typus 0.9.29 → 0.9.30

data/test/functional/admin/master_controller_posts_permissions_test.rb

@@ -0,0 +1,127 @@
+require 'test/helper'
+
+class Admin::PostsControllerTest < ActionController::TestCase
+
+  def setup_for_no_root
+    @typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = @typus_user.id
+    assert !@typus_user.is_root?
+  end
+
+  ##
+  # Tests around what happens with records with typus_user_id when editing 
+  # and showing.
+  ##
+
+  def test_should_verify_root_can_edit_any_record
+
+    assert @typus_user.is_root?
+
+    Post.find(:all).each do |post|
+      get :edit, { :id => post.id }
+      assert_response :success
+      assert_template 'edit'
+    end
+
+  end
+
+  def test_should_verify_editor_can_show_any_record
+
+    setup_for_no_root
+
+    Post.find(:all).each do |post|
+      get :show, { :id => post.id }
+      assert_response :success
+      assert_template 'show'
+    end
+
+  end
+
+  def test_should_verify_editor_can_not_edit_all_records
+
+    setup_for_no_root
+
+    # Editor tries to edit a post owned by hiself.
+    post = posts(:owned_by_editor)
+    get :edit, { :id => post.id }
+    assert_response :success
+
+    # Editor tries to edit a post owned by the admin.
+    @request.env['HTTP_REFERER'] = '/admin/posts'
+    post = posts(:owned_by_admin)
+    get :edit, { :id => post.id }
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert_equal "You don't have permission to access this item.", flash[:notice]
+
+    # Editor tries to show a post owned by the admin.
+    post = posts(:owned_by_admin)
+    get :show, { :id => post.id }
+    assert_response :success
+    assert_template 'show'
+
+    # Editor tries to show a post owned by the admin.
+    options = Typus::Configuration.options.merge(:only_user_items => true)
+    Typus::Configuration.stubs(:options).returns(options)
+    post = posts(:owned_by_admin)
+    get :show, { :id => post.id }
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+
+  end
+
+  ##
+  # Tests around what happens with the typus_user_id when creating items.
+  ##
+
+  def test_should_verify_typus_user_id_of_item_when_creating_record
+
+    setup_for_no_root
+
+    post :create, { :item => { :title => "Chunky Bacon", :body => "Lorem ipsum ..." } }
+    post_ = Post.find_by_title("Chunky Bacon")
+
+    assert_equal @request.session[:typus_user_id], post_.typus_user_id
+
+  end
+
+  ##
+  # Tests around what happens with the typus_user_id when updating items.
+  ##
+
+  def test_should_verify_admin_updating_an_item_does_not_change_typus_user_id_if_not_defined
+
+    assert @typus_user.is_root?
+
+    post_ = posts(:owned_by_editor)
+    post :update, { :id => post_.id, :item => { :title => 'Updated by admin' } }
+    post_updated = Post.find(post_.id)
+    assert_equal post_.typus_user_id, post_updated.typus_user_id
+
+  end
+
+  def test_should_verify_admin_updating_an_item_does_change_typus_user_id_to_whatever_admin_wants
+
+    assert @typus_user.is_root?
+
+    post_ = posts(:owned_by_editor)
+    post :update, { :id => post_.id, :item => { :title => 'Updated', :typus_user_id => 108 } }
+    post_updated = Post.find(post_.id)
+    assert_equal 108, post_updated.typus_user_id
+
+  end
+
+  def test_should_verify_editor_updating_an_item_does_not_change_typus_user_id
+
+    setup_for_no_root
+
+    [ 108, nil ].each do |typus_user_id|
+      post_ = posts(:owned_by_editor)
+      post :update, { :id => post_.id, :item => { :title => 'Updated', :typus_user_id => typus_user_id } }
+      post_updated = Post.find(post_.id)
+      assert_equal  @request.session[:typus_user_id], post_updated.typus_user_id
+    end
+
+  end
+
+end

