Download as
Browse Code »

Commit 7f14c33dc9d0f2b9e91986d2f146f679ecdb7016

Authored by Victor Costa
Committed by Rodrigo Souto
1 parent 03e5175f
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

api: create separated files to test entities 

Also create a subfolder (test/unit/api) to avoid conflicts with unit tests of models that already exists.
Showing 7 changed files with 269 additions and 224 deletions   Show diff stats
test/unit/api/articles_test.rb 0 → 100644
  Diff comments   View file @7f14c33
@@ -0,0 +1,140 @@ @@ -0,0 +1,140 @@
  1 +require File.dirname(__FILE__) + '/test_helper'
  2 +
  3 +class ArticlesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'list articles' do
  10 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  11 + get "/api/v1/articles/?#{params.to_query}"
  12 + json = JSON.parse(last_response.body)
  13 + assert_includes json["articles"].map { |a| a["id"] }, article.id
  14 + end
  15 +
  16 + should 'not list forbidden article when listing articles' do
  17 + person = fast_create(Person)
  18 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  19 + assert !article.published?
  20 +
  21 + get "/api/v1/articles?#{params.to_query}"
  22 + json = JSON.parse(last_response.body)
  23 + assert_not_includes json['articles'].map {|a| a['id']}, article.id
  24 + end
  25 +
  26 + should 'return article by id' do
  27 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  28 + get "/api/v1/articles/#{article.id}?#{params.to_query}"
  29 + json = JSON.parse(last_response.body)
  30 + assert_equal article.id, json["article"]["id"]
  31 + end
  32 +
  33 + should 'not return article if user has no permission to view it' do
  34 + person = fast_create(Person)
  35 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  36 + assert !article.published?
  37 +
  38 + get "/api/v1/articles/#{article.id}?#{params.to_query}"
  39 + assert_equal 403, last_response.status
  40 + end
  41 +
  42 + should 'return article by community' do
  43 + community = fast_create(Community)
  44 + article = fast_create(Article, :profile_id => community.id, :name => "Some thing")
  45 + get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}"
  46 + json = JSON.parse(last_response.body)
  47 + assert_equal article.id, json["article"]["id"]
  48 + end
  49 +
  50 + should 'not return article by community if user has no permission to view it' do
  51 + community = fast_create(Community)
  52 + article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false)
  53 + assert !article.published?
  54 +
  55 + get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}"
  56 + assert_equal 403, last_response.status
  57 + end
  58 +
  59 + should 'not list forbidden article when listing articles by community' do
  60 + community = fast_create(Community)
  61 + article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false)
  62 + assert !article.published?
  63 +
  64 + get "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
  65 + json = JSON.parse(last_response.body)
  66 + assert_not_includes json['articles'].map {|a| a['id']}, article.id
  67 + end
  68 +
  69 + should 'list article children' do
  70 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  71 + child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
  72 + child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")
  73 + get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
  74 + json = JSON.parse(last_response.body)
  75 + assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }
  76 + end
  77 +
  78 + should 'not list children of forbidden article' do
  79 + person = fast_create(Person)
  80 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  81 + child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
  82 + child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
  83 + get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
  84 + assert_equal 403, last_response.status
  85 + end
  86 +
  87 + should 'not return child of forbidden article' do
  88 + person = fast_create(Person)
  89 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)
  90 + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")
  91 + get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
  92 + assert_equal 403, last_response.status
  93 + end
  94 +
  95 + should 'not return private child' do
  96 + person = fast_create(Person)
  97 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
  98 + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
  99 + get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"
  100 + assert_equal 403, last_response.status
  101 + end
  102 +
  103 + should 'not list private child' do
  104 + person = fast_create(Person)
  105 + article = fast_create(Article, :profile_id => person.id, :name => "Some thing")
  106 + child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)
  107 + get "/api/v1/articles/#{article.id}/children?#{params.to_query}"
  108 + json = JSON.parse(last_response.body)
  109 + assert_not_includes json['articles'].map {|a| a['id']}, child.id
  110 + end
  111 +
  112 + should 'create article in a community' do
  113 + community = fast_create(Community)
  114 + give_permission(user.person, 'post_content', community)
  115 + params[:article] = {:name => "Title"}
  116 + post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
  117 + json = JSON.parse(last_response.body)
  118 + assert_equal "Title", json["article"]["title"]
