jro_apps/redmine Commit - r13010:d00f875800fc

Make 2nd parameter optional in User#allowed_to_globally? for consistency (#6498)....

Jean-Baptiste Barth -

r13010:d00f875800fc

parent child

Context file:

r13010:d00f875800fc

Collapse all files

app/models/user.rb +5 -1

             # Redmine - project management software
             # Copyright (C) 2006-2014  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/sha1"
             class User < Principal
               include Redmine::SafeAttributes
               # Different ways of displaying/sorting users
               USER_FORMATS = {
                 :firstname_lastname => {
                     :string => '#{firstname} #{lastname}',
                     :order => %w(firstname lastname id),
                     :setting_order => 1
                   },
                 :firstname_lastinitial => {
                     :string => '#{firstname} #{lastname.to_s.chars.first}.',
                     :order => %w(firstname lastname id),
                     :setting_order => 2
                   },
                 :firstinitial_lastname => {
                     :string => '#{firstname.to_s.gsub(/(([[:alpha:]])[[:alpha:]]*\.?)/, \'\2.\')} #{lastname}',
                     :order => %w(firstname lastname id),
                     :setting_order => 2
                   },
                 :firstname => {
                     :string => '#{firstname}',
                     :order => %w(firstname id),
                     :setting_order => 3
                   },
                 :lastname_firstname => {
                     :string => '#{lastname} #{firstname}',
                     :order => %w(lastname firstname id),
                     :setting_order => 4
                   },
                 :lastname_coma_firstname => {
                     :string => '#{lastname}, #{firstname}',
                     :order => %w(lastname firstname id),
                     :setting_order => 5
                   },
                 :lastname => {
                     :string => '#{lastname}',
                     :order => %w(lastname id),
                     :setting_order => 6
                   },
                 :username => {
                     :string => '#{login}',
                     :order => %w(login id),
                     :setting_order => 7
                   },
               }
               MAIL_NOTIFICATION_OPTIONS = [
                 ['all', :label_user_mail_option_all],
                 ['selected', :label_user_mail_option_selected],
                 ['only_my_events', :label_user_mail_option_only_my_events],
                 ['only_assigned', :label_user_mail_option_only_assigned],
                 ['only_owner', :label_user_mail_option_only_owner],
                 ['none', :label_user_mail_option_none]
               ]
               has_and_belongs_to_many :groups,
                                       :join_table   => "#{table_name_prefix}groups_users#{table_name_suffix}",
                                       :after_add    => Proc.new {|user, group| group.user_added(user)},
                                       :after_remove => Proc.new {|user, group| group.user_removed(user)}
               has_many :changesets, :dependent => :nullify
               has_one :preference, :dependent => :destroy, :class_name => 'UserPreference'
               has_one :rss_token, :class_name => 'Token', :conditions => "action='feeds'"
               has_one :api_token, :class_name => 'Token', :conditions => "action='api'"
               belongs_to :auth_source
               scope :logged, lambda { where("#{User.table_name}.status <> #{STATUS_ANONYMOUS}") }
               scope :status, lambda {|arg| where(arg.blank? ? nil : {:status => arg.to_i}) }
               acts_as_customizable
               attr_accessor :password, :password_confirmation, :generate_password
               attr_accessor :last_before_login_on
               # Prevents unauthorized assignments
               attr_protected :login, :admin, :password, :password_confirmation, :hashed_password
               LOGIN_LENGTH_LIMIT = 60
               MAIL_LENGTH_LIMIT = 60
               validates_presence_of :login, :firstname, :lastname, :mail, :if => Proc.new { |user| !user.is_a?(AnonymousUser) }
               validates_uniqueness_of :login, :if => Proc.new { |user| user.login_changed? && user.login.present? }, :case_sensitive => false
               validates_uniqueness_of :mail, :if => Proc.new { |user| user.mail_changed? && user.mail.present? }, :case_sensitive => false
               # Login must contain letters, numbers, underscores only
               validates_format_of :login, :with => /\A[a-z0-9_\-@\.]*\z/i
               validates_length_of :login, :maximum => LOGIN_LENGTH_LIMIT
               validates_length_of :firstname, :lastname, :maximum => 30
               validates_format_of :mail, :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i, :allow_blank => true
               validates_length_of :mail, :maximum => MAIL_LENGTH_LIMIT, :allow_nil => true
               validates_confirmation_of :password, :allow_nil => true
               validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true
               validate :validate_password_length
               before_create :set_mail_notification
               before_save   :generate_password_if_needed, :update_hashed_password
               before_destroy :remove_references_before_destroy
               after_save :update_notified_project_ids
               scope :in_group, lambda {|group|
                 group_id = group.is_a?(Group) ? group.id : group.to_i
                 where("#{User.table_name}.id IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id)
               }
               scope :not_in_group, lambda {|group|
                 group_id = group.is_a?(Group) ? group.id : group.to_i
                 where("#{User.table_name}.id NOT IN (SELECT gu.user_id FROM #{table_name_prefix}groups_users#{table_name_suffix} gu WHERE gu.group_id = ?)", group_id)
               }
               scope :sorted, lambda { order(*User.fields_for_order_statement)}
               def set_mail_notification
                 self.mail_notification = Setting.default_notification_option if self.mail_notification.blank?
                 true
               end
               def update_hashed_password
                 # update hashed_password if password was set
                 if self.password && self.auth_source_id.blank?
                   salt_password(password)
                 end
               end
               alias :base_reload :reload
               def reload(*args)
                 @name = nil
                 @projects_by_role = nil
                 @membership_by_project_id = nil
                 @notified_projects_ids = nil
                 @notified_projects_ids_changed = false
                 @builtin_role = nil
                 base_reload(*args)
               end
               def mail=(arg)
                 write_attribute(:mail, arg.to_s.strip)
               end
               def identity_url=(url)
                 if url.blank?
