fesplugas-typus 0.9.0

data/test/functional/admin/posts_controller_test.rb

@@ -0,0 +1,278 @@
+require 'test/helper'
+
+##
+# Test CRUD actions and ...
+#
+#   - Relate comment which is a has_many relationship.
+#   - Unrelate comment which is a has_many relationship.
+#
+class Admin::PostsControllerTest < ActionController::TestCase
+
+  def setup
+    typus_user = typus_users(:admin)
+    @request.session[:typus_user_id] = typus_user.id
+  end
+
+  def test_should_redirect_to_login
+
+    @request.session[:typus_user_id] = nil
+
+    get :index
+    assert_response :redirect
+    assert_redirected_to admin_sign_in_path(:back_to => '/admin/posts')
+    get :edit, { :id => 1 }
+    assert_response :redirect
+    assert_redirected_to admin_sign_in_path(:back_to => '/admin/posts')
+
+  end
+
+  def test_should_render_index
+    get :index
+    assert_response :success
+    assert_template 'index'
+  end
+
+  def test_should_render_new
+    test_should_update_item_and_redirect_to_index
+    get :new
+    assert_response :success
+    assert_template 'new'
+  end
+
+  def test_should_create_item_and_redirect_to_index
+
+    options = Typus::Configuration.options.merge(:index_after_save => true)
+    Typus::Configuration.stubs(:options).returns(options)
+
+    assert_difference 'Post.count' do
+      post :create, { :item => { :title => 'This is another title', :body => 'Body' } }
+      assert_response :redirect
+      assert_redirected_to :action => 'index'
+    end
+
+  end
+
+  def test_should_create_item_and_redirect_to_edit
+
+    options = Typus::Configuration.options.merge(:index_after_save => false)
+    Typus::Configuration.stubs(:options).returns(options)
+
+    assert_difference 'Post.count' do
+      post :create, { :item => { :title => 'This is another title', :body => 'Body' } }
+      assert_response :redirect
+      assert_redirected_to :action => 'edit'
+    end
+
+  end
+
+  def test_should_render_show
+    post_ = posts(:published)
+    get :show, { :id => post_.id }
+    assert_response :success
+    assert_template 'show'
+  end
+
+  def test_should_render_edit
+    post_ = posts(:published)
+    get :edit, { :id => post_.id }
+    assert_response :success
+    assert_template 'edit'
+  end
+
+  def test_should_update_item_and_redirect_to_index
+
+    options = Typus::Configuration.options.merge(:index_after_save => true)
+    Typus::Configuration.stubs(:options).returns(options)
+
+    post_ = posts(:published)
+    post :update, { :id => post_.id, :title => 'Updated' }
+    assert_response :redirect
+    assert_redirected_to :action => 'index'
+
+  end
+
+  def test_should_update_item_and_redirect_to_edit
+
+    options = Typus::Configuration.options.merge(:index_after_save => false)
+    Typus::Configuration.stubs(:options).returns(options)
+
+    post_ = posts(:published)
+    post :update, { :id => post_.id, :title => 'Updated' }
+    assert_response :redirect
+    assert_redirected_to :action => 'edit', :id => post_.id
+
+  end
+
+  def test_should_allow_admin_to_toggle_item
+    @request.env['HTTP_REFERER'] = '/admin/posts'
+    post = posts(:unpublished)
+    get :toggle, { :id => post.id, :field => 'status' }
+    assert_response :redirect
+    assert_redirected_to :action => 'index'
+    assert flash[:success]
+    assert Post.find(post.id).status
+  end
+
+  def test_should_perform_a_search
+    typus_user = typus_users(:admin)
+    @request.session[:typus_user_id] = typus_user.id
+    get :index, { :search => 'neinonon' }
+    assert_response :success
+    assert_template 'index'
+  end
+
+  def test_should_relate_category_to_post_which_is_a_habtm_relationship
+    category = categories(:first)
+    post_ = posts(:published)
+    @request.env['HTTP_REFERER'] = "/admin/posts/edit/#{post_.id}#categories"
+    assert_difference('category.posts.count') do
+      post :relate, { :id => post_.id, :related => { :model => 'Category', :id => category.id } }
+    end
+    assert_response :redirect
+    assert flash[:success]
+    assert_redirected_to @request.env['HTTP_REFERER']
+  end
+
+  def test_should_unrelate_category_from_post_which_is_a_habtm_relationship
+    category = categories(:first)
+    post_ = posts(:published)
+    @request.env['HTTP_REFERER'] = "/admin/posts/edit/#{post_.id}#categories"
+    assert_difference('category.posts.count', 0) do
+      post :unrelate, { :id => post_.id, :resource => 'Category', :resource_id => category.id, :association => 'has_and_belongs_to_many' }
+    end
+    assert_response :redirect
+    assert flash[:success]
+    assert_match /Category unrelated from/, flash[:success]
+    assert_redirected_to @request.env['HTTP_REFERER']
+  end
+
+  ##
+  # This is a polimorphic relationship.
