2 require "way_controller"
4 class WayControllerTest < ActionController::TestCase
8 # test all routes which lead to this controller
11 { :path => "/api/0.6/way/create", :method => :put },
12 { :controller => "way", :action => "create" }
15 { :path => "/api/0.6/way/1/full", :method => :get },
16 { :controller => "way", :action => "full", :id => "1" }
19 { :path => "/api/0.6/way/1", :method => :get },
20 { :controller => "way", :action => "read", :id => "1" }
23 { :path => "/api/0.6/way/1", :method => :put },
24 { :controller => "way", :action => "update", :id => "1" }
27 { :path => "/api/0.6/way/1", :method => :delete },
28 { :controller => "way", :action => "delete", :id => "1" }
31 { :path => "/api/0.6/ways", :method => :get },
32 { :controller => "way", :action => "ways" }
36 # -------------------------------------
38 # -------------------------------------
41 # check that a visible way is returned properly
42 get :read, :id => current_ways(:visible_way).id
43 assert_response :success
45 # check that an invisible way is not returned
46 get :read, :id => current_ways(:invisible_way).id
49 # check chat a non-existent way is not returned
51 assert_response :not_found
55 # check the "full" mode
58 get :full, :id => way.id
60 # full call should say "gone" for non-visible ways...
66 # otherwise it should say success
67 assert_response :success
69 # Check the way is correctly returned
70 assert_select "osm way[id='#{way.id}'][version='#{way.version}'][visible='#{way.visible}']", 1
72 # check that each node in the way appears once in the output as a
73 # reference and as the node element.
75 count = (way.nodes - (way.nodes - [n])).length
76 assert_select "osm way nd[ref='#{n.id}']", count
77 assert_select "osm node[id='#{n.id}'][version='#{n.version}'][lat='#{format('%.7f', n.lat)}'][lon='#{format('%.7f', n.lon)}']", 1
83 # test fetching multiple ways
85 # check error when no parameter provided
87 assert_response :bad_request
89 # check error when no parameter value provided
90 get :ways, :ways => ""
91 assert_response :bad_request
94 get :ways, :ways => "1,2,4,6"
95 assert_response :success
96 assert_select "osm" do
97 assert_select "way", :count => 4
98 assert_select "way[id='1'][visible='true']", :count => 1
99 assert_select "way[id='2'][visible='false']", :count => 1
100 assert_select "way[id='4'][visible='true']", :count => 1
101 assert_select "way[id='6'][visible='true']", :count => 1
104 # check error when a non-existent way is included
105 get :ways, :ways => "1,2,4,6,400"
106 assert_response :not_found
109 # -------------------------------------
110 # Test simple way creation.
111 # -------------------------------------
114 node1 = create(:node)
115 node2 = create(:node)
116 private_user = create(:user, :data_public => false)
117 private_changeset = create(:changeset, :user => private_user)
119 changeset = create(:changeset, :user => user)
121 ## First check that it fails when creating a way using a non-public user
122 basic_authorization private_user.email, "test"
124 # use the first user's open changeset
125 changeset_id = private_changeset.id
127 # create a way with pre-existing nodes
128 content "<osm><way changeset='#{changeset_id}'>" +
129 "<nd ref='#{node1.id}'/><nd ref='#{node2.id}'/>" +
130 "<tag k='test' v='yes' /></way></osm>"
133 assert_response :forbidden,
134 "way upload did not return forbidden status"
136 ## Now use a public user
137 basic_authorization user.email, "test"
139 # use the first user's open changeset
140 changeset_id = changeset.id
142 # create a way with pre-existing nodes
143 content "<osm><way changeset='#{changeset_id}'>" +
144 "<nd ref='#{node1.id}'/><nd ref='#{node2.id}'/>" +
145 "<tag k='test' v='yes' /></way></osm>"
148 assert_response :success,
149 "way upload did not return success status"
150 # read id of created way and search for it
151 wayid = @response.body
152 checkway = Way.find(wayid)
153 assert_not_nil checkway,
154 "uploaded way not found in data base after upload"
156 assert_equal checkway.nds.length, 2,
157 "saved way does not contain exactly one node"
158 assert_equal checkway.nds[0], node1.id,
159 "saved way does not contain the right node on pos 0"
160 assert_equal checkway.nds[1], node2.id,
161 "saved way does not contain the right node on pos 1"
162 assert_equal checkway.changeset_id, changeset_id,
163 "saved way does not belong to the correct changeset"
164 assert_equal user.id, checkway.changeset.user_id,
165 "saved way does not belong to user that created it"
166 assert_equal true, checkway.visible,
167 "saved way is not visible"
170 # -------------------------------------
171 # Test creating some invalid ways.