data/test/functional/admin/master_controller_posts_relationships_test.rb

@@ -0,0 +1,86 @@
+require 'test/helper'
+
+class Admin::PostsControllerTest < ActionController::TestCase
+
+  ##
+  # Post => has_many :comments
+  ##
+
+  def test_should_relate_comment_with_post_and_then_unrelate
+
+    comment = comments(:without_post_id)
+    post_ = posts(:published)
+    @request.env['HTTP_REFERER'] = "/admin/posts/edit/#{post_.id}#comments"
+
+    assert_difference('post_.comments.count') do
+      post :relate, { :id => post_.id, 
+                      :related => { :model => 'Comment', :id => comment.id } }
+    end
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert_equal "Comment related to Post.", flash[:success]
+
+    assert_difference('post_.comments.count', -1) do
+      post :unrelate, { :id => post_.id, 
+                        :resource => 'Comment', :resource_id => comment.id }
+    end
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert_equal "Comment unrelated from Post.", flash[:success]
+
+  end
+
+  ##
+  # Post => has_and_belongs_to_many :categories
+  ##
+
+  def test_should_relate_category_with_post_and_then_unrelate
+
+    category = categories(:first)
+    post_ = posts(:published)
+    @request.env['HTTP_REFERER'] = "/admin/posts/edit/#{post_.id}#categories"
+
+    assert_difference('category.posts.count') do
+      post :relate, { :id => post_.id, 
+                      :related => { :model => 'Category', :id => category.id } }
+    end
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert_equal "Category related to Post.", flash[:success]
+
+    assert_difference('category.posts.count', -1) do
+      post :unrelate, { :id => post_.id, 
+                        :resource => 'Category', :resource_id => category.id }
+    end
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert_equal "Category unrelated from Post.", flash[:success]
+
+  end
+
+  ##
+  # Post => has_many :assets, :as => resource (Polimorphic)
+  ##
+
+  def test_should_relate_asset_with_post_and_then_unrelate
+
+    post_ = posts(:published)
+
+    @request.env['HTTP_REFERER'] = "/admin/posts/edit/#{post_.id}#assets"
+
+    assert_difference('post_.assets.count', -1) do
+      get :unrelate, { :id => post_.id,  
+                       :resource => 'Asset', :resource_id => post_.assets.first.id }
+    end
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert_equal "Asset unrelated from Post.", flash[:success]
+
+  end
+
+end

data/test/functional/admin/master_controller_posts_roles.rb

@@ -0,0 +1,50 @@
+require 'test/helper'
+
+class Admin::PostsControllerTest < ActionController::TestCase
+
+  def test_should_allow_admin_to_add_a_category
+    admin = typus_users(:admin)
+    @request.session[:typus_user_id] = admin.id
+    assert admin.can_perform?('Post', 'create')
+  end
+
+  def test_should_not_allow_designer_to_add_a_post
+
+    designer = typus_users(:designer)
+    @request.session[:typus_user_id] = designer.id
+
+    get :new
+
+    assert_response :redirect
+    assert_equal "Designer can't perform action. (new)", flash[:notice]
+    assert_redirected_to :action => :index
+
+  end
+
+  def test_should_allow_admin_to_destroy_a_post
+
+    admin = typus_users(:admin)
+    @request.session[:typus_user_id] = admin.id
+
+    get :destroy, { :id => posts(:published).id, :method => :delete }
+
+    assert_response :redirect
+    assert_equal "Post successfully removed.", flash[:success]
+    assert_redirected_to :action => :index
+
+  end
+
+  def test_should_not_allow_designer_to_destroy_a_post
+
+    designer = typus_users(:designer)
+    @request.session[:typus_user_id] = designer.id
+
+    get :destroy, { :id => posts(:published).id, :method => :delete }
+
+    assert_response :redirect
+    assert_equal "Designer can't delete this item.", flash[:notice]
+    assert_redirected_to :action => :index
+
+  end
+
+end

data/test/functional/admin/master_controller_posts_toggle_test.rb

@@ -0,0 +1,35 @@
+require 'test/helper'
+
+class Admin::PostsControllerTest < ActionController::TestCase
+
+  def test_should_toggle_an_item
+
+    @request.env['HTTP_REFERER'] = '/admin/posts'
+
+    post = posts(:unpublished)
+    get :toggle, { :id => post.id, :field => 'status' }
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert_equal "Post status changed.", flash[:success]
+    assert Post.find(post.id).status
+
+  end
+
+  def test_should_not_toggle_an_item_when_disabled
+
+    @request.env['HTTP_REFERER'] = '/admin/posts'
+
+    options = Typus::Configuration.options.merge(:toggle => false)
+    Typus::Configuration.stubs(:options).returns(options)
+
+    post = posts(:unpublished)
+    get :toggle, { :id => post.id, :field => 'status' }
+
+    assert_response :redirect
+    assert_redirected_to @request.env['HTTP_REFERER']
+    assert_equal "Toggle is disabled.", flash[:notice]
+
+  end
+
+end