+  #
+  def test_should_unrelate_an_asset_from_a_post
+
+    post_ = posts(:published)
+
+    @request.env['HTTP_REFERER'] = "/admin/posts/edit/#{post_.id}#assets"
+
+    assert_difference('post_.assets.count', -1) do
+      get :unrelate, { :id => post_.id, :resource => 'Asset', :resource_id => post_.assets.first.id, :association => 'has_many' }
+    end
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:success]
+    assert_match /Asset removed from/, flash[:success]
+
+  end
+
+  def test_should_check_redirection_when_theres_no_http_referer_on_new
+
+    typus_user = typus_users(:designer)
+    @request.session[:typus_user_id] = typus_user.id
+
+    get :new
+    assert_response :redirect
+    assert_redirected_to admin_dashboard_path
+
+    assert flash[:notice]
+    assert_equal "Designer can't perform action (new).", flash[:notice]
+
+    @request.env['HTTP_REFERER'] = '/admin/posts'
+
+    typus_user = typus_users(:designer)
+    @request.session[:typus_user_id] = typus_user.id
+
+    get :new
+    assert_response :redirect
+    assert_redirected_to '/admin/posts'
+
+    assert flash[:notice]
+    assert_equal "Designer can't perform action (new).", flash[:notice]
+
+  end
+
+  def test_should_disable_toggle_and_check_links_are_disabled
+
+    options = Typus::Configuration.options.merge(:toggle => false)
+    Typus::Configuration.stubs(:options).returns(options)
+
+    @request.env['HTTP_REFERER'] = '/admin/posts'
+    post = posts(:unpublished)
+    get :toggle, { :id => post.id, :field => 'status' }
+    assert_response :redirect
+    assert_redirected_to :action => 'index'
+    assert !flash[:success]
+    assert !flash[:error]
+    assert flash[:notice]
+    assert_equal "Toggle is disabled.", flash[:notice]
+
+  end
+
+  def test_should_show_form_templates
+    get :new
+    assert_response :success
+    assert_match /datepicker_template_published_at/, @response.body
+  end
+
+=begin
+
+  # FIXME
+
+  def test_should_add_back_to_params_for_comment_items
+
+    post_ = posts(:published)
+    get :edit, { :id => post_.id }
+    assert_response :success
+    back_to = "/posts/#{post_.id}/edit"
+    re = /<a href="\/typus\/assets\/1\/edit(.*)">This is the caption\.<\/a>/
+    params = re.match(@response.body)
+
+    assert_equal params[1], "?back_to=%2Ftypus%2Fposts%2F1%2Fedit&amp;resource=posts&amp;resource_id=#{post_.id}"
+
+  end
+
+=end
+
+  def test_should_verify_root_can_edit_any_record
+    Post.find(:all).each do |post|
+      get :edit, { :id => post.id }
+      assert_response :success
+      assert_template 'edit'
+    end
+  end
+
+  def test_should_verify_editor_can_view_all_records
+    Post.find(:all).each do |post|
+      get :show, { :id => post.id }
+      assert_response :success
+      assert_template 'show'
+    end
+  end
+
+  def test_should_verify_editor_can_edit_their_records
+
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+
+    post = posts(:owned_by_editor)
+    get :edit, { :id => post.id }
+    assert_response :success
+
+  end
+
+  def test_should_verify_editor_cannot_edit_other_users_records
+
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+
+    post = posts(:owned_by_admin)
+    get :edit, { :id => post.id }
+    assert_response :redirect
+    assert_redirected_to :action => 'show', :id => post.id
+    assert flash[:notice]
+    assert_equal "Record owned by another user.", flash[:notice]
+
+  end
+
+end

data/test/functional/admin/status_controller_test.rb

@@ -0,0 +1,43 @@
+require 'test/helper'
+
+##
+# Test resources which are not related to an ActiveRecord model.