172 # -------------------------------------
174 def test_create_invalid
176 private_user = create(:user, :data_public => false)
177 private_open_changeset = create(:changeset, :user => private_user)
178 private_closed_changeset = create(:changeset, :closed, :user => private_user)
180 open_changeset = create(:changeset, :user => user)
181 closed_changeset = create(:changeset, :closed, :user => user)
183 ## First test with a private user to make sure that they are not authorized
184 basic_authorization private_user.email, "test"
186 # use the first user's open changeset
187 # create a way with non-existing node
188 content "<osm><way changeset='#{private_open_changeset.id}'>" +
189 "<nd ref='0'/><tag k='test' v='yes' /></way></osm>"
192 assert_response :forbidden,
193 "way upload with invalid node using a private user did not return 'forbidden'"
195 # create a way with no nodes
196 content "<osm><way changeset='#{private_open_changeset.id}'>" +
197 "<tag k='test' v='yes' /></way></osm>"
200 assert_response :forbidden,
201 "way upload with no node using a private userdid not return 'forbidden'"
203 # create a way inside a closed changeset
204 content "<osm><way changeset='#{private_closed_changeset.id}'>" +
205 "<nd ref='#{node.id}'/></way></osm>"
208 assert_response :forbidden,
209 "way upload to closed changeset with a private user did not return 'forbidden'"
211 ## Now test with a public user
212 basic_authorization user.email, "test"
214 # use the first user's open changeset
215 # create a way with non-existing node
216 content "<osm><way changeset='#{open_changeset.id}'>" +
217 "<nd ref='0'/><tag k='test' v='yes' /></way></osm>"
220 assert_response :precondition_failed,
221 "way upload with invalid node did not return 'precondition failed'"
222 assert_equal "Precondition failed: Way requires the nodes with id in (0), which either do not exist, or are not visible.", @response.body
224 # create a way with no nodes
225 content "<osm><way changeset='#{open_changeset.id}'>" +
226 "<tag k='test' v='yes' /></way></osm>"
229 assert_response :precondition_failed,
230 "way upload with no node did not return 'precondition failed'"
231 assert_equal "Precondition failed: Cannot create way: data is invalid.", @response.body
233 # create a way inside a closed changeset
234 content "<osm><way changeset='#{closed_changeset.id}'>" +
235 "<nd ref='#{node.id}'/></way></osm>"
238 assert_response :conflict,
239 "way upload to closed changeset did not return 'conflict'"
241 # create a way with a tag which is too long
242 content "<osm><way changeset='#{open_changeset.id}'>" +
243 "<nd ref='#{node.id}'/>" +
244 "<tag k='foo' v='#{'x' * 256}'/>" +
248 assert_response :bad_request,
249 "way upload to with too long tag did not return 'bad_request'"
252 # -------------------------------------
253 # Test deleting ways.
254 # -------------------------------------
257 # first try to delete way without auth
258 delete :delete, :id => current_ways(:visible_way).id
259 assert_response :unauthorized
261 # now set auth using the private user
262 basic_authorization(users(:normal_user).email, "test")
264 # this shouldn't work as with the 0.6 api we need pay load to delete
265 delete :delete, :id => current_ways(:visible_way).id
266 assert_response :forbidden
268 # Now try without having a changeset
269 content "<osm><way id='#{current_ways(:visible_way).id}'/></osm>"
270 delete :delete, :id => current_ways(:visible_way).id
271 assert_response :forbidden
273 # try to delete with an invalid (closed) changeset
274 content update_changeset(current_ways(:visible_way).to_xml,
275 changesets(:normal_user_closed_change).id)
276 delete :delete, :id => current_ways(:visible_way).id
277 assert_response :forbidden
279 # try to delete with an invalid (non-existent) changeset
280 content update_changeset(current_ways(:visible_way).to_xml, 0)
281 delete :delete, :id => current_ways(:visible_way).id
282 assert_response :forbidden
284 # Now try with a valid changeset
285 content current_ways(:visible_way).to_xml
286 delete :delete, :id => current_ways(:visible_way).id
287 assert_response :forbidden
289 # check the returned value - should be the new version number
290 # valid delete should return the new version number, which should
291 # be greater than the old version number
292 # assert @response.body.to_i > current_ways(:visible_way).version,
293 # "delete request should return a new version number for way"
295 # this won't work since the way is already deleted
296 content current_ways(:invisible_way).to_xml
297 delete :delete, :id => current_ways(:invisible_way).id
