require 'test_helper' class UsersControllerTest < ActionController::TestCase test "should get new" do get :new assert_equal User, assigns(:user).class assert_response :success end test "failed show without login" do user = FactoryGirl.build(:user) user.save get :show, :id => user.id assert_response :redirect assert_redirected_to login_path user.destroy end test "user can see user" do user = find_record :user, :email => nil, :email_forward => nil, :email_aliases => [], :created_at => Time.now, :updated_at => Time.now, :most_recent_tickets => [] login user get :show, :id => user.id assert_response :success end test "admin can see other user" do user = find_record :user, :email => nil, :email_forward => nil, :email_aliases => [], :created_at => Time.now, :updated_at => Time.now, :most_recent_tickets => [] login :is_admin? => true get :show, :id => user.id assert_response :success end test "user cannot see other user" do user = find_record :user, :email => nil, :email_forward => nil, :email_aliases => [], :created_at => Time.now, :updated_at => Time.now, :most_recent_tickets => [] login get :show, :id => user.id assert_response :redirect assert_access_denied end test "show for non-existing user" do nonid = 'thisisnotanexistinguserid' # when unauthenticated: get :show, :id => nonid assert_access_denied(true, false) # when authenticated but not admin: login get :show, :id => nonid assert_access_denied # when authenticated as admin: login :is_admin? => true get :show, :id => nonid assert_response :redirect assert_equal({:alert => "No such user."}, flash.to_hash) assert_redirected_to users_path end test "should create new user" do user_attribs = record_attributes_for :user user = User.new(user_attribs) User.expects(:create).with(user_attribs).returns(user) post :create, :user => user_attribs, :format => :json assert_nil session[:user_id] assert_json_response user assert_response :success end test "should redirect to signup form on failed attempt" do user_attribs = record_attributes_for :user user_attribs.slice!('login') user = User.new(user_attribs) assert !user.valid? User.expects(:create).with(user_attribs).returns(user) post :create, :user => user_attribs, :format => :json assert_json_error user.errors.messages assert_response 422 end test "should get edit view" do user = find_record :user login user get :edit, :id => user.id assert_equal user, assigns[:user] end test "user can change settings" do user = find_record :user changed_attribs = record_attributes_for :user_with_settings user.expects(:attributes=).with(changed_attribs) user.expects(:changed?).returns(true) user.expects(:save).returns(true) login user put :update, :user => changed_attribs, :id => user.id, :format => :json assert_equal user, assigns[:user] assert_response 204 assert_equal " ", @response.body end # Eventually, admin will be able to update some user fields test "admin cannot update user" do user = find_record :user changed_attribs = record_attributes_for :user_with_settings login :is_admin? => true put :update, :user => changed_attribs, :id => user.id, :format => :json assert_response :redirect assert_access_denied end test "admin can destroy user" do user = find_record :user user.expects(:destroy) login :is_admin? => true delete :destroy, :id => user.id assert_response :redirect assert_redirected_to users_path end test "user can cancel account" do user = find_record :user user.expects(:destroy) login user delete :destroy, :id => @current_user.id assert_response :redirect assert_redirected_to root_path end test "non-admin can't destroy user" do user = find_record :user login delete :destroy, :id => user.id assert_access_denied end test "admin can list users" do login :is_admin? => true get :index assert_response :success assert assigns(:users) end test "non-admin can't list users" do login get :index assert_access_denied end test "admin can autocomplete users" do login :is_admin? => true get :index, :format => :json assert_response :success assert assigns(:users) end test "admin can search users" do login :is_admin? => true get :index, :query => "a" assert_response :success assert assigns(:users) end test "user cannot enable own account" do user = find_record :user login post :enable, :id => user.id assert_access_denied end test "admin can deactivate user" do user = find_record :user assert user.enabled? user.expects(:save).returns(true) login :is_admin? => true post :deactivate, :id => user.id assert !assigns(:user).enabled? end end