+#
+class Admin::StatusControllerTest < ActionController::TestCase
+
+  def setup
+    @typus_user = typus_users(:admin)
+    @request.session[:typus_user_id] = @typus_user.id
+  end
+
+  def test_should_verify_admin_can_go_to_index
+    get :index
+    assert_response :success
+    assert_template 'index'
+  end
+
+  def test_should_verify_status_is_not_available_if_user_not_logged
+    @request.session[:typus_user_id] = nil
+    get :index
+    assert_response :redirect
+    assert_redirected_to admin_sign_in_path(:back_to => '/admin/status')
+  end
+
+  def test_should_verify_admin_can_not_go_to_show
+    get :show
+    assert_response :redirect
+    assert_redirected_to admin_dashboard_path
+    assert flash[:notice]
+    assert_equal "#{@typus_user.role.capitalize} can't go to show on status.", flash[:notice]
+  end
+
+  def test_should_verify_editor_can_not_go_to_index
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+    get :index
+    assert_response :redirect
+    assert flash[:notice]
+    assert_equal "#{typus_user.role.capitalize} can't go to index on status.", flash[:notice]
+  end
+
+end

data/test/functional/admin/typus_users_controller_test.rb

@@ -0,0 +1,239 @@
+require 'test/helper'
+
+##
+# Test what TypusUsers can do.
+#
+class Admin::TypusUsersControllerTest < ActionController::TestCase
+
+  def setup
+    Typus::Configuration.options[:root] = 'admin'
+    @typus_user = typus_users(:admin)
+    @request.session[:typus_user_id] = @typus_user.id
+  end
+
+  def test_should_allow_admin_to_create_typus_users
+    get :new
+    assert_response :success
+  end
+
+  def test_should_not_allow_admin_to_toggle_her_status
+
+    @request.env['HTTP_REFERER'] = '/admin/typus_users'
+    get :toggle, { :id => @typus_user.id, :field => 'status' }
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:notice]
+    assert_equal "You can't toggle your status.", flash[:notice]
+
+  end
+
+  def test_should_allow_admin_to_toggle_other_users_status
+
+    @request.env['HTTP_REFERER'] = '/typus/typus_users'
+    editor = typus_users(:editor)
+    get :toggle, { :id => editor.id, :field => 'status' }
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:success]
+    assert_equal "Typus user status changed.", flash[:success]
+
+  end
+
+  def test_should_not_allow_non_root_typus_user_to_toggle_status
+
+    @request.env['HTTP_REFERER'] = '/admin/typus_users'
+    @typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = @typus_user.id
+    get :toggle, { :id => @typus_user.id, :field => 'status' }
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:notice]
+    assert_equal "You're not allowed to toggle status.", flash[:notice]
+
+  end
+
+  def test_should_verify_admin_cannot_destroy_herself
+
+    @request.env['HTTP_REFERER'] = '/admin/typus_users'
+
+    assert_difference('TypusUser.count', 0) do
+      delete :destroy, :id => @typus_user.id
+    end
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:notice]
+    assert_equal "You can't remove yourself.", flash[:notice]
+
+  end
+
+  def test_should_verify_admin_can_destroy_others
+
+    @request.env['HTTP_REFERER'] = '/admin/typus_users'
+
+    assert_difference('TypusUser.count', -1) do
+      delete :destroy, :id => typus_users(:editor).id
+    end
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:success]
+    assert_equal "Typus user successfully removed.", flash[:success]
+
+  end
+
+  def test_should_not_allow_editor_to_create_typus_users
+
+    @request.env['HTTP_REFERER'] = '/typus/typus_users'
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+    get :new
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:notice]
+    assert_equal "Editor can't perform action (new).", flash[:notice].to_s
+
+  end
+
+  def test_should_allow_editor_to_update_himself
+
