2011-10-29 16:19:11 +04:00
|
|
|
#-- encoding: UTF-8
|
2011-05-30 00:11:52 +04:00
|
|
|
#-- copyright
|
|
|
|
# ChiliProject is a project management system.
|
2011-05-30 22:52:25 +04:00
|
|
|
#
|
2011-05-30 00:11:52 +04:00
|
|
|
# Copyright (C) 2010-2011 the ChiliProject Team
|
2011-05-30 22:52:25 +04:00
|
|
|
#
|
2010-12-03 14:28:44 +03:00
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
# modify it under the terms of the GNU General Public License
|
|
|
|
# as published by the Free Software Foundation; either version 2
|
|
|
|
# of the License, or (at your option) any later version.
|
2011-05-30 22:52:25 +04:00
|
|
|
#
|
2011-05-30 00:11:52 +04:00
|
|
|
# See doc/COPYRIGHT.rdoc for more details.
|
|
|
|
#++
|
2010-12-13 02:24:34 +03:00
|
|
|
require File.expand_path('../../../test_helper', __FILE__)
|
2010-12-03 14:28:44 +03:00
|
|
|
require 'pp'
|
|
|
|
class ApiTest::UsersTest < ActionController::IntegrationTest
|
|
|
|
fixtures :users
|
|
|
|
|
|
|
|
def setup
|
|
|
|
Setting.rest_api_enabled = '1'
|
|
|
|
end
|
|
|
|
|
|
|
|
context "GET /users" do
|
|
|
|
should_allow_api_authentication(:get, "/users.xml")
|
|
|
|
should_allow_api_authentication(:get, "/users.json")
|
|
|
|
end
|
|
|
|
|
|
|
|
context "GET /users/2" do
|
|
|
|
context ".xml" do
|
|
|
|
should "return requested user" do
|
|
|
|
get '/users/2.xml'
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
assert_tag :tag => 'user',
|
|
|
|
:child => {:tag => 'id', :content => '2'}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context ".json" do
|
|
|
|
should "return requested user" do
|
|
|
|
get '/users/2.json'
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
json = ActiveSupport::JSON.decode(response.body)
|
|
|
|
assert_kind_of Hash, json
|
|
|
|
assert_kind_of Hash, json['user']
|
|
|
|
assert_equal 2, json['user']['id']
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-20 20:45:09 +03:00
|
|
|
context "GET /users/current" do
|
|
|
|
context ".xml" do
|
|
|
|
should "require authentication" do
|
|
|
|
get '/users/current.xml'
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-20 20:45:09 +03:00
|
|
|
assert_response 401
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-20 20:45:09 +03:00
|
|
|
should "return current user" do
|
|
|
|
get '/users/current.xml', {}, :authorization => credentials('jsmith')
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-20 20:45:09 +03:00
|
|
|
assert_tag :tag => 'user',
|
|
|
|
:child => {:tag => 'id', :content => '2'}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2010-12-03 14:28:44 +03:00
|
|
|
|
|
|
|
context "POST /users" do
|
|
|
|
context "with valid parameters" do
|
|
|
|
setup do
|
2010-12-12 17:19:24 +03:00
|
|
|
@parameters = {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net', :password => 'secret', :mail_notification => 'only_assigned'}}
|
2010-12-03 14:28:44 +03:00
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
context ".xml" do
|
|
|
|
should_allow_api_authentication(:post,
|
|
|
|
'/users.xml',
|
2010-12-12 16:39:55 +03:00
|
|
|
{:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net', :password => 'secret'}},
|
2010-12-03 14:28:44 +03:00
|
|
|
{:success_code => :created})
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
should "create a user with the attributes" do
|
|
|
|
assert_difference('User.count') do
|
|
|
|
post '/users.xml', @parameters, :authorization => credentials('admin')
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
user = User.first(:order => 'id DESC')
|
|
|
|
assert_equal 'foo', user.login
|
|
|
|
assert_equal 'Firstname', user.firstname
|
|
|
|
assert_equal 'Lastname', user.lastname
|
|
|
|
assert_equal 'foo@example.net', user.mail
|
2010-12-12 17:19:24 +03:00
|
|
|
assert_equal 'only_assigned', user.mail_notification
|
2010-12-03 14:28:44 +03:00
|
|
|
assert !user.admin?
