Download as
Browse Code »

Commit 7f14c33dc9d0f2b9e91986d2f146f679ecdb7016

Authored by Victor Costa
Committed by Rodrigo Souto
1 parent 03e5175f
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

api: create separated files to test entities 

Also create a subfolder (test/unit/api) to avoid conflicts with unit tests of models that already exists.
Showing 7 changed files with 269 additions and 224 deletions   Show diff stats
test/unit/api/articles_test.rb 0 → 100644
  Diff comments   View file @7f14c33
... ... @@ -0,0 +1,140 @@
  1 +require File.dirname(__FILE__) + '/test_helper'
  2 +
  3 +class ArticlesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'list articles' do
  10 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  11 + get "/api/v1/articles/?#{params.to_query}"
  12 + json = JSON.parse(last_response.body)
  13 + assert_includes json["articles"].map { |a| a["id"] }, article.id
  14 + end
  15 +
  16 + should 'not list forbidden article when listing articles' do
  17 + person = fast_create(Person)
  18 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  19 + assert !article.published?
  20 +
  21 + get "/api/v1/articles?#{params.to_query}"
  22 + json = JSON.parse(last_response.body)
  23 + assert_not_includes json['articles'].map {|a| a['id']}, article.id
  24 + end
  25 +
  26 + should 'return article by id' do
  27 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  28 + get "/api/v1/articles/#{article.id}?#{params.to_query}"
  29 + json = JSON.parse(last_response.body)
  30 + assert_equal article.id, json["article"]["id"]
  31 + end
  32 +
  33 + should 'not return article if user has no permission to view it' do
  34 + person = fast_create(Person)
  35 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  36 + assert !article.published?
  37 +
  38 + get "/api/v1/articles/#{article.id}?#{params.to_query}"
  39 + assert_equal 403, last_response.status
  40 + end
  41 +
  42 + should 'return article by community' do
  43 + community = fast_create(Community)
  44 + article = fast_create(Article, :profile_id => community.id, :name => "Some thing")
  45 + get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}"
  46 + json = JSON.parse(last_response.body)
  47 + assert_equal article.id, json["article"]["id"]
  48 + end
  49 +
  50 + should 'not return article by community if user has no permission to view it' do
  51 + community = fast_create(Community)
  52 + article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false)
  53 + assert !article.published?
  54 +
  55 + get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}"
  56 + assert_equal 403, last_response.status
  57 + end
  58 +
  59 + should 'not list forbidden article when listing articles by community' do
  60 + community = fast_create(Community)
  61 + article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false)
  62 + assert !article.published?
  63 +
  64 + get "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
  65 + json = JSON.parse(last_response.body)
  66 + assert_not_includes json['articles'].map {|a| a['id']}, article.id
  67 + end
  68 +
  69 + should 'list article children' do
  70 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  71 + child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
  72 + child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
  73 + get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
  74 + json = JSON.parse(last_response.body)
  75 + assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }
  76 + end
  77 +
  78 + should 'not list children of forbidden article' do
  79 + person = fast_create(Person)
  80 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  81 + child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
  82 + child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
  83 + get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
  84 + assert_equal 403, last_response.status
  85 + end
  86 +
  87 + should 'not return child of forbidden article' do
  88 + person = fast_create(Person)
  89 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  90 + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
  91 + get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
  92 + assert_equal 403, last_response.status
  93 + end
  94 +
  95 + should 'not return private child' do
  96 + person = fast_create(Person)
  97 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
  98 + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
  99 + get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
  100 + assert_equal 403, last_response.status
  101 + end
  102 +
  103 + should 'not list private child' do
  104 + person = fast_create(Person)
  105 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
  106 + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
  107 + get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
  108 + json = JSON.parse(last_response.body)
  109 + assert_not_includes json['articles'].map {|a| a['id']}, child.id
  110 + end
  111 +
  112 + should 'create article in a community' do
  113 + community = fast_create(Community)
  114 + give_permission(user.person, 'post_content', community)
  115 + params[:article] = {:name => "Title"}
  116 + post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
  117 + json = JSON.parse(last_response.body)
  118 + assert_equal "Title", json["article"]["title"]
  119 + end
  120 +
  121 + should 'do not create article if user has no permission to post content' do
  122 + community = fast_create(Community)
  123 + give_permission(user.person, 'invite_members', community)
  124 + params[:article] = {:name => "Title"}
  125 + post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
  126 + assert_equal 403, last_response.status
  127 + end
  128 +
  129 + should 'create article with parent' do
  130 + community = fast_create(Community)
  131 + community.add_member(user.person)
  132 + article = fast_create(Article)
  133 +
  134 + params[:article] = {:name => "Title", :parent_id => article.id}
  135 + post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
  136 + json = JSON.parse(last_response.body)
  137 + assert_equal article.id, json["article"]["parent"]["id"]
  138 + end
  139 +
  140 +end
... ...
