adva_user 0.0.1

data/test/functional/admin/users_controller_test.rb

@@ -0,0 +1,176 @@
+# FIXME implement these
+require File.expand_path(File.dirname(__FILE__) + "/../../test_helper")
+
+class AdminUsersControllerTest < ActionController::TestCase
+  tests Admin::UsersController
+
+  with_common :a_site, :is_superuser
+
+  test "should be an Admin::BaseController" do
+    @controller.should be_kind_of(Admin::BaseController)
+  end
+
+  describe "routing" do
+    with_options :path_prefix => '/admin/sites/1/', :site_id => "1" do |r|
+      r.it_maps :get,     "users",          :action => 'index'
+      r.it_maps :get,     "users/1",        :action => 'show',      :id => '1'
+      r.it_maps :get,     "users/new",      :action => 'new'
+      r.it_maps :post,    "users",          :action => 'create'
+      r.it_maps :get,     "users/1/edit",   :action => 'edit',      :id => '1'
+      r.it_maps :put,     "users/1",        :action => 'update',    :id => '1'
+      r.it_maps :delete,  "users/1",        :action => 'destroy',   :id => '1'
+    end
+
+    with_options :path_prefix => '/admin/' do |r|
+      r.it_maps :get,     "users",          :action => 'index'
+      r.it_maps :get,     "users/1",        :action => 'show',      :id => '1'
+      r.it_maps :get,     "users/new",      :action => 'new'
+      r.it_maps :post,    "users",          :action => 'create'
+      r.it_maps :get,     "users/1/edit",   :action => 'edit',      :id => '1'
+      r.it_maps :put,     "users/1",        :action => 'update',    :id => '1'
+      r.it_maps :delete,  "users/1",        :action => 'destroy',   :id => '1'
+    end
+  end
+
+  describe "GET to :index, with a site" do
+    action { get :index, default_params }
+  
+    it_guards_permissions :show, :user do
+      it_assigns :users
+      it_renders_template :index
+    end
+  end
+
+  describe "GET to :index, without a site" do
+    action { get :index }
+  
+    # FIXME this currently authorizes access in a hardcoded fashion to only :superusers
+    # see Admin::UsersController#authorize_access
+    
+    # it_guards_permissions :show, :user do
+      it_assigns :users
+      it_renders_template :index
+    # end
+  end
+
+  describe "GET to :show" do
+    action { get :show, user_params }
+    
+    it_guards_permissions :show, :user do
+      it_assigns :user
+      it_renders_template :show
+    end
+  end
+
+  describe "GET to :new" do
+    action { get :new, default_params }
+    
+    it_guards_permissions :create, :user do
+      it_assigns :user => User
+      it_renders_template :new
+    end
+  end
+
+  describe "POST to :create" do
+    action { post :create, valid_user_params }
+
+    it_guards_permissions :create, :user do
+      it_assigns :user => User
+      it_triggers_event :user_created
+      it_assigns_flash_cookie :notice => :not_nil
+      it_redirects_to { admin_site_user_path(@site, User.last) }
+    end
+  end
+
+  describe "POST to :create, with invalid params" do
+    action { post :create, invalid_user_params }
+  
+    it_guards_permissions :create, :user do
+      it_assigns :user => User
+      it_does_not_trigger_any_event
+      it_assigns_flash_cookie :error => :not_nil
+      it_renders_template 'new'
+    end
+  end
+
+  describe "GET to :edit" do
+    action { get :edit, user_params }
+    
+    it_guards_permissions :update, :user do
+      it_assigns :user
+      it_renders_template :edit
+    end
+  end
+
+  describe "PUT to :update" do
+    action { put :update, valid_user_params.merge(:id => @user.id) }
+    
+    it_guards_permissions :update, :user do
+      it_assigns :user
+      it_triggers_event :user_updated
+      it_assigns_flash_cookie :notice => :not_nil
+      it_redirects_to { admin_site_user_path(@site, @user) }
+    end
+  end
+
+  describe "PUT to :update, with invalid params" do
+    action { put :update, invalid_user_params.merge(:id => @user.id) }
+    
+    it_guards_permissions :update, :user do
+      it_assigns :user
+      it_does_not_trigger_any_event
+      it_assigns_flash_cookie :error => :not_nil
+      it_renders_template 'edit'
+    end
+  end
+
+  describe "DELETE to :destroy" do
+    action { delete :destroy, user_params }
+    
+    it_guards_permissions :destroy, :user do
+      it_assigns :user
+      it_assigns_flash_cookie :notice => :not_nil
+      it_triggers_event :user_deleted
+      it_redirects_to { admin_site_users_path(@site) }
+    end
+  end
+
+# FIXME implement tests for membership removing and RBAC system (integration or functional tests?)
+#  describe "given valid user params (removing the user's site membership)" do
+#    before :each do
+#      @user.stub!(:is_site_member?).and_return false
+#    end
+#    it_redirects_to { @collection_path }
+#    it_triggers_event :user_updated
+#  end
+
+# FIXME: how can destroy fail?
+# describe "when destroy fails" do
+#   before :each do @user.stub!(:destroy).and_return false end
+#   it_renders_template :edit
+#   it_assigns_flash_cookie :error => :not_nil
+#   it_does_not_trigger_any_event
+# end
+
+# FIXME implement these:
+#   it "disallows a non-superuser to add a superuser role"
+#   it "disallows a non-admin to change any roles"
+#   it "disallows a site-admin to directly add any memberships"
+#   it "disallows a non-superuser to view another user's profile outside of a site scope"
+
+  def default_params
+    { :site_id => @site.id }
+  end
+
+  def user_params
+    default_params.merge(:id => @user.id)
+  end
+
+  def valid_user_params
+    default_params.merge(:user => { :first_name => 'John', :password => 'password', :email => 'John@test.org' })
+  end
+
+  def invalid_user_params
+    default_params.merge(:user => { :first_name => 'John', :password => 'password', :email => '' })
+  end
+end

