From 7f14c33dc9d0f2b9e91986d2f146f679ecdb7016 Mon Sep 17 00:00:00 2001 From: Victor Costa Date: Tue, 6 Jan 2015 10:38:40 -0300 Subject: [PATCH] api: create separated files to test entities --- test/unit/api/articles_test.rb | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ test/unit/api/categories_test.rb | 23 +++++++++++++++++++++++ test/unit/api/comments_test.rb | 19 +++++++++++++++++++ test/unit/api/session_test.rb | 42 ++++++++++++++++++++++++++++++++++++++++++ test/unit/api/test_helper.rb | 22 ++++++++++++++++++++++ test/unit/api/users_test.rb | 23 +++++++++++++++++++++++ test/unit/api_test.rb | 224 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 7 files changed, 269 insertions(+), 224 deletions(-) create mode 100644 test/unit/api/articles_test.rb create mode 100644 test/unit/api/categories_test.rb create mode 100644 test/unit/api/comments_test.rb create mode 100644 test/unit/api/session_test.rb create mode 100644 test/unit/api/test_helper.rb create mode 100644 test/unit/api/users_test.rb delete mode 100644 test/unit/api_test.rb diff --git a/test/unit/api/articles_test.rb b/test/unit/api/articles_test.rb new file mode 100644 index 0000000..1b355f2 --- /dev/null +++ b/test/unit/api/articles_test.rb @@ -0,0 +1,140 @@ +require File.dirname(__FILE__) + '/test_helper' + +class ArticlesTest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'list articles' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + get "/api/v1/articles/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json["articles"].map { |a| a["id"] }, article.id + end + + should 'not list forbidden article when listing articles' do + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + assert !article.published? + + get "/api/v1/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_includes json['articles'].map {|a| a['id']}, article.id + end + + should 'return article by id' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal article.id, json["article"]["id"] + end + + should 'not return article if user has no permission to view it' do + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + assert !article.published? + + get "/api/v1/articles/#{article.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'return article by community' do + community = fast_create(Community) + article = fast_create(Article, :profile_id => community.id, :name => "Some thing") + get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal article.id, json["article"]["id"] + end + + should 'not return article by community if user has no permission to view it' do + community = fast_create(Community) + article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false) + assert !article.published? + + get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not list forbidden article when listing articles by community' do + community = fast_create(Community) + article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false) + assert !article.published? + + get "/api/v1/communities/#{community.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_includes json['articles'].map {|a| a['id']}, article.id + end + + should 'list article children' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") + child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}/children?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] } + end + + should 'not list children of forbidden article' do + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") + child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}/children?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not return child of forbidden article' do + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") + get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not return private child' do + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false) + get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'not list private child' do + person = fast_create(Person) + article = fast_create(Article, :profile_id => person.id, :name => "Some thing") + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false) + get "/api/v1/articles/#{article.id}/children?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_not_includes json['articles'].map {|a| a['id']}, child.id + end + + should 'create article in a community' do + community = fast_create(Community) + give_permission(user.person, 'post_content', community) + params[:article] = {:name => "Title"} + post "/api/v1/communities/#{community.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal "Title", json["article"]["title"] + end + + should 'do not create article if user has no permission to post content' do + community = fast_create(Community) + give_permission(user.person, 'invite_members', community) + params[:article] = {:name => "Title"} + post "/api/v1/communities/#{community.id}/articles?#{params.to_query}" + assert_equal 403, last_response.status + end + + should 'create article with parent' do + community = fast_create(Community) + community.add_member(user.person) + article = fast_create(Article) + + params[:article] = {:name => "Title", :parent_id => article.id} + post "/api/v1/communities/#{community.id}/articles?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal article.id, json["article"]["parent"]["id"] + end + +end diff --git a/test/unit/api/categories_test.rb b/test/unit/api/categories_test.rb new file mode 100644 index 0000000..9c5fedf --- /dev/null +++ b/test/unit/api/categories_test.rb @@ -0,0 +1,23 @@ +require File.dirname(__FILE__) + '/test_helper' + +class CategoriesTest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'list categories' do + category = fast_create(Category) + get "/api/v1/categories/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json["categories"].map { |c| c["name"] }, category.name + end + + should 'get category by id' do + category = fast_create(Category) + get "/api/v1/categories/#{category.