##// END OF EJS Templates
jro_apps » redmine
RSS
Moves password param to user hash param so that it can be set using the User API....
Jean-Philippe Lang -
r4379:cde02954c845
parent child
Show More
Side by Side Unified
Context file:
r4379:cde02954c845 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,231 +1,235
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2010 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class UsersController < ApplicationController
19 19 layout 'admin'
20 20
21 21 before_filter :require_admin, :except => :show
22 22 accept_key_auth :index, :show, :create, :update
23 23
24 24 helper :sort
25 25 include SortHelper
26 26 helper :custom_fields
27 27 include CustomFieldsHelper
28 28
29 29 def index
30 30 sort_init 'login', 'asc'
31 31 sort_update %w(login firstname lastname mail admin created_on last_login_on)
32 32
33 33 case params[:format]
34 34 when 'xml', 'json'
35 35 @offset, @limit = api_offset_and_limit
36 36 else
37 37 @limit = per_page_option
38 38 end
39 39
40 40 @status = params[:status] ? params[:status].to_i : 1
41 41 c = ARCondition.new(@status == 0 ? "status <> 0" : ["status = ?", @status])
42 42
43 43 unless params[:name].blank?
44 44 name = "%#{params[:name].strip.downcase}%"
45 45 c << ["LOWER(login) LIKE ? OR LOWER(firstname) LIKE ? OR LOWER(lastname) LIKE ? OR LOWER(mail) LIKE ?", name, name, name, name]
46 46 end
47 47
48 48 @user_count = User.count(:conditions => c.conditions)
49 49 @user_pages = Paginator.new self, @user_count, @limit, params['page']
50 50 @offset ||= @user_pages.current.offset
51 51 @users = User.find :all,
52 52 :order => sort_clause,
53 53 :conditions => c.conditions,
54 54 :limit => @limit,
55 55 :offset => @offset
56 56
57 57 respond_to do |format|
58 58 format.html { render :layout => !request.xhr? }
59 59 format.api
60 60 end
61 61 end
62 62
63 63 def show
64 64 @user = User.find(params[:id])
65 65
66 66 # show projects based on current user visibility
67 67 @memberships = @user.memberships.all(:conditions => Project.visible_by(User.current))
68 68
69 69 events = Redmine::Activity::Fetcher.new(User.current, :author => @user).events(nil, nil, :limit => 10)
70 70 @events_by_day = events.group_by(&:event_date)
71 71
72 72 unless User.current.admin?
73 73 if !@user.active? || (@user != User.current && @memberships.empty? && events.empty?)
74 74 render_404
75 75 return
76 76 end
77 77 end
78 78
79 79 respond_to do |format|
80 80 format.html { render :layout => 'base' }
81 81 format.api
82 82 end
83 83 rescue ActiveRecord::RecordNotFound
84 84 render_404
85 85 end
86 86
87 87 def new
88 88 @notification_options = User::MAIL_NOTIFICATION_OPTIONS
89 89 @notification_option = Setting.default_notification_option
90 90
91 91 @user = User.new(:language => Setting.default_language)
92 92 @auth_sources = AuthSource.find(:all)
93 93 end
94 94
95 95 verify :method => :post, :only => :create, :render => {:nothing => true, :status => :method_not_allowed }
96 96 def create
97 97 @notification_options = User::MAIL_NOTIFICATION_OPTIONS
98 98 @notification_option = Setting.default_notification_option
99 99
100 100 @user = User.new
101 101 @user.safe_attributes = params[:user]
102 102 @user.admin = params[:user][:admin] || false
103 103 @user.login = params[:user][:login]
104 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation] unless @user.auth_source_id
104 @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation] unless @user.auth_source_id
105 105
106 106 # TODO: Similar to My#account
107 107 @user.mail_notification = params[:notification_option] || 'only_my_events'
108 108 @user.pref.attributes = params[:pref]
109 109 @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
110 110
111 111 if @user.save
112 112 @user.pref.save
113 113 @user.notified_project_ids = (params[:notification_option] == 'selected' ? params[:notified_project_ids] : [])
114 114
115 115 Mailer.deliver_account_information(@user, params[:password]) if params[:send_information]
116 116
117 117 respond_to do |format|
118 118 format.html {
119 119 flash[:notice] = l(:notice_successful_create)
120 120 redirect_to(params[:continue] ?
