1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
require 'test_helper'
class UsersControllerTest < ActionController::TestCase
test "get index as regular user renders stripped partial" do
login_as :quentin
get :index
assert_response :success
assert_select "a", { :count => 0, :text => "Destroy" }
end
test "get index as admin user renders admin partial" do
login_as :aaron
get :index
assert_response :success
assert_select "a", "destroy"
assert_select "a", "show", "Show Link is missing"
end
test "get new when logged in as admin" do
login_as :aaron
get :new
assert_response :success
end
test "get new without being logged in as admin redirects back to index" do
login_as :quentin
get :new
assert_response :redirect
assert_redirected_to users_path
assert_equal(
"Sorry, you need to be an admin for this action",
flash[:notice]
)
end
test "creating new users being logged in as admin" do
login_as :aaron
assert_difference "User.count", +1 do
post :create, params: {
:user => {
:login => "peter",
:email => "foo@bar.com",
:password => "xxxzzz",
:password_confirmation => "xxxzzz"
}
}
end
assert_redirected_to user_path(User.last)
assert !User.last.admin
end
test "creating new admin users being logged in as admin" do
login_as :aaron
assert_difference "User.count", +1 do
post :create, params: {
:user => {
:login => "peter",
:email => "foo@bar.com",
:password => "xxxzzz",
:password_confirmation => "xxxzzz",
:admin => true
}
}
end
assert_redirected_to user_path(User.last)
assert User.last.admin
end
test "creating new users not being logged as regular user wont work" do
login_as :quentin
assert_no_difference "User.count" do
post :create, params: {
:user => {
:login => "peter",
:email => "foo@bar.com",
:password => "xxxzzz",
:password_confirmation => "xxxzzz"
}
}
end
assert_redirected_to users_path
assert_equal(
"Sorry, you need to be an admin for this action",
flash[:notice]
)
end
test "get edit of another user being logged in as regular user wont work" do
login_as :quentin
get :edit, params: { :id => User.find_by_login("aaron").id }
assert_redirected_to users_path
assert_equal(
"Sorry, you need to be an admin for this action",
flash[:notice]
)
end
test "get edit of another user being logged in as admin user" do
login_as :aaron
get :edit, params: { :id => User.find_by_login("quentin").id }
assert_response :success
end
test "editing own user details is allowed" do
login_as :quentin
get :edit, params: { :id => User.find_by_login("quentin").id }
assert_response :success
end
test "updating an user when being logged in as regular user wont work" do
user = User.find_by_login("aaron")
login_as :quentin
put :update, params: { :id => user.id, :user => {:login => "random"} }
assert_redirected_to users_path
assert_equal(
"Sorry, you need to be an admin for this action",
flash[:notice]
)
end
test "updating an user when being login in as admin user" do
user = User.find_by_login("quentin")
login_as :aaron
put :update, params: { :id => user.id, :user => {:login => "random"} }
assert_redirected_to user_path(user)
assert_equal "random", user.reload.login
end
test "updating own user details is allowd" do
user = User.find_by_login("quentin")
login_as :quentin
put :update, params: { :id => user.id, :user => {:login => "random"} }
assert_redirected_to user_path(user)
assert_equal "random", user.reload.login
end
test "showing a user" do
login_as :quentin
get :show, params: { :id => User.find_by_login("aaron").id }
assert_response :success
end
test "destroying an user being logged in as regular user wont work" do
login_as :quentin
assert_no_difference "User.count" do
delete :destroy, params: { :id => User.find_by_login("aaron").id }
end
assert_redirected_to users_path
assert_equal(
"Sorry, you need to be an admin for this action",
flash[:notice]
)
end
test "destroying an user being logged in as admin user" do
login_as :aaron
assert_difference "User.count", -1 do
delete :destroy, params: { :id => User.find_by_login("quentin").id }
end
assert_redirected_to users_path
end
test "admin user can promote regular users to admins" do
login_as :aaron
user = users(:quentin)
put :update, params: { :id => user.id, :user => {:admin => true} }
user.reload
assert_equal true, user.is_admin?
end
test "regular users cannot promote themselves to admins" do
login_as :quentin
user = users(:quentin)
put :update, params: { :id => user.id, :user => {:admin => true} }
user.reload
assert_equal false, user.is_admin?
end
end
|