add test for user api

Marcos Pereira · Rodrigo Souto · Marcos Pereira
1 parent 0ac23124
Showing 1 changed file with 69 additions and 0 deletions Show diff stats
test/unit/api/users_test.rb
@@ -33,4 +33,73 @@ class UsersTest &lt; ActiveSupport::TestCase
     assert_equal user.id, json['user']['id']
   end
  
+  should 'not show permissions to logged user' do
+    target_person = create_user('some-user').person
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    refute json["user"].has_key?("permissions")
+  end
+
+  should 'show permissions to self' do
+    get "/api/v1/users/#{user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("permissions")
+  end
+
+  should 'not show permissions to friend' do
+    target_person = create_user('some-user').person
+
+    f = Friendship.new
+    f.friend = target_person
+    f.person = person
+    f.save!
+
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    refute json["user"].has_key?("permissions")
+  end
+
+  should 'not show private attribute to logged user' do
+    target_person = create_user('some-user').person
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    refute json["user"].has_key?("email")
+  end
+
+  should 'show private attr to friend' do
+    target_person = create_user('some-user').person
+    f = Friendship.new
+    f.friend = target_person
+    f.person = person
+    f.save!
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("email")
+    assert_equal target_person.email, json["user"]["email"]
+  end
+
+  should 'show public attribute to logged user' do
+    target_person = create_user('some-user').person
+    target_person.fields_privacy={:email=> 'public'}
+    target_person.save!
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("email")
+    assert_equal json["user"]["email"],target_person.email
+  end
+
+  should 'show public and private field to admin' do
+    Environment.default.add_admin(person)
+
+    target_person = create_user('some-user').person
+    target_person.fields_privacy={:email=> 'public'}
+    target_person.save!
+
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("email")
+    assert json["user"].has_key?("permissions")
+    assert json["user"].has_key?("activated")
+  end
+
 end
...	...	@@ -33,4 +33,73 @@ class UsersTest < ActiveSupport::TestCase
33	33	assert_equal user.id, json['user']['id']
34	34	end
35	35
	36	+ should 'not show permissions to logged user' do
	37	+ target_person = create_user('some-user').person
	38	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
	39	+ json = JSON.parse(last_response.body)
	40	+ refute json["user"].has_key?("permissions")
	41	+ end
	42	+
	43	+ should 'show permissions to self' do
	44	+ get "/api/v1/users/#{user.id}/?#{params.to_query}"
	45	+ json = JSON.parse(last_response.body)
	46	+ assert json["user"].has_key?("permissions")
	47	+ end
	48	+
	49	+ should 'not show permissions to friend' do
	50	+ target_person = create_user('some-user').person
	51	+
	52	+ f = Friendship.new
	53	+ f.friend = target_person
	54	+ f.person = person
	55	+ f.save!
	56	+
	57	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
	58	+ json = JSON.parse(last_response.body)
	59	+ refute json["user"].has_key?("permissions")
	60	+ end
	61	+
	62	+ should 'not show private attribute to logged user' do
	63	+ target_person = create_user('some-user').person
	64	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
	65	+ json = JSON.parse(last_response.body)
	66	+ refute json["user"].has_key?("email")
	67	+ end
	68	+
	69	+ should 'show private attr to friend' do
	70	+ target_person = create_user('some-user').person
	71	+ f = Friendship.new
	72	+ f.friend = target_person
	73	+ f.person = person
	74	+ f.save!
	75	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
	76	+ json = JSON.parse(last_response.body)
	77	+ assert json["user"].has_key?("email")
	78	+ assert_equal target_person.email, json["user"]["email"]
	79	+ end
	80	+
	81	+ should 'show public attribute to logged user' do
	82	+ target_person = create_user('some-user').person
	83	+ target_person.fields_privacy={:email=> 'public'}
	84	+ target_person.save!
	85	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
	86	+ json = JSON.parse(last_response.body)
	87	+ assert json["user"].has_key?("email")
	88	+ assert_equal json["user"]["email"],target_person.email
	89	+ end
	90	+
	91	+ should 'show public and private field to admin' do
	92	+ Environment.default.add_admin(person)
	93	+
	94	+ target_person = create_user('some-user').person
	95	+ target_person.fields_privacy={:email=> 'public'}
	96	+ target_person.save!
	97	+
	98	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
	99	+ json = JSON.parse(last_response.body)
	100	+ assert json["user"].has_key?("email")
	101	+ assert json["user"].has_key?("permissions")
	102	+ assert json["user"].has_key?("activated")
	103	+ end
	104	+
36	105	end
...	...