add test for user api

Marcos Pereira · Rodrigo Souto · Marcos Pereira
1 parent 0ac23124
Showing 1 changed file with 69 additions and 0 deletions Show diff stats
test/unit/api/users_test.rb
@@ -33,4 +33,73 @@ class UsersTest &lt; ActiveSupport::TestCase
     assert_equal user.id, json['user']['id']
   end
+  should 'not show permissions to logged user' do
+    target_person = create_user('some-user').person
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    refute json["user"].has_key?("permissions")
+  end
+
+  should 'show permissions to self' do
+    get "/api/v1/users/#{user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("permissions")
+  end
+
+  should 'not show permissions to friend' do
+    target_person = create_user('some-user').person
+
+    f = Friendship.new
+    f.friend = target_person
+    f.person = person
+    f.save!
+
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    refute json["user"].has_key?("permissions")
+  end
+
+  should 'not show private attribute to logged user' do
+    target_person = create_user('some-user').person
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    refute json["user"].has_key?("email")
+  end
+
+  should 'show private attr to friend' do
+    target_person = create_user('some-user').person
+    f = Friendship.new
+    f.friend = target_person
+    f.person = person
+    f.save!
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("email")
+    assert_equal target_person.email, json["user"]["email"]
+  end
+
+  should 'show public attribute to logged user' do
+    target_person = create_user('some-user').person
+    target_person.fields_privacy={:email=> 'public'}
+    target_person.save!
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("email")
+    assert_equal json["user"]["email"],target_person.email
+  end
+
+  should 'show public and private field to admin' do
+    Environment.default.add_admin(person)
+
+    target_person = create_user('some-user').person
+    target_person.fields_privacy={:email=> 'public'}
+    target_person.save!
+
+    get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
+    json = JSON.parse(last_response.body)
+    assert json["user"].has_key?("email")
+    assert json["user"].has_key?("permissions")
+    assert json["user"].has_key?("activated")
+  end
+
 end
	@@ -33,4 +33,73 @@ class UsersTest < ActiveSupport::TestCase		@@ -33,4 +33,73 @@ class UsersTest < ActiveSupport::TestCase
33	assert_equal user.id, json['user']['id']	33	assert_equal user.id, json['user']['id']
34	end	34	end
35		35
		36	+ should 'not show permissions to logged user' do
		37	+ target_person = create_user('some-user').person
		38	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
		39	+ json = JSON.parse(last_response.body)
		40	+ refute json["user"].has_key?("permissions")
		41	+ end
		42	+
		43	+ should 'show permissions to self' do
		44	+ get "/api/v1/users/#{user.id}/?#{params.to_query}"
		45	+ json = JSON.parse(last_response.body)
		46	+ assert json["user"].has_key?("permissions")
		47	+ end
		48	+
		49	+ should 'not show permissions to friend' do
		50	+ target_person = create_user('some-user').person
		51	+
		52	+ f = Friendship.new
		53	+ f.friend = target_person
		54	+ f.person = person
		55	+ f.save!
		56	+
		57	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
		58	+ json = JSON.parse(last_response.body)
		59	+ refute json["user"].has_key?("permissions")
		60	+ end
		61	+
		62	+ should 'not show private attribute to logged user' do
		63	+ target_person = create_user('some-user').person
		64	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
		65	+ json = JSON.parse(last_response.body)
		66	+ refute json["user"].has_key?("email")
		67	+ end
		68	+
		69	+ should 'show private attr to friend' do
		70	+ target_person = create_user('some-user').person
		71	+ f = Friendship.new
		72	+ f.friend = target_person
		73	+ f.person = person
		74	+ f.save!
		75	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
		76	+ json = JSON.parse(last_response.body)
		77	+ assert json["user"].has_key?("email")
		78	+ assert_equal target_person.email, json["user"]["email"]
		79	+ end
		80	+
		81	+ should 'show public attribute to logged user' do
		82	+ target_person = create_user('some-user').person
		83	+ target_person.fields_privacy={:email=> 'public'}
		84	+ target_person.save!
		85	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
		86	+ json = JSON.parse(last_response.body)
		87	+ assert json["user"].has_key?("email")
		88	+ assert_equal json["user"]["email"],target_person.email
		89	+ end
		90	+
		91	+ should 'show public and private field to admin' do
		92	+ Environment.default.add_admin(person)
		93	+
		94	+ target_person = create_user('some-user').person
		95	+ target_person.fields_privacy={:email=> 'public'}
		96	+ target_person.save!
		97	+
		98	+ get "/api/v1/users/#{target_person.user.id}/?#{params.to_query}"
		99	+ json = JSON.parse(last_response.body)
		100	+ assert json["user"].has_key?("email")
		101	+ assert json["user"].has_key?("permissions")
		102	+ assert json["user"].has_key?("activated")
		103	+ end
		104	+
36	end	105	end