alchemy_cms 2.8.3 → 2.9.0

data/spec/controllers/admin/resources_controller_spec.rb

@@ -1,9 +1,34 @@
 require "spec_helper"
 
-describe Alchemy::Admin::ResourcesController do
-  describe "index" do
-    it "should include ResourcesHelper" do
-      Alchemy::Admin::ResourcesController.new.respond_to?(:resource_window_size).should be_true
+describe Admin::EventsController do
+  it "should include ResourcesHelper" do
+    controller.respond_to?(:resource_window_size).should be_true
+  end
+
+  describe '#index' do
+    let(:params) { Hash.new }
+    let(:peter)  { Event.create(name: 'Peter') }
+    let(:lustig) { Event.create(name: 'Lustig') }
+
+    before do
+      sign_in(admin_user)
+      peter; lustig
+    end
+
+    it "returns all records" do
+      get :index, params
+      assigns(:events).should include(peter)
+      assigns(:events).should include(lustig)
+    end
+
+    context 'with search query given' do
+      let(:params) { {query: 'PeTer'} }
+
+      it "returns only matching records" do
+        get :index, params
+        assigns(:events).should include(peter)
+        assigns(:events).should_not include(lustig)
+      end
     end
   end
-end
+end

data/spec/controllers/admin/trash_controller_spec.rb

@@ -10,7 +10,7 @@ module Alchemy
 
       before {
         sign_in(admin_user)
-        element.trash
+        element.trash!
       }
 
       it "should hold trashed elements" do

data/spec/controllers/attachments_controller_spec.rb

@@ -1,64 +1,46 @@
 require 'spec_helper'
 
-# Fixes missing method tempfile error
-class Rack::Test::UploadedFile
-  attr_reader :tempfile
-end
-
 module Alchemy
   describe AttachmentsController do
-
-    let(:public_page) { FactoryGirl.create(:public_page, :restricted => true) }
-    let(:element)     { FactoryGirl.create(:element, :page => public_page, :name => 'download', :create_contents_after_create => true) }
-    let(:attachment)  { Attachment.create(:file => File.new(File.expand_path('../../support/image.png', __FILE__))) }
-
-    before do
-      essence = element.contents.where(:name => 'file').first.essence
-      essence.attachment_id = attachment.id
-      essence.save
-    end
-
-    it "should not be possible to download attachments from restricted pages" do
-      get :download, :id => attachment.id
-      response.status.should == 302
-      response.should redirect_to(login_path)
-    end
+    let(:attachment) { FactoryGirl.build_stubbed(:attachment) }
 
     it "should raise ActiveRecord::RecordNotFound for requesting not existing attachments" do
       expect { get :download, id: 0 }.to raise_error(ActiveRecord::RecordNotFound)
     end
 
-    context "as registered user" do
-
+    context 'with restricted attachment' do
       before do
-        sign_in(registered_user)
+        attachment.stub(:restricted?).and_return(true)
+        Attachment.stub(:find).and_return(attachment)
       end
 
-      it "should be possible to download attachments from restricted pages" do
-        get :download, :id => attachment.id
-        response.status.should == 200
+      context 'as anonymous user' do
+        it "should not be possible to download attachments from restricted pages" do
+          get :download, :id => attachment.id
+          response.status.should == 302
+          response.should redirect_to(Alchemy.login_path)
+        end
+
+        it "should not be possible to see attachments from restricted pages" do
+          get :show, :id => attachment.id
+          response.status.should == 302
+          response.should redirect_to(Alchemy.login_path)
+        end
       end
 
-    end
-
-    it "should not be possible to see attachments from restricted pages" do
-      get :show, :id => attachment.id
-      response.status.should == 302
-      response.should redirect_to(login_path)
-    end
-
-    context "as registered user" do
+      context "as registered user" do
+        before { sign_in(registered_user) }
 
-      before do
-        sign_in(registered_user)
-      end
+        it "should be possible to download attachments from restricted pages" do
+          get :download, :id => attachment.id
+          response.status.should == 200
+        end
 
