comment_controller_test.rb
24.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
require_relative "../test_helper"
require 'comment_controller'
# Re-raise errors caught by the controller.
class CommentController; def rescue_action(e) raise e end; end
class CommentControllerTest < ActionController::TestCase
def setup
@controller = CommentController.new
@request = ActionController::TestRequest.new
@response = ActionController::TestResponse.new
@profile = create_user('testinguser').person
@environment = @profile.environment
end
attr_reader :profile, :environment
should "not be able to remove other people's comments if not moderator or admin" do
create_user('normaluser')
profile = create_user('testuser').person
article = profile.articles.build(:name => 'test')
article.save!
commenter = create_user('otheruser').person
comment = fast_create(Comment, :source_id => article, :title => 'a comment', :body => 'lalala')
login_as 'normaluser' # normaluser cannot remove other people's comments
assert_no_difference 'Comment.count' do
post :destroy, :profile => profile.identifier, :id => comment.id
end
end
should "not be able to remove other people's comments if not moderator or admin and return json if is an ajax request" do
create_user('normaluser')
profile = create_user('testuser').person
article = profile.articles.build(:name => 'test')
article.save!
commenter = create_user('otheruser').person
comment = fast_create(Comment, :source_id => article, :author_id => commenter, :title => 'a comment', :body => 'lalala')
login_as 'normaluser' # normaluser cannot remove other people's comments
assert_no_difference 'Comment.count' do
xhr :post, :destroy, :profile => profile.identifier, :id => comment.id
assert_response :success
end
assert_match /\{\"ok\":false\}/, @response.body
end
should 'be able to remove comments on their articles' do
profile = create_user('testuser').person
article = profile.articles.build(:name => 'test')
article.save!
commenter = create_user('otheruser').person
comment = fast_create(Comment, :source_id => article, :author_id => commenter, :title => 'a comment', :body => 'lalala')
login_as 'testuser' # testuser must be able to remove comments in his articles
assert_difference 'Comment.count', -1 do
xhr :post, :destroy, :profile => profile.identifier, :id => comment.id
assert_response :success
end
assert_match /\{\"ok\":true\}/, @response.body
end
should 'be able to remove comments of their images' do
profile = create_user('testuser').person
image = UploadedFile.create!(:profile => profile, :uploaded_data => fixture_file_upload('/files/rails.png', 'image/png'))
image.save!
commenter = create_user('otheruser').person
comment = fast_create(Comment, :source_id => image, :author_id => commenter, :title => 'a comment', :body => 'lalala')
login_as 'testuser' # testuser must be able to remove comments in his articles
assert_difference 'Comment.count', -1 do
xhr :post, :destroy, :profile => profile.identifier, :id => comment.id
assert_response :success
end
end
should 'be able to remove comments if is moderator' do
commenter = create_user('commenter_user').person
community = Community.create!(:name => 'Community test', :identifier => 'community-test')
article = community.articles.create!(:name => 'test', :profile => community)
comment = fast_create(Comment, :source_id => article, :author_id => commenter, :title => 'a comment', :body => 'lalala')
community.add_moderator(profile)
login_as profile.identifier
assert_difference 'Comment.count', -1 do
xhr :post, :destroy, :profile => community.identifier, :id => comment.id
assert_response :success
end
assert_match /\{\"ok\":true\}/, @response.body
end
should 'be able to remove comment' do
profile = create_user('testuser').person
article = profile.articles.build(:name => 'test')
article.save!