                   write_attribute(:identity_url, '')
                 else
                   begin
                     write_attribute(:identity_url, OpenIdAuthentication.normalize_identifier(url))
                   rescue OpenIdAuthentication::InvalidOpenId
                     # Invalid url, don't save
                   end
                 end
                 self.read_attribute(:identity_url)
               end
               # Returns the user that matches provided login and password, or nil
               def self.try_to_login(login, password, active_only=true)
                 login = login.to_s
                 password = password.to_s
                 # Make sure no one can sign in with an empty login or password
                 return nil if login.empty? || password.empty?
                 user = find_by_login(login)
                 if user
                   # user is already in local database
                   return nil unless user.check_password?(password)
                   return nil if !user.active? && active_only
                 else
                   # user is not yet registered, try to authenticate with available sources
                   attrs = AuthSource.authenticate(login, password)
                   if attrs
                     user = new(attrs)
                     user.login = login
                     user.language = Setting.default_language
                     if user.save
                       user.reload
                       logger.info("User '#{user.login}' created from external auth source: #{user.auth_source.type} - #{user.auth_source.name}") if logger && user.auth_source
                     end
                   end
                 end
                 user.update_column(:last_login_on, Time.now) if user && !user.new_record? && user.active?
                 user
               rescue => text
                 raise text
               end
               # Returns the user who matches the given autologin +key+ or nil
               def self.try_to_autologin(key)
                 user = Token.find_active_user('autologin', key, Setting.autologin.to_i)
                 if user
                   user.update_column(:last_login_on, Time.now)
                   user
                 end
               end
               def self.name_formatter(formatter = nil)
                 USER_FORMATS[formatter || Setting.user_format] || USER_FORMATS[:firstname_lastname]
               end
               # Returns an array of fields names than can be used to make an order statement for users
               # according to how user names are displayed
               # Examples:
               #
               #   User.fields_for_order_statement              => ['users.login', 'users.id']
               #   User.fields_for_order_statement('authors')   => ['authors.login', 'authors.id']
               def self.fields_for_order_statement(table=nil)
                 table ||= table_name
                 name_formatter[:order].map {|field| "#{table}.#{field}"}
               end
               # Return user's full name for display
               def name(formatter = nil)
                 f = self.class.name_formatter(formatter)
                 if formatter
                   eval('"' + f[:string] + '"')
                 else
                   @name ||= eval('"' + f[:string] + '"')
                 end
               end
               def active?
                 self.status == STATUS_ACTIVE
               end
               def registered?
                 self.status == STATUS_REGISTERED
               end
               def locked?
                 self.status == STATUS_LOCKED
               end
               def activate
                 self.status = STATUS_ACTIVE
               end
               def register
                 self.status = STATUS_REGISTERED
               end
               def lock
                 self.status = STATUS_LOCKED
               end
               def activate!
                 update_attribute(:status, STATUS_ACTIVE)
               end
               def register!
                 update_attribute(:status, STATUS_REGISTERED)
               end
               def lock!
                 update_attribute(:status, STATUS_LOCKED)
               end
               # Returns true if +clear_password+ is the correct user's password, otherwise false
               def check_password?(clear_password)
                 if auth_source_id.present?
                   auth_source.authenticate(self.login, clear_password)
                 else
                   User.hash_password("#{salt}#{User.hash_password clear_password}") == hashed_password
                 end
               end
               # Generates a random salt and computes hashed_password for +clear_password+
               # The hashed password is stored in the following form: SHA1(salt + SHA1(password))
               def salt_password(clear_password)
                 self.salt = User.generate_salt
                 self.hashed_password = User.hash_password("#{salt}#{User.hash_password clear_password}")
               end
               # Does the backend storage allow this user to change their password?
               def change_password_allowed?
                 return true if auth_source.nil?
                 return auth_source.allow_password_changes?
               end
               def must_change_password?
                 must_change_passwd? && change_password_allowed?
               end
               def generate_password?
                 generate_password == '1' || generate_password == true
               end
               # Generate and set a random password on given length
               def random_password(length=40)
                 chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
                 chars -= %w(0 O 1 l)
                 password = ''
                 length.times {|i| password << chars[SecureRandom.random_number(chars.size)] }
                 self.password = password
                 self.password_confirmation = password
                 self
               end
               def pref
                 self.preference ||= UserPreference.new(:user => self)
               end
               def time_zone
                 @time_zone ||= (self.pref.time_zone.blank? ? nil : ActiveSupport::TimeZone[self.pref.time_zone])
               end
               def force_default_language?
                 Setting.force_default_language_for_loggedin?
               end
               def language
                 if force_default_language?