-      it "should be possible to see attachments from restricted pages" do
-        get :show, :id => attachment.id
-        response.status.should == 200
+        it "should be possible to see attachments from restricted pages" do
+          get :show, :id => attachment.id
+          response.status.should == 200
+        end
       end
-
     end
-
   end
 end

data/spec/controllers/base_controller_spec.rb

@@ -41,7 +41,7 @@ module Alchemy
       context "with no lang param" do
 
         it "should set the default language" do
-          controller.stub!(:params).and_return({})
+          controller.stub(:params).and_return({})
           controller.send :set_language
           assigns(:language).should == default_language
           controller.session.should include_language_information_for(default_language)
@@ -51,7 +51,7 @@ module Alchemy
 
       context "with language set in the session" do
         before do
-          controller.stub!(:session).and_return(language_id: klingonian.id, language_code: klingonian.code)
+          controller.stub(:session).and_return(language_id: klingonian.id, language_code: klingonian.code)
         end
 
         it "should use the language set in the session cookie" do
@@ -63,7 +63,7 @@ module Alchemy
       context "with lang param" do
 
         it "should set the language" do
-          controller.stub!(:params).and_return(:lang => klingonian.code)
+          controller.stub(:params).and_return(:lang => klingonian.code)
           controller.send :set_language
           assigns(:language).should == klingonian
           controller.session.should include_language_information_for(klingonian)
@@ -72,7 +72,7 @@ module Alchemy
         context "for language that does not exist" do
 
           before do
-            controller.stub!(:params).and_return(:lang => 'fo')
+            controller.stub(:params).and_return(:lang => 'fo')
             controller.send :set_language
           end
 
@@ -95,49 +95,24 @@ module Alchemy
 
     end
 
-    describe '#store_user_request_time' do
-
-      context "user not logged in" do
-        before { controller.stub!(:user_signed_in?).and_return(false) }
-
-        it "should not store the current request time" do
-          controller.send(:store_user_request_time).should == nil
-        end
-
-      end
-
-      context "user logged in" do
-        before do
-          controller.stub!(:user_signed_in?).and_return(true)
-          controller.stub!(:current_user).and_return(FactoryGirl.create(:user))
-        end
-
-        it "should not store the current request time" do
-          controller.send(:store_user_request_time).should == true
-        end
-
-      end
-
-    end
-    
     describe "#layout_for_page" do
       it "should return false if params[:layout] is set to false" do
-        controller.stub!(:params).and_return(layout: 'false')
+        controller.stub(:params).and_return(layout: 'false')
         expect(controller.send(:layout_for_page)).to be_false
       end
 
       it "should return false if params[:layout] is set to none" do
-        controller.stub!(:params).and_return(layout: 'none')
+        controller.stub(:params).and_return(layout: 'none')
         expect(controller.send(:layout_for_page)).to be_false
       end
 
       it "should return the layout name set through params[:layout]" do
-        controller.stub!(:params).and_return(layout: 'my_layout')
+        controller.stub(:params).and_return(layout: 'my_layout')
         expect(controller.send(:layout_for_page)).to eq('my_layout')
       end
 
       it "should return 'application' if params[:layout] is not set" do
-        controller.stub!(:params).and_return({})
+        controller.stub(:params).and_return({})
         expect(controller.send(:layout_for_page)).to eq('application')
       end
     end

data/spec/controllers/elements_controller_spec.rb

@@ -16,7 +16,7 @@ module Alchemy
       end
 
       it "should raise ActiveRecord::RecordNotFound error for trashed elements" do
-        element.trash
+        element.trash!
         expect { get(:show, :id => element.id) }.to raise_error(ActiveRecord::RecordNotFound)
       end
 

data/spec/controllers/pages_controller_spec.rb

@@ -6,12 +6,13 @@ module Alchemy
 
     let(:default_language)      { Language.get_default }
     let(:default_language_root) { FactoryGirl.create(:language_root_page, :language => default_language, :name => 'Home', :public => true) }
+    let(:page) { FactoryGirl.create(:public_page, :parent_id => default_language_root.id, :page_layout => 'news', :name => 'News', :language => default_language, :do_not_autogenerate => false) }
+
+    before { controller.stub(:signup_required?).and_return(false) }
 
     context "requested for a page containing a feed" do
       render_views
 
-      let(:page) { FactoryGirl.create(:public_page, :parent_id => default_language_root.id, :page_layout => 'news', :name => 'News', :language => default_language, :do_not_autogenerate => false) }
-
       it "should render a rss feed" do
         get :show, :urlname => page.urlname, :format => :rss
         response.content_type.should == 'application/rss+xml'
@@ -35,23 +36,18 @@ module Alchemy
     end
 