test/unit/api/categories_test.rb 0 → 100644
  Diff comments   View file @7f14c33
... ... @@ -0,0 +1,23 @@
  1 +require File.dirname(__FILE__) + '/test_helper'
  2 +
  3 +class CategoriesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'list categories' do
  10 + category = fast_create(Category)
  11 + get "/api/v1/categories/?#{params.to_query}"
  12 + json = JSON.parse(last_response.body)
  13 + assert_includes json["categories"].map { |c| c["name"] }, category.name
  14 + end
  15 +
  16 + should 'get category by id' do
  17 + category = fast_create(Category)
  18 + get "/api/v1/categories/#{category.id}/?#{params.to_query}"
  19 + json = JSON.parse(last_response.body)
  20 + assert_equal category.name, json["category"]["name"]
  21 + end
  22 +
  23 +end
... ...
test/unit/api/comments_test.rb 0 → 100644
  Diff comments   View file @7f14c33
... ... @@ -0,0 +1,19 @@
  1 +require File.dirname(__FILE__) + '/test_helper'
  2 +
  3 +class CommentsTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'return comments of an article' do
  10 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  11 + article.comments.create!(:body => "some comment", :author => user.person)
  12 + article.comments.create!(:body => "another comment", :author => user.person)
  13 +
  14 + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  15 + json = JSON.parse(last_response.body)
  16 + assert_equal 2, json["comments"].length
  17 + end
  18 +
  19 +end
... ...
test/unit/api/session_test.rb 0 → 100644
  Diff comments   View file @7f14c33
... ... @@ -0,0 +1,42 @@
  1 +require File.dirname(__FILE__) + '/test_helper'
  2 +
  3 +class APITest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'generate private token when login' do
  10 + params = {:login => "testapi", :password => "testapi"}
  11 + post "/api/v1/login?#{params.to_query}"
  12 + json = JSON.parse(last_response.body)
  13 + assert !json["private_token"].blank?
  14 + end
  15 +
  16 + should 'return 401 when login fails' do
  17 + user.destroy
  18 + params = {:login => "testapi", :password => "testapi"}
  19 + post "/api/v1/login?#{params.to_query}"
  20 + assert_equal 401, last_response.status
  21 + end
  22 +
  23 + should 'register a user' do
  24 + params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" }
  25 + post "/api/v1/register?#{params.to_query}"
  26 + assert_equal 201, last_response.status
  27 + end
  28 +
  29 + should 'do not register a user without email' do
  30 + params = {:login => "newuserapi", :password => "newuserapi", :email => nil }
  31 + post "/api/v1/register?#{params.to_query}"
  32 + assert_equal 400, last_response.status
  33 + end
  34 +
  35 + should 'do not register a duplicated user' do
  36 + params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" }
  37 + post "/api/v1/register?#{params.to_query}"
  38 + post "/api/v1/register?#{params.to_query}"
  39 + assert_equal 400, last_response.status
  40 + end
  41 +
  42 +end
... ...
test/unit/api/test_helper.rb 0 → 100644
  Diff comments   View file @7f14c33
... ... @@ -0,0 +1,22 @@
  1 +require File.dirname(__FILE__) + '/../../test_helper'
  2 +
  3 +class ActiveSupport::TestCase
  4 +
  5 + include Rack::Test::Methods
  6 +
  7 + def app
  8 + API::API
  9 + end
  10 +
  11 + def login_api
  12 + @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => Environment.default)
  13 + @user.activate
  14 +
  15 + post "/api/v1/login?login=testapi&password=testapi"
  16 + json = JSON.parse(last_response.body)
  17 + @private_token = json["private_token"]
  18 + @params = {:private_token => @private_token}
  19 + end
  20 + attr_accessor :private_token, :user, :params
  21 +
  22 +end
... ...