comment = fast_create(Comment, :source_id => article, :author_id => profile, :title => 'a comment', :body => 'lalala')
login_as 'testuser'
assert_difference 'Comment.count', -1 do
xhr :post, :destroy, :profile => profile.identifier, :id => comment.id
assert_response :success
end
end
should 'display not found page if a user should try to make a cross comment' do
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
other_person = create_user('otheruser').person
other_page = other_person.articles.create!(:name => 'myarticle', :body => 'the body of the text')
assert_no_difference 'Comment.count' do
xhr :post, :create, :profile => profile.identifier, :id => other_page.id, :comment => { :title => 'crap!', :body => 'I think that this article is crap' }
end
assert_match /not found/, @response.body
end
should 'not be able to post comment if article do not accept it' do
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text', :accept_comments => false)
assert_no_difference 'Comment.count' do
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => { :title => 'crap!', :body => 'I think that this article is crap' }
end
assert_match /Comment not allowed in this article/, @response.body
end
should "the author's comment be the logged user" do
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
login_as profile.identifier
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => { :title => 'crap!', :body => 'I think that this article is crap' }
assert_equal profile, assigns(:comment).author
end
should "the articles's comment be the article passed as parameter" do
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
login_as profile.identifier
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => { :title => 'crap!', :body => 'I think that this article is crap' }
assert_equal page, assigns(:comment).article
end
should 'show validation error when body comment is missing' do
login_as @profile.identifier
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
xhr :post, :create, :profile => @profile.identifier, :id => page.id, :comment => { :title => '', :body => '' }, :confirm => 'true'
response = ActiveSupport::JSON.decode @response.body
assert_match /errorExplanation/, response["html"]
end
should 'not save a comment if a plugin rejects it' do
class TestFilterPlugin < Noosfero::Plugin
def filter_comment(c)
c.reject!
end
end
Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([TestFilterPlugin.new])
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
assert_no_difference 'Comment.count' do
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => { :title => 'title', :body => 'body', :name => "Spammer", :email => 'damn@spammer.com' }, :confirm => 'true'
end
end
should 'display a message if a plugin reject the comment' do
class TestFilterPlugin < Noosfero::Plugin
def filter_comment(c)
c.reject!
end
end
Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([TestFilterPlugin.new])
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
assert_no_difference 'Comment.count' do
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => { :title => 'title', :body => 'body', :name => "Spammer", :email => 'damn@spammer.com' }, :confirm => 'true'
end
assert_match /rejected/, @response.body
end
should 'store IP address, user agent and referrer for comments' do
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
@request.stubs(:remote_ip).returns('33.44.55.66')
@request.stubs(:referrer).returns('http://example.com')
@request.stubs(:user_agent).returns('MyBrowser')
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => { :title => 'title', :body => 'body', :name => "Spammer", :email => 'damn@spammer.com' }, :confirm => 'true'
comment = Comment.last
assert_equal '33.44.55.66', comment.ip_address
assert_equal 'MyBrowser', comment.user_agent
assert_equal 'http://example.com', comment.referrer
end
should 'invalid comment display the comment form open' do
article = profile.articles.build(:name => 'test')
article.save!
login_as('testinguser')
assert_no_difference 'Comment.count' do
xhr :post, :create, :profile => profile.identifier, :id =>article.id, :comment => {:body => ""}, :confirm => 'true'
end
assert_match /post_comment_box opened/, @response.body
end
should 'invalid captcha display the comment form open' do
article = profile.articles.build(:name => 'test')
article.save!
login_as('testinguser')
@controller.stubs(:verify_recaptcha).returns(false)
environment.enable('captcha_for_logged_users')
environment.save!
xhr :post, :create, :profile => profile.identifier, :id =>article.id, :comment => {:body => "Some comment..."}, :confirm => 'true'
assert_match /post_comment_box opened/, @response.body
end
should 'ask for captcha if environment defines even with logged user' do
article = profile.articles.build(:name => 'test')
article.save!
login_as('testinguser')
@controller.stubs(:verify_recaptcha).returns(false)
assert_difference 'Comment.count', 1 do
xhr :post, :create, :profile => profile.identifier, :id => article.id, :comment => {:body => "Some comment..."}, :confirm => 'true'
end
environment.enable('captcha_for_logged_users')
environment.save!
assert_no_difference 'Comment.count' do
xhr :post, :create, :profile => profile.identifier, :id =>article.id, :comment => {:body => "Some comment..."}, :confirm => 'true'
end
assert_not_nil assigns(:comment)
end
should 'ask for captcha if user not logged' do
article = profile.articles.build(:name => 'test')
article.save!