     describe "Layout rendering" do
-
       context "with param layout set to none" do
-
         it "should not render a layout" do
-          get :show, :urlname => :home, :layout => 'none'
+          get :show, :urlname => page.urlname, :layout => 'none'
           response.body.should_not match /<head>/
         end
-
       end
 
       context "with param layout set to false" do
-
         it "should not render a layout" do
-          get :show, :urlname => :home, :layout => 'false'
+          get :show, :urlname => page.urlname, :layout => 'false'
           response.body.should_not match /<head>/
         end
-
       end
 
       context "with params layout set to not existing layout" do
@@ -92,8 +88,8 @@ module Alchemy
       let(:product)  { FactoryGirl.create(:public_page, :name => "Screwdriver", :parent_id => products.id, :language => default_language, :do_not_autogenerate => false, :visible => true) }
 
       before do
-        User.stub!(:admins).and_return(OpenStruct.new(count: 1))
-        Config.stub!(:get) { |arg| arg == :url_nesting ? true : false }
+        Alchemy.user_class.stub(:admins).and_return(OpenStruct.new(count: 1))
+        Config.stub(:get) { |arg| arg == :url_nesting ? true : false }
         product.elements.find_by_name('article').contents.essence_texts.first.essence.update_column(:body, 'screwdriver')
       end
 
@@ -121,7 +117,6 @@ module Alchemy
 
     context "when a non-existent page is requested" do
       it "should rescue a RoutingError with rendering a 404 page." do
-        FactoryGirl.create(:admin_user) # otherwise we are redirected to create_user
         get :show, {:urlname => 'doesntexist'}
         response.status.should == 404
         response.body.should have_content('The page you were looking for doesn\'t exist')
@@ -170,9 +165,6 @@ module Alchemy
     describe 'Redirecting to legacy page urls' do
       context 'Request a page with legacy url' do
 
-        # otherwise we are redirected to signup
-        before { FactoryGirl.create(:admin_user) }
-
         let(:page)        { FactoryGirl.create(:public_page, :name => 'New page name') }
         let(:second_page) { FactoryGirl.create(:public_page, :name => 'Second Page') }
         let(:legacy_page) { FactoryGirl.create(:public_page, :name => 'Legacy Url') }

data/spec/controllers/pictures_controller_spec.rb

@@ -12,7 +12,7 @@ module Alchemy
     let(:restricted_page)    { FactoryGirl.create(:public_page, :restricted => true) }
     let(:element)            { FactoryGirl.create(:element, :page => public_page, :name => 'bild', :create_contents_after_create => true) }
     let(:restricted_element) { FactoryGirl.create(:element, :page => restricted_page, :name => 'bild', :create_contents_after_create => true) }
-    let(:picture)            { Picture.create(:image_file => fixture_file_upload(File.expand_path('../../support/image.png', __FILE__), 'image/png')) }
+    let(:picture)            { Picture.create(:image_file => fixture_file_upload(File.expand_path('../../fixtures/image.png', __FILE__), 'image/png')) }
 
     context "Requesting a picture that is not assigned with any page" do
       it "should render the picture" do
@@ -51,7 +51,7 @@ module Alchemy
         it "should not render the picture, but redirect to login path" do
           get :show, :id => picture.id, :sh => picture.security_token
           response.status.should == 302
-          response.should redirect_to(login_path)
+          response.should redirect_to(Alchemy.login_path)
         end
       end
 
@@ -68,11 +68,9 @@ module Alchemy
     end
 
     describe 'Picture processing' do
+      let(:big_picture) { Picture.create(:image_file => fixture_file_upload(File.expand_path('../../fixtures/80x60.png', __FILE__), 'image/png')) }
 
       context "with crop and size parameters" do
-
-        let(:big_picture) { Picture.create(:image_file => fixture_file_upload(File.expand_path('../../support/80x60.png', __FILE__), 'image/png')) }
-
         it "should return a cropped image." do
           options = {
             :crop => 'crop',
@@ -83,6 +81,19 @@ module Alchemy
           response.body[0x10..0x18].unpack('NN').should == [10,10]
         end
 