test/unit/api/users_test.rb 0 → 100644
  Diff comments   View file @7f14c33
... ... @@ -0,0 +1,23 @@
  1 +require File.dirname(__FILE__) + '/test_helper'
  2 +
  3 +class UsersTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'list users' do
  10 + get "/api/v1/users/?#{params.to_query}"
  11 + json = JSON.parse(last_response.body)
  12 + assert_includes json["users"].map { |a| a["login"] }, user.login
  13 + end
  14 +
  15 + should 'list user permissions' do
  16 + community = fast_create(Community)
  17 + community.add_admin(user.person)
  18 + get "/api/v1/users/#{user.id}/?#{params.to_query}"
  19 + json = JSON.parse(last_response.body)
  20 + assert_includes json["user"]["permissions"], community.identifier
  21 + end
  22 +
  23 +end
... ...
test/unit/api_test.rb
View file @03e5175
... ... @@ -1,224 +0,0 @@
1   -require File.dirname(__FILE__) + '/../test_helper'
2   -
3   -class APITest < ActiveSupport::TestCase
4   -
5   - include Rack::Test::Methods
6   -
7   - def app
8   - API::API
9   - end
10   -
11   - def setup
12   - @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => Environment.default)
13   - @user.activate
14   -
15   - post "/api/v1/login?login=testapi&password=testapi"
16   - json = JSON.parse(last_response.body)
17   - @private_token = json["private_token"]
18   - @params = {:private_token => @private_token}
19   - end
20   - attr_accessor :private_token, :user, :params
21   -
22   - should 'generate private token when login' do
23   - params = {:login => "testapi", :password => "testapi"}
24   - post "/api/v1/login?#{params.to_query}"
25   - json = JSON.parse(last_response.body)
26   - assert !json["private_token"].blank?
27   - end
28   -
29   - should 'return 401 when login fails' do
30   - user.destroy
31   - params = {:login => "testapi", :password => "testapi"}
32   - post "/api/v1/login?#{params.to_query}"
33   - assert_equal 401, last_response.status
34   - end
35   -
36   - should 'register a user' do
37   - params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" }
38   - post "/api/v1/register?#{params.to_query}"
39   - assert_equal 201, last_response.status
40   - end
41   -
42   - should 'do not register a user without email' do
43   - params = {:login => "newuserapi", :password => "newuserapi", :email => nil }
44   - post "/api/v1/register?#{params.to_query}"
45   - assert_equal 400, last_response.status
46   - end
47   -
48   - should 'do not register a duplicated user' do
49   - params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" }
50   - post "/api/v1/register?#{params.to_query}"
51   - post "/api/v1/register?#{params.to_query}"
52   - assert_equal 400, last_response.status
53   - end
54   -
55   - should 'list articles' do
56   - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
57   - get "/api/v1/articles/?#{params.to_query}"
58   - json = JSON.parse(last_response.body)
59   - assert_includes json["articles"].map { |a| a["id"] }, article.id
60   - end
61   -
62   - should 'not list forbidden article when listing articles' do
63   - person = fast_create(Person)
64   - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
65   - assert !article.published?
66   -
67   - get "/api/v1/articles?#{params.to_query}"
68   - json = JSON.parse(last_response.body)
69   - assert_not_includes json['articles'].map {|a| a['id']}, article.id
70   - end
71   -
72   - should 'return article by id' do
73   - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
74   - get "/api/v1/articles/#{article.id}?#{params.to_query}"
75   - json = JSON.parse(last_response.body)
76   - assert_equal article.id, json["article"]["id"]
77   - end
78   -
79   - should 'not return article if user has no permission to view it' do
80   - person = fast_create(Person)
81   - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
82   - assert !article.published?