121 121 {:controller => 'users', :action => 'new'} :
122 122 {:controller => 'users', :action => 'edit', :id => @user}
123 123 )
124 124 }
125 125 format.api { render :action => 'show', :status => :created, :location => user_url(@user) }
126 126 end
127 127 else
128 128 @auth_sources = AuthSource.find(:all)
129 129 @notification_option = @user.mail_notification
130 # Clear password input
131 @user.password = @user.password_confirmation = nil
130 132
131 133 respond_to do |format|
132 134 format.html { render :action => 'new' }
133 135 format.api { render_validation_errors(@user) }
134 136 end
135 137 end
136 138 end
137 139
138 140 def edit
139 141 @user = User.find(params[:id])
140 142 @notification_options = @user.valid_notification_options
141 143 @notification_option = @user.mail_notification
142 144
143 145 @auth_sources = AuthSource.find(:all)
144 146 @membership ||= Member.new
145 147 end
146 148
147 149 verify :method => :put, :only => :update, :render => {:nothing => true, :status => :method_not_allowed }
148 150 def update
149 151 @user = User.find(params[:id])
150 152 @notification_options = @user.valid_notification_options
151 153 @notification_option = @user.mail_notification
152 154
153 155 @user.admin = params[:user][:admin] if params[:user][:admin]
154 156 @user.login = params[:user][:login] if params[:user][:login]
155 if params[:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
156 @user.password, @user.password_confirmation = params[:password], params[:password_confirmation]
157 if params[:user][:password].present? && (@user.auth_source_id.nil? || params[:user][:auth_source_id].blank?)
158 @user.password, @user.password_confirmation = params[:user][:password], params[:user][:password_confirmation]
157 159 end
158 160 @user.group_ids = params[:user][:group_ids] if params[:user][:group_ids]
159 161 @user.safe_attributes = params[:user]
160 162 # Was the account actived ? (do it before User#save clears the change)
161 163 was_activated = (@user.status_change == [User::STATUS_REGISTERED, User::STATUS_ACTIVE])
162 164 # TODO: Similar to My#account
163 165 @user.mail_notification = params[:notification_option] || 'only_my_events'
164 166 @user.pref.attributes = params[:pref]
165 167 @user.pref[:no_self_notified] = (params[:no_self_notified] == '1')
166 168
167 169 if @user.save
168 170 @user.pref.save
169 171 @user.notified_project_ids = (params[:notification_option] == 'selected' ? params[:notified_project_ids] : [])
170 172
171 173 if was_activated
172 174 Mailer.deliver_account_activated(@user)
173 elsif @user.active? && params[:send_information] && !params[:password].blank? && @user.auth_source_id.nil?
174 Mailer.deliver_account_information(@user, params[:password])
175 elsif @user.active? && params[:send_information] && !params[:user][:password].blank? && @user.auth_source_id.nil?
176 Mailer.deliver_account_information(@user, params[:user][:password])
175 177 end
176 178
177 179 respond_to do |format|
178 180 format.html {
179 181 flash[:notice] = l(:notice_successful_update)
180 182 redirect_to :back
181 183 }
182 184 format.api { head :ok }
183 185 end
184 186 else
185 187 @auth_sources = AuthSource.find(:all)
186 188 @membership ||= Member.new
189 # Clear password input
190 @user.password = @user.password_confirmation = nil
187 191
188 192 respond_to do |format|
189 193 format.html { render :action => :edit }
190 194 format.api { render_validation_errors(@user) }
191 195 end
192 196 end
193 197 rescue ::ActionController::RedirectBackError
194 198 redirect_to :controller => 'users', :action => 'edit', :id => @user
195 199 end
196 200
197 201 def edit_membership
198 202 @user = User.find(params[:id])
199 203 @membership = Member.edit_membership(params[:membership_id], params[:membership], @user)
200 204 @membership.save if request.post?
201 205 respond_to do |format|
202 206 if @membership.valid?