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal category.name, json["category"]["name"] + end + +end diff --git a/test/unit/api/comments_test.rb b/test/unit/api/comments_test.rb new file mode 100644 index 0000000..fe8874d --- /dev/null +++ b/test/unit/api/comments_test.rb @@ -0,0 +1,19 @@ +require File.dirname(__FILE__) + '/test_helper' + +class CommentsTest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'return comments of an article' do + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") + article.comments.create!(:body => "some comment", :author => user.person) + article.comments.create!(:body => "another comment", :author => user.person) + + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_equal 2, json["comments"].length + end + +end diff --git a/test/unit/api/session_test.rb b/test/unit/api/session_test.rb new file mode 100644 index 0000000..1695d3e --- /dev/null +++ b/test/unit/api/session_test.rb @@ -0,0 +1,42 @@ +require File.dirname(__FILE__) + '/test_helper' + +class APITest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'generate private token when login' do + params = {:login => "testapi", :password => "testapi"} + post "/api/v1/login?#{params.to_query}" + json = JSON.parse(last_response.body) + assert !json["private_token"].blank? + end + + should 'return 401 when login fails' do + user.destroy + params = {:login => "testapi", :password => "testapi"} + post "/api/v1/login?#{params.to_query}" + assert_equal 401, last_response.status + end + + should 'register a user' do + params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" } + post "/api/v1/register?#{params.to_query}" + assert_equal 201, last_response.status + end + + should 'do not register a user without email' do + params = {:login => "newuserapi", :password => "newuserapi", :email => nil } + post "/api/v1/register?#{params.to_query}" + assert_equal 400, last_response.status + end + + should 'do not register a duplicated user' do + params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" } + post "/api/v1/register?#{params.to_query}" + post "/api/v1/register?#{params.to_query}" + assert_equal 400, last_response.status + end + +end diff --git a/test/unit/api/test_helper.rb b/test/unit/api/test_helper.rb new file mode 100644 index 0000000..05b9210 --- /dev/null +++ b/test/unit/api/test_helper.rb @@ -0,0 +1,22 @@ +require File.dirname(__FILE__) + '/../../test_helper' + +class ActiveSupport::TestCase + + include Rack::Test::Methods + + def app + API::API + end + + def login_api + @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => Environment.default) + @user.activate + + post "/api/v1/login?login=testapi&password=testapi" + json = JSON.parse(last_response.body) + @private_token = json["private_token"] + @params = {:private_token => @private_token} + end + attr_accessor :private_token, :user, :params + +end diff --git a/test/unit/api/users_test.rb b/test/unit/api/users_test.rb new file mode 100644 index 0000000..8f22aad --- /dev/null +++ b/test/unit/api/users_test.rb @@ -0,0 +1,23 @@ +require File.dirname(__FILE__) + '/test_helper' + +class UsersTest < ActiveSupport::TestCase + + def setup + login_api + end + + should 'list users' do + get "/api/v1/users/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json["users"].map { |a| a["login"] }, user.login + end + + should 'list user permissions' do + community = fast_create(Community) + community.add_admin(user.person) + get "/api/v1/users/#{user.id}/?#{params.to_query}" + json = JSON.parse(last_response.body) + assert_includes json["user"]["permissions"], community.identifier + end + +end diff --git a/test/unit/api_test.rb b/test/unit/api_test.rb deleted file mode 100644 index bf4363a..0000000 --- a/test/unit/api_test.rb +++ /dev/null @@ -1,224 +0,0 @@ -require File.dirname(__FILE__) + '/../test_helper' - -class APITest < ActiveSupport::TestCase - - include Rack::Test::Methods - - def app - API::API - end - - def setup - @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => Environment.default) - @user.activate - - post "/api/v1/login?login=testapi&password=testapi" - json = JSON.parse(last_response.body) - @private_token = json["private_token"] - @params = {:private_token => @private_token} - end - attr_accessor :private_token, :user, :params - - should 'generate private token when login' do - params = {:login => "testapi", :password => "testapi"} - post "/api/v1/login?#{params.to_query}" - json = JSON.parse(last_response.body) - assert !json["private_token"].blank? - end - - should 'return 401 when login fails' do - user.destroy - params = {:login => "testapi", :password => "testapi"} - post "/api/v1/login?#{params.to_query}" - assert_equal 401, last_response.status - end - - should 'register a user' do - params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" } - post "/api/v1/register?#{params.to_query}" - assert_equal 201, last_response.status - end - - should 'do not register a user without email' do - params = {:login => "newuserapi", :password => "newuserapi", :email => nil } - post "/api/v1/register?#{params.to_query}" - assert_equal 400, last_response.status - end - - should 'do not register a duplicated user' do - params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" } - post "/api/v1/register?#{params.to_query}" - post "/api/v1/register?