|
2010-12-12 16:39:55 +03:00
|
|
|
assert user.check_password?('secret')
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
assert_response :created
|
|
|
|
assert_equal 'application/xml', @response.content_type
|
|
|
|
assert_tag 'user', :child => {:tag => 'id', :content => user.id.to_s}
|
|
|
|
end
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
context ".json" do
|
|
|
|
should_allow_api_authentication(:post,
|
|
|
|
'/users.json',
|
|
|
|
{:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}},
|
|
|
|
{:success_code => :created})
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
should "create a user with the attributes" do
|
|
|
|
assert_difference('User.count') do
|
|
|
|
post '/users.json', @parameters, :authorization => credentials('admin')
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
user = User.first(:order => 'id DESC')
|
|
|
|
assert_equal 'foo', user.login
|
|
|
|
assert_equal 'Firstname', user.firstname
|
|
|
|
assert_equal 'Lastname', user.lastname
|
|
|
|
assert_equal 'foo@example.net', user.mail
|
|
|
|
assert !user.admin?
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
assert_response :created
|
|
|
|
assert_equal 'application/json', @response.content_type
|
|
|
|
json = ActiveSupport::JSON.decode(response.body)
|
|
|
|
assert_kind_of Hash, json
|
|
|
|
assert_kind_of Hash, json['user']
|
|
|
|
assert_equal user.id, json['user']['id']
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
context "with invalid parameters" do
|
|
|
|
setup do
|
|
|
|
@parameters = {:user => {:login => 'foo', :lastname => 'Lastname', :mail => 'foo'}}
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
context ".xml" do
|
|
|
|
should "return errors" do
|
|
|
|
assert_no_difference('User.count') do
|
|
|
|
post '/users.xml', @parameters, :authorization => credentials('admin')
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
assert_response :unprocessable_entity
|
|
|
|
assert_equal 'application/xml', @response.content_type
|
2011-04-01 04:46:29 +04:00
|
|
|
assert_tag 'errors', :child => {:tag => 'error', :content => "First name can't be blank"}
|
2010-12-03 14:28:44 +03:00
|
|
|
end
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
context ".json" do
|
|
|
|
should "return errors" do
|
|
|
|
assert_no_difference('User.count') do
|
|
|
|
post '/users.json', @parameters, :authorization => credentials('admin')
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
assert_response :unprocessable_entity
|
|
|
|
assert_equal 'application/json', @response.content_type
|
|
|
|
json = ActiveSupport::JSON.decode(response.body)
|
|
|
|
assert_kind_of Hash, json
|
|
|
|
assert json.has_key?('errors')
|
|
|
|
assert_kind_of Array, json['errors']
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context "PUT /users/2" do
|
|
|
|
context "with valid parameters" do
|
|
|
|
setup do
|
|
|
|
@parameters = {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}}
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
context ".xml" do
|
|
|
|
should_allow_api_authentication(:put,
|
|
|
|
'/users/2.xml',
|
|
|
|
{:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}},
|
|
|
|
{:success_code => :ok})
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
should "update user with the attributes" do
|
|
|
|
assert_no_difference('User.count') do
|
|
|
|
put '/users/2.xml', @parameters, :authorization => credentials('admin')
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
user = User.find(2)
|
|
|
|
assert_equal 'jsmith', user.login
|
|
|
|
assert_equal 'John', user.firstname
|
|
|
|
assert_equal 'Renamed', user.lastname
|
|
|
|
assert_equal 'jsmith@somenet.foo', user.mail
|
|
|
|
assert !user.admin?
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
assert_response :ok
|
|
|
|
end
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
context ".json" do
|
|
|
|
should_allow_api_authentication(:put,
|
|
|
|
'/users/2.json',
|
|
|
|
{:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}},
|
|
|
|
{:success_code => :ok})
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
should "update user with the attributes" do
|
|
|
|
assert_no_difference('User.count') do
|
|
|
|
put '/users/2.json', @parameters, :authorization => credentials('admin')
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
user = User.find(2)
|
|
|
|
assert_equal 'jsmith', user.login
|
|
|
|
assert_equal 'John', user.firstname
|
|
|
|
assert_equal 'Renamed', user.lastname
|
|
|
|
assert_equal 'jsmith@somenet.foo', user.mail
|
|
|
|
assert !user.admin?