203 207 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
204 208 format.js {
205 209 render(:update) {|page|
206 210 page.replace_html "tab-content-memberships", :partial => 'users/memberships'
207 211 page.visual_effect(:highlight, "member-#{@membership.id}")
208 212 }
209 213 }
210 214 else
211 215 format.js {
212 216 render(:update) {|page|
213 217 page.alert(l(:notice_failed_to_save_members, :errors => @membership.errors.full_messages.join(', ')))
214 218 }
215 219 }
216 220 end
217 221 end
218 222 end
219 223
220 224 def destroy_membership
221 225 @user = User.find(params[:id])
222 226 @membership = Member.find(params[:membership_id])
223 227 if request.post? && @membership.deletable?
224 228 @membership.destroy
225 229 end
226 230 respond_to do |format|
227 231 format.html { redirect_to :controller => 'users', :action => 'edit', :id => @user, :tab => 'memberships' }
228 232 format.js { render(:update) {|page| page.replace_html "tab-content-memberships", :partial => 'users/memberships'} }
229 233 end
230 234 end
231 235 end
Show file before | Show file after | Hide comments
@@ -1,45 +1,43
1 1 <%= error_messages_for 'user' %>
2 2
3 3 <!--[form:user]-->
4 4 <div class="box tabular">
5 5 <p><%= f.text_field :login, :required => true, :size => 25 %></p>
6 6 <p><%= f.text_field :firstname, :required => true %></p>
7 7 <p><%= f.text_field :lastname, :required => true %></p>
8 8 <p><%= f.text_field :mail, :required => true %></p>
9 9 <p><%= f.select :language, lang_options_for_select %></p>
10 10 <% if Setting.openid? %>
11 11 <p><%= f.text_field :identity_url %></p>
12 12 <% end %>
13 13
14 14 <% @user.custom_field_values.each do |value| %>
15 15 <p><%= custom_field_tag_with_label :user, value %></p>
16 16 <% end %>
17 17
18 18 <p><%= f.check_box :admin, :disabled => (@user == User.current) %></p>
19 19 <%= call_hook(:view_users_form, :user => @user, :form => f) %>
20 20 </div>
21 21
22 22 <div class="box tabular">
23 23 <h3><%=l(:label_authentication)%></h3>
24 24 <% unless @auth_sources.empty? %>
25 25 <p><%= f.select :auth_source_id, ([[l(:label_internal), ""]] + @auth_sources.collect { |a| [a.name, a.id] }), {}, :onchange => "if (this.value=='') {Element.show('password_fields');} else {Element.hide('password_fields');}" %></p>
26 26 <% end %>
27 27 <div id="password_fields" style="<%= 'display:none;' if @user.auth_source %>">
28 <p><label for="password"><%=l(:field_password)%><span class="required"> *</span></label>
29 <%= password_field_tag 'password', nil, :size => 25 %><br />
28 <p><%= f.password_field :password, :required => true, :size => 25 %><br />
30 29 <em><%= l(:text_caracters_minimum, :count => Setting.password_min_length) %></em></p>
31 <p><label for="password_confirmation"><%=l(:field_password_confirmation)%><span class="required"> *</span></label>
32 <%= password_field_tag 'password_confirmation', nil, :size => 25 %></p>
30 <p><%= f.password_field :password_confirmation, :required => true, :size => 25 %></p>
33 31 </div>
34 32 </div>
35 33
36 34 <div class="box">
37 35 <h3><%=l(:field_mail_notification)%></h3>
38 36 <%= render :partial => 'users/mail_notifications' %>
39 37 </div>
40 38
41 39 <div class="box tabular">
42 40 <h3><%=l(:label_preferences)%></h3>
43 41 <%= render :partial => 'users/preferences' %>
44 42 </div>
45 43 <!--[eoform:user]-->
Show file before | Show file after | Hide comments
@@ -1,235 +1,240
1 1 # redMine - project management software
2 2 # Copyright (C) 2006-2007 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.dirname(__FILE__) + '/../test_helper'
19 19 require 'users_controller'
20 20
21 21 # Re-raise errors caught by the controller.
