require 'test_helper' class UsersControllerTest < ActionController::TestCase test "should get new" do get :new assert_equal User, assigns(:user).class assert_response :success end test "failed show without login" do user = FactoryGirl.build(:user) user.save get :show, :id => user.id assert_response :redirect assert_redirected_to login_path user.destroy end test "user can see user" do user = find_record :user, :email => nil, :email_forward => nil, :email_aliases => [], :created_at => Time.now, :updated_at => Time.now, :most_recent_tickets => [] login user get :show, :id => user.id assert_response :success end test "admin can see other user" do user = find_record :user, :email => nil, :email_forward => nil, :email_aliases => [], :created_at => Time.now, :updated_at => Time.now, :most_recent_tickets => [] login :is_admin? => true get :show, :id => user.id assert_response :success end test "user cannot see other user" do user = find_record :user, :email => nil, :email_forward => nil, :email_aliases => [], :created_at => Time.now, :updated_at => Time.now, :most_recent_tickets => [] login get :show, :id => user.id assert_response :redirect assert_access_denied end test "show for non-existing user" do nonid = 'thisisnotanexistinguserid' # when unauthenticated: get :show, :id => nonid assert_access_denied(true, false) # when authenticated but not admin: login get :show, :id => nonid assert_access_denied # when authenticated as admin: login :is_admin? => true get :show, :id => nonid assert_response :redirect assert_equal({:alert => "No such user."}, flash.to_hash) assert_redirected_to users_path end test "should get edit view" do user = find_record :user login user get :edit, :id => user.id assert_equal user, assigns[:user] end test "admin can destroy user" do user = find_record :user user.expects(:destroy) login :is_admin? => true delete :destroy, :id => user.id assert_response :redirect assert_redirected_to users_path end test "user can cancel account" do user = find_record :user user.expects(:destroy) login user delete :destroy, :id => @current_user.id assert_response :redirect assert_redirected_to root_path end test "non-admin can't destroy user" do user = find_record :user login delete :destroy, :id => user.id assert_access_denied end test "admin can list users" do login :is_admin? => true get :index assert_response :success assert assigns(:users) end test "non-admin can't list users" do login get :index assert_access_denied end test "admin can search users" do login :is_admin? => true get :index, :query => "a" assert_response :success assert assigns(:users) end test "user cannot enable own account" do user = find_record :user login post :enable, :id => user.id assert_access_denied end test "admin can deactivate user" do user = find_record :user assert user.enabled? user.expects(:save).returns(true) login :is_admin? => true post :deactivate, :id => user.id assert !assigns(:user).enabled? end end