                   Setting.default_language
                 else
                   super
                 end
               end
               def wants_comments_in_reverse_order?
                 self.pref[:comments_sorting] == 'desc'
               end
               # Return user's RSS key (a 40 chars long string), used to access feeds
               def rss_key
                 if rss_token.nil?
                   create_rss_token(:action => 'feeds')
                 end
                 rss_token.value
               end
               # Return user's API key (a 40 chars long string), used to access the API
               def api_key
                 if api_token.nil?
                   create_api_token(:action => 'api')
                 end
                 api_token.value
               end
               # Return an array of project ids for which the user has explicitly turned mail notifications on
               def notified_projects_ids
                 @notified_projects_ids ||= memberships.select {|m| m.mail_notification?}.collect(&:project_id)
               end
               def notified_project_ids=(ids)
                 @notified_projects_ids_changed = true
                 @notified_projects_ids = ids
               end
               # Updates per project notifications (after_save callback)
               def update_notified_project_ids
                 if @notified_projects_ids_changed
                   ids = (mail_notification == 'selected' ? Array.wrap(notified_projects_ids).reject(&:blank?) : [])
                   members.update_all(:mail_notification => false)
                   members.where(:project_id => ids).update_all(:mail_notification => true) if ids.any?
                 end
               end
               private :update_notified_project_ids
               def valid_notification_options
                 self.class.valid_notification_options(self)
               end
               # Only users that belong to more than 1 project can select projects for which they are notified
               def self.valid_notification_options(user=nil)
                 # Note that @user.membership.size would fail since AR ignores
                 # :include association option when doing a count
                 if user.nil? || user.memberships.length < 1
                   MAIL_NOTIFICATION_OPTIONS.reject {|option| option.first == 'selected'}
                 else
                   MAIL_NOTIFICATION_OPTIONS
                 end
               end
               # Find a user account by matching the exact login and then a case-insensitive
               # version.  Exact matches will be given priority.
               def self.find_by_login(login)
                 login = Redmine::CodesetUtil.replace_invalid_utf8(login.to_s)
                 if login.present?
                   # First look for an exact match
                   user = where(:login => login).detect {|u| u.login == login}
                   unless user
                     # Fail over to case-insensitive if none was found
                     user = where("LOWER(login) = ?", login.downcase).first
                   end
                   user
                 end
               end
               def self.find_by_rss_key(key)
                 Token.find_active_user('feeds', key)
               end
               def self.find_by_api_key(key)
                 Token.find_active_user('api', key)
               end
               # Makes find_by_mail case-insensitive
               def self.find_by_mail(mail)
                 where("LOWER(mail) = ?", mail.to_s.downcase).first
               end
               # Returns true if the default admin account can no longer be used
               def self.default_admin_account_changed?
                 !User.active.find_by_login("admin").try(:check_password?, "admin")
               end
               def to_s
                 name
               end
               CSS_CLASS_BY_STATUS = {
                 STATUS_ANONYMOUS  => 'anon',
                 STATUS_ACTIVE     => 'active',
                 STATUS_REGISTERED => 'registered',
                 STATUS_LOCKED     => 'locked'
               }
               def css_classes
                 "user #{CSS_CLASS_BY_STATUS[status]}"
               end
               # Returns the current day according to user's time zone
               def today
                 if time_zone.nil?
                   Date.today
                 else
                   Time.now.in_time_zone(time_zone).to_date
                 end
               end
               # Returns the day of +time+ according to user's time zone
               def time_to_date(time)
                 if time_zone.nil?
                   time.to_date
                 else
                   time.in_time_zone(time_zone).to_date
                 end
               end
               def logged?
                 true
               end
               def anonymous?
                 !logged?
               end
               # Returns user's membership for the given project
               # or nil if the user is not a member of project
               def membership(project)
                 project_id = project.is_a?(Project) ? project.id : project
                 @membership_by_project_id ||= Hash.new {|h, project_id|
                   h[project_id] = memberships.where(:project_id => project_id).first
                 }
                 @membership_by_project_id[project_id]
               end
               # Returns the user's bult-in role
               def builtin_role
                 @builtin_role ||= Role.non_member
               end
               # Return user's roles for project
               def roles_for_project(project)
                 roles = []
                 # No role on archived projects
                 return roles if project.nil? || project.archived?
                 if membership = membership(project)
                   roles = membership.roles
                 else
                   roles << builtin_role
                 end
                 roles
               end
               # Return true if the user is a member of project
               def member_of?(project)
                 projects.to_a.include?(project)
               end
               # Returns a hash of user's projects grouped by roles
               def projects_by_role
                 return @projects_by_role if @projects_by_role
                 @projects_by_role = Hash.new([])
                 memberships.each do |membership|
                   if membership.project
                     membership.roles.each do |role|
                       @projects_by_role[role] = [] unless @projects_by_role.key?(role)
                       @projects_by_role[role] << membership.project
                     end
                   end
                 end
                 @projects_by_role.each do |role, projects|
                   projects.uniq!
                 end
                 @projects_by_role
               end
               # Returns true if user is arg or belongs to arg
               def is_or_belongs_to?(arg)
                 if arg.is_a?(User)
                   self == arg
                 elsif arg.is_a?(Group)
                   arg.users.include?(self)
                 else
                   false
                 end
               end
               # Return true if the user is allowed to do the specified action on a specific context
               # Action can be:
               # * a parameter-like Hash (eg. :controller => 'projects', :action => 'edit')
               # * a permission Symbol (eg. :edit_project)
               # Context can be:
               # * a project : returns true if user is allowed to do the specified action on this project
               # * an array of projects : returns true if user is allowed on every project
               # * nil with options[:global] set : check if user has at least one role allowed for this action,
               #   or falls back to Non Member / Anonymous permissions depending if the user is logged
               def allowed_to?(action, context, options={}, &block)
                 if context && context.is_a?(Project)
                   return false unless context.allows_to?(action)
                   # Admin users are authorized for anything else
                   return true if admin?
                   roles = roles_for_project(context)
                   return false unless roles
                   roles.any? {|role|
                     (context.is_public? || role.member?) &&
                     role.allowed_to?(action) &&
                     (block_given? ? yield(role, self) : true)
                   }
                 elsif context && context.is_a?(Array)
                   if context.empty?
                     false
                   else
                     # Authorize if user is authorized on every element of the array
                     context.map {|project| allowed_to?(action, project, options, &block)}.reduce(:&)
                   end
                 elsif options[:global]
                   # Admin users are always authorized
                   return true if admin?