  119 + end
  120 +
  121 + should 'do not create article if user has no permission to post content' do
  122 + community = fast_create(Community)
  123 + give_permission(user.person, 'invite_members', community)
  124 + params[:article] = {:name => "Title"}
  125 + post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
  126 + assert_equal 403, last_response.status
  127 + end
  128 +
  129 + should 'create article with parent' do
  130 + community = fast_create(Community)
  131 + community.add_member(user.person)
  132 + article = fast_create(Article)
  133 +
  134 + params[:article] = {:name => "Title", :parent_id => article.id}
  135 + post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"
  136 + json = JSON.parse(last_response.body)
  137 + assert_equal article.id, json["article"]["parent"]["id"]
  138 + end
  139 +
  140 +end
test/unit/api/categories_test.rb 0 → 100644
  Diff comments   View file @7f14c33
@@ -0,0 +1,23 @@ @@ -0,0 +1,23 @@
  1 +require File.dirname(__FILE__) + '/test_helper'
  2 +
  3 +class CategoriesTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'list categories' do
  10 + category = fast_create(Category)
  11 + get "/api/v1/categories/?#{params.to_query}"
  12 + json = JSON.parse(last_response.body)
  13 + assert_includes json["categories"].map { |c| c["name"] }, category.name
  14 + end
  15 +
  16 + should 'get category by id' do
  17 + category = fast_create(Category)
  18 + get "/api/v1/categories/#{category.id}/?#{params.to_query}"
  19 + json = JSON.parse(last_response.body)
  20 + assert_equal category.name, json["category"]["name"]
  21 + end
  22 +
  23 +end
test/unit/api/comments_test.rb 0 → 100644
  Diff comments   View file @7f14c33
@@ -0,0 +1,19 @@ @@ -0,0 +1,19 @@
  1 +require File.dirname(__FILE__) + '/test_helper'
  2 +
  3 +class CommentsTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'return comments of an article' do
  10 + article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")
  11 + article.comments.create!(:body => "some comment", :author => user.person)
  12 + article.comments.create!(:body => "another comment", :author => user.person)
  13 +
  14 + get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"
  15 + json = JSON.parse(last_response.body)
  16 + assert_equal 2, json["comments"].length
  17 + end
  18 +
  19 +end
test/unit/api/session_test.rb 0 → 100644
  Diff comments   View file @7f14c33
@@ -0,0 +1,42 @@ @@ -0,0 +1,42 @@
  1 +require File.dirname(__FILE__) + '/test_helper'
  2 +
  3 +class APITest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'generate private token when login' do
  10 + params = {:login => "testapi", :password => "testapi"}
  11 + post "/api/v1/login?#{params.to_query}"
  12 + json = JSON.parse(last_response.body)
  13 + assert !json["private_token"].blank?
  14 + end
  15 +
  16 + should 'return 401 when login fails' do
  17 + user.destroy
  18 + params = {:login => "testapi", :password => "testapi"}
  19 + post "/api/v1/login?#{params.to_query}"
  20 + assert_equal 401, last_response.status
  21 + end
  22 +
  23 + should 'register a user' do
  24 + params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" }
  25 + post "/api/v1/register?#{params.to_query}"
  26 + assert_equal 201, last_response.status
  27 + end
  28 +
  29 + should 'do not register a user without email' do
  30 + params = {:login => "newuserapi", :password => "newuserapi", :email => nil }
  31 + post "/api/v1/register?#{params.to_query}"
  32 + assert_equal 400, last_response.status
  33 + end
  34 +
  35 + should 'do not register a duplicated user' do
  36 + params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" }
  37 + post "/api/v1/register?#{params.to_query}"
  38 + post "/api/v1/register?#{params.to_query}"
  39 + assert_equal 400, last_response.status
  40 + end
  41 +
  42 +end
test/unit/api/test_helper.rb 0 → 100644
  Diff comments   View file @7f14c33
@@ -0,0 +1,22 @@ @@ -0,0 +1,22 @@
  1 +require File.dirname(__FILE__) + '/../../test_helper'
  2 +
  3 +class ActiveSupport::TestCase
  4 +
  5 + include Rack::Test::Methods
  6 +
  7 + def app
  8 + API::API
  9 + end
  10 +
  11 + def login_api
  12 + @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => Environment.default)
  13 + @user.activate
  14 +
  15 + post "/api/v1/login?login=testapi&password=testapi"
  16 + json = JSON.parse(last_response.body)
  17 + @private_token = json["private_token"]
  18 + @params = {:private_token => @private_token}
  19 + end
  20 + attr_accessor :private_token, :user, :params
  21 +
  22 +end
test/unit/api/users_test.rb 0 → 100644
  Diff comments   View file @7f14c33
@@ -0,0 +1,23 @@ @@ -0,0 +1,23 @@
  1 +require File.dirname(__FILE__) + '/test_helper'
  2 +
  3 +class UsersTest < ActiveSupport::TestCase
  4 +
  5 + def setup
  6 + login_api
  7 + end
  8 +
  9 + should 'list users' do
  10 + get "/api/v1/users/?#{params.to_query}"
  11 + json = JSON.parse(last_response.body)
  12 + assert_includes json["users"].map { |a| a["login"] }, user.login
  13 + end
  14 +
  15 + should 'list user permissions' do
  16 + community = fast_create(Community)
  17 + community.add_admin(user.person)
  18 + get "/api/v1/users/#{user.id}/?#{params.to_query}"
  19 + json = JSON.parse(last_response.body)
  20 + assert_includes json["user"]["permissions"], community.identifier
  21 + end
  22 +
  23 +end
test/unit/api_test.rb
View file @03e5175
@@ -1,224 +0,0 @@ @@ -1,224 +0,0 @@