data/test/functional/password_controller_test.rb

@@ -0,0 +1,96 @@
+require File.expand_path(File.dirname(__FILE__) + "/../test_helper")
+
+class PasswordControllerTest < ActionController::TestCase
+  with_common :a_site, :a_user
+
+  test "is an BaseController" do
+    @controller.should be_kind_of(BaseController)
+  end
+
+  describe "GET to :new" do
+    action { get :new }
+    
+    it_assigns :site
+    it_renders :template, :new do
+      has_form_posting_to password_path do
+        has_tag 'input[name=?]', 'user[email]'
+      end
+    end
+  end
+
+  describe "POST to :create" do
+    action { post :create, @params }
+    
+    with "an email adress that belongs to a user" do
+      before { @params = { :user => { :email => @user.email } } } 
+      
+      it_triggers_event :user_password_reset_requested
+      it_assigns_flash_cookie :notice => :not_nil
+      it_redirects_to { edit_password_url }
+    end
+    
+    with "an email adress that does not belong to a user" do
+      before { @params = { :user => { :email => 'none' } } } 
+
+      it_does_not_trigger_any_event
+      it_assigns_flash_cookie :notice => :not_nil # feature, not a bug!
+      it_renders_template :new
+    end
+  end
+  
+  describe "GET to :edit" do
+    action { get :edit, @params }
+    
+    with "the user is logged in (via cookie or token)" do
+      before do
+        stub(@controller).current_user.returns(@user)
+      end
+
+      it_renders_template :edit do
+        has_tag 'input[name=?][type=password]', 'user[password]'
+      end
+    end
+
+    with "the user is not logged in (missing or invalid token)" do
+      it_renders_template :edit do
+        has_tag 'input[name=?][type=text]', 'token'
+        has_tag 'input[name=?][type=password]', 'user[password]'
+      end
+    end
+  end
+  
+  describe "PUT to :update" do
+    action { put :update, @params }
+    
+    with "the user is logged in" do
+      before { stub(@controller).current_user.returns(@user) }
+      
+      with "valid password parameters" do
+        before { @params = { :user => { :password => 'new password' } } } 
+
+        it_triggers_event :user_password_updated
+        it_assigns_flash_cookie :notice => :not_nil
+        it_redirects_to { root_url }
+      end
+    
+      describe "given an invalid email address" do
+        before { @params = { :user => { :password => nil } } } 
+      
+        it_does_not_trigger_any_event
+        it_assigns_flash_cookie :error => :not_nil
+        it_renders_template :edit
+      end
+    end
+
+    with "the user is not logged in" do
+      before { stub(@controller).current_user.returns(nil) }
+
+      it_does_not_trigger_any_event
+      it_assigns_flash_cookie :error => :not_nil
+      it_renders_template :edit do
+        has_tag 'input[name=?][type=?]', 'token', 'text'
+        has_tag 'input[name=?][type=?]', 'user[password]', 'password'
+      end
+    end
+  end
+end