22 22 class UsersController; def rescue_action(e) raise e end; end
23 23
24 24 class UsersControllerTest < ActionController::TestCase
25 25 include Redmine::I18n
26 26
27 27 fixtures :users, :projects, :members, :member_roles, :roles, :auth_sources, :custom_fields, :custom_values
28 28
29 29 def setup
30 30 @controller = UsersController.new
31 31 @request = ActionController::TestRequest.new
32 32 @response = ActionController::TestResponse.new
33 33 User.current = nil
34 34 @request.session[:user_id] = 1 # admin
35 35 end
36 36
37 37 def test_index
38 38 get :index
39 39 assert_response :success
40 40 assert_template 'index'
41 41 end
42 42
43 43 def test_index
44 44 get :index
45 45 assert_response :success
46 46 assert_template 'index'
47 47 assert_not_nil assigns(:users)
48 48 # active users only
49 49 assert_nil assigns(:users).detect {|u| !u.active?}
50 50 end
51 51
52 52 def test_index_with_name_filter
53 53 get :index, :name => 'john'
54 54 assert_response :success
55 55 assert_template 'index'
56 56 users = assigns(:users)
57 57 assert_not_nil users
58 58 assert_equal 1, users.size
59 59 assert_equal 'John', users.first.firstname
60 60 end
61 61
62 62 def test_show
63 63 @request.session[:user_id] = nil
64 64 get :show, :id => 2
65 65 assert_response :success
66 66 assert_template 'show'
67 67 assert_not_nil assigns(:user)
68 68
69 69 assert_tag 'li', :content => /Phone number/
70 70 end
71 71
72 72 def test_show_should_not_display_hidden_custom_fields
73 73 @request.session[:user_id] = nil
74 74 UserCustomField.find_by_name('Phone number').update_attribute :visible, false
75 75 get :show, :id => 2
76 76 assert_response :success
77 77 assert_template 'show'
78 78 assert_not_nil assigns(:user)
79 79
80 80 assert_no_tag 'li', :content => /Phone number/
81 81 end
82 82
83 83 def test_show_should_not_fail_when_custom_values_are_nil
84 84 user = User.find(2)
85 85
86 86 # Create a custom field to illustrate the issue
87 87 custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text')
88 88 custom_value = user.custom_values.build(:custom_field => custom_field).save!
89 89
90 90 get :show, :id => 2
91 91 assert_response :success
92 92 end
93 93
94 94 def test_show_inactive
95 95 @request.session[:user_id] = nil
96 96 get :show, :id => 5
97 97 assert_response 404
98 98 end
99 99
100 100 def test_show_should_not_reveal_users_with_no_visible_activity_or_project
101 101 @request.session[:user_id] = nil
102 102 get :show, :id => 9
103 103 assert_response 404
104 104 end
105 105
106 106 def test_show_inactive_by_admin
107 107 @request.session[:user_id] = 1
108 108 get :show, :id => 5
109 109 assert_response 200
110 110 assert_not_nil assigns(:user)
111 111 end
112 112
113 113 def test_show_displays_memberships_based_on_project_visibility
114 114 @request.session[:user_id] = 1
115 115 get :show, :id => 2
116 116 assert_response :success
117 117 memberships = assigns(:memberships)
118 118 assert_not_nil memberships
119 119 project_ids = memberships.map(&:project_id)
120 120 assert project_ids.include?(2) #private project admin can see
121 121 end
122 122
123 123 context "GET :new" do
124 124 setup do
125 125 get :new
126 126 end
127 127
128 128 should_assign_to :user
129 129 should_respond_with :success
130 130 should_render_template :new
131 131 end
132 132
133 133 context "POST :create" do
134 134 context "when successful" do
135 135 setup do
136 136 post :create, :user => {
137 137 :firstname => 'John',
138 138 :lastname => 'Doe',
139 139 :login => 'jdoe',
140 140 :password => 'test',
141 141 :password_confirmation => 'test',
142 142 :mail => 'jdoe@gmail.com'
143 143 },
144 144 :notification_option => 'none'
145 145 end
146 146
147 147 should_assign_to :user
148 148 should_respond_with :redirect
149 149 should_redirect_to('user edit') { {:controller => 'users', :action => 'edit', :id => User.find_by_login('jdoe')}}
150 150
151 151 should 'set the users mail notification' do
152 152 user = User.last
153 153 assert_equal 'none', user.mail_notification
154 154 end
155
156 should 'set the password' do
157 user = User.first(:order => 'id DESC')
158 assert user.check_password?('test')
159 end
155 160 end
156 161
157 162 context "when unsuccessful" do
158 163 setup do
159 164 post :create, :user => {}
160 165 end
161 166
162 167 should_assign_to :user
163 168 should_respond_with :success
164 169 should_render_template :new
165 170 end
166 171
167 172 end
168 173
169 174 def test_update
170 175 ActionMailer::Base.deliveries.clear
171 176 put :update, :id => 2, :user => {:firstname => 'Changed'}, :notification_option => 'all', :pref => {:hide_mail => '1', :comments_sorting => 'desc'}
172 177
173 178 user = User.find(2)
174 179 assert_equal 'Changed', user.firstname
175 180 assert_equal 'all', user.mail_notification
176 181 assert_equal true, user.pref[:hide_mail]
177 182 assert_equal 'desc', user.pref[:comments_sorting]
178 183 assert ActionMailer::Base.deliveries.empty?