1 -require File.dirname(__FILE__) + '/../test_helper'  
2 -  
3 -class APITest < ActiveSupport::TestCase  
4 -  
5 - include Rack::Test::Methods  
6 -  
7 - def app  
8 - API::API  
9 - end  
10 -  
11 - def setup  
12 - @user = User.create!(:login => 'testapi', :password => 'testapi', :password_confirmation => 'testapi', :email => 'test@test.org', :environment => Environment.default)  
13 - @user.activate  
14 -  
15 - post "/api/v1/login?login=testapi&password=testapi"  
16 - json = JSON.parse(last_response.body)  
17 - @private_token = json["private_token"]  
18 - @params = {:private_token => @private_token}  
19 - end  
20 - attr_accessor :private_token, :user, :params  
21 -  
22 - should 'generate private token when login' do  
23 - params = {:login => "testapi", :password => "testapi"}  
24 - post "/api/v1/login?#{params.to_query}"  
25 - json = JSON.parse(last_response.body)  
26 - assert !json["private_token"].blank?  
27 - end  
28 -  
29 - should 'return 401 when login fails' do  
30 - user.destroy  
31 - params = {:login => "testapi", :password => "testapi"}  
32 - post "/api/v1/login?#{params.to_query}"  
33 - assert_equal 401, last_response.status  
34 - end  
35 -  
36 - should 'register a user' do  
37 - params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" }  
38 - post "/api/v1/register?#{params.to_query}"  
39 - assert_equal 201, last_response.status  
40 - end  
41 -  
42 - should 'do not register a user without email' do  
43 - params = {:login => "newuserapi", :password => "newuserapi", :email => nil }  
44 - post "/api/v1/register?#{params.to_query}"  
45 - assert_equal 400, last_response.status  
46 - end  
47 -  
48 - should 'do not register a duplicated user' do  
49 - params = {:login => "newuserapi", :password => "newuserapi", :email => "newuserapi@email.com" }  
50 - post "/api/v1/register?#{params.to_query}"  
51 - post "/api/v1/register?#{params.to_query}"  
52 - assert_equal 400, last_response.status  
53 - end  
54 -  
55 - should 'list articles' do  
56 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
57 - get "/api/v1/articles/?#{params.to_query}"  
58 - json = JSON.parse(last_response.body)  
59 - assert_includes json["articles"].map { |a| a["id"] }, article.id  
60 - end  
61 -  
62 - should 'not list forbidden article when listing articles' do  
63 - person = fast_create(Person)  
64 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
65 - assert !article.published?  
66 -  
67 - get "/api/v1/articles?#{params.to_query}"  
68 - json = JSON.parse(last_response.body)  
69 - assert_not_includes json['articles'].map {|a| a['id']}, article.id  
70 - end  
71 -  
72 - should 'return article by id' do  
73 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
74 - get "/api/v1/articles/#{article.id}?#{params.to_query}"  
75 - json = JSON.parse(last_response.body)  
76 - assert_equal article.id, json["article"]["id"]  
77 - end  
78 -  
79 - should 'not return article if user has no permission to view it' do  
80 - person = fast_create(Person)  
81 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
82 - assert !article.published?  
83 -  
84 - get "/api/v1/articles/#{article.id}?#{params.to_query}"  
85 - assert_equal 403, last_response.status  
86 - end  
87 -  
88 - should 'return comments of an article' do  
89 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
90 - article.comments.create!(:body => "some comment", :author => user.person)  
91 - article.comments.create!(:body => "another comment", :author => user.person)  
92 -  
93 - get "/api/v1/articles/#{article.id}/comments?#{params.to_query}"  
94 - json = JSON.parse(last_response.body)  
95 - assert_equal 2, json["comments"].length  
96 - end  
97 -  
98 - should 'list users' do  
99 - get "/api/v1/users/?#{params.to_query}"  
100 - json = JSON.parse(last_response.body)  
101 - assert_includes json["users"].map { |a| a["login"] }, user.login  
102 - end  
103 -  
104 - should 'list user permissions' do  
105 - community = fast_create(Community)  
106 - community.add_admin(user.person)  
107 - get "/api/v1/users/#{user.id}/?#{params.to_query}"  
108 - json = JSON.parse(last_response.body)  
109 - assert_includes json["user"]["permissions"], community.identifier  
110 - end  
111 -  
112 - should 'list categories' do  
113 - category = fast_create(Category)  
114 - get "/api/v1/categories/?#{params.to_query}"  
115 - json = JSON.parse(last_response.body)  
116 - assert_includes json["categories"].map { |c| c["name"] }, category.name  
117 - end  
118 -  
119 - should 'get category by id' do  
120 - category = fast_create(Category)  
121 - get "/api/v1/categories/#{category.id}/?#{params.to_query}"  
122 - json = JSON.parse(last_response.body)  
123 - assert_equal category.name, json["category"]["name"]  
124 - end  
125 -  
126 - should 'return article by community' do  
127 - community = fast_create(Community)  
128 - article = fast_create(Article, :profile_id => community.id, :name => "Some thing")  
129 - get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}"  
130 - json = JSON.parse(last_response.body)  
131 - assert_equal article.id, json["article"]["id"]  
132 - end  
133 -  
134 - should 'not return article by community if user has no permission to view it' do  
135 - community = fast_create(Community)  
136 - article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false)  
137 - assert !article.published?  