298 assert_response :forbidden
300 # this shouldn't work as the way is used in a relation
301 content current_ways(:used_way).to_xml
302 delete :delete, :id => current_ways(:used_way).id
303 assert_response :forbidden,
304 "shouldn't be able to delete a way used in a relation (#{@response.body}), when done by a private user"
306 # this won't work since the way never existed
307 delete :delete, :id => 0
308 assert_response :forbidden
310 ### Now check with a public user
312 basic_authorization(users(:public_user).email, "test")
314 # this shouldn't work as with the 0.6 api we need pay load to delete
315 delete :delete, :id => current_ways(:visible_way).id
316 assert_response :bad_request
318 # Now try without having a changeset
319 content "<osm><way id='#{current_ways(:visible_way).id}'/></osm>"
320 delete :delete, :id => current_ways(:visible_way).id
321 assert_response :bad_request
323 # try to delete with an invalid (closed) changeset
324 content update_changeset(current_ways(:visible_way).to_xml,
325 changesets(:public_user_closed_change).id)
326 delete :delete, :id => current_ways(:visible_way).id
327 assert_response :conflict
329 # try to delete with an invalid (non-existent) changeset
330 content update_changeset(current_ways(:visible_way).to_xml, 0)
331 delete :delete, :id => current_ways(:visible_way).id
332 assert_response :conflict
334 # Now try with a valid changeset
335 content current_ways(:visible_way).to_xml
336 delete :delete, :id => current_ways(:visible_way).id
337 assert_response :success
339 # check the returned value - should be the new version number
340 # valid delete should return the new version number, which should
341 # be greater than the old version number
342 assert @response.body.to_i > current_ways(:visible_way).version,
343 "delete request should return a new version number for way"
345 # this won't work since the way is already deleted
346 content current_ways(:invisible_way).to_xml
347 delete :delete, :id => current_ways(:invisible_way).id
348 assert_response :gone
350 # this shouldn't work as the way is used in a relation
351 content current_ways(:used_way).to_xml
352 delete :delete, :id => current_ways(:used_way).id
353 assert_response :precondition_failed,
354 "shouldn't be able to delete a way used in a relation (#{@response.body})"
355 assert_equal "Precondition failed: Way 3 is still used by relations 1.", @response.body
357 # this won't work since the way never existed
358 delete :delete, :id => 0
359 assert_response :not_found
363 # tests whether the API works and prevents incorrect use while trying
366 private_user = create(:user, :data_public => false)
367 private_way = create(:way, :changeset => create(:changeset, :user => private_user))
369 way = create(:way, :changeset => create(:changeset, :user => user))
371 create(:way_node, :way => private_way, :node => node)
372 create(:way_node, :way => way, :node => node)
374 ## First test with no user credentials
375 # try and update a way without authorisation
377 put :update, :id => way.id
378 assert_response :unauthorized
380 ## Second test with the private user
383 basic_authorization(private_user.email, "test")
385 ## trying to break changesets
387 # try and update in someone else's changeset
388 content update_changeset(private_way.to_xml,
389 create(:changeset).id)
390 put :update, :id => private_way.id
391 assert_require_public_data "update with other user's changeset should be forbidden when date isn't public"
393 # try and update in a closed changeset
394 content update_changeset(private_way.to_xml,
395 create(:changeset, :closed, :user => private_user))
396 put :update, :id => private_way.id
397 assert_require_public_data "update with closed changeset should be forbidden, when data isn't public"
399 # try and update in a non-existant changeset
400 content update_changeset(private_way.to_xml, 0)
401 put :update, :id => private_way.id
402 assert_require_public_data("update with changeset=0 should be forbidden, when data isn't public")
404 ## try and submit invalid updates
405 content xml_replace_node(private_way.to_xml, node.id, 9999)
406 put :update, :id => private_way.id
407 assert_require_public_data "way with non-existent node should be forbidden, when data isn't public"
409 content xml_replace_node(private_way.to_xml, node.id, create(:node, :deleted).id)
410 put :update, :id => private_way.id
411 assert_require_public_data "way with deleted node should be forbidden, when data isn't public"
413 ## finally, produce a good request which will still not work
414 content private_way.to_xml
415 put :update, :id => private_way.id