+    options = Typus::Configuration.options.merge(:index_after_save => false)
+    Typus::Configuration.stubs(:options).returns(options)
+
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+    @request.env['HTTP_REFERER'] = "/admin/typus_users/edit/#{typus_user.id}"
+    get :edit, { :id => typus_user.id }
+
+    assert_response :success
+    assert_equal 'editor', typus_user.role
+
+    post :update, { :id => typus_user.id, 
+                    :item => { :first_name => 'Richard', 
+                               :last_name => 'Ashcroft', 
+                               :role => 'editor' } }
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:success]
+    assert_equal "Typus user successfully updated.", flash[:success]
+
+  end
+
+  def test_should_not_allow_editor_to_update_himself_to_become_admin
+
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+    @request.env['HTTP_REFERER'] = "/admin/typus_users/#{typus_user.id}/edit"
+
+    assert_equal 'editor', typus_user.role
+
+    post :update, { :id => typus_user.id, 
+                    :item => { :role => 'admin' } }
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:notice]
+    assert_equal "You can't change your role.", flash[:notice]
+
+  end
+
+  def test_should_not_allow_editor_to_edit_other_users_profiles
+
+    @request.env['HTTP_REFERER'] = '/admin/typus_users'
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+    get :edit, { :id => typus_user.id }
+
+    assert_response :success
+    assert_template 'edit'
+
+    get :edit, { :id => typus_users(:admin).id }
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:notice]
+    assert_equal "As you're not the admin or the owner of this record you cannot edit it.", flash[:notice]
+
+  end
+
+  def test_should_not_allow_editor_to_destroy_users
+
+    @request.env['HTTP_REFERER'] = '/admin/typus_users'
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+    delete :destroy, :id => typus_users(:admin).id
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:notice]
+    assert_equal "You're not allowed to remove Typus Users.", flash[:notice]
+
+  end
+
+  def test_should_not_allow_editor_to_destroy_herself
+
+    @request.env['HTTP_REFERER'] = '/admin/typus_users'
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+    delete :destroy, :id => typus_user.id
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:notice]
+    assert_equal "You're not allowed to remove Typus Users.", flash[:notice]
+
+  end
+
+  def test_should_redirect_to_admin_dashboard_if_user_does_not_have_privileges
+
+    @request.env['HTTP_REFERER'] = '/admin'
+    typus_user = typus_users(:designer)
+    @request.session[:typus_user_id] = typus_user.id
+    get :index
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:notice]
+    assert_equal "Designer can't display items.", flash[:notice]
+
+  end
+
+  def test_should_change_root_to_editor_so_editor_can_edit_others_content
+
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+    @request.env['HTTP_REFERER'] = '/admin/typus_users'
+
+    assert_equal 'editor', typus_user.role
+
+    get :edit, :id => typus_user.id
+    assert_response :success
+
+    get :edit, :id => typus_users(:admin).id
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert flash[:notice]
+    assert_equal "As you're not the admin or the owner of this record you cannot edit it.", flash[:notice]
+
+    ##
+    # Here we change the behavior, editor has become root, so he 
+    # has access to all TypusUser records.
+    #
+
+    options = Typus::Configuration.options.merge(:root => 'editor')
+    Typus::Configuration.stubs(:options).returns(options)
+
+    get :edit, :id => typus_user.id
+    assert_response :success
+
+    get :edit, :id => typus_users(:admin).id
+    assert_response :success
+
+  end
+
+end