- def test_set_status
- user = create(:user)
-
- # Try without logging in
- post set_status_user_path(user), :params => { :event => "confirm" }
- assert_response :forbidden
-
- # Now try as a normal user
- session_for(user)
- post set_status_user_path(user), :params => { :event => "confirm" }
- assert_response :redirect
- assert_redirected_to :controller => :errors, :action => :forbidden
-
- # Finally try as an administrator
- session_for(create(:administrator_user))
- post set_status_user_path(user), :params => { :event => "confirm" }
- assert_response :redirect
- assert_redirected_to :action => :show, :display_name => user.display_name
- assert_equal "confirmed", User.find(user.id).status
- end
-
- def test_destroy
- user = create(:user, :home_lat => 12.1, :home_lon => 12.1, :description => "test")
-
- # Try without logging in
- delete user_path(user)
- assert_response :forbidden
-
- # Now try as a normal user
- session_for(user)
- delete user_path(user)
- assert_response :redirect
- assert_redirected_to :controller => :errors, :action => :forbidden
-
- # Finally try as an administrator
- session_for(create(:administrator_user))
- delete user_path(user)
- assert_response :redirect
- assert_redirected_to :action => :show, :display_name => user.display_name
-
- # Check that the user was deleted properly
- user.reload
- assert_equal "user_#{user.id}", user.display_name
- assert_equal "", user.description
- assert_nil user.home_lat
- assert_nil user.home_lon
- assert_not user.avatar.attached?
- assert_not user.email_valid
- assert_nil user.new_email
- assert_nil user.auth_provider
- assert_nil user.auth_uid
- assert_equal "deleted", user.status
- end
-
- def test_index_get
- user = create(:user)
- moderator_user = create(:moderator_user)
- administrator_user = create(:administrator_user)
- _suspended_user = create(:user, :suspended)
- _ip_user = create(:user, :creation_ip => "1.2.3.4")
-
- # There are now 7 users - the five above, plus two extra "granters" for the
- # moderator_user and administrator_user
- assert_equal 7, User.count
-
- # Shouldn't work when not logged in
- get users_path
- assert_response :redirect
- assert_redirected_to login_path(:referer => users_path)
-
- session_for(user)
-
- # Shouldn't work when logged in as a normal user
- get users_path
- assert_response :redirect
- assert_redirected_to :controller => :errors, :action => :forbidden
-
- session_for(moderator_user)
-
- # Shouldn't work when logged in as a moderator
- get users_path
- assert_response :redirect
- assert_redirected_to :controller => :errors, :action => :forbidden
-
- session_for(administrator_user)
-
- # Note there is a header row, so all row counts are users + 1
- # Should work when logged in as an administrator
- get users_path
- assert_response :success
- assert_template :index
- assert_select "table#user_list tr", :count => 7 + 1
-
- # Should be able to limit by status
- get users_path, :params => { :status => "suspended" }
- assert_response :success
- assert_template :index
- assert_select "table#user_list tr", :count => 1 + 1
-
- # Should be able to limit by IP address
- get users_path, :params => { :ip => "1.2.3.4" }
- assert_response :success
- assert_template :index
- assert_select "table#user_list tr", :count => 1 + 1
- end
-
- def test_index_get_paginated
- 1.upto(100).each do |n|
- User.create(:display_name => "extra_#{n}",
- :email => "extra#{n}@example.com",
- :pass_crypt => "extraextra")
- end
-
- session_for(create(:administrator_user))
-
- # 100 examples, an administrator, and a granter for the admin.
- assert_equal 102, User.count
-
- get users_path
- assert_response :success
- assert_template :index
- assert_select "table#user_list tr", :count => 51
-
- get users_path, :params => { :page => 2 }
- assert_response :success
- assert_template :index
- assert_select "table#user_list tr", :count => 51
-
- get users_path, :params => { :page => 3 }
- assert_response :success
- assert_template :index
- assert_select "table#user_list tr", :count => 3
- end
-
- def test_index_post_confirm
- inactive_user = create(:user, :pending)
- suspended_user = create(:user, :suspended)
-
- # Shouldn't work when not logged in
- assert_no_difference "User.active.count" do
- post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
- end
- assert_response :forbidden
-
- assert_equal "pending", inactive_user.reload.status
- assert_equal "suspended", suspended_user.reload.status
-
- session_for(create(:user))
-
- # Shouldn't work when logged in as a normal user
- assert_no_difference "User.active.count" do
- post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
- end
- assert_response :redirect
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_equal "pending", inactive_user.reload.status
- assert_equal "suspended", suspended_user.reload.status
-
- session_for(create(:moderator_user))
-
- # Shouldn't work when logged in as a moderator
- assert_no_difference "User.active.count" do
- post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
- end
- assert_response :redirect
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_equal "pending", inactive_user.reload.status
- assert_equal "suspended", suspended_user.reload.status
-
- session_for(create(:administrator_user))
-
- # Should work when logged in as an administrator
- assert_difference "User.active.count", 2 do
- post users_path, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
- end
- assert_response :redirect
- assert_redirected_to :action => :index
- assert_equal "confirmed", inactive_user.reload.status
- assert_equal "confirmed", suspended_user.reload.status
- end
-
- def test_index_post_hide
- normal_user = create(:user)
- confirmed_user = create(:user, :confirmed)
-
- # Shouldn't work when not logged in
- assert_no_difference "User.active.count" do
- post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
- end
- assert_response :forbidden
-
- assert_equal "active", normal_user.reload.status
- assert_equal "confirmed", confirmed_user.reload.status
-
- session_for(create(:user))
-
- # Shouldn't work when logged in as a normal user
- assert_no_difference "User.active.count" do
- post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
- end
- assert_response :redirect
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_equal "active", normal_user.reload.status
- assert_equal "confirmed", confirmed_user.reload.status
-
- session_for(create(:moderator_user))
-
- # Shouldn't work when logged in as a moderator
- assert_no_difference "User.active.count" do
- post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
- end
- assert_response :redirect
- assert_redirected_to :controller => :errors, :action => :forbidden
- assert_equal "active", normal_user.reload.status
- assert_equal "confirmed", confirmed_user.reload.status
-
- session_for(create(:administrator_user))
-
- # Should work when logged in as an administrator
- assert_difference "User.active.count", -2 do
- post users_path, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
- end
- assert_response :redirect
- assert_redirected_to :action => :index
- assert_equal "deleted", normal_user.reload.status
- assert_equal "deleted", confirmed_user.reload.status
- end
-
projects / rails.git / blobdiff