416 assert_require_public_data "should have failed with a forbidden when data isn't public"
418 ## Finally test with the public user
421 basic_authorization(user.email, "test")
423 ## trying to break changesets
425 # try and update in someone else's changeset
426 content update_changeset(way.to_xml,
427 create(:changeset).id)
428 put :update, :id => way.id
429 assert_response :conflict, "update with other user's changeset should be rejected"
431 # try and update in a closed changeset
432 content update_changeset(way.to_xml,
433 changesets(:normal_user_closed_change).id)
434 put :update, :id => way.id
435 assert_response :conflict, "update with closed changeset should be rejected"
437 # try and update in a non-existant changeset
438 content update_changeset(way.to_xml, 0)
439 put :update, :id => way.id
440 assert_response :conflict, "update with changeset=0 should be rejected"
442 ## try and submit invalid updates
443 content xml_replace_node(way.to_xml, node.id, 9999)
444 put :update, :id => way.id
445 assert_response :precondition_failed, "way with non-existent node should be rejected"
447 content xml_replace_node(way.to_xml, node.id, create(:node, :deleted).id)
448 put :update, :id => way.id
449 assert_response :precondition_failed, "way with deleted node should be rejected"
451 ## next, attack the versioning
452 current_way_version = way.version
454 # try and submit a version behind
455 content xml_attr_rewrite(way.to_xml,
456 "version", current_way_version - 1)
457 put :update, :id => way.id
458 assert_response :conflict, "should have failed on old version number"
460 # try and submit a version ahead
461 content xml_attr_rewrite(way.to_xml,
462 "version", current_way_version + 1)
463 put :update, :id => way.id
464 assert_response :conflict, "should have failed on skipped version number"
466 # try and submit total crap in the version field
467 content xml_attr_rewrite(way.to_xml,
468 "version", "p1r4t3s!")
469 put :update, :id => way.id
470 assert_response :conflict,
471 "should not be able to put 'p1r4at3s!' in the version field"
473 ## try an update with the wrong ID
474 content create(:way).to_xml
475 put :update, :id => way.id
476 assert_response :bad_request,
477 "should not be able to update a way with a different ID from the XML"
479 ## try an update with a minimal valid XML doc which isn't a well-formed OSM doc.
481 put :update, :id => way.id
482 assert_response :bad_request,
483 "should not be able to update a way with non-OSM XML doc."
485 ## finally, produce a good request which should work
487 put :update, :id => way.id
488 assert_response :success, "a valid update request failed"
491 # ------------------------------------------------------------
493 # ------------------------------------------------------------
496 # Try adding a new tag to a way
498 ## Try with the non-public user
500 basic_authorization(users(:normal_user).email, "test")
502 # add an identical tag to the way
503 tag_xml = XML::Node.new("tag")
507 # add the tag into the existing xml
508 way_xml = current_ways(:visible_way).to_xml
509 way_xml.find("//osm/way").first << tag_xml
513 put :update, :id => current_ways(:visible_way).id
514 assert_response :forbidden,
515 "adding a duplicate tag to a way for a non-public should fail with 'forbidden'"
517 ## Now try with the public user
519 basic_authorization(users(:public_user).email, "test")
521 # add an identical tag to the way
522 tag_xml = XML::Node.new("tag")
526 # add the tag into the existing xml
527 way_xml = current_ways(:visible_way).to_xml
528 way_xml.find("//osm/way").first << tag_xml
532 put :update, :id => current_ways(:visible_way).id
533 assert_response :success,
534 "adding a new tag to a way should succeed"
535 assert_equal current_ways(:visible_way).version + 1, @response.body.to_i
539 # Try adding a duplicate of an existing tag to a way
540 def test_add_duplicate_tags
541 ## Try with the non-public user
543 basic_authorization(users(:normal_user).email, "test")
545 existing = create(:way_tag, :way => current_ways(:visible_way))
547 # add an identical tag to the way
548 tag_xml = XML::Node.new("tag")
549 tag_xml["k"] = existing.k
550 tag_xml["v"] = existing.v
552 # add the tag into the existing xml
553 way_xml = current_ways(:visible_way).to_xml
554 way_xml.find("//osm/way").first << tag_xml
558 put :update, :id => current_ways(:visible_way).id
559 assert_response :forbidden,
560 "adding a duplicate tag to a way for a non-public should fail with 'forbidden'"
562 ## Now try with the public user
564 basic_authorization(users(:public_user).email, "test")