                   # authorize if user has at least one role that has this permission
                   roles = memberships.collect {|m| m.roles}.flatten.uniq
                   roles << (self.logged? ? Role.non_member : Role.anonymous)
                   roles.any? {|role|
                     role.allowed_to?(action) &&
                     (block_given? ? yield(role, self) : true)
                   }
                 else
                   false
                 end
               end
               # Is the user allowed to do the specified action on any project?
               # See allowed_to? for the actions and valid options.
-              def allowed_to_globally?(action, options, &block)
+              # NB: this method is not used anywhere in the core codebase as of
+              # 2.5.2, but it's used by many plugins so if we ever want to remove
+              # it it has to be carefully deprecated for a version or two.
+              def allowed_to_globally?(action, options={}, &block)
                 allowed_to?(action, nil, options.reverse_merge(:global => true), &block)
               end
               # Returns true if the user is allowed to delete the user's own account
               def own_account_deletable?
                 Setting.unsubscribe? &&
                   (!admin? || User.active.where("admin = ? AND id <> ?", true, id).exists?)
               end
               safe_attributes 'login',
                 'firstname',
                 'lastname',
                 'mail',
                 'mail_notification',
                 'notified_project_ids',
                 'language',
                 'custom_field_values',
                 'custom_fields',
                 'identity_url'
               safe_attributes 'status',
                 'auth_source_id',
                 'generate_password',
                 'must_change_passwd',
                 :if => lambda {|user, current_user| current_user.admin?}
               safe_attributes 'group_ids',
                 :if => lambda {|user, current_user| current_user.admin? && !user.new_record?}
               # Utility method to help check if a user should be notified about an
               # event.
               #
               # TODO: only supports Issue events currently
               def notify_about?(object)
                 if mail_notification == 'all'
                   true
                 elsif mail_notification.blank? || mail_notification == 'none'
                   false
                 else
                   case object
                   when Issue
                     case mail_notification
                     when 'selected', 'only_my_events'
                       # user receives notifications for created/assigned issues on unselected projects
                       object.author == self || is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was)
                     when 'only_assigned'
                       is_or_belongs_to?(object.assigned_to) || is_or_belongs_to?(object.assigned_to_was)
                     when 'only_owner'
                       object.author == self
                     end
                   when News
                     # always send to project members except when mail_notification is set to 'none'
                     true
                   end
                 end
               end
               def self.current=(user)
                 RequestStore.store[:current_user] = user
               end
               def self.current
                 RequestStore.store[:current_user] ||= User.anonymous
               end
               # Returns the anonymous user.  If the anonymous user does not exist, it is created.  There can be only
               # one anonymous user per database.
               def self.anonymous
                 anonymous_user = AnonymousUser.first
                 if anonymous_user.nil?
                   anonymous_user = AnonymousUser.create(:lastname => 'Anonymous', :firstname => '', :mail => '', :login => '', :status => 0)
                   raise 'Unable to create the anonymous user.' if anonymous_user.new_record?
                 end
                 anonymous_user
               end
               # Salts all existing unsalted passwords
               # It changes password storage scheme from SHA1(password) to SHA1(salt + SHA1(password))
               # This method is used in the SaltPasswords migration and is to be kept as is
               def self.salt_unsalted_passwords!
                 transaction do
                   User.where("salt IS NULL OR salt = ''").find_each do |user|
                     next if user.hashed_password.blank?
                     salt = User.generate_salt
                     hashed_password = User.hash_password("#{salt}#{user.hashed_password}")
                     User.where(:id => user.id).update_all(:salt => salt, :hashed_password => hashed_password)
                   end
                 end
               end
               protected
               def validate_password_length
                 return if password.blank? && generate_password?
                 # Password length validation based on setting
                 if !password.nil? && password.size < Setting.password_min_length.to_i
                   errors.add(:password, :too_short, :count => Setting.password_min_length.to_i)
                 end
               end
               private
               def generate_password_if_needed
                 if generate_password? && auth_source.nil?
                   length = [Setting.password_min_length.to_i + 2, 10].max
                   random_password(length)
                 end
               end
               # Removes references that are not handled by associations
               # Things that are not deleted are reassociated with the anonymous user
               def remove_references_before_destroy
                 return if self.id.nil?
                 substitute = User.anonymous
                 Attachment.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id])
                 Comment.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id])
                 Issue.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id])
                 Issue.where(['assigned_to_id = ?', id]).update_all('assigned_to_id = NULL')
                 Journal.where(['user_id = ?', id]).update_all(['user_id = ?', substitute.id])
                 JournalDetail.
                   where(["property = 'attr' AND prop_key = 'assigned_to_id' AND old_value = ?", id.to_s]).
                   update_all(['old_value = ?', substitute.id.to_s])
                 JournalDetail.
                   where(["property = 'attr' AND prop_key = 'assigned_to_id' AND value = ?", id.to_s]).
                   update_all(['value = ?', substitute.id.to_s])
                 Message.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id])
                 News.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id])
                 # Remove private queries and keep public ones
                 ::Query.delete_all ['user_id = ? AND visibility = ?', id, ::Query::VISIBILITY_PRIVATE]
                 ::Query.where(['user_id = ?', id]).update_all(['user_id = ?', substitute.id])
                 TimeEntry.where(['user_id = ?', id]).update_all(['user_id = ?', substitute.id])
                 Token.delete_all ['user_id = ?', id]
                 Watcher.delete_all ['user_id = ?', id]
                 WikiContent.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id])
                 WikiContent::Version.where(['author_id = ?', id]).update_all(['author_id = ?', substitute.id])
               end
               # Return password digest
               def self.hash_password(clear_password)
                 Digest::SHA1.hexdigest(clear_password || "")
               end
               # Returns a 128bits random salt as a hex string (32 chars long)
               def self.generate_salt
                 Redmine::Utils.random_hex(16)
               end
             end
             class AnonymousUser < User
               validate :validate_anonymous_uniqueness, :on => :create
               def validate_anonymous_uniqueness
                 # There should be only one AnonymousUser in the database
                 errors.add :base, 'An anonymous user already exists.' if AnonymousUser.exists?