@controller.stubs(:verify_recaptcha).returns(false)
logout
assert_no_difference 'Comment.count' do
xhr :post, :create, :profile => profile.identifier, :id => article.id, :comment => {:body => "Some comment..."}, :confirm => 'true'
end
@controller.stubs(:verify_recaptcha).returns(true)
login_as profile.identifier
assert_difference 'Comment.count', 1 do
xhr :post, :create, :profile => profile.identifier, :id => article.id, :comment => {:body => "Some comment..."}, :confirm => 'true'
end
end
should 'create ApproveComment task when adding a comment in a moderated article' do
login_as @profile.identifier
community = Community.create!(:name => 'testcomm')
page = community.articles.create!(:name => 'myarticle', :moderate_comments => true)
commenter = create_user('otheruser').person
login_as(commenter.identifier)
assert_difference 'ApproveComment.count', 1 do
xhr :post, :create, :profile => community.identifier, :id => page.id, :comment => {:body => 'Some comment...'}, :confirm => 'true'
end
end
should 'not create ApproveComment task when the comment author is the same of article author' do
login_as @profile.identifier
community = Community.create!(:name => 'testcomm')
page = create(Article, :profile => community, :name => 'myarticle', :moderate_comments => true, :author => @profile)
community.add_moderator(@profile)
assert_no_difference 'ApproveComment.count' do
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => {:body => 'Some comment...'}, :confirm => 'true'
end
end
should 'create ApproveComment task with the comment author as requestor' do
community = Community.create!(:name => 'testcomm')
page = community.articles.create!(:name => 'myarticle', :moderate_comments => true)
commenter = create_user('otheruser').person
login_as(commenter.identifier)
assert_difference 'ApproveComment.count', 1 do
xhr :post, :create, :profile => community.identifier, :id => page.id, :comment => {:body => 'Some comment...'}, :confirm => 'true'
end
task = Task.last
assert_equal commenter, task.requestor
end
should "create ApproveComment task with the articles's owner profile as the target" do
login_as @profile.identifier
community = Community.create!(:name => 'testcomm')
page = community.articles.create!(:name => 'myarticle', :moderate_comments => true)
commenter = create_user('otheruser').person
login_as(commenter.identifier)
assert_difference 'ApproveComment.count', 1 do
xhr :post, :create, :profile => community.identifier, :id => page.id, :comment => {:body => 'Some comment...'}, :confirm => 'true'
end
task = Task.last
assert_equal community, task.target
end
should "create ApproveComment task with the comment created_at attribute defined to now" do
login_as @profile.identifier
community = Community.create!(:name => 'testcomm')
page = community.articles.create!(:name => 'myarticle', :moderate_comments => true)
now = Time.now
Time.stubs(:now).returns(now)
xhr :post, :create, :profile => community.identifier, :id => page.id, :comment => {:body => 'Some comment...'}, :confirm => 'true'
task = Task.last
assert_equal now.utc.to_s, task.comment.created_at.utc.to_s
end
should "render_target be nil in article with moderation" do
page = profile.articles.create!(:name => 'myarticle', :moderate_comments => true)
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => {:body => 'Some comment...', :name => 'some name', :email => 'some@test.com.br'}, :confirm => 'true'
assert_nil ActiveSupport::JSON.decode(@response.body)['render_target']
end
should "display message 'waitting for approval' of comments in article with moderation" do
page = profile.articles.create!(:name => 'myarticle', :moderate_comments => true)
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => {:body => 'Some comment...', :name => 'some name', :email => 'some@test.com.br'}, :confirm => 'true'
assert_match /waiting for approval/, @response.body
end
should "render_target be the comment anchor if everithing is fine" do
login_as profile.identifier
page = profile.articles.create!(:name => 'myarticle')
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => {:body => 'Some comment...'}, :confirm => 'true'
