X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/1f8a68371ad34594cce4aadf5fef229588fd4ddc..e509850554db7b46d2397cb8b8818bd7138b5f5d:/test/functional/relation_controller_test.rb
diff --git a/test/functional/relation_controller_test.rb b/test/functional/relation_controller_test.rb
index f52981233..dc7c64de2 100644
--- a/test/functional/relation_controller_test.rb
+++ b/test/functional/relation_controller_test.rb
@@ -4,14 +4,6 @@ require 'relation_controller'
class RelationControllerTest < ActionController::TestCase
api_fixtures
- def basic_authorization(user, pass)
- @request.env["HTTP_AUTHORIZATION"] = "Basic %s" % Base64.encode64("#{user}:#{pass}")
- end
-
- def content(c)
- @request.env["RAW_POST_DATA"] = c.to_s
- end
-
# -------------------------------------
# Test reading relations.
# -------------------------------------
@@ -85,11 +77,63 @@ class RelationControllerTest < ActionController::TestCase
# -------------------------------------
def test_create
- basic_authorization "test@openstreetmap.org", "test"
+ basic_authorization users(:normal_user).email, "test"
# put the relation in a dummy fixture changset
changeset_id = changesets(:normal_user_first_change).id
+ # create an relation without members
+ content ""
+ put :create
+ # hope for forbidden, due to user
+ assert_response :forbidden,
+ "relation upload should have failed with forbidden"
+
+ ###
+ # create an relation with a node as member
+ # This time try with a role attribute in the relation
+ nid = current_nodes(:used_node_1).id
+ content "" +
+ "" +
+ ""
+ put :create
+ # hope for forbidden due to user
+ assert_response :forbidden,
+ "relation upload did not return forbidden status"
+
+ ###
+ # create an relation with a node as member, this time test that we don't
+ # need a role attribute to be included
+ nid = current_nodes(:used_node_1).id
+ content "" +
+ ""+
+ ""
+ put :create
+ # hope for forbidden due to user
+ assert_response :forbidden,
+ "relation upload did not return forbidden status"
+
+ ###
+ # create an relation with a way and a node as members
+ nid = current_nodes(:used_node_1).id
+ wid = current_ways(:used_way).id
+ content "" +
+ "" +
+ "" +
+ ""
+ put :create
+ # hope for forbidden, due to user
+ assert_response :forbidden,
+ "relation upload did not return success status"
+
+
+
+ ## Now try with the public user
+ basic_authorization users(:public_user).email, "test"
+
+ # put the relation in a dummy fixture changset
+ changeset_id = changesets(:public_user_first_change).id
+
# create an relation without members
content ""
put :create
@@ -108,7 +152,7 @@ class RelationControllerTest < ActionController::TestCase
"saved relation does not contain exactly one tag"
assert_equal changeset_id, checkrelation.changeset.id,
"saved relation does not belong in the changeset it was assigned to"
- assert_equal users(:normal_user).id, checkrelation.changeset.user_id,
+ assert_equal users(:public_user).id, checkrelation.changeset.user_id,
"saved relation does not belong to user that created it"
assert_equal true, checkrelation.visible,
"saved relation is not visible"
@@ -140,7 +184,7 @@ class RelationControllerTest < ActionController::TestCase
"saved relation does not contain exactly one tag"
assert_equal changeset_id, checkrelation.changeset.id,
"saved relation does not belong in the changeset it was assigned to"
- assert_equal users(:normal_user).id, checkrelation.changeset.user_id,
+ assert_equal users(:public_user).id, checkrelation.changeset.user_id,
"saved relation does not belong to user that created it"
assert_equal true, checkrelation.visible,
"saved relation is not visible"
@@ -173,7 +217,7 @@ class RelationControllerTest < ActionController::TestCase
"saved relation does not contain exactly one tag"
assert_equal changeset_id, checkrelation.changeset.id,
"saved relation does not belong in the changeset it was assigned to"
- assert_equal users(:normal_user).id, checkrelation.changeset.user_id,
+ assert_equal users(:public_user).id, checkrelation.changeset.user_id,
"saved relation does not belong to user that created it"
assert_equal true, checkrelation.visible,
"saved relation is not visible"
@@ -206,7 +250,7 @@ class RelationControllerTest < ActionController::TestCase
"saved relation does not contain exactly one tag"
assert_equal changeset_id, checkrelation.changeset.id,
"saved relation does not belong in the changeset it was assigned to"
- assert_equal users(:normal_user).id, checkrelation.changeset.user_id,
+ assert_equal users(:public_user).id, checkrelation.changeset.user_id,
"saved relation does not belong to user that created it"
assert_equal true, checkrelation.visible,
"saved relation is not visible"
@@ -216,15 +260,78 @@ class RelationControllerTest < ActionController::TestCase
end
+ # ------------------------------------
+ # Test updating relations
+ # ------------------------------------
+
+ ##
+ # test that, when tags are updated on a relation, the correct things
+ # happen to the correct tables and the API gives sensible results.