138 -  
139 - get "/api/v1/communities/#{community.id}/articles/#{article.id}?#{params.to_query}"  
140 - assert_equal 403, last_response.status  
141 - end  
142 -  
143 - should 'not list forbidden article when listing articles by community' do  
144 - community = fast_create(Community)  
145 - article = fast_create(Article, :profile_id => community.id, :name => "Some thing", :published => false)  
146 - assert !article.published?  
147 -  
148 - get "/api/v1/communities/#{community.id}/articles?#{params.to_query}"  
149 - json = JSON.parse(last_response.body)  
150 - assert_not_includes json['articles'].map {|a| a['id']}, article.id  
151 - end  
152 -  
153 - should 'list article children' do  
154 - article = fast_create(Article, :profile_id => user.person.id, :name => "Some thing")  
155 - child1 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")  
156 - child2 = fast_create(Article, :parent_id => article.id, :profile_id => user.person.id, :name => "Some thing")  
157 - get "/api/v1/articles/#{article.id}/children?#{params.to_query}"  
158 - json = JSON.parse(last_response.body)  
159 - assert_equivalent [child1.id, child2.id], json["articles"].map { |a| a["id"] }  
160 - end  
161 -  
162 - should 'not list children of forbidden article' do  
163 - person = fast_create(Person)  
164 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
165 - child1 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")  
166 - child2 = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")  
167 - get "/api/v1/articles/#{article.id}/children?#{params.to_query}"  
168 - assert_equal 403, last_response.status  
169 - end  
170 -  
171 - should 'not return child of forbidden article' do  
172 - person = fast_create(Person)  
173 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing", :published => false)  
174 - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing")  
175 - get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"  
176 - assert_equal 403, last_response.status  
177 - end  
178 -  
179 - should 'not return private child' do  
180 - person = fast_create(Person)  
181 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing")  
182 - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)  
183 - get "/api/v1/articles/#{article.id}/children/#{child.id}?#{params.to_query}"  
184 - assert_equal 403, last_response.status  
185 - end  
186 -  
187 - should 'not list private child' do  
188 - person = fast_create(Person)  
189 - article = fast_create(Article, :profile_id => person.id, :name => "Some thing")  
190 - child = fast_create(Article, :parent_id => article.id, :profile_id => person.id, :name => "Some thing", :published => false)  
191 - get "/api/v1/articles/#{article.id}/children?#{params.to_query}"  
192 - json = JSON.parse(last_response.body)  
193 - assert_not_includes json['articles'].map {|a| a['id']}, child.id  
194 - end  
195 -  
196 - should 'create article in a community' do  
197 - community = fast_create(Community)  
198 - give_permission(user.person, 'post_content', community)  
199 - params[:article] = {:name => "Title"}  
200 - post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"  
201 - json = JSON.parse(last_response.body)  
202 - assert_equal "Title", json["article"]["title"]  
203 - end  
204 -  
205 - should 'do not create article if user has no permission to post content' do  
206 - community = fast_create(Community)  
207 - give_permission(user.person, 'invite_members', community)  
208 - params[:article] = {:name => "Title"}  
209 - post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"  
210 - assert_equal 403, last_response.status  
211 - end  
212 -  
213 - should 'create article with parent' do  
214 - community = fast_create(Community)  
215 - community.add_member(user.person)  
216 - article = fast_create(Article)  
217 -  
218 - params[:article] = {:name => "Title", :parent_id => article.id}  
219 - post "/api/v1/communities/#{community.id}/articles?#{params.to_query}"  
220 - json = JSON.parse(last_response.body)  
221 - assert_equal article.id, json["article"]["parent"]["id"]  
222 - end  
223 -  
224 -end