179 184 end
180 185
181 186 def test_update_with_activation_should_send_a_notification
182 187 u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr')
183 188 u.login = 'foo'
184 189 u.status = User::STATUS_REGISTERED
185 190 u.save!
186 191 ActionMailer::Base.deliveries.clear
187 192 Setting.bcc_recipients = '1'
188 193
189 194 put :update, :id => u.id, :user => {:status => User::STATUS_ACTIVE}
190 195 assert u.reload.active?
191 196 mail = ActionMailer::Base.deliveries.last
192 197 assert_not_nil mail
193 198 assert_equal ['foo.bar@somenet.foo'], mail.bcc
194 199 assert mail.body.include?(ll('fr', :notice_account_activated))
195 200 end
196 201
197 def test_updat_with_password_change_should_send_a_notification
202 def test_update_with_password_change_should_send_a_notification
198 203 ActionMailer::Base.deliveries.clear
199 204 Setting.bcc_recipients = '1'
200 205
206 put :update, :id => 2, :user => {:password => 'newpass', :password_confirmation => 'newpass'}, :send_information => '1'
201 207 u = User.find(2)
202 put :update, :id => u.id, :user => {}, :password => 'newpass', :password_confirmation => 'newpass', :send_information => '1'
203 assert_equal User.hash_password('newpass'), u.reload.hashed_password
208 assert u.check_password?('newpass')
204 209
205 210 mail = ActionMailer::Base.deliveries.last
206 211 assert_not_nil mail
207 212 assert_equal [u.mail], mail.bcc
208 213 assert mail.body.include?('newpass')
209 214 end
210 215
211 216 test "put :update with a password change to an AuthSource user switching to Internal authentication" do
212 217 # Configure as auth source
213 218 u = User.find(2)
214 219 u.auth_source = AuthSource.find(1)
215 220 u.save!