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
assert_response :ok
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
context "with invalid parameters" do
|
|
|
|
setup do
|
|
|
|
@parameters = {:user => {:login => 'jsmith', :firstname => '', :lastname => 'Lastname', :mail => 'foo'}}
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
context ".xml" do
|
|
|
|
should "return errors" do
|
|
|
|
assert_no_difference('User.count') do
|
|
|
|
put '/users/2.xml', @parameters, :authorization => credentials('admin')
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
assert_response :unprocessable_entity
|
|
|
|
assert_equal 'application/xml', @response.content_type
|
2011-04-01 04:46:29 +04:00
|
|
|
assert_tag 'errors', :child => {:tag => 'error', :content => "First name can't be blank"}
|
2010-12-03 14:28:44 +03:00
|
|
|
end
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
context ".json" do
|
|
|
|
should "return errors" do
|
|
|
|
assert_no_difference('User.count') do
|
|
|
|
put '/users/2.json', @parameters, :authorization => credentials('admin')
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
assert_response :unprocessable_entity
|
|
|
|
assert_equal 'application/json', @response.content_type
|
|
|
|
json = ActiveSupport::JSON.decode(response.body)
|
|
|
|
assert_kind_of Hash, json
|
|
|
|
assert json.has_key?('errors')
|
|
|
|
assert_kind_of Array, json['errors']
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2011-08-02 04:04:47 +04:00
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2011-08-02 04:04:47 +04:00
|
|
|
context "DELETE /users/:temp:" do
|
|
|
|
context ".xml" do
|
|
|
|
should "delete the user" do
|
|
|
|
u = User.new(:firstname => 'Death', :lastname => 'Row', :mail => 'death.row@example.com', :language => 'en')
|
|
|
|
u.login = 'death.row'
|
|
|
|
u.status = User::STATUS_REGISTERED
|
|
|
|
u.save!
|
|
|
|
|
|
|
|
assert_difference('User.count',-1) do
|
|
|
|
delete "/users/#{u.id}.xml", {}, :authorization => credentials('admin')
|
|
|
|
end
|
|
|
|
|
|
|
|
assert_response :success
|
|
|
|
assert_nil User.find_by_id(u.id)
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2011-08-02 04:04:47 +04:00
|
|
|
should "not delete active user" do
|
|
|
|
assert_difference('User.count',0) do
|
|
|
|
delete "/users/2.xml", {}, :authorization => credentials('jsmith')
|
2010-12-03 14:28:44 +03:00
|
|
|
end
|
2011-08-02 04:04:47 +04:00
|
|
|
assert_response :forbidden
|
2010-12-03 14:28:44 +03:00
|
|
|
end
|
2011-08-02 04:04:47 +04:00
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2011-08-02 04:04:47 +04:00
|
|
|
context ".json" do
|
|
|
|
should "delete the user" do
|
|
|
|
u = User.new(:firstname => 'Death', :lastname => 'Row', :mail => 'death.row@example.com', :language => 'en')
|
|
|
|
u.login = 'death.row'
|
|
|
|
u.status = User::STATUS_REGISTERED
|
|
|
|
u.save!
|
|
|
|
|
|
|
|
assert_difference('User.count',-1) do
|
|
|
|
delete "/users/#{u.id}.json", {}, :authorization => credentials('admin')
|
|
|
|
end
|
|
|
|
|
|
|
|
assert_response :success
|
|
|
|
assert_nil User.find_by_id(u.id)
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2011-08-02 04:04:47 +04:00
|
|
|
should "not delete active user" do
|
|
|
|
assert_difference('User.count',0) do
|
|
|
|
delete "/users/2.json", {}, :authorization => credentials('jsmith')
|
2010-12-03 14:28:44 +03:00
|
|
|
end
|
2011-08-02 04:04:47 +04:00
|
|
|
assert_response :forbidden
|
2010-12-03 14:28:44 +03:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2011-05-30 22:52:25 +04:00
|
|
|
|
2010-12-03 14:28:44 +03:00
|
|
|
def credentials(user, password=nil)
|
|
|
|
ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
|
|
|
|
end
|
|
|
|
end
|