               end
               def available_custom_fields
                 []
               end
               # Overrides a few properties
               def logged?; false end
               def admin; false end
               def name(*args); I18n.t(:label_user_anonymous) end
               def mail; nil end
               def time_zone; nil end
               def rss_key; nil end
               def pref
                 UserPreference.new(:user => self)
               end
               # Returns the user's bult-in role
               def builtin_role
                 @builtin_role ||= Role.anonymous
               end
               def membership(*args)
                 nil
               end
               def member_of?(*args)
                 false
               end
               # Anonymous user can not be destroyed
               def destroy
                 false
               end
             end

test/unit/user_test.rb +13 0

             # Redmine - project management software
             # Copyright (C) 2006-2014  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.expand_path('../../test_helper', __FILE__)
             class UserTest < ActiveSupport::TestCase
               fixtures :users, :members, :projects, :roles, :member_roles, :auth_sources,
                         :trackers, :issue_statuses,
                         :projects_trackers,
                         :watchers,
                         :issue_categories, :enumerations, :issues,
                         :journals, :journal_details,
                         :groups_users,
                         :enabled_modules
               def setup
                 @admin = User.find(1)
                 @jsmith = User.find(2)
                 @dlopper = User.find(3)
               end
               def test_sorted_scope_should_sort_user_by_display_name
                 assert_equal User.all.map(&:name).map(&:downcase).sort,
                              User.sorted.map(&:name).map(&:downcase)
               end
               def test_generate
                 User.generate!(:firstname => 'Testing connection')
                 User.generate!(:firstname => 'Testing connection')
                 assert_equal 2, User.where(:firstname => 'Testing connection').count
               end
               def test_truth
                 assert_kind_of User, @jsmith
               end
               def test_mail_should_be_stripped
                 u = User.new
                 u.mail = " foo@bar.com  "
                 assert_equal "foo@bar.com", u.mail
               end
               def test_mail_validation
                 u = User.new
                 u.mail = ''
                 assert !u.valid?
                 assert_include I18n.translate('activerecord.errors.messages.blank'), u.errors[:mail]
               end
               def test_login_length_validation
                 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 user.login = "x" * (User::LOGIN_LENGTH_LIMIT+1)
                 assert !user.valid?
                 user.login = "x" * (User::LOGIN_LENGTH_LIMIT)
                 assert user.valid?
                 assert user.save
               end
               def test_generate_password_should_respect_minimum_password_length
                 with_settings :password_min_length => 15 do
                   user = User.generate!(:generate_password => true)
                   assert user.password.length >= 15
                 end
               end
               def test_generate_password_should_not_generate_password_with_less_than_10_characters
                 with_settings :password_min_length => 4 do
                   user = User.generate!(:generate_password => true)
                   assert user.password.length >= 10
                 end
               end
               def test_generate_password_on_create_should_set_password
                 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 user.login = "newuser"
                 user.generate_password = true
                 assert user.save
                 password = user.password
                 assert user.check_password?(password)
               end
               def test_generate_password_on_update_should_update_password
                 user = User.find(2)
                 hash = user.hashed_password
                 user.generate_password = true
                 assert user.save
                 password = user.password
                 assert user.check_password?(password)
                 assert_not_equal hash, user.reload.hashed_password
               end
               def test_create
                 user = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 user.login = "jsmith"
                 user.password, user.password_confirmation = "password", "password"
                 # login uniqueness
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.login = "newuser"
                 user.password, user.password_confirmation = "password", "pass"
                 # password confirmation
                 assert !user.save
                 assert_equal 1, user.errors.count
                 user.password, user.password_confirmation = "password", "password"
                 assert user.save
               end
               def test_user_before_create_should_set_the_mail_notification_to_the_default_setting
                 @user1 = User.generate!
                 assert_equal 'only_my_events', @user1.mail_notification
                 with_settings :default_notification_option => 'all' do
                   @user2 = User.generate!
