => I18n.t(:not_authorized_login)}, flash.to_hash)
+ assert_redirected_to login_url
+ end
+ end
else
assert flash[:alert].blank?
end