+ # this is to test a case that gregory marler noticed and posted to
+ # josm-dev.
+ ## FIXME Move this to an integration test
+ def test_update_relation_tags
+ basic_authorization "test@example.com", "test"
+ rel_id = current_relations(:multi_tag_relation).id
+ cs_id = changesets(:public_user_first_change).id
+
+ with_relation(rel_id) do |rel|
+ # alter one of the tags
+ tag = rel.find("//osm/relation/tag").first
+ tag['v'] = 'some changed value'
+ update_changeset(rel, cs_id)
+
+ # check that the downloaded tags are the same as the uploaded tags...
+ new_version = with_update(rel) do |new_rel|
+ assert_tags_equal rel, new_rel
+ end
+
+ # check the original one in the current_* table again
+ with_relation(rel_id) { |r| assert_tags_equal rel, r }
+
+ # now check the version in the history
+ with_relation(rel_id, new_version) { |r| assert_tags_equal rel, r }
+ end
+ end
+
+ ##
+ # test that, when tags are updated on a relation when using the diff
+ # upload function, the correct things happen to the correct tables
+ # and the API gives sensible results. this is to test a case that
+ # gregory marler noticed and posted to josm-dev.
+ def test_update_relation_tags_via_upload
+ basic_authorization users(:public_user).email, "test"
+ rel_id = current_relations(:multi_tag_relation).id
+ cs_id = changesets(:public_user_first_change).id
+
+ with_relation(rel_id) do |rel|
+ # alter one of the tags
+ tag = rel.find("//osm/relation/tag").first
+ tag['v'] = 'some changed value'
+ update_changeset(rel, cs_id)
+
+ # check that the downloaded tags are the same as the uploaded tags...
+ new_version = with_update_diff(rel) do |new_rel|
+ assert_tags_equal rel, new_rel
+ end
+
+ # check the original one in the current_* table again
+ with_relation(rel_id) { |r| assert_tags_equal rel, r }
+
+ # now check the version in the history
+ with_relation(rel_id, new_version) { |r| assert_tags_equal rel, r }
+ end
+ end
+
# -------------------------------------
# Test creating some invalid relations.
# -------------------------------------
def test_create_invalid
- basic_authorization "test@openstreetmap.org", "test"
+ basic_authorization users(:public_user).email, "test"
# put the relation in a dummy fixture changset
- changeset_id = changesets(:normal_user_first_change).id
+ changeset_id = changesets(:public_user_first_change).id
# create a relation with non-existing node as member
content "" +
@@ -240,10 +347,10 @@ class RelationControllerTest < ActionController::TestCase
# Test creating a relation, with some invalid XML
# -------------------------------------
def test_create_invalid_xml
- basic_authorization "test@openstreetmap.org", "test"
+ basic_authorization users(:public_user).email, "test"
# put the relation in a dummy fixture changeset that works
- changeset_id = changesets(:normal_user_first_change).id
+ changeset_id = changesets(:public_user_first_change).id
# create some xml that should return an error
content "" +
@@ -262,12 +369,63 @@ class RelationControllerTest < ActionController::TestCase
# -------------------------------------
def test_delete
- # first try to delete relation without auth
+ ## First try to delete relation without auth
delete :delete, :id => current_relations(:visible_relation).id
assert_response :unauthorized
+
+
+ ## Then try with the private user, to make sure that you get a forbidden
+ basic_authorization(users(:normal_user).email, "test")
+
+ # this shouldn't work, as we should need the payload...
