Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

WIP: More work on users controller tests.

  • Loading branch information...
commit bdfbbce28695f9ffd91294c2974c09cc32fb7057 1 parent b99cb7b
@pbm authored
View
4 app/views/users/index.html.erb
@@ -3,7 +3,7 @@
<table>
<tr>
<th>Name</th> <th>Level</th> <th>Roles</th>
- <% if can?(:administer_users, User) %>
+ <% if can? :administer_users, User %>
<th></th><th></th>
<% end %>
</tr>
@@ -19,7 +19,7 @@
</tr>
<% end %>
</table>
- <% if can?(:administer_users, User) %>
+ <% if can? :administer_users, User %>
<%= link_to 'Create New User', new_user_path %>
<% end %>
</article>
View
6 app/views/users/show.html.erb
@@ -12,11 +12,11 @@
<label>Membership:</label><p><%= @user.membership.name %></p>
<label>Admin</label><p><%= @user.admin? %></p>
<label>Private:</label><p><%= @user.is?(:private) %></p>
- <% if current_user.admin? || is_logged_in?(@user) %>
- <label>HFC Member Number</label><p><%= @user.hfc_number %></p>
+ <% if can? :administer_users, @user %>
+ <label>HFC Member Number</label><p><%= @user.hfc_number %></p>
<% end %>
<% if can? :update, @user %>
- <%= link_to "Edit #{@user.name}", edit_user_path(@user) %>
+ <%= link_to "Edit #{@user.name}", edit_user_path(@user) %>
<% end %>
</div>
<h3>Flight Info</h3>
View
3  db/seeds.rb
@@ -85,6 +85,7 @@
:last_name => "Pilot",
:hfc_number => 1,
:roles_mask => 0,
+ :is_public => true,
},
{ :email => "admin@foo.com",
:password => "admin",
@@ -94,6 +95,7 @@
:last_name => "Admin",
:hfc_number => 2,
:roles_mask => 2,
+ :is_public => true,
},
{ :email => "maintenance@foo.com",
:password => "maintenance",
@@ -112,6 +114,7 @@
:membership => memberships[1],
:hfc_number => 4,
:roles_mask => 0,
+ :is_public => true,
},
{ :email => "shy@foo.com",
:password => "shy",
View
128 test/functional/users_controller_test.rb
@@ -104,67 +104,105 @@ class MemberUsersControllerTest < UsersControllerTest
# OK: email, avatar, is_public, first_name, last_name, password
# Forbidden: membership_id, hfc_number, roles
- # assert_select "", ""
- # assert_select "", ""
- # assert_select "", ""
- # assert_select "", ""
- # assert_select "", ""
-
end
+ # test "Members are not allowed to :update restricted fields"
+ # test "Members are allowed to :update non-restricted fields"
+
+
# There is no destroy action
# test "Member should be denied access to :destroy (DELETE /user/:id)"
end
-# class GuestUsersControllerTest < ActionController::TestCase
-# setup do
-# @controller = UsersController.new
-# @user = FactoryGirl.create(:user)
-# @update = FactoryGirl.attributes_for(:user)
-# end
-# test "Guest can GET :index (GET /user)" do
-# get :index
-# assert_response :success
- # # There should be no Edit, Delete or Create links for guests
- # assert_select "[href=?]", %r{/users/\d+/edit}, false
- # assert_select "[href=?]", %r{/users/\d+/delete}, false
- # assert_select "[href=/users/new]", false
-# end
-# test "Guest should be denied :new (GET /user/new)" do
-# get :new
-# assert_redirected_to :login
-# end
-# test "Guest should be denied access to :create (POST /user)" do
-# post :create
-# assert_redirected_to :login
-# end
-# test "Guest can access :show (GET /user/:id)" do
-# get :show, :id => @user.id
-# assert_response :success
-# end
-# test "Guest should be denied access to :edit (GET /user/:id/edit)" do
-# get :edit, :id => @user.id
-# assert_redirected_to :login
-# end
-# test "Guest should be denied access to :update (PUT /user/:id)" do
-# put :update, :id => @user.id
-# assert_redirected_to :login
-# end
-# test "Guest should be denied access to :destroy (DELETE /user/:id)" do
-# delete :destroy, :id => @user.id
-# assert_redirected_to :login
-# end
-# end
+
+
+
+
+
+
+
+class GuestUsersControllerTest < UsersControllerTest
+ setup do
+ @controller = UsersController.new
+ @priv_user = FactoryGirl.create(:user)
+ @pub_user = FactoryGirl.create(:public)
+ end
+
+ test "Guest can GET :index (GET /user)" do
+ get :index
+ assert_response :success
+
+ # There should be no Edit, Delete or Create links for regular guests
+ assert_select "[href=?]", %r{/users/\d+/edit}, false
+ assert_select "[href=?]", %r{/users/\d+/delete}, false
+ assert_select "[href=/users/new]", false
+ end
+
+ test "Guest should be denied :new (GET /user/new)" do
+ get :new
+ assert_response :unauthorized
+ end
+
+ test "Guest should be denied access to :create (POST /user)" do
+ post :create
+ assert_response :unauthorized
+ end
+
+
+ test "Guest denied :show private user (GET /user/:id)" do
+ get :show, :id => @priv_user.id
+ assert_response :unauthorized, "Can get private user"
+ end
+
+ test "Guest can :show public user (GET /user/:id)" do
+ get :show, :id => @pub_user.id
+ assert_response :success, "Can get public user"
+ assert_select "h2", "#{@pub_user.name}"
+
+ # There should be no Edit, Create or Delete links
+ assert_select "[href=?]", %r{/users/\d+/edit}, false
+ assert_select "[href=?]", %r{/users/\d+/delete}, false
+ assert_select "[href=/users/new]", false
+ end
+
+
+ test "Guest should be denied access to :edit (GET /user/:id/edit)" do
+ get :edit, :id => @pub_user.id
+ assert_response :unauthorized
+
+ get :edit, :id => @priv_user.id
+ assert_response :unauthorized
+ end
+
+ test "Guest should be denied access to :update others (PUT /user/:id)" do
+ put :update, :id => @pub_user.id
+ assert_response :unauthorized
+
+ put :update, :id => @priv_user.id
+ assert_response :unauthorized
+ end
+
+ test "Guest denied :update (GET /user/:id/edit)" do
+ put :update, :id => @pub_user.id
+ assert_response :unauthorized
+ end
+
+ # There is no destroy action
+ # test "Guest should be denied access to :destroy (DELETE /user/:id)"
+end
+
+
+
# class AdminUsersControllerTest < ActionController::TestCase
# setup do
Please sign in to comment.
Something went wrong with that request. Please try again.