216 221
217 put :update, :id => u.id, :user => {:auth_source_id => ''}, :password => 'newpass', :password_confirmation => 'newpass'
222 put :update, :id => u.id, :user => {:auth_source_id => '', :password => 'newpass'}, :password_confirmation => 'newpass'
218 223
219 224 assert_equal nil, u.reload.auth_source
220 assert_equal User.hash_password('newpass'), u.reload.hashed_password
225 assert u.check_password?('newpass')
221 226 end
222 227
223 228 def test_edit_membership
224 229 post :edit_membership, :id => 2, :membership_id => 1,
225 230 :membership => { :role_ids => [2]}
226 231 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
227 232 assert_equal [2], Member.find(1).role_ids
228 233 end
229 234
230 235 def test_destroy_membership
231 236 post :destroy_membership, :id => 2, :membership_id => 1
232 237 assert_redirected_to :action => 'edit', :id => '2', :tab => 'memberships'
233 238 assert_nil Member.find_by_id(1)
234 239 end
235 240 end
Show file before | Show file after | Hide comments
@@ -1,256 +1,257
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2010 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require "#{File.dirname(__FILE__)}/../../test_helper"
19 19 require 'pp'
20 20 class ApiTest::UsersTest < ActionController::IntegrationTest
21 21 fixtures :users
22 22
23 23 def setup
24 24 Setting.rest_api_enabled = '1'
25 25 end
26 26
27 27 context "GET /users" do
28 28 should_allow_api_authentication(:get, "/users.xml")
29 29 should_allow_api_authentication(:get, "/users.json")
30 30 end
31 31
32 32 context "GET /users/2" do
33 33 context ".xml" do
34 34 should "return requested user" do
35 35 get '/users/2.xml'
36 36
37 37 assert_tag :tag => 'user',
38 38 :child => {:tag => 'id', :content => '2'}
39 39 end
40 40 end
41 41
42 42 context ".json" do
43 43 should "return requested user" do
44 44 get '/users/2.json'
45 45
46 46 json = ActiveSupport::JSON.decode(response.body)
47 47 assert_kind_of Hash, json
48 48 assert_kind_of Hash, json['user']
49 49 assert_equal 2, json['user']['id']
50 50 end
51 51 end
52 52 end
53 53
54 54 context "POST /users" do
55 55 context "with valid parameters" do
56 56 setup do
57 @parameters = {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}}
57 @parameters = {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net', :password => 'secret'}}
58 58 end
59 59
60 60 context ".xml" do
61 61 should_allow_api_authentication(:post,
62 62 '/users.xml',
63 {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}},
63 {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net', :password => 'secret'}},
64 64 {:success_code => :created})
65 65
66 66 should "create a user with the attributes" do
67 67 assert_difference('User.count') do
68 68 post '/users.xml', @parameters, :authorization => credentials('admin')
69 69 end
70 70
71 71 user = User.first(:order => 'id DESC')
72 72 assert_equal 'foo', user.login
73 73 assert_equal 'Firstname', user.firstname
74 74 assert_equal 'Lastname', user.lastname
75 75 assert_equal 'foo@example.net', user.mail
76 76 assert !user.admin?
77 assert user.check_password?('secret')
77 78
78 79 assert_response :created
79 80 assert_equal 'application/xml', @response.content_type
80 81 assert_tag 'user', :child => {:tag => 'id', :content => user.id.to_s}
81 82 end
82 83 end
83 84
84 85 context ".json" do
85 86 should_allow_api_authentication(:post,
86 87 '/users.json',
87 88 {:user => {:login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', :mail => 'foo@example.net'}},
88 89 {:success_code => :created})
89 90
90 91 should "create a user with the attributes" do
91 92 assert_difference('User.count') do
92 93 post '/users.json', @parameters, :authorization => credentials('admin')
93 94 end
94 95
95 96 user = User.first(:order => 'id DESC')
96 97 assert_equal 'foo', user.login
97 98 assert_equal 'Firstname', user.firstname
98 99 assert_equal 'Lastname', user.lastname
99 100 assert_equal 'foo@example.net', user.mail
100 101 assert !user.admin?
