1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
|
require 'test_helper'
class UsersControllerTest < ActionController::TestCase
test "should get new" do
get :new
assert_equal User, assigns(:user).class
assert_response :success
end
test "failed show without login" do
user = FactoryGirl.build(:user)
user.save
get :show, :id => user.id
assert_response :redirect
assert_redirected_to login_path
user.destroy
end
test "user can see user" do
user = find_record :user,
:email => nil,
:email_forward => nil,
:email_aliases => [],
:created_at => Time.now,
:updated_at => Time.now,
:most_recent_tickets => []
login user
get :show, :id => user.id
assert_response :success
end
test "admin can see other user" do
user = find_record :user,
:email => nil,
:email_forward => nil,
:email_aliases => [],
:created_at => Time.now,
:updated_at => Time.now,
:most_recent_tickets => []
login :is_admin? => true
get :show, :id => user.id
assert_response :success
end
test "user cannot see other user" do
user = find_record :user,
:email => nil,
:email_forward => nil,
:email_aliases => [],
:created_at => Time.now,
:updated_at => Time.now,
:most_recent_tickets => []
login
get :show, :id => user.id
assert_response :redirect
assert_access_denied
end
test "show for non-existing user" do
nonid = 'thisisnotanexistinguserid'
# when unauthenticated:
get :show, :id => nonid
assert_access_denied(true, false)
# when authenticated but not admin:
login
get :show, :id => nonid
assert_access_denied
# when authenticated as admin:
login :is_admin? => true
get :show, :id => nonid
assert_response :redirect
assert_equal({:alert => "No such user."}, flash.to_hash)
assert_redirected_to users_path
end
test "should create new user" do
user_attribs = record_attributes_for :user
user = User.new(user_attribs)
User.expects(:create).with(user_attribs).returns(user)
post :create, :user => user_attribs, :format => :json
assert_nil session[:user_id]
assert_json_response user
assert_response :success
end
test "should redirect to signup form on failed attempt" do
user_attribs = record_attributes_for :user
user_attribs.slice!('login')
user = User.new(user_attribs)
assert !user.valid?
User.expects(:create).with(user_attribs).returns(user)
post :create, :user => user_attribs, :format => :json
assert_json_error user.errors.messages
assert_response 422
end
test "should get edit view" do
user = find_record :user
login user
get :edit, :id => user.id
assert_equal user, assigns[:user]
end
test "user can change settings" do
user = find_record :user
changed_attribs = record_attributes_for :user_with_settings
user.expects(:attributes=).with(changed_attribs)
user.expects(:changed?).returns(true)
user.expects(:save).returns(true)
login user
put :update, :user => changed_attribs, :id => user.id, :format => :json
assert_equal user, assigns[:user]
assert_response 204
assert_equal " ", @response.body
end
# Eventually, admin will be able to update some user fields
test "admin cannot update user" do
user = find_record :user
changed_attribs = record_attributes_for :user_with_settings
login :is_admin? => true
put :update, :user => changed_attribs, :id => user.id, :format => :json
assert_response :redirect
assert_access_denied
end
test "admin can destroy user" do
user = find_record :user
user.expects(:destroy)
login :is_admin? => true
delete :destroy, :id => user.id
assert_response :redirect
assert_redirected_to users_path
end
test "user can cancel account" do
user = find_record :user
user.expects(:destroy)
login user
delete :destroy, :id => @current_user.id
assert_response :redirect
assert_redirected_to login_path
end
test "non-admin can't destroy user" do
user = find_record :user
login
delete :destroy, :id => user.id
assert_access_denied
end
test "admin can list users" do
login :is_admin? => true
get :index
assert_response :success
assert assigns(:users)
end
test "non-admin can't list users" do
login
get :index
assert_access_denied
end
test "admin can autocomplete users" do
login :is_admin? => true
get :index, :format => :json
assert_response :success
assert assigns(:users)
end
test "admin can search users" do
login :is_admin? => true
get :index, :query => "a"
assert_response :success
assert assigns(:users)
end
end
|