+        context "without a full size specification" do
+          it "should raise an error" do
+            options = {
+              :crop => 'crop',
+              :size => '10',
+              :format => 'png'
+            }
+            expect do
+              get :show, options.merge(:id => big_picture.id, :sh => big_picture.security_token(options))
+            end.to raise_error ArgumentError
+          end
+        end
+
         context "without upsample parameter" do
           it "should not upsample the image." do
             options = {
@@ -107,7 +118,35 @@ module Alchemy
             response.body[0x10..0x18].unpack('NN').should == [10,10]
           end
         end
+      end
 
+      context "without crop but with size parameter" do
+        it "should resize the image preserving aspect ratio" do
+          options = {
+            :size => '40x40',
+            :format => 'png'
+          }
+          get :show, options.merge(:id => big_picture.id, :sh => big_picture.security_token(options))
+          response.body[0x10..0x18].unpack('NN').should == [40,30]
+        end
+
+        it "should resize the image inferring the height if not given" do
+          options = {
+            :size => '40',
+            :format => 'png'
+          }
+          get :show, options.merge(:id => big_picture.id, :sh => big_picture.security_token(options))
+          response.body[0x10..0x18].unpack('NN').should == [40,30]
+        end
+
+        it "should resize the image inferring the width if not given" do
+          options = {
+            :size => 'x30',
+            :format => 'png'
+          }
+          get :show, options.merge(:id => big_picture.id, :sh => big_picture.security_token(options))
+          response.body[0x10..0x18].unpack('NN').should == [40,30]
+        end
       end
 
     end

data/spec/dummy/app/controllers/application_controller.rb

@@ -1,3 +1,11 @@
 class ApplicationController < ActionController::Base
-  protect_from_forgery
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+
+  private
+
+  def current_user
+    nil
+  end
 end

data/spec/dummy/app/models/user.rb

@@ -0,0 +1,14 @@
+class User
+  extend  ::ActiveModel::Naming
+  extend  ::ActiveModel::Translation
+  include ::ActiveModel::Validations
+  include ::ActiveModel::Conversion
+  include ::ActiveModel::MassAssignmentSecurity
+  attr_accessor :alchemy_roles, :email, :password
+
+  alias_method :role_symbols, :alchemy_roles
+
+  def self.logged_in
+    []
+  end
+end

data/spec/dummy/db/migrate/20130827094554_alchemy_two_point_six.rb

@@ -265,37 +265,6 @@ class AlchemyTwoPointSix < ActiveRecord::Migration
     add_index "alchemy_sites", ["host", "public"], :name => "alchemy_sites_public_hosts_idx"
     add_index "alchemy_sites", ["host"], :name => "index_alchemy_sites_on_host"
 
-    create_table "alchemy_users", :force => true do |t|
-      t.string   "firstname"
-      t.string   "lastname"
-      t.string   "login"
-      t.string   "email"
-      t.string   "gender"
-      t.string   "roles",                                 :default => "registered"
-      t.string   "language"
-      t.string   "encrypted_password",     :limit => 128, :default => "",           :null => false
-      t.string   "password_salt",          :limit => 128, :default => "",           :null => false
-      t.integer  "sign_in_count",                         :default => 0,            :null => false
-      t.integer  "failed_attempts",                       :default => 0,            :null => false
-      t.datetime "last_request_at"
-      t.datetime "current_sign_in_at"
-      t.datetime "last_sign_in_at"
-      t.string   "current_sign_in_ip"
-      t.string   "last_sign_in_ip"
-      t.datetime "created_at",                                                      :null => false
-      t.datetime "updated_at",                                                      :null => false
-      t.integer  "creator_id"
-      t.integer  "updater_id"
-      t.text     "cached_tag_list"
-      t.string   "reset_password_token"
-      t.datetime "reset_password_sent_at"
-    end
-
-    add_index "alchemy_users", ["email"], :name => "index_alchemy_users_on_email", :unique => true
-    add_index "alchemy_users", ["login"], :name => "index_alchemy_users_on_login", :unique => true
-    add_index "alchemy_users", ["reset_password_token"], :name => "index_alchemy_users_on_reset_password_token", :unique => true
-    add_index "alchemy_users", ["roles"], :name => "index_alchemy_users_on_roles"
-
     create_table "events", :force => true do |t|
       t.string   "name"
       t.string   "hidden_name"