                   assert_equal 'all', @user2.mail_notification
                 end
               end
               def test_user_login_should_be_case_insensitive
                 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 u.login = 'newuser'
                 u.password, u.password_confirmation = "password", "password"
                 assert u.save
                 u = User.new(:firstname => "Similar", :lastname => "User",
                              :mail => "similaruser@somenet.foo")
                 u.login = 'NewUser'
                 u.password, u.password_confirmation = "password", "password"
                 assert !u.save
                 assert_include I18n.translate('activerecord.errors.messages.taken'), u.errors[:login]
               end
               def test_mail_uniqueness_should_not_be_case_sensitive
                 u = User.new(:firstname => "new", :lastname => "user", :mail => "newuser@somenet.foo")
                 u.login = 'newuser1'
                 u.password, u.password_confirmation = "password", "password"
                 assert u.save
                 u = User.new(:firstname => "new", :lastname => "user", :mail => "newUser@Somenet.foo")
                 u.login = 'newuser2'
                 u.password, u.password_confirmation = "password", "password"
                 assert !u.save
                 assert_include I18n.translate('activerecord.errors.messages.taken'), u.errors[:mail]
               end
               def test_update
                 assert_equal "admin", @admin.login
                 @admin.login = "john"
                 assert @admin.save, @admin.errors.full_messages.join("; ")
                 @admin.reload
                 assert_equal "john", @admin.login
               end
               def test_update_should_not_fail_for_legacy_user_with_different_case_logins
                 u1 = User.new(:firstname => "new", :lastname => "user", :mail => "newuser1@somenet.foo")
                 u1.login = 'newuser1'
                 assert u1.save
                 u2 = User.new(:firstname => "new", :lastname => "user", :mail => "newuser2@somenet.foo")
                 u2.login = 'newuser1'
                 assert u2.save(:validate => false)
                 user = User.find(u2.id)
                 user.firstname = "firstname"
                 assert user.save, "Save failed"
               end
               def test_destroy_should_delete_members_and_roles
                 members = Member.where(:user_id => 2)
                 ms = members.count
                 rs = members.collect(&:roles).flatten.size
                 assert ms > 0
                 assert rs > 0
                 assert_difference 'Member.count', - ms do
                   assert_difference 'MemberRole.count', - rs do
                     User.find(2).destroy
                   end
                 end
                 assert_nil User.find_by_id(2)
                 assert_equal 0, Member.where(:user_id => 2).count
               end
               def test_destroy_should_update_attachments
                 attachment = Attachment.create!(:container => Project.find(1),
                   :file => uploaded_test_file("testfile.txt", "text/plain"),
                   :author_id => 2)
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, attachment.reload.author
               end
               def test_destroy_should_update_comments
                 comment = Comment.create!(
                   :commented => News.create!(:project_id => 1,
                                              :author_id => 1, :title => 'foo', :description => 'foo'),
                   :author => User.find(2),
                   :comments => 'foo'
                 )
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, comment.reload.author
               end
               def test_destroy_should_update_issues
                 issue = Issue.create!(:project_id => 1, :author_id => 2,
                                       :tracker_id => 1, :subject => 'foo')
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, issue.reload.author
               end
               def test_destroy_should_unassign_issues
                 issue = Issue.create!(:project_id => 1, :author_id => 1,
                                       :tracker_id => 1, :subject => 'foo', :assigned_to_id => 2)
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil issue.reload.assigned_to
               end
               def test_destroy_should_update_journals
                 issue = Issue.create!(:project_id => 1, :author_id => 2,
                                       :tracker_id => 1, :subject => 'foo')
                 issue.init_journal(User.find(2), "update")
                 issue.save!
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, issue.journals.first.reload.user
               end
               def test_destroy_should_update_journal_details_old_value
                 issue = Issue.create!(:project_id => 1, :author_id => 1,
                                       :tracker_id => 1, :subject => 'foo', :assigned_to_id => 2)
                 issue.init_journal(User.find(1), "update")
                 issue.assigned_to_id = nil
                 assert_difference 'JournalDetail.count' do
                   issue.save!
                 end
                 journal_detail = JournalDetail.order('id DESC').first
                 assert_equal '2', journal_detail.old_value
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous.id.to_s, journal_detail.reload.old_value
               end
               def test_destroy_should_update_journal_details_value
                 issue = Issue.create!(:project_id => 1, :author_id => 1,
                                       :tracker_id => 1, :subject => 'foo')
                 issue.init_journal(User.find(1), "update")
                 issue.assigned_to_id = 2
                 assert_difference 'JournalDetail.count' do
                   issue.save!
                 end
                 journal_detail = JournalDetail.order('id DESC').first
                 assert_equal '2', journal_detail.value
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous.id.to_s, journal_detail.reload.value
               end
               def test_destroy_should_update_messages
                 board = Board.create!(:project_id => 1, :name => 'Board', :description => 'Board')
                 message = Message.create!(:board_id => board.id, :author_id => 2,
                                           :subject => 'foo', :content => 'foo')
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, message.reload.author
               end
               def test_destroy_should_update_news
                 news = News.create!(:project_id => 1, :author_id => 2,
                                     :title => 'foo', :description => 'foo')
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, news.reload.author
               end
               def test_destroy_should_delete_private_queries
                 query = Query.new(:name => 'foo', :visibility => Query::VISIBILITY_PRIVATE)
                 query.project_id = 1
                 query.user_id = 2
                 query.save!
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil Query.find_by_id(query.id)
               end
               def test_destroy_should_update_public_queries
                 query = Query.new(:name => 'foo', :visibility => Query::VISIBILITY_PUBLIC)
                 query.project_id = 1
                 query.user_id = 2
                 query.save!
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, query.reload.user
               end
               def test_destroy_should_update_time_entries
                 entry = TimeEntry.new(:hours => '2', :spent_on => Date.today,
                                       :activity => TimeEntryActivity.create!(:name => 'foo'))
                 entry.project_id = 1
                 entry.user_id = 2
                 entry.save!
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, entry.reload.user
               end
               def test_destroy_should_delete_tokens
                 token = Token.create!(:user_id => 2, :value => 'foo')
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil Token.find_by_id(token.id)
               end
               def test_destroy_should_delete_watchers
                 issue = Issue.create!(:project_id => 1, :author_id => 1,
                                       :tracker_id => 1, :subject => 'foo')
                 watcher = Watcher.create!(:user_id => 2, :watchable => issue)
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil Watcher.find_by_id(watcher.id)
               end
               def test_destroy_should_update_wiki_contents
                 wiki_content = WikiContent.create!(
                   :text => 'foo',
                   :author_id => 2,
                   :page => WikiPage.create!(:title => 'Foo',
                                             :wiki => Wiki.create!(:project_id => 3,
                                                                   :start_page => 'Start'))
                 )
                 wiki_content.text = 'bar'
                 assert_difference 'WikiContent::Version.count' do
                   wiki_content.save!