data/test/functional/admin/master_controller_posts_views_test.rb

@@ -0,0 +1,209 @@
+require 'test/helper'
+
+class Admin::PostsControllerTest < ActionController::TestCase
+
+  ##
+  # get :index
+  ##
+
+  def test_should_render_index_and_verify_presence_of_custom_partials
+    get :index
+    partials = %w( _index.html.erb _sidebar.html.erb )
+    partials.each { |p| assert_match p, @response.body }
+  end
+
+  def test_should_render_index_and_verify_page_title
+    get :index
+    assert_select 'title', "#{Typus::Configuration.options[:app_name]} - Posts"
+  end
+
+  def test_should_render_index_and_show_add_entry_link
+
+    get :index
+
+    assert_select "#sidebar ul" do
+      assert_select "li", "Add entry"
+    end
+
+  end
+
+  def test_should_render_index_and_not_show_add_entry_link
+
+    typus_user = typus_users(:designer)
+    @request.session[:typus_user_id] = typus_user.id
+
+    get :index
+    assert_response :success
+
+    assert_no_match /Add entry/, @response.body
+
+  end
+
+  def test_should_render_index_and_show_trash_item_image
+    get :index
+    assert_response :success
+    assert_select '.trash', 'Trash'
+  end
+
+  def test_should_render_index_and_not_show_trash_image
+
+    typus_user = typus_users(:designer)
+    @request.session[:typus_user_id] = typus_user.id
+
+    get :index
+    assert_response :success
+    assert_select '.trash', false
+
+  end
+
+  def test_should_get_index_and_render_edit_or_show_links
+
+    %w( edit show ).each do |action|
+
+      options = Typus::Configuration.options.merge(:default_action_on_item => action)
+      Typus::Configuration.stubs(:options).returns(options)
+
+      get :index
+
+      Post.find(:all).each do |post|
+        assert_match "/posts/#{action}/#{post.id}", @response.body
+      end
+
+    end
+
+  end
+
+  def test_should_get_index_and_render_edit_or_show_links_on_owned_records
+
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+
+    get :index
+
+    Post.find(:all).each do |post|
+      action = post.owned_by?(typus_user) ? 'edit' : 'show'
+      assert_match "/posts/#{action}/#{post.id}", @response.body
+    end
+
+  end
+
+  def test_should_get_index_and_render_edit_or_show_on_only_user_items
+
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+
+    %w( edit show ).each do |action|
+
+      options = Typus::Configuration.options.merge(:only_user_items => true, 
+                                                   :default_action_on_item => action)
+      Typus::Configuration.stubs(:options).returns(options)
+
+      get :index
+
+      Post.find(:all).each do |post|
+        if post.owned_by?(typus_user)
+          assert_match "/posts/#{action}/#{post.id}", @response.body
+        else
+          assert_no_match /\/posts\/#{action}\/#{post.id}/, @response.body
+        end
+      end
+
+    end
+
+  end
+
+  ##
+  # get :new
+  ##
+
+  def test_should_render_posts_partials_on_new
+    get :new
+    partials = %w( _new.html.erb _sidebar.html.erb )
+    partials.each { |p| assert_match p, @response.body }
+  end
+
+  def test_should_render_new_and_verify_page_title
+    get :new
+    assert_select 'title', "#{Typus::Configuration.options[:app_name]} - Posts &rsaquo; New"
+  end
+
+  ##
+  # get :edit
+  ##
+
+  def test_should_render_edit_and_verify_presence_of_custom_partials
+    get :edit, { :id => posts(:published).id }
+    partials = %w( _edit.html.erb _sidebar.html.erb )
+    partials.each { |p| assert_match p, @response.body }
+  end
+
+  def test_should_render_edit_and_verify_page_title
+    get :edit, { :id => posts(:published).id }
+    assert_select 'title', "#{Typus::Configuration.options[:app_name]} - Posts &rsaquo; Edit"
+  end
+
+  ##
+  # get :show
+  ##
+
+  def test_should_render_show_and_verify_presence_of_custom_partials
+    get :show, { :id => posts(:published).id }
+    partials = %w( _show.html.erb _sidebar.html.erb )
+    partials.each { |p| assert_match p, @response.body }
+  end
+
+  def test_should_render_show_and_verify_page_title
+    get :show, { :id => posts(:published).id }
+    assert_select 'title', "#{Typus::Configuration.options[:app_name]} - Posts &rsaquo; Show"
+  end
+
+  def test_should_render_show_and_verify_add_relationships_links
+
+    ##
+    # Admin
+    ##
+
+    [ posts(:owned_by_admin), posts(:owned_by_editor) ].each do |post|
+
+      get :show, { :id => post.id }
+
+      %w( assets categories comments views ).each do |model|
+        assert_select "div##{model} h2", "#{model.capitalize}\n    Add new"
+      end
+
+    end
+
+    ##
+    # Editor
+    ##
+
+    typus_user = typus_users(:editor)
+    @request.session[:typus_user_id] = typus_user.id
+
+    get :show, { :id => posts(:owned_by_admin).id }
+
+    # This is a has_many relationship, and record is owned by admin, so the 
+    # editor can only list. Assets it's not shown because the editor doesn't 
+    # have access to this resource.
+    assert_select 'div#assets h2', false
+    assert_select 'div#categories h2', "Categories"
+    assert_select 'div#comments h2', "Comments"
+    assert_select 'div#views h2', "Views"
+
+    get :show, { :id => posts(:owned_by_editor).id }
+
+    # This is a has_many (polimorphic) relationship, but editor can't add new items.
+    assert_select 'div#assets h2', false
+    # This is a has_and_belongs_to_many relationship and editor can add new items.
+    assert_select 'div#categories h2', "Categories\n    Add new"
+    # This is a has_many relationship, but editor can't add items.
+    assert_select 'div#comments h2', "Comments"
+    # This is a has_many relationship and editor can add items.
+    assert_select 'div#views h2', "Views\n    Add new"
+
+    expected = "/admin/views/new?back_to=%2Fadmin%2Fposts%2Fshow%2F4%23views&amp;post_id=4&amp;resource=post&amp;resource_id=4"
+    assert_match expected, @response.body
+
+  end
+
+end