users_test.rb
5.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# encoding: UTF-8
require_relative 'test_helper'
class UsersTest < ActiveSupport::TestCase
def setup
create_and_activate_user
end
should 'logger user list users' do
login_api
get "/api/v1/users/?#{params.to_query}"
json = JSON.parse(last_response.body)
assert_includes json["users"].map { |a| a["login"] }, user.login
end
should 'logger user get user info' do
login_api
get "/api/v1/users/#{user.id}?#{params.to_query}"
json = JSON.parse(last_response.body)
assert_equal user.id, json['user']['id']
end
should 'logger user list user permissions' do
login_api
community = fast_create(Community)
community.add_admin(person)
get "/api/v1/users/#{user.id}/?#{params.to_query}"
json = JSON.parse(last_response.body)
assert_includes json["user"]["permissions"], community.identifier
end
should 'get logged user' do
login_api
get "/api/v1/users/me?#{params.to_query}"
json = JSON.parse(last_response.body)
assert_equal user.id, json['user']['id']
end
should 'not show permissions to logged user' do
login_api
target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment)
get "/api/v1/users/#{target_user.id}/?#{params.to_query}"
json = JSON.parse(last_response.body)
refute json["user"].has_key?("permissions")
end
should 'logger user show permissions to self' do
login_api
get "/api/v1/users/#{user.id}/?#{params.to_query}"
json = JSON.parse(last_response.body)
assert json["user"].has_key?("permissions")
end
should 'not show permissions to friend' do
login_api
target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person
target_person.add_friend(person)
person.add_friend(target_person)
get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
json = JSON.parse(last_response.body)
refute json["user"].has_key?("permissions")
end
should 'not show private attribute to logged user' do
login_api
target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment)
get "/api/v1/users/#{target_user.id}/?#{params.to_query}"
json = JSON.parse(last_response.body)
assert_equal 200, last_response.status
assert_nil json['user']['email']
assert_nil json['user']['person']
end
should 'show private attr to friend' do
login_api
target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person
target_person.add_friend(person)
person.add_friend(target_person)
get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
json = JSON.parse(last_response.body)
assert json["user"].has_key?("email")
assert_equal target_person.email, json["user"]["email"]
end
should 'show public attribute to logged user' do
login_api
target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person
target_person.public_profile = true
target_person.visible = true
target_person.fields_privacy={:email=> 'public'}
target_person.save!
get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
json = JSON.parse(last_response.body)
assert json["user"].has_key?("email")
assert_equal json["user"]["email"],target_person.email
end
should 'show public and private field to admin' do
login_api
Environment.default.add_admin(person)
target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person
target_person.fields_privacy={:email=> 'public'}
target_person.save!
get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
json = JSON.parse(last_response.body)
assert json["user"].has_key?("email")
assert json["user"].has_key?("permissions")
assert json["user"].has_key?("activated")
end
should 'show public fields to anonymous' do
target_person = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment).person
target_person.fields_privacy={:email=> 'public'}
target_person.public_profile = true
target_person.visible = true
target_person.save!
get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
json = JSON.parse(last_response.body)
assert json["user"].has_key?("email")
end
should 'hide private fields to anonymous' do
target_user = User.create!(:login => 'user1', :password => 'USER_PASSWORD', :password_confirmation => 'USER_PASSWORD', :email => 'test2@test.org', :environment => environment)
get "/api/v1/users/#{target_user.id}/?#{params.to_query}"
json = JSON.parse(last_response.body)
refute json["user"].has_key?("permissions")
refute json["user"].has_key?("activated")
end
end