                 end
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_equal User.anonymous, wiki_content.reload.author
                 wiki_content.versions.each do |version|
                   assert_equal User.anonymous, version.reload.author
                 end
               end
               def test_destroy_should_nullify_issue_categories
                 category = IssueCategory.create!(:project_id => 1, :assigned_to_id => 2, :name => 'foo')
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil category.reload.assigned_to_id
               end
               def test_destroy_should_nullify_changesets
                 changeset = Changeset.create!(
                   :repository => Repository::Subversion.create!(
                     :project_id => 1,
                     :url => 'file:///tmp',
                     :identifier => 'tmp'
                   ),
                   :revision => '12',
                   :committed_on => Time.now,
                   :committer => 'jsmith'
                   )
                 assert_equal 2, changeset.user_id
                 User.find(2).destroy
                 assert_nil User.find_by_id(2)
                 assert_nil changeset.reload.user_id
               end
               def test_anonymous_user_should_not_be_destroyable
                 assert_no_difference 'User.count' do
                   assert_equal false, User.anonymous.destroy
                 end
               end
               def test_validate_login_presence
                 @admin.login = ""
                 assert !@admin.save
                 assert_equal 1, @admin.errors.count
               end
               def test_validate_mail_notification_inclusion
                 u = User.new
                 u.mail_notification = 'foo'
                 u.save
                 assert_not_equal [], u.errors[:mail_notification]
               end
               def test_password
                 user = User.try_to_login("admin", "admin")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
                 user.password = "hello123"
                 assert user.save
                 user = User.try_to_login("admin", "hello123")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
               end
               def test_validate_password_length
                 with_settings :password_min_length => '100' do
                   user = User.new(:firstname => "new100",
                                   :lastname => "user100", :mail => "newuser100@somenet.foo")
                   user.login = "newuser100"
                   user.password, user.password_confirmation = "password100", "password100"
                   assert !user.save
                   assert_equal 1, user.errors.count
                 end
               end
               def test_name_format
                 assert_equal 'John S.', @jsmith.name(:firstname_lastinitial)
                 assert_equal 'Smith, John', @jsmith.name(:lastname_coma_firstname)
                 assert_equal 'J. Smith', @jsmith.name(:firstinitial_lastname)
                 assert_equal 'J.-P. Lang', User.new(:firstname => 'Jean-Philippe', :lastname => 'Lang').name(:firstinitial_lastname)
               end
               def test_name_should_use_setting_as_default_format
                 with_settings :user_format => :firstname_lastname do
                   assert_equal 'John Smith', @jsmith.reload.name
                 end
                 with_settings :user_format => :username do
                   assert_equal 'jsmith', @jsmith.reload.name
                 end
                 with_settings :user_format => :lastname do
                   assert_equal 'Smith', @jsmith.reload.name
                 end
               end
               def test_today_should_return_the_day_according_to_user_time_zone
                 preference = User.find(1).pref
                 date = Date.new(2012, 05, 15)
                 time = Time.gm(2012, 05, 15, 23, 30).utc # 2012-05-15 23:30 UTC
                 Date.stubs(:today).returns(date)
                 Time.stubs(:now).returns(time)
                 preference.update_attribute :time_zone, 'Baku' # UTC+4
                 assert_equal '2012-05-16', User.find(1).today.to_s
                 preference.update_attribute :time_zone, 'La Paz' # UTC-4
                 assert_equal '2012-05-15', User.find(1).today.to_s
                 preference.update_attribute :time_zone, ''
                 assert_equal '2012-05-15', User.find(1).today.to_s
               end
               def test_time_to_date_should_return_the_date_according_to_user_time_zone
                 preference = User.find(1).pref
                 time = Time.gm(2012, 05, 15, 23, 30).utc # 2012-05-15 23:30 UTC
                 preference.update_attribute :time_zone, 'Baku' # UTC+4
                 assert_equal '2012-05-16', User.find(1).time_to_date(time).to_s
                 preference.update_attribute :time_zone, 'La Paz' # UTC-4
                 assert_equal '2012-05-15', User.find(1).time_to_date(time).to_s
                 preference.update_attribute :time_zone, ''
                 assert_equal '2012-05-15', User.find(1).time_to_date(time).to_s
               end
               def test_fields_for_order_statement_should_return_fields_according_user_format_setting
                 with_settings :user_format => 'lastname_coma_firstname' do
                   assert_equal ['users.lastname', 'users.firstname', 'users.id'],
                                User.fields_for_order_statement
                 end
               end
               def test_fields_for_order_statement_width_table_name_should_prepend_table_name
                 with_settings :user_format => 'lastname_firstname' do
                   assert_equal ['authors.lastname', 'authors.firstname', 'authors.id'],
                                User.fields_for_order_statement('authors')
                 end
               end
               def test_fields_for_order_statement_with_blank_format_should_return_default
                 with_settings :user_format => '' do
                   assert_equal ['users.firstname', 'users.lastname', 'users.id'],
                                User.fields_for_order_statement
                 end
               end
               def test_fields_for_order_statement_with_invalid_format_should_return_default
                 with_settings :user_format => 'foo' do
                   assert_equal ['users.firstname', 'users.lastname', 'users.id'],
                                User.fields_for_order_statement
                 end
               end
               test ".try_to_login with good credentials should return the user" do
                 user = User.try_to_login("admin", "admin")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
               end
               test ".try_to_login with wrong credentials should return nil" do
                 assert_nil User.try_to_login("admin", "foo")
               end
               def test_try_to_login_with_locked_user_should_return_nil
                 @jsmith.status = User::STATUS_LOCKED
                 @jsmith.save!
