X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/a91e50d308edafa975588287179d0ffbad4f5bc9..3f3ffdfea1ecb57fb95e24b71ed070c8f9fbedbd:/test/controllers/changeset_controller_test.rb diff --git a/test/controllers/changeset_controller_test.rb b/test/controllers/changeset_controller_test.rb index a9a838aff..9d39a8555 100644 --- a/test/controllers/changeset_controller_test.rb +++ b/test/controllers/changeset_controller_test.rb @@ -3,7 +3,6 @@ require "changeset_controller" class ChangesetControllerTest < ActionController::TestCase api_fixtures - fixtures :changesets_subscribers ## # test all routes which lead to this controller @@ -99,7 +98,7 @@ class ChangesetControllerTest < ActionController::TestCase # ----------------------- def test_create - basic_authorization users(:normal_user).email, "test" + basic_authorization create(:user, :data_public => false).email, "test" # Create the first user's changeset content "" + "" + @@ -107,7 +106,7 @@ class ChangesetControllerTest < ActionController::TestCase put :create assert_require_public_data - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" # Create the first user's changeset content "" + "" + @@ -134,13 +133,13 @@ class ChangesetControllerTest < ActionController::TestCase end def test_create_invalid - basic_authorization users(:normal_user).email, "test" + basic_authorization create(:user, :data_public => false).email, "test" content "" put :create assert_require_public_data ## Try the public user - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" content "" put :create assert_response :bad_request, "creating a invalid changeset should fail" @@ -151,24 +150,24 @@ class ChangesetControllerTest < ActionController::TestCase put :create assert_response :unauthorized, "shouldn't be able to create a changeset with no auth" - ## Now try to with the non-public user - basic_authorization users(:normal_user).email, "test" + ## Now try to with a non-public user + basic_authorization create(:user, :data_public => false).email, "test" put :create assert_require_public_data - ## Try the inactive user - basic_authorization users(:inactive_user).email, "test" + ## Try an inactive user + basic_authorization create(:user, :pending).email, "test" put :create assert_inactive_user - ## Now try to use the public user - basic_authorization users(:public_user).email, "test" + ## Now try to use a normal user + basic_authorization create(:user).email, "test" put :create assert_response :bad_request, "creating a changeset with no content should fail" end def test_create_wrong_method - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" get :create assert_response :method_not_allowed post :create @@ -229,12 +228,12 @@ class ChangesetControllerTest < ActionController::TestCase assert_response :unauthorized ## Try using the non-public user - basic_authorization users(:normal_user).email, "test" + basic_authorization changesets(:normal_user_first_change).user.email, "test" put :close, :id => changesets(:normal_user_first_change).id assert_require_public_data ## The try with the public user - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id put :close, :id => cs_id @@ -249,7 +248,7 @@ class ChangesetControllerTest < ActionController::TestCase ## # test that a different user can't close another user's changeset def test_close_invalid - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" put :close, :id => changesets(:normal_user_first_change).id assert_response :conflict @@ -259,7 +258,7 @@ class ChangesetControllerTest < ActionController::TestCase ## # test that you can't close using another method def test_close_method_invalid - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id get :close, :id => cs_id @@ -285,7 +284,7 @@ class ChangesetControllerTest < ActionController::TestCase end # Now try with auth - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" cs_ids.each do |id| begin put :close, :id => id @@ -331,7 +330,7 @@ EOF "shouldnn't be able to upload a simple valid diff to changeset: #{@response.body}" ## Now try with a private user - basic_authorization users(:normal_user).email, "test" + basic_authorization changesets(:normal_user_first_change).user.email, "test" changeset_id = changesets(:normal_user_first_change).id # simple diff to change a node, way and relation by removing @@ -361,7 +360,7 @@ EOF "can't upload a simple valid diff to changeset: #{@response.body}" ## Now try with the public user - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" changeset_id = changesets(:public_user_first_change).id # simple diff to change a node, way and relation by removing @@ -399,7 +398,7 @@ EOF ## # upload something which creates new objects using placeholders def test_upload_create_valid - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id # simple diff to create a node way and relation using placeholders @@ -462,7 +461,7 @@ EOF # test a complex delete where we delete elements which rely on eachother # in the same transaction. def test_upload_delete - basic_authorization users(:public_user).display_name, "test" + basic_authorization changesets(:public_user_first_change).user.display_name, "test" diff = XML::Document.new diff.root = XML::Node.new "osmChange" @@ -503,7 +502,7 @@ EOF # test uploading a delete with no lat/lon, as they are optional in # the osmChange spec. def test_upload_nolatlon_delete - basic_authorization users(:public_user).display_name, "test" + basic_authorization changesets(:public_user_first_change).user.display_name, "test" node = current_nodes(:public_visible_node) cs = changesets(:public_user_first_change) @@ -524,7 +523,7 @@ EOF def test_repeated_changeset_create 30.times do - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" # create a temporary changeset content "" + @@ -538,7 +537,7 @@ EOF end def test_upload_large_changeset - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" # create a changeset content "" @@ -592,7 +591,8 @@ EOF # test that deleting stuff in a transaction doesn't bypass the checks # to ensure that used elements are not deleted. def test_upload_delete_invalid - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" + cs = changesets(:public_user_first_change) diff = XML::Document.new diff.root = XML::Node.new "osmChange" @@ -604,7 +604,7 @@ EOF # upload it content diff - post :upload, :id => 2 + post :upload, :id => cs.id assert_response :precondition_failed, "shouldn't be able to upload a invalid deletion diff: #{@response.body}" assert_equal "Precondition failed: Way 3 is still used by relations 1.", @response.body @@ -618,7 +618,8 @@ EOF ## # test that a conditional delete of an in use object works. def test_upload_delete_if_unused - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" + cs = changesets(:public_user_first_change) diff = XML::Document.new diff.root = XML::Node.new "osmChange" @@ -631,7 +632,7 @@ EOF # upload it content diff - post :upload, :id => 2 + post :upload, :id => cs.id assert_response :success, "can't do a conditional delete of in use objects: #{@response.body}" @@ -668,7 +669,7 @@ EOF ## # upload an element with a really long tag value def test_upload_invalid_too_long_tag - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id # simple diff to create a node way and relation using placeholders @@ -693,7 +694,7 @@ EOF # upload something which creates new objects and inserts them into # existing containers using placeholders. def test_upload_complex - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id # simple diff to create a node way and relation using placeholders @@ -749,7 +750,7 @@ EOF # create a diff which references several changesets, which should cause # a rollback and none of the diff gets committed def test_upload_invalid_changesets - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id # simple diff to create a node way and relation using placeholders @@ -796,7 +797,7 @@ EOF ## # upload multiple versions of the same element in the same diff. def test_upload_multiple_valid - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id # change the location of a node multiple times, each time referencing @@ -833,7 +834,7 @@ EOF # upload multiple versions of the same element in the same diff, but # keep the version numbers the same. def test_upload_multiple_duplicate - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" cs_id = changesets(:public_user_first_change).id diff = <" + "" + @@ -1138,7 +1139,7 @@ EOF ## # test what happens if a diff is uploaded adding a node to a way. def test_upload_way_extend - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" content "" + "" + @@ -1177,7 +1178,7 @@ EOF ## # test for more issues in #1568 def test_upload_empty_invalid - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" ["", "", @@ -1194,7 +1195,8 @@ EOF ## # test that the X-Error-Format header works to request XML errors def test_upload_xml_errors - basic_authorization users(:public_user).email, "test" + basic_authorization changesets(:public_user_first_change).user.email, "test" + cs = changesets(:public_user_first_change) # try and delete a node that is in use diff = XML::Document.new @@ -1206,7 +1208,7 @@ EOF # upload it content diff error_format "xml" - post :upload, :id => 2 + post :upload, :id => cs.id assert_response :success, "failed to return error in XML format" @@ -1220,8 +1222,8 @@ EOF # when we make some simple changes we get the same changes back from the # diff download. def test_diff_download_simple - ## First try with the normal user, which should get a forbidden - basic_authorization(users(:normal_user).email, "test") + ## First try with a non-public user, which should get a forbidden + basic_authorization(create(:user, :data_public => false).email, "test") # create a temporary changeset content "" + @@ -1230,8 +1232,8 @@ EOF put :create assert_response :forbidden - ## Now try with the public user - basic_authorization(users(:public_user).email, "test") + ## Now try with a normal user + basic_authorization(create(:user).email, "test") # create a temporary changeset content "" + @@ -1277,7 +1279,7 @@ EOF # # NOTE: the error turned out to be something else completely! def test_josm_upload - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # create a temporary changeset content "" + @@ -1336,7 +1338,7 @@ OSMFILE # when we make some complex changes we get the same changes back from the # diff download. def test_diff_download_complex - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # create a temporary changeset content "" + @@ -1389,7 +1391,10 @@ EOF end def test_changeset_download + tag = create(:old_node_tag, :old_node => nodes(:used_node_2)) + get :download, :id => changesets(:normal_user_first_change).id + assert_response :success assert_template nil # print @response.body @@ -1397,7 +1402,7 @@ EOF assert_select "osmChange[version='#{API_VERSION}'][generator='#{GENERATOR}']" do assert_select "create", :count => 5 assert_select "create>node[id='#{nodes(:used_node_2).node_id}'][visible='#{nodes(:used_node_2).visible?}'][version='#{nodes(:used_node_2).version}']" do - assert_select "tag[k='#{node_tags(:t3).k}'][v='#{node_tags(:t3).v}']" + assert_select "tag[k='#{tag.k}'][v='#{tag.v}']" end assert_select "create>node[id='#{nodes(:visible_node).node_id}']" end @@ -1407,7 +1412,7 @@ EOF # check that the bounding box of a changeset gets updated correctly # FIXME: This should really be moded to a integration test due to the with_controller def test_changeset_bbox - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" # create a new changeset content "" @@ -1466,7 +1471,7 @@ EOF ## # test that the changeset :include method works as it should def test_changeset_include - basic_authorization users(:public_user).display_name, "test" + basic_authorization create(:user).display_name, "test" # create a new changeset content "" @@ -1488,7 +1493,7 @@ EOF ## # test that a not found, wrong method with the expand bbox works as expected def test_changeset_expand_bbox_error - basic_authorization users(:public_user).display_name, "test" + basic_authorization create(:user).display_name, "test" # create a new changeset content "" @@ -1624,7 +1629,7 @@ EOF ## # check updating tags on a changeset def test_changeset_update - ## First try with the non-public user + ## First try with a non-public user changeset = changesets(:normal_user_first_change) new_changeset = changeset.to_xml new_tag = XML::Node.new "tag" @@ -1638,17 +1643,18 @@ EOF assert_response :unauthorized # try with the wrong authorization - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" put :update, :id => changeset.id assert_response :conflict # now this should get an unauthorized - basic_authorization users(:normal_user).email, "test" + basic_authorization changeset.user.email, "test" put :update, :id => changeset.id assert_require_public_data "user with their data non-public, shouldn't be able to edit their changeset" ## Now try with the public user changeset = changesets(:public_user_first_change) + create(:changeset_tag, :changeset => changeset) new_changeset = changeset.to_xml new_tag = XML::Node.new "tag" new_tag["k"] = "tagtesting" @@ -1662,12 +1668,12 @@ EOF assert_response :unauthorized # try with the wrong authorization - basic_authorization users(:second_public_user).email, "test" + basic_authorization create(:user).email, "test" put :update, :id => changeset.id assert_response :conflict # now this should work... - basic_authorization users(:public_user).email, "test" + basic_authorization changeset.user.email, "test" put :update, :id => changeset.id assert_response :success @@ -1680,7 +1686,7 @@ EOF # check that a user different from the one who opened the changeset # can't modify it. def test_changeset_update_invalid - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" changeset = changesets(:normal_user_first_change) new_changeset = changeset.to_xml @@ -1698,7 +1704,7 @@ EOF # check that a changeset can contain a certain max number of changes. ## FIXME should be changed to an integration test due to the with_controller def test_changeset_limits - basic_authorization users(:public_user).email, "test" + basic_authorization create(:user).email, "test" # open a new changeset content "" @@ -1986,9 +1992,15 @@ EOF end assert_response :success + changeset = changesets(:normal_user_subscribed_change) + changeset.subscribers.push(users(:normal_user)) + changeset.subscribers.push(users(:public_user)) + changeset.subscribers.push(users(:suspended_user)) + changeset.subscribers.push(users(:deleted_user)) + assert_difference "ChangesetComment.count", 1 do assert_difference "ActionMailer::Base.deliveries.size", 1 do - post :comment, :id => changesets(:normal_user_subscribed_change).id, :text => "This is a comment" + post :comment, :id => changeset.id, :text => "This is a comment" end end assert_response :success @@ -2004,7 +2016,7 @@ EOF assert_difference "ChangesetComment.count", 1 do assert_difference "ActionMailer::Base.deliveries.size", 2 do - post :comment, :id => changesets(:normal_user_subscribed_change).id, :text => "This is a comment" + post :comment, :id => changeset.id, :text => "This is a comment" end end assert_response :success @@ -2029,7 +2041,7 @@ EOF post :comment, :id => changesets(:normal_user_closed_change).id, :text => "This is a comment" assert_response :unauthorized - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # bad changeset id assert_no_difference "ChangesetComment.count" do @@ -2059,7 +2071,7 @@ EOF ## # test subscribe success def test_subscribe_success - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") changeset = changesets(:normal_user_closed_change) assert_difference "changeset.subscribers.count", 1 do @@ -2071,6 +2083,8 @@ EOF ## # test subscribe fail def test_subscribe_fail + user = create(:user) + # unauthorized changeset = changesets(:normal_user_closed_change) assert_no_difference "changeset.subscribers.count" do @@ -2078,7 +2092,7 @@ EOF end assert_response :unauthorized - basic_authorization(users(:public_user).email, "test") + basic_authorization(user.email, "test") # bad changeset id assert_no_difference "changeset.subscribers.count" do @@ -2095,6 +2109,7 @@ EOF # trying to subscribe when already subscribed changeset = changesets(:normal_user_subscribed_change) + changeset.subscribers.push(user) assert_no_difference "changeset.subscribers.count" do post :subscribe, :id => changeset.id end @@ -2104,8 +2119,10 @@ EOF ## # test unsubscribe success def test_unsubscribe_success - basic_authorization(users(:public_user).email, "test") + user = create(:user) + basic_authorization(user.email, "test") changeset = changesets(:normal_user_subscribed_change) + changeset.subscribers.push(user) assert_difference "changeset.subscribers.count", -1 do post :unsubscribe, :id => changeset.id @@ -2123,7 +2140,7 @@ EOF end assert_response :unauthorized - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # bad changeset id assert_no_difference "changeset.subscribers.count" do @@ -2157,14 +2174,14 @@ EOF assert_response :unauthorized assert_equal true, comment.reload.visible - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # not a moderator post :hide_comment, :id => comment.id assert_response :forbidden assert_equal true, comment.reload.visible - basic_authorization(users(:moderator_user).email, "test") + basic_authorization(create(:moderator_user).email, "test") # bad comment id post :hide_comment, :id => 999111 @@ -2178,7 +2195,7 @@ EOF comment = create(:changeset_comment) assert_equal true, comment.visible - basic_authorization(users(:moderator_user).email, "test") + basic_authorization(create(:moderator_user).email, "test") post :hide_comment, :id => comment.id assert_response :success @@ -2196,14 +2213,14 @@ EOF assert_response :unauthorized assert_equal false, comment.reload.visible - basic_authorization(users(:public_user).email, "test") + basic_authorization(create(:user).email, "test") # not a moderator post :unhide_comment, :id => comment.id assert_response :forbidden assert_equal false, comment.reload.visible - basic_authorization(users(:moderator_user).email, "test") + basic_authorization(create(:moderator_user).email, "test") # bad comment id post :unhide_comment, :id => 999111 @@ -2217,7 +2234,7 @@ EOF comment = create(:changeset_comment, :visible => false) assert_equal false, comment.visible - basic_authorization(users(:moderator_user).email, "test") + basic_authorization(create(:moderator_user).email, "test") post :unhide_comment, :id => comment.id assert_response :success