data/test/functional/session_controller_test.rb

@@ -0,0 +1 @@
+# FIXME ... implement

data/test/functional/user_controller_test.rb

@@ -0,0 +1,95 @@
+require File.expand_path(File.dirname(__FILE__) + "/../test_helper")
+
+class UserControllerTest < ActionController::TestCase
+  with_common :a_site, :a_user
+
+  view :form do
+    has_tag 'input[name=?]', 'user[first_name]'
+    has_tag 'input[name=?]', 'user[email]'
+    has_tag 'input[name=?]', 'user[password]'
+  end
+
+  test "is an BaseController" do
+    @controller.should be_kind_of(BaseController)
+  end
+
+  describe "GET to :new" do
+    action { get :new }
+
+    it_assigns :site
+    it_renders :template, :new do
+      has_form_posting_to user_path do
+        shows :form
+      end
+    end
+  end
+
+  describe "POST to :create" do
+    action { post :create, @params }
+    it_assigns :user => :not_nil
+
+    with :valid_user_params do
+      it_saves :user
+      it_triggers_event :user_registered
+      it_triggers_event :user_created
+      it_redirects_to { user_verification_sent_url }
+
+      it "makes the new user a member of the current site" do
+        @site.users.should include(assigns(:user))
+      end
+
+      expect "sends a validation email to the user" do
+        # FIXME can't get this to behave ...
+        # mock(UserMailer).deliver_signup_verification_email(anything, anything)
+      end
+    end
+
+    with :invalid_user_params do
+      it_does_not_save :user
+      it_renders :template, :new
+      it_assigns_flash_cookie :error => :not_nil
+      it_does_not_trigger_any_event
+    end
+  end
+
+  describe "GET to :verification_sent" do
+    action { get :verification_sent }
+
+    it_renders :template, :verification_sent
+  end
+
+  describe "GET to :verify" do
+    action { get :verify }
+
+    with "the user has been logged in from params[:token]" do
+      before { stub(@controller).current_user.returns(@user) }
+
+      with "the user can be verified" do
+        before { @user.update_attributes!(:verified_at => nil) }
+
+        it_triggers_event :user_verified
+        it_assigns_flash_cookie :notice => :not_nil
+        it_redirects_to Registry.get(:redirect, :verify)
+      end
+
+      with "the user can not be verified" do
+        before { @user.update_attributes!(:verified_at => Time.now) }
+
+        it_does_not_trigger_any_event
+        it_assigns_flash_cookie :error => :not_nil
+        it_redirects_to Registry.get(:redirect, :verify)
+      end
+    end
+  end
+
+  describe "DELETE to :destroy" do
+    action { delete :destroy }
+
+    before { stub(@controller).current_user.returns(@user) }
+
+    it_destroys :user
+    it_redirects_to { '/' }
+    it_assigns_flash_cookie :notice => :not_nil
+    it_triggers_event :user_deleted
+  end
+end

data/test/integration/anonymous_login_test.rb

@@ -0,0 +1,39 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'test_helper' ))
+
+module IntegrationTests
+  class AnonymousLoginTest < ActionController::IntegrationTest
+    def setup
+      super
+      @site = use_site! 'site with pages'
+      @site.update_attributes! :permissions => { 'create comment' => 'anonymous' }
+    end
+  
+    test "After posting a comment an anonymous is recognized by the system (aka anonymous login)" do
+      post_a_section_comment_as_anonymous
+      check_logged_in_as_anonymous
+      visit '/'
+      check_logged_in_as_anonymous
+    end
+    
+    def post_a_section_comment_as_anonymous
+      visit '/articles/a-page-article'
+      fill_in "user_name", :with => "John Doe"
+      fill_in "user_email", :with => "john@example.com"
+      fill_in "comment_body", :with => "What a nice article!"
+      click_button "Submit comment"
+    end
+    
+    def check_logged_in_as_anonymous
+      # the user is logged in as an anonymous user
+      current_user.should_not be_nil
+      current_user.anonymous?.should be_true
+      
+      # a cookie containing the user id and indicating the anonymous login was set
+      cookies['aid'].should == current_user.id.to_s 
+    end
+    
+    def current_user
+      controller.current_user
+    end
+  end
+end

data/test/integration/edit_user_test.rb

@@ -0,0 +1,44 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '..', 'test_helper' ))
+
+module IntegrationTests
+  class EditUserTest < ActionController::IntegrationTest
+    def setup
+      super
+      @site = use_site! 'site with pages'
+    end
+    
+    test "setting all global roles for a user with no global role on site, yet" do
+      login_as_superuser
+      visit_edit_user_form
+      
+      assert_select "input[name=?][checked=?]", "user[roles_attributes][0][selected]", "checked", :count => 0
+      assert_select "input[name=?][checked=?]", "user[roles_attributes][1][selected]", "checked", :count => 0
+      assert_select "input[name=?][checked=?]", "user[roles_attributes][2][selected]", "checked", :count => 0
+      assert_select "input[name=?][checked=?]", "user[roles_attributes][3][selected]", "checked", :count => 0
+      assert_select "input[name=?][checked=?]", "user[roles_attributes][4][selected]", "checked", :count => 0      
+      
+      check 'user[roles_attributes][0][selected]'
+      check 'user[roles_attributes][1][selected]'
+      check 'user[roles_attributes][2][selected]'
+      check 'user[roles_attributes][3][selected]'
+      check 'user[roles_attributes][4][selected]'
+      
+      click_button 'commit'
+      
+      visit_edit_user_form
+      
+      assert_select "input[name=?][checked=?]", "user[roles_attributes][0][selected]", "checked"
+      assert_select "input[name=?][checked=?]", "user[roles_attributes][1][selected]", "checked"
+      assert_select "input[name=?][checked=?]", "user[roles_attributes][2][selected]", "checked"
+      assert_select "input[name=?][checked=?]", "user[roles_attributes][3][selected]", "checked"
+      assert_select "input[name=?][checked=?]", "user[roles_attributes][4][selected]", "checked"                  
+    end
+    
+    def visit_edit_user_form
+      moderator = User.find_by_first_name('a moderator')
+      visit "/admin/sites/#{@site.id}/users/#{moderator.id}/edit"
+      renders_template "admin/users/edit"
+    end
+    
+  end
+end