assert_match /#{Comment.last.id}/, ActiveSupport::JSON.decode(@response.body)['render_target']
end
should "display message 'successfully created' if the comment was saved with success" do
login_as profile.identifier
page = profile.articles.create!(:name => 'myarticle')
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => {:body => 'Some comment...'}, :confirm => 'true'
assert_match /successfully created/, @response.body
end
should "render partial comment if everithing is fine" do
login_as profile.identifier
page = profile.articles.create!(:name => 'myarticle')
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => {:body => 'Some comment...'}, :confirm => 'true'
assert_match /id="#{Comment.last.anchor}" class="article-comment"/, ActiveSupport::JSON.decode(@response.body)['html']
end
should "render the root comment when a reply is made" do
login_as profile.identifier
page = profile.articles.create!(:name => 'myarticle')
comment = fast_create(Comment, :body => 'some content', :source_id => page.id, :source_type => 'Article')
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => {:body => 'Some comment...', :reply_of_id => comment.id}, :confirm => 'true'
assert_match /id="#{comment.anchor}" class="article-comment"/, ActiveSupport::JSON.decode(@response.body)['html']
end
should 'filter html content from body' do
login_as @profile.identifier
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => { :title => 'html comment', :body => "this is a <strong id='html_test_comment'>html comment</strong>"}
assert Comment.last.body.match(/this is a html comment/)
assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' }
end
should 'filter html content from title' do
login_as @profile.identifier
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => { :title => "html <strong id='html_test_comment'>comment</strong>", :body => "this is a comment"}
assert Comment.last.title.match(/html comment/)
assert_no_tag :tag => 'strong', :attributes => { :id => 'html_test_comment' }
end
should 'touch article after adding a comment' do
yesterday = Time.now.yesterday
Article.record_timestamps = false
page = create(Article, :profile => profile, :name => 'myarticle', :body => 'the body of the text', :created_at => yesterday, :updated_at => yesterday)
Article.record_timestamps = true
login_as @profile.identifier
xhr :post, :create, :profile => profile.identifier, :id => page.id, :comment => { :title => 'crap!', :body => 'I think that this article is crap' }, :confirm => 'true'
assert_not_equal yesterday, page.reload.updated_at
end
should 'be able to mark comments as spam' do
login_as profile.identifier
article = fast_create(Article, :profile_id => profile.id)
spam = fast_create(Comment, :name => 'foo', :email => 'foo@example.com', :source_id => article.id, :source_type => 'Article')
xhr :post, :mark_as_spam, :profile => profile.identifier, :id => spam.id
spam.reload
assert spam.spam?
end
should "not be able to mark as spam other people's comments if not moderator or admin" do
create_user('normaluser')
profile = create_user('testuser').person
article = profile.articles.build(:name => 'test')
article.save!
commenter = create_user('otheruser').person
comment = fast_create(Comment, :source_id => article, :title => 'a comment', :body => 'lalala')
login_as 'normaluser' # normaluser cannot remove other people's comments
xhr :post, :mark_as_spam, :profile => profile.identifier, :id => comment.id
comment.reload
assert !comment.spam?
end
should "not be able to mark as spam other people's comments if not moderator or admin and return json if is an ajax request" do
create_user('normaluser')
profile = create_user('testuser').person
article = profile.articles.build(:name => 'test')
article.save!
commenter = create_user('otheruser').person
comment = fast_create(Comment, :source_id => article, :author_id => commenter, :title => 'a comment', :body => 'lalala')
login_as 'normaluser' # normaluser cannot remove other people's comments
xhr :post, :mark_as_spam, :profile => profile.identifier, :id => comment.id
assert_response :success
comment.reload
assert !comment.spam?