+ delete :delete, :id => current_relations(:visible_relation).id
+ assert_response :forbidden
+
+ # try to delete without specifying a changeset
+ content ""
+ delete :delete, :id => current_relations(:visible_relation).id
+ assert_response :forbidden
+
+ # try to delete with an invalid (closed) changeset
+ content update_changeset(current_relations(:visible_relation).to_xml,
+ changesets(:normal_user_closed_change).id)
+ delete :delete, :id => current_relations(:visible_relation).id
+ assert_response :forbidden
+
+ # try to delete with an invalid (non-existent) changeset
+ content update_changeset(current_relations(:visible_relation).to_xml,0)
+ delete :delete, :id => current_relations(:visible_relation).id
+ assert_response :forbidden
- # now set auth
- basic_authorization("test@openstreetmap.org", "test");
+ # this won't work because the relation is in-use by another relation
+ content(relations(:used_relation).to_xml)
+ delete :delete, :id => current_relations(:used_relation).id
+ assert_response :forbidden
+
+ # this should work when we provide the appropriate payload...
+ content(relations(:visible_relation).to_xml)
+ delete :delete, :id => current_relations(:visible_relation).id
+ assert_response :forbidden
+
+ # this won't work since the relation is already deleted
+ content(relations(:invisible_relation).to_xml)
+ delete :delete, :id => current_relations(:invisible_relation).id
+ assert_response :forbidden
+
+ # this works now because the relation which was using this one
+ # has been deleted.
+ content(relations(:used_relation).to_xml)
+ delete :delete, :id => current_relations(:used_relation).id
+ assert_response :forbidden
+
+ # this won't work since the relation never existed
+ delete :delete, :id => 0
+ assert_response :forbidden
+
+
+
+ ## now set auth for the public user
+ basic_authorization(users(:public_user).email, "test");
# this shouldn't work, as we should need the payload...
delete :delete, :id => current_relations(:visible_relation).id
@@ -290,15 +448,27 @@ class RelationControllerTest < ActionController::TestCase
delete :delete, :id => current_relations(:visible_relation).id
assert_response :conflict
- # this won't work because the relation is in-use by another relation
+ # this won't work because the relation is in a changeset owned by someone else
content(relations(:used_relation).to_xml)
delete :delete, :id => current_relations(:used_relation).id
+ assert_response :conflict,
+ "shouldn't be able to delete a relation in a changeset owned by someone else (#{@response.body})"
+
+ # this won't work because the relation in the payload is different to that passed
+ content(relations(:public_used_relation).to_xml)
+ delete :delete, :id => current_relations(:used_relation).id
+ assert_not_equal relations(:public_used_relation).id, current_relations(:used_relation).id
+ assert_response :bad_request, "shouldn't be able to delete a relation when payload is different to the url"
+
+ # this won't work because the relation is in-use by another relation
+ content(relations(:public_used_relation).to_xml)
+ delete :delete, :id => current_relations(:public_used_relation).id
assert_response :precondition_failed,
"shouldn't be able to delete a relation used in a relation (#{@response.body})"
# this should work when we provide the appropriate payload...
- content(relations(:visible_relation).to_xml)
- delete :delete, :id => current_relations(:visible_relation).id
+ content(relations(:multi_tag_relation).to_xml)
+ delete :delete, :id => current_relations(:multi_tag_relation).id
assert_response :success
# valid delete should return the new version number, which should
@@ -310,11 +480,16 @@ class RelationControllerTest < ActionController::TestCase
content(relations(:invisible_relation).to_xml)
delete :delete, :id => current_relations(:invisible_relation).id
assert_response :gone
+
+ # Public visible relation needs to be deleted
+ content(relations(:public_visible_relation).to_xml)
+ delete :delete, :id => current_relations(:public_visible_relation).id
+ assert_response :success
# this works now because the relation which was using this one
# has been deleted.
- content(relations(:used_relation).to_xml)
- delete :delete, :id => current_relations(:used_relation).id
+ content(relations(:public_used_relation).to_xml)
+ delete :delete, :id => current_relations(:public_used_relation).id
assert_response :success,
"should be able to delete a relation used in an old relation (#{@response.body})"
@@ -396,11 +571,11 @@ class RelationControllerTest < ActionController::TestCase
##
# check that relations are ordered
def test_relation_member_ordering
- basic_authorization("test@openstreetmap.org", "test");
-
+ basic_authorization(users(:public_user).email, "test")
+
doc_str = <
-
+
@@ -445,11 +620,32 @@ OSM
##
# check that relations can contain duplicate members
def test_relation_member_duplicates
- basic_authorization("test@openstreetmap.org", "test");
+ ## First try with the private user
+ basic_authorization(users(:normal_user).email, "test");
+
+ doc_str = <
+
+
+
+
+
+
+
+OSM
+ doc = XML::Parser.string(doc_str).parse
+
+ content doc
+ put :create
+ assert_response :forbidden
+
+
+ ## Now try with the public user
+ basic_authorization(users(:public_user).email, "test");
