users_test.rb 4.08 KB
Edit Raw Blame History Permalink



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134


# encoding: UTF-8
require_relative 'test_helper'

class UsersTest < ActiveSupport::TestCase

  should 'logger user list users' do
    login_api
    get "/api/v1/users/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert_includes json["users"].map { |a| a["login"] }, user.login
  end

  should 'logger user get user info' do
    login_api
    get "/api/v1/users/#{user.id}?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert_equal user.id, json['user']['id']
  end

  should 'logger user list user permissions' do
    login_api
    community = fast_create(Community)
    community.add_admin(person)
    get "/api/v1/users/#{user.id}/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert_includes json["user"]["permissions"], community.identifier
  end

  should 'get logged user' do
    login_api
    get "/api/v1/users/me?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert_equal user.id, json['user']['id']
  end

  should 'not show permissions to logged user' do
    login_api
    target_person = create_user('some-user').person
    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    refute json["user"].has_key?("permissions")
  end

  should 'logger user show permissions to self' do
    login_api
    get "/api/v1/users/#{user.id}/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert json["user"].has_key?("permissions")
  end

  should 'not show permissions to friend' do
    login_api
    target_person = create_user('some-user').person

    f = Friendship.new
    f.friend = target_person
    f.person = person
    f.save!

    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    refute json["user"].has_key?("permissions")
  end

  should 'not show private attribute to logged user' do
    login_api
    target_person = create_user('some-user').person
    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    refute json["user"].has_key?("email")
  end

  should 'show private attr to friend' do
    login_api
    target_person = create_user('some-user').person
    f = Friendship.new
    f.friend = target_person
    f.person = person
    f.save!
    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert json["user"].has_key?("email")
    assert_equal target_person.email, json["user"]["email"]
  end

  should 'show public attribute to logged user' do
    login_api
    target_person = create_user('some-user').person
    target_person.fields_privacy={:email=> 'public'}
    target_person.save!
    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert json["user"].has_key?("email")
    assert_equal json["user"]["email"],target_person.email
  end

  should 'show public and private field to admin' do
    login_api
    Environment.default.add_admin(person)

    target_person = create_user('some-user').person
    target_person.fields_privacy={:email=> 'public'}
    target_person.save!

    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert json["user"].has_key?("email")
    assert json["user"].has_key?("permissions")
    assert json["user"].has_key?("activated")
  end

  should 'show public fields to anonymous' do
    anonymous_setup
    target_person = create_user('some-user').person
    target_person.fields_privacy={:email=> 'public'}
    target_person.save!

    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    assert json["user"].has_key?("email")
  end

  should 'hide private fields to anonymous' do
    anonymous_setup
    target_person = create_user('some-user').person
    target_person.save!

    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
    json = JSON.parse(last_response.body)
    refute json["user"].has_key?("permissions")
    refute json["user"].has_key?("activated")
  end

end