566 # add an identical tag to the way
567 tag_xml = XML::Node.new("tag")
568 tag_xml["k"] = existing.k
569 tag_xml["v"] = existing.v
571 # add the tag into the existing xml
572 way_xml = current_ways(:visible_way).to_xml
573 way_xml.find("//osm/way").first << tag_xml
577 put :update, :id => current_ways(:visible_way).id
578 assert_response :bad_request,
579 "adding a duplicate tag to a way should fail with 'bad request'"
580 assert_equal "Element way/#{current_ways(:visible_way).id} has duplicate tags with key #{existing.k}", @response.body
584 # Try adding a new duplicate tags to a way
585 def test_new_duplicate_tags
586 ## First test with the non-public user so should be rejected
588 basic_authorization(users(:normal_user).email, "test")
590 # create duplicate tag
591 tag_xml = XML::Node.new("tag")
592 tag_xml["k"] = "i_am_a_duplicate"
593 tag_xml["v"] = "foobar"
595 # add the tag into the existing xml
596 way_xml = current_ways(:visible_way).to_xml
598 # add two copies of the tag
599 way_xml.find("//osm/way").first << tag_xml.copy(true) << tag_xml
603 put :update, :id => current_ways(:visible_way).id
604 assert_response :forbidden,
605 "adding new duplicate tags to a way using a non-public user should fail with 'forbidden'"
607 ## Now test with the public user
609 basic_authorization(users(:public_user).email, "test")
611 # create duplicate tag
612 tag_xml = XML::Node.new("tag")
613 tag_xml["k"] = "i_am_a_duplicate"
614 tag_xml["v"] = "foobar"
616 # add the tag into the existing xml
617 way_xml = current_ways(:visible_way).to_xml
619 # add two copies of the tag
620 way_xml.find("//osm/way").first << tag_xml.copy(true) << tag_xml
624 put :update, :id => current_ways(:visible_way).id
625 assert_response :bad_request,
626 "adding new duplicate tags to a way should fail with 'bad request'"
627 assert_equal "Element way/#{current_ways(:visible_way).id} has duplicate tags with key i_am_a_duplicate", @response.body
631 # Try adding a new duplicate tags to a way.
632 # But be a bit subtle - use unicode decoding ambiguities to use different
633 # binary strings which have the same decoding.
634 def test_invalid_duplicate_tags
635 ## First make sure that you can't with a non-public user
637 basic_authorization(users(:normal_user).email, "test")
639 # add the tag into the existing xml
640 way_str = "<osm><way changeset='1'>"
641 way_str << "<tag k='addr:housenumber' v='1'/>"
642 way_str << "<tag k='addr:housenumber' v='2'/>"
643 way_str << "</way></osm>"
648 assert_response :forbidden,
649 "adding new duplicate tags to a way with a non-public user should fail with 'forbidden'"
651 ## Now do it with a public user
653 basic_authorization(users(:public_user).email, "test")
655 # add the tag into the existing xml
656 way_str = "<osm><way changeset='1'>"
657 way_str << "<tag k='addr:housenumber' v='1'/>"
658 way_str << "<tag k='addr:housenumber' v='2'/>"
659 way_str << "</way></osm>"
664 assert_response :bad_request,
665 "adding new duplicate tags to a way should fail with 'bad request'"
666 assert_equal "Element way/ has duplicate tags with key addr:housenumber", @response.body
670 # test that a call to ways_for_node returns all ways that contain the node
671 # and none that don't.
672 def test_ways_for_node
673 # in current fixtures ways 1 and 3 all use node 3. ways 2 and 4
674 # *used* to use it but doesn't.
675 get :ways_for_node, :id => current_nodes(:used_node_1).id
676 assert_response :success
677 ways_xml = XML::Parser.string(@response.body).parse
678 assert_not_nil ways_xml, "failed to parse ways_for_node response"
680 # check that the set of IDs match expectations
681 expected_way_ids = [current_ways(:visible_way).id,
682 current_ways(:used_way).id]
683 found_way_ids = ways_xml.find("//osm/way").collect { |w| w["id"].to_i }
684 assert_equal expected_way_ids.sort, found_way_ids.sort,
685 "expected ways for node #{current_nodes(:used_node_1).id} did not match found"
687 # check the full ways to ensure we're not missing anything
688 expected_way_ids.each do |id|
689 way_xml = ways_xml.find("//osm/way[@id='#{id}']").first
690 assert_ways_are_equal(Way.find(id),
691 Way.from_xml_node(way_xml))
696 # update the changeset_id of a way element
697 def update_changeset(xml, changeset_id)
698 xml_attr_rewrite(xml, "changeset", changeset_id)
702 # update an attribute in the way element
703 def xml_attr_rewrite(xml, name, value)
704 xml.find("//osm/way").first[name] = value.to_s
709 # replace a node in a way element
710 def xml_replace_node(xml, old_node, new_node)
711 xml.find("//osm/way/nd[@ref='#{old_node}']").first["ref"] = new_node.to_s