From 38e94c6baa987fe85b03bd92019326b275b35815 Mon Sep 17 00:00:00 2001 From: Shaun McDonald Date: Wed, 22 Apr 2009 00:42:23 +0000 Subject: [PATCH] fixing some of the relation tests. Some adjustments to the fixtures. --- test/fixtures/current_relation_members.yml | 6 + test/fixtures/current_relations.yml | 9 +- test/fixtures/relation_members.yml | 14 +++ test/fixtures/relations.yml | 9 +- test/functional/relation_controller_test.rb | 122 +++++++++++++++++--- test/unit/relation_member_test.rb | 2 +- test/unit/relation_test.rb | 2 +- 7 files changed, 147 insertions(+), 17 deletions(-) diff --git a/test/fixtures/current_relation_members.yml b/test/fixtures/current_relation_members.yml index f05537115..f6418983a 100644 --- a/test/fixtures/current_relation_members.yml +++ b/test/fixtures/current_relation_members.yml @@ -27,3 +27,9 @@ t5: member_role: "some" member_type: "Node" member_id: 5 + +public_used: + id: 4 + member_role: "used by other relation" + member_type: "Relation" + member_id: 5 diff --git a/test/fixtures/current_relations.yml b/test/fixtures/current_relations.yml index 7df9c6bd7..da0343956 100644 --- a/test/fixtures/current_relations.yml +++ b/test/fixtures/current_relations.yml @@ -7,7 +7,7 @@ visible_relation: invisible_relation: id: 2 - changeset_id: 1 + changeset_id: 3 timestamp: 2007-01-01 00:00:00 visible: false version: 1 @@ -25,3 +25,10 @@ multi_tag_relation: timestamp: 2009-04-21 09:50:57 visible: true version: 1 + +public_used_relation: + id: 5 + changeset_id: 2 + timestamp: 2009-04-22 00:30:33 + visible: true + version: 1 diff --git a/test/fixtures/relation_members.yml b/test/fixtures/relation_members.yml index 5a19bf3f2..b37e5beae 100644 --- a/test/fixtures/relation_members.yml +++ b/test/fixtures/relation_members.yml @@ -22,3 +22,17 @@ t4: member_type: "Node" member_id: 5 version: 1 + +t5: + id: 2 + member_role: "some" + member_type: "Node" + member_id: 5 + version: 1 + +public_used: + id: 4 + member_role: "used by other relation" + member_type: "Relation" + member_id: 5 + version: 1 diff --git a/test/fixtures/relations.yml b/test/fixtures/relations.yml index 7df9c6bd7..558352782 100644 --- a/test/fixtures/relations.yml +++ b/test/fixtures/relations.yml @@ -7,7 +7,7 @@ visible_relation: invisible_relation: id: 2 - changeset_id: 1 + changeset_id: 3 timestamp: 2007-01-01 00:00:00 visible: false version: 1 @@ -25,3 +25,10 @@ multi_tag_relation: timestamp: 2009-04-21 09:50:57 visible: true version: 1 + +public_used_relation: + id: 5 + changeset_id: 2 + timestamp: 2009-04-22 00:30:03 + visible: true + version: 1 diff --git a/test/functional/relation_controller_test.rb b/test/functional/relation_controller_test.rb index 9ecac826c..4baf810fe 100644 --- a/test/functional/relation_controller_test.rb +++ b/test/functional/relation_controller_test.rb @@ -319,9 +319,59 @@ class RelationControllerTest < ActionController::TestCase # first try to delete relation without auth delete :delete, :id => current_relations(:visible_relation).id assert_response :unauthorized + + ## First try with the private user, to make sure that you get a forbidden + basic_authorization(users(:normal_user).email, "test") + + # this shouldn't work, as we should need the payload... + delete :delete, :id => current_relations(:visible_relation).id + assert_response :forbidden + + # try to delete without specifying a changeset + content "" + delete :delete, :id => current_relations(:visible_relation).id + assert_response :forbidden + + # try to delete with an invalid (closed) changeset + content update_changeset(current_relations(:visible_relation).to_xml, + changesets(:normal_user_closed_change).id) + delete :delete, :id => current_relations(:visible_relation).id + assert_response :forbidden + + # try to delete with an invalid (non-existent) changeset + content update_changeset(current_relations(:visible_relation).to_xml,0) + delete :delete, :id => current_relations(:visible_relation).id + assert_response :forbidden + + # this won't work because the relation is in-use by another relation + content(relations(:used_relation).to_xml) + delete :delete, :id => current_relations(:used_relation).id + assert_response :forbidden + + # this should work when we provide the appropriate payload... + content(relations(:visible_relation).to_xml) + delete :delete, :id => current_relations(:visible_relation).id + assert_response :forbidden + + # this won't work since the relation is already deleted + content(relations(:invisible_relation).to_xml) + delete :delete, :id => current_relations(:invisible_relation).id + assert_response :forbidden - # now set auth - basic_authorization("test@openstreetmap.org", "test"); + # this works now because the relation which was using this one + # has been deleted. + content(relations(:used_relation).to_xml) + delete :delete, :id => current_relations(:used_relation).id + assert_response :forbidden + + # this won't work since the relation never