101 102
102 103 assert_response :created
103 104 assert_equal 'application/json', @response.content_type
104 105 json = ActiveSupport::JSON.decode(response.body)
105 106 assert_kind_of Hash, json
106 107 assert_kind_of Hash, json['user']
107 108 assert_equal user.id, json['user']['id']
108 109 end
109 110 end
110 111 end
111 112
112 113 context "with invalid parameters" do
113 114 setup do
114 115 @parameters = {:user => {:login => 'foo', :lastname => 'Lastname', :mail => 'foo'}}
115 116 end
116 117
117 118 context ".xml" do
118 119 should "return errors" do
119 120 assert_no_difference('User.count') do
120 121 post '/users.xml', @parameters, :authorization => credentials('admin')
121 122 end
122 123
123 124 assert_response :unprocessable_entity
124 125 assert_equal 'application/xml', @response.content_type
125 126 assert_tag 'errors', :child => {:tag => 'error', :content => "Firstname can't be blank"}
126 127 end
127 128 end
128 129
129 130 context ".json" do
130 131 should "return errors" do
131 132 assert_no_difference('User.count') do
132 133 post '/users.json', @parameters, :authorization => credentials('admin')
133 134 end
134 135
135 136 assert_response :unprocessable_entity
136 137 assert_equal 'application/json', @response.content_type
137 138 json = ActiveSupport::JSON.decode(response.body)
138 139 assert_kind_of Hash, json
139 140 assert json.has_key?('errors')
140 141 assert_kind_of Array, json['errors']
141 142 end
142 143 end
143 144 end
144 145 end
145 146
146 147 context "PUT /users/2" do
147 148 context "with valid parameters" do
148 149 setup do
149 150 @parameters = {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}}
150 151 end
151 152
152 153 context ".xml" do
153 154 should_allow_api_authentication(:put,
154 155 '/users/2.xml',
155 156 {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}},
156 157 {:success_code => :ok})
157 158
158 159 should "update user with the attributes" do
159 160 assert_no_difference('User.count') do
160 161 put '/users/2.xml', @parameters, :authorization => credentials('admin')
161 162 end
162 163
163 164 user = User.find(2)
164 165 assert_equal 'jsmith', user.login
165 166 assert_equal 'John', user.firstname
166 167 assert_equal 'Renamed', user.lastname
167 168 assert_equal 'jsmith@somenet.foo', user.mail
168 169 assert !user.admin?
169 170
170 171 assert_response :ok
171 172 end
172 173 end
173 174
174 175 context ".json" do
175 176 should_allow_api_authentication(:put,
176 177 '/users/2.json',
177 178 {:user => {:login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', :mail => 'jsmith@somenet.foo'}},
178 179 {:success_code => :ok})
179 180
180 181 should "update user with the attributes" do
181 182 assert_no_difference('User.count') do
182 183 put '/users/2.json', @parameters, :authorization => credentials('admin')
183 184 end
184 185
185 186 user = User.find(2)
186 187 assert_equal 'jsmith', user.login
187 188 assert_equal 'John', user.firstname
188 189 assert_equal 'Renamed', user.lastname
189 190 assert_equal 'jsmith@somenet.foo', user.mail
190 191 assert !user.admin?
191 192
192 193 assert_response :ok
193 194 end
194 195 end
195 196 end
196 197
197 198 context "with invalid parameters" do
198 199 setup do
199 200 @parameters = {:user => {:login => 'jsmith', :firstname => '', :lastname => 'Lastname', :mail => 'foo'}}
200 201 end
201 202
202 203 context ".xml" do
203 204 should "return errors" do
204 205 assert_no_difference('User.count') do
205 206 put '/users/2.xml', @parameters, :authorization => credentials('admin')
206 207 end
207 208
208 209 assert_response :unprocessable_entity
209 210 assert_equal 'application/xml', @response.content_type
210 211 assert_tag 'errors', :child => {:tag => 'error', :content => "Firstname can't be blank"}
211 212 end
212 213 end
213 214
214 215 context ".json" do
215 216 should "return errors" do
216 217 assert_no_difference('User.count') do
217 218 put '/users/2.json', @parameters, :authorization => credentials('admin')
218 219 end
219 220
220 221 assert_response :unprocessable_entity
221 222 assert_equal 'application/json', @response.content_type
222 223 json = ActiveSupport::JSON.decode(response.body)
223 224 assert_kind_of Hash, json
224 225 assert json.has_key?('errors')
225 226 assert_kind_of Array, json['errors']
226 227 end
227 228 end
228 229 end
229 230
230 231 context "DELETE /users/2" do
231 232 context ".xml" do
232 233 should "not be allowed" do
233 234 assert_no_difference('User.count') do
234 235 delete '/users/2.xml'
235 236 end
236 237
237 238 assert_response :method_not_allowed
238 239 end
239 240 end
240 241
241 242 context ".json" do
242 243 should "not be allowed" do
243 244 assert_no_difference('User.count') do
244 245 delete '/users/2.json'
245 246 end
246 247
247 248 assert_response :method_not_allowed
248 249 end
249 250 end
250 251 end
251 252 end
252 253
253 254 def credentials(user, password=nil)
254 255 ActionController::HttpAuthentication::Basic.encode_credentials(user, password || user)
255 256 end
256 257 end
General Comments 0
You need to be logged in to leave comments. Login now