doc_str = <
-
+
@@ -497,8 +693,21 @@ OSM
# create a changeset and yield to the caller to set it up, then assert
# that the changeset bounding box is +bbox+.
def check_changeset_modify(bbox)
- basic_authorization("test@openstreetmap.org", "test");
+ ## First test with the private user to check that you get a forbidden
+ basic_authorization(users(:normal_user).email, "test");
+
+ # create a new changeset for this operation, so we are assured
+ # that the bounding box will be newly-generated.
+ changeset_id = with_controller(ChangesetController.new) do
+ content ""
+ put :create
+ assert_response :forbidden, "shouldn't be able to create changeset for modify test, as should get forbidden"
+ end
+
+ ## Now do the whole thing with the public user
+ basic_authorization(users(:public_user).email, "test")
+
# create a new changeset for this operation, so we are assured
# that the bounding box will be newly-generated.
changeset_id = with_controller(ChangesetController.new) do
@@ -524,6 +733,101 @@ OSM
end
end
+ ##
+ # yields the relation with the given +id+ (and optional +version+
+ # to read from the history tables) into the block. the parsed XML
+ # doc is returned.
+ def with_relation(id, ver = nil)
+ if ver.nil?
+ get :read, :id => id
+ else
+ with_controller(OldRelationController.new) do
+ get :version, :id => id, :version => ver
+ end
+ end
+ assert_response :success
+ yield xml_parse(@response.body)
+ end
+
+ ##
+ # updates the relation (XML) +rel+ and
+ # yields the new version of that relation into the block.
+ # the parsed XML doc is retured.
+ def with_update(rel)
+ rel_id = rel.find("//osm/relation").first["id"].to_i
+ content rel
+ put :update, :id => rel_id
+ assert_response :success, "can't update relation: #{@response.body}"
+ version = @response.body.to_i
+
+ # now get the new version
+ get :read, :id => rel_id
+ assert_response :success
+ new_rel = xml_parse(@response.body)
+
+ yield new_rel
+
+ return version
+ end
+
+ ##
+ # updates the relation (XML) +rel+ via the diff-upload API and
+ # yields the new version of that relation into the block.
+ # the parsed XML doc is retured.
+ def with_update_diff(rel)
+ rel_id = rel.find("//osm/relation").first["id"].to_i
+ cs_id = rel.find("//osm/relation").first['changeset'].to_i
+ version = nil
+
+ with_controller(ChangesetController.new) do
+ doc = OSM::API.new.get_xml_doc
+ change = XML::Node.new 'osmChange'
+ doc.root = change
+ modify = XML::Node.new 'modify'
+ change << modify
+ modify << doc.import(rel.find("//osm/relation").first)
+
+ content doc.to_s
+ post :upload, :id => cs_id
+ assert_response :success, "can't upload diff relation: #{@response.body}"
+ version = xml_parse(@response.body).find("//diffResult/relation").first["new_version"].to_i
+ end
+
+ # now get the new version
+ get :read, :id => rel_id
+ assert_response :success
+ new_rel = xml_parse(@response.body)
+
+ yield new_rel
+
+ return version
+ end
+
+ ##
+ # returns a k->v hash of tags from an xml doc
+ def get_tags_as_hash(a)
+ a.find("//osm/relation/tag").inject({}) do |h,v|
+ h[v['k']] = v['v']
+ h
+ end
+ end
+
+ ##
+ # assert that all tags on relation documents +a+ and +b+
+ # are equal
+ def assert_tags_equal(a, b)
+ # turn the XML doc into tags hashes
+ a_tags = get_tags_as_hash(a)
+ b_tags = get_tags_as_hash(b)
+
+ assert_equal a_tags.keys, b_tags.keys, "Tag keys should be identical."
+ a_tags.each do |k, v|
+ assert_equal v, b_tags[k],
+ "Tags which were not altered should be the same. " +
+ "#{a_tags.inspect} != #{b_tags.inspect}"
+ end
+ end
+
##
# update the changeset_id of a node element
def update_changeset(xml, changeset_id)