existed + delete :delete, :id => 0 + assert_response :forbidden + + + + # now set auth for the private user + basic_authorization(users(:public_user).email, "test"); # this shouldn't work, as we should need the payload... delete :delete, :id => current_relations(:visible_relation).id @@ -344,15 +394,27 @@ class RelationControllerTest < ActionController::TestCase delete :delete, :id => current_relations(:visible_relation).id assert_response :conflict - # this won't work because the relation is in-use by another relation + # this won't work because the relation is in a changeset owned by someone else content(relations(:used_relation).to_xml) delete :delete, :id => current_relations(:used_relation).id + assert_response :conflict, + "shouldn't be able to delete a relation in a changeset owned by someone else (#{@response.body})" + + # this won't work because the relation in the payload is different to that passed + content(relations(:public_used_relation).to_xml) + delete :delete, :id => current_relations(:used_relation).id + assert_not_equal relations(:public_used_relation).id, current_relations(:used_relation).id + assert_response :bad_request, "shouldn't be able to delete a relation when payload is different to the url" + + # this won't work because the relation is in-use by another relation + content(relations(:public_used_relation).to_xml) + delete :delete, :id => current_relations(:public_used_relation).id assert_response :precondition_failed, "shouldn't be able to delete a relation used in a relation (#{@response.body})" # this should work when we provide the appropriate payload... - content(relations(:visible_relation).to_xml) - delete :delete, :id => current_relations(:visible_relation).id + content(relations(:multi_tag_relation).to_xml) + delete :delete, :id => current_relations(:multi_tag_relation).id assert_response :success # valid delete should return the new version number, which should @@ -367,8 +429,8 @@ class RelationControllerTest < ActionController::TestCase # this works now because the relation which was using this one # has been deleted. - content(relations(:used_relation).to_xml) - delete :delete, :id => current_relations(:used_relation).id + content(relations(:public_used_relation).to_xml) + delete :delete, :id => current_relations(:public_used_relation).id assert_response :success, "should be able to delete a relation used in an old relation (#{@response.body})" @@ -450,11 +512,11 @@ class RelationControllerTest < ActionController::TestCase ## # check that relations are ordered def test_relation_member_ordering - basic_authorization("test@openstreetmap.org", "test"); - + basic_authorization(users(:public_user).email, "test") + doc_str = < - + @@ -499,11 +561,32 @@ OSM ## # check that relations can contain duplicate members def test_relation_member_duplicates - basic_authorization("test@openstreetmap.org", "test"); + ## First try with the private user + basic_authorization(users(:normal_user).email, "test"); doc_str = < - + + + + + + + +OSM + doc = XML::Parser.string(doc_str).parse + + content doc + put :create + assert_response :forbidden + + + ## Now try with the public user + basic_authorization(users(:public_user).email, "test"); + + doc_str = < + @@ -551,8 +634,21 @@ OSM # create a changeset and yield to the caller to set it up, then assert # that the changeset bounding box is +bbox+. def check_changeset_modify(bbox) - basic_authorization("test@openstreetmap.org", "test"); + ## First test with the private user to check that you get a forbidden + basic_authorization(users(:normal_user).email, "test"); + # create a new changeset for this operation, so we are assured + # that the bounding box will be newly-generated. + changeset_id = with_controller(ChangesetController.new) do + content "" + put :create + assert_response :forbidden, "shouldn't be able to create changeset for modify test, as should get forbidden" + end + + + ## Now do the whole thing with the public user + basic_authorization(users(:public_user).email, "test") + # create a new changeset for this operation, so we are assured # that the bounding box will be newly-generated. changeset_id = with_controller(ChangesetController.new) do diff --git a/test/unit/relation_member_test.rb b/test/unit/relation_member_test.rb index f0590ef71..93fa55180 100644 --- a/test/unit/relation_member_test.rb +++ b/test/unit/relation_member_test.rb @@ -4,7 +4,7 @@ class RelationMemberTest < Test::Unit::TestCase api_fixtures def test_relation_member_count - assert_equal 5, RelationMember.count + assert_equal 6, RelationMember.count end end diff --git a/test/unit/relation_test.rb b/test/unit/relation_test.rb index b72a9835a..5d46a6e59 100644 --- a/test/unit/relation_test.rb +++ b/test/unit/relation_test.rb @@ -4,7 +4,7 @@ class RelationTest < Test::Unit::TestCase api_fixtures def test_relation_count - assert_equal 4, Relation.count + assert_equal 5, Relation.count end end -- 2.43.2