assert_match /\{\"ok\":false\}/, @response.body
end
should 'be able to mark as spam comments on their articles' do
profile = create_user('testuser').person
article = profile.articles.build(:name => 'test')
article.save!
commenter = create_user('otheruser').person
comment = fast_create(Comment, :source_id => article, :author_id => commenter, :title => 'a comment', :body => 'lalala')
login_as 'testuser' # testuser must be able to remove comments in his articles
xhr :post, :mark_as_spam, :profile => profile.identifier, :id => comment.id
assert_response :success
comment.reload
assert comment.spam?
assert_match /\{\"ok\":true\}/, @response.body
end
should 'be able to mark comments as spam if is moderator' do
commenter = create_user('commenter_user').person
community = Community.create!(:name => 'Community test', :identifier => 'community-test')
article = community.articles.create!(:name => 'test', :profile => community)
comment = fast_create(Comment, :source_id => article, :author_id => commenter, :title => 'a comment', :body => 'lalala')
community.add_moderator(profile)
login_as profile.identifier
xhr :post, :mark_as_spam, :profile => community.identifier, :id => comment.id
assert_response :success
comment.reload
assert comment.spam?
assert_match /\{\"ok\":true\}/, @response.body
end
should 'edit comment from a page' do
login_as profile.identifier
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article', :author_id => profile.id)
get :edit, :id => comment.id, :profile => profile.identifier, :comment => { :body => 'Comment edited' }
assert_tag :tag => 'textarea', :attributes => {:id => 'comment_body'}, :content => /Original comment/
end
should 'not crash on edit comment if comment does not exist' do
login_as profile.identifier
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
get :edit, :id => 1000, :profile => profile.identifier, :comment => { :body => 'Comment edited' }
assert_response 404
end
should 'not be able to edit comment not logged' do
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article')
get :edit, :id => comment.id, :profile => profile.identifier, :comment => { :body => 'Comment edited' }
assert_response 404
end
should 'not be able to edit comment if does not have the permission to' do
user = create_user('any_guy').person
login_as user.identifier
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article')
get :edit, :id => comment.id, :profile => profile.identifier, :comment => { :body => 'Comment edited' }
assert_response 404
end
should 'be able to update a comment' do
login_as profile.identifier
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text', :accept_comments => false)
comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article', :author_id => profile)
xhr :post, :update, :id => comment.id, :profile => profile.identifier, :comment => { :body => 'Comment edited' }
assert ActiveSupport::JSON.decode(@response.body)["ok"], "attribute ok expected to be true"
assert_equal 'Comment edited', Comment.find(comment.id).body
end
should 'not crash on update comment if comment does not exist' do
login_as profile.identifier
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
xhr :post, :update, :id => 1000, :profile => profile.identifier, :comment => { :body => 'Comment edited' }
assert_response 404
end
should 'not be able to update comment not logged' do
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article')
xhr :post, :update, :id => comment.id, :profile => profile.identifier, :comment => { :body => 'Comment edited' }
assert_response 404
end
should 'not be able to update comment if does not have the permission to' do
user = create_user('any_guy').person
login_as user.identifier
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article')
xhr :post, :update, :id => comment.id, :profile => profile.identifier, :comment => { :body => 'Comment edited' }
assert_response 404
end
should 'returns ids of menu items that has to be displayed' do
class TestActionPlugin < Noosfero::Plugin
def check_comment_actions(c)
['action1', 'action2']
end
end
Noosfero::Plugin::Manager.any_instance.stubs(:enabled_plugins).returns([TestActionPlugin.new])
login_as profile.identifier
page = profile.articles.create!(:name => 'myarticle', :body => 'the body of the text')
comment = fast_create(Comment, :body => 'Original comment', :source_id => page.id, :source_type => 'Article')
xhr :post, :check_actions, :profile => profile.identifier, :id => comment.id
assert_match /\{\"ids\":\[\"action1\",\"action2\"\]\}/, @response.body
end
end