83   -
84   - get "/api/v1/articles/#{article.id}?#{params.to_query}"
85   - assert_equal 403, last_response.status
86   - end
87   -
88   - should 'return comments of an article' do
89   - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
90   - article.comments.create!(:body => "some comment", :author => user.person)
91   - article.comments.create!(:body => "another comment", :author => user.person)
92   -
93   - get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
94   - json = JSON.parse(last_response.body)
95   - assert_equal 2, json["comments"].length
96   - end
97   -
98   - should 'list users' do
99   - get "/api/v1/users/?#{params.to_query}"
100   - json = JSON.parse(last_response.body)
101   - assert_includes json["users"].map { |a| a["login"] }, user.login
102   - end
103   -
104   - should 'list user permissions' do
105   - community = fast_create(Community)
106   - community.add_admin(user.person)
107   - get "/api/v1/users/#{user.id}/?#{params.to_query}"
108   - json = JSON.parse(last_response.body)
109   - assert_includes json["user"]["permissions"], community.identifier
110   - end
111   -
112   - should 'list categories' do
113   - category = fast_create(Category)
114   - get "/api/v1/categories/?#{params.to_query}"
115   - json = JSON.parse(last_response.body)
116   - assert_includes json["categories"].map { |c| c["name"] }, category.name
117   - end
118   -
119   - should 'get category by id' do
120   - category = fast_create(Category)
121   - get "/api/v1/categories/#{category.id}/?#{params.to_query}"
122   - json = JSON.parse(last_response.body)
123   - assert_equal category.name, json["category"]["name"]
124   - end
125   -
126   - should 'return article by community' do
127   - community = fast_create(Community)
128   - article = fast_create(Article, :profile_id => community.id, :name => "Some thing")
129   - get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}"
130   - json = JSON.parse(last_response.body)
131   - assert_equal article.id, json["article"]["id"]
132   - end
133   -
134   - should 'not return article by community if user has no permission to view it' do
135   - community = fast_create(Community)
136   - article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false)
137   - assert !article.published?
138   -
139   - get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}"
140   - assert_equal 403, last_response.status
141   - end
142   -
143   - should 'not list forbidden article when listing articles by community' do
144   - community = fast_create(Community)
145   - article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false)
146   - assert !article.published?
147   -
148   - get "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
149   - json = JSON.parse(last_response.body)
150   - assert_not_includes json['articles'].map {|a| a['id']}, article.id
151   - end
152   -
153   - should 'list article children' do
154   - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
155   - child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
156   - child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
157   - get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
158   - json = JSON.parse(last_response.body)
159   - assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }
160   - end
161   -
162   - should 'not list children of forbidden article' do
163   - person = fast_create(Person)
164   - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
165   - child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
166   - child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
167   - get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
168   - assert_equal 403, last_response.status
169   - end
170   -
171   - should 'not return child of forbidden article' do
172   - person = fast_create(Person)
173   - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
174   - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
175   - get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
176   - assert_equal 403, last_response.status
177   - end
178   -
179   - should 'not return private child' do
180   - person = fast_create(Person)
181   - article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
182   - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
183   - get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
184   - assert_equal 403, last_response.status
185   - end
186   -
187   - should 'not list private child' do
188   - person = fast_create(Person)
189   - article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
190   - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
191   - get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
192   - json = JSON.parse(last_response.body)
193   - assert_not_includes json['articles'].map {|a| a['id']}, child.id
194   - end
195   -
196   - should 'create article in a community' do
197   - community = fast_create(Community)
198   - give_permission(user.person, 'post_content', community)
199   - params[:article] = {:name => "Title"}
200   - post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
201   - json = JSON.parse(last_response.body)
202   - assert_equal "Title", json["article"]["title"]
203   - end
204   -
205   - should 'do not create article if user has no permission to post content' do
206   - community = fast_create(Community)
207   - give_permission(user.person, 'invite_members', community)
208   - params[:article] = {:name => "Title"}
209   - post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
210   - assert_equal 403, last_response.status
211   - end
212   -
213   - should 'create article with parent' do
214   - community = fast_create(Community)
215   - community.add_member(user.person)
216   - article = fast_create(Article)
217   -
218   - params[:article] = {:name => "Title", :parent_id => article.id}
219   - post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
220   - json = JSON.parse(last_response.body)
221   - assert_equal article.id, json["article"]["parent"]["id"]
222   - end
223   -
224   -end