#{params.to_query}" - assert_equal 400, last_response.status - end - - should 'list articles' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - get "/api/v1/articles/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_includes json["articles"].map { |a| a["id"] }, article.id - end - - should 'not list forbidden article when listing articles' do - person = fast_create(Person) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - assert !article.published? - - get "/api/v1/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_includes json['articles'].map {|a| a['id']}, article.id - end - - should 'return article by id' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - get "/api/v1/articles/#{article.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal article.id, json["article"]["id"] - end - - should 'not return article if user has no permission to view it' do - person = fast_create(Person) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - assert !article.published? - - get "/api/v1/articles/#{article.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'return comments of an article' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - article.comments.create!(:body => "some comment", :author => user.person) - article.comments.create!(:body => "another comment", :author => user.person) - - get "/api/v1/articles/#{article.id}/comments?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal 2, json["comments"].length - end - - should 'list users' do - get "/api/v1/users/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_includes json["users"].map { |a| a["login"] }, user.login - end - - should 'list user permissions' do - community = fast_create(Community) - community.add_admin(user.person) - get "/api/v1/users/#{user.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_includes json["user"]["permissions"], community.identifier - end - - should 'list categories' do - category = fast_create(Category) - get "/api/v1/categories/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_includes json["categories"].map { |c| c["name"] }, category.name - end - - should 'get category by id' do - category = fast_create(Category) - get "/api/v1/categories/#{category.id}/?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal category.name, json["category"]["name"] - end - - should 'return article by community' do - community = fast_create(Community) - article = fast_create(Article, :profile_id => community.id, :name => "Some thing") - get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal article.id, json["article"]["id"] - end - - should 'not return article by community if user has no permission to view it' do - community = fast_create(Community) - article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false) - assert !article.published? - - get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not list forbidden article when listing articles by community' do - community = fast_create(Community) - article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false) - assert !article.published? - - get "/api/v1/communities/#{community.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_includes json['articles'].map {|a| a['id']}, article.id - end - - should 'list article children' do - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing") - child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") - child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing") - get "/api/v1/articles/#{article.id}/children?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] } - end - - should 'not list children of forbidden article' do - person = fast_create(Person) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") - child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") - get "/api/v1/articles/#{article.id}/children?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not return child of forbidden article' do - person = fast_create(Person) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false) - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing") - get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not return private child' do - person = fast_create(Person) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing") - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false) - get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'not list private child' do - person = fast_create(Person) - article = fast_create(Article, :profile_id => person.id, :name => "Some thing") - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false) - get "/api/v1/articles/#{article.id}/children?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_not_includes json['articles'].map {|a| a['id']}, child.id - end - - should 'create article in a community' do - community = fast_create(Community) - give_permission(user.person, 'post_content', community) - params[:article] = {:name => "Title"} - post "/api/v1/communities/#{community.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal "Title", json["article"]["title"] - end - - should 'do not create article if user has no permission to post content' do - community = fast_create(Community) - give_permission(user.person, 'invite_members', community) - params[:article] = {:name => "Title"} - post "/api/v1/communities/#{community.id}/articles?#{params.to_query}" - assert_equal 403, last_response.status - end - - should 'create article with parent' do - community = fast_create(Community) - community.add_member(user.person) - article = fast_create(Article) - - params[:article] = {:name => "Title", :parent_id => article.id} - post "/api/v1/communities/#{community.id}/articles?#{params.to_query}" - json = JSON.parse(last_response.body) - assert_equal article.id, json["article"]["parent"]["id"] - end - -end -- libgit2 0.21.2