                 user = User.try_to_login("jsmith", "jsmith")
                 assert_equal nil, user
               end
               def test_try_to_login_with_locked_user_and_not_active_only_should_return_user
                 @jsmith.status = User::STATUS_LOCKED
                 @jsmith.save!
                 user = User.try_to_login("jsmith", "jsmith", false)
                 assert_equal @jsmith, user
               end
               test ".try_to_login should fall-back to case-insensitive if user login is not found as-typed" do
                 user = User.try_to_login("AdMin", "admin")
                 assert_kind_of User, user
                 assert_equal "admin", user.login
               end
               test ".try_to_login should select the exact matching user first" do
                 case_sensitive_user = User.generate! do |user|
                   user.password = "admin123"
                 end
                 # bypass validations to make it appear like existing data
                 case_sensitive_user.update_attribute(:login, 'ADMIN')
                 user = User.try_to_login("ADMIN", "admin123")
                 assert_kind_of User, user
                 assert_equal "ADMIN", user.login
               end
               if ldap_configured?
                 context "#try_to_login using LDAP" do
                   context "with failed connection to the LDAP server" do
                     should "return nil" do
                       @auth_source = AuthSourceLdap.find(1)
                       AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::LdapError, 'Cannot connect')
                       assert_equal nil, User.try_to_login('edavis', 'wrong')
                     end
                   end
                   context "with an unsuccessful authentication" do
                     should "return nil" do
                       assert_equal nil, User.try_to_login('edavis', 'wrong')
                     end
                   end
                   context "binding with user's account" do
                     setup do
                       @auth_source = AuthSourceLdap.find(1)
                       @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
                       @auth_source.account_password = ''
                       @auth_source.save!
                       @ldap_user = User.new(:mail => 'example1@redmine.org', :firstname => 'LDAP', :lastname => 'user', :auth_source_id => 1)
                       @ldap_user.login = 'example1'
                       @ldap_user.save!
                     end
                     context "with a successful authentication" do
                       should "return the user" do
                         assert_equal @ldap_user, User.try_to_login('example1', '123456')
                       end
                     end
                     context "with an unsuccessful authentication" do
                       should "return nil" do
                         assert_nil User.try_to_login('example1', '11111')
                       end
                     end
                   end
                   context "on the fly registration" do
                     setup do
                       @auth_source = AuthSourceLdap.find(1)
                       @auth_source.update_attribute :onthefly_register, true
                     end
                     context "with a successful authentication" do
                       should "create a new user account if it doesn't exist" do
                         assert_difference('User.count') do
                           user = User.try_to_login('edavis', '123456')
                           assert !user.admin?
                         end
                       end
                       should "retrieve existing user" do
                         user = User.try_to_login('edavis', '123456')
                         user.admin = true
                         user.save!
                         assert_no_difference('User.count') do
                           user = User.try_to_login('edavis', '123456')
                           assert user.admin?
                         end
                       end
                     end
                     context "binding with user's account" do
                       setup do
                         @auth_source = AuthSourceLdap.find(1)
                         @auth_source.account = "uid=$login,ou=Person,dc=redmine,dc=org"
                         @auth_source.account_password = ''
                         @auth_source.save!
                       end
                       context "with a successful authentication" do
                         should "create a new user account if it doesn't exist" do
                           assert_difference('User.count') do
                             user = User.try_to_login('example1', '123456')
                             assert_kind_of User, user
                           end
                         end
                       end
                       context "with an unsuccessful authentication" do
                         should "return nil" do
                           assert_nil User.try_to_login('example1', '11111')
                         end
                       end
                     end
                   end
                 end
               else
                 puts "Skipping LDAP tests."
               end
               def test_create_anonymous
                 AnonymousUser.delete_all
                 anon = User.anonymous
                 assert !anon.new_record?
                 assert_kind_of AnonymousUser, anon
               end
               def test_ensure_single_anonymous_user
                 AnonymousUser.delete_all
                 anon1 = User.anonymous
                 assert !anon1.new_record?
                 assert_kind_of AnonymousUser, anon1
                 anon2 = AnonymousUser.create(
                             :lastname => 'Anonymous', :firstname => '',
                             :mail => '', :login => '', :status => 0)
                 assert_equal 1, anon2.errors.count
               end
               def test_rss_key
                 assert_nil @jsmith.rss_token
                 key = @jsmith.rss_key
                 assert_equal 40, key.length
                 @jsmith.reload
                 assert_equal key, @jsmith.rss_key
               end
               def test_rss_key_should_not_be_generated_twice
                 assert_difference 'Token.count', 1 do
                   key1 = @jsmith.rss_key
                   key2 = @jsmith.rss_key
                   assert_equal key1, key2
                 end
               end
               def test_api_key_should_not_be_generated_twice
                 assert_difference 'Token.count', 1 do
                   key1 = @jsmith.api_key
                   key2 = @jsmith.api_key
                   assert_equal key1, key2
                 end
               end
               test "#api_key should generate a new one if the user doesn't have one" do
                 user = User.generate!(:api_token => nil)
                 assert_nil user.api_token
                 key = user.api_key
                 assert_equal 40, key.length
                 user.reload
                 assert_equal key, user.api_key
               end
               test "#api_key should return the existing api token value" do
                 user = User.generate!
                 token = Token.create!(:action => 'api')
                 user.api_token = token
                 assert user.save
                 assert_equal token.value, user.api_key
               end
               test "#find_by_api_key should return nil if no matching key is found" do
                 assert_nil User.find_by_api_key('zzzzzzzzz')
               end
               test "#find_by_api_key should return nil if the key is found for an inactive user" do
                 user = User.generate!
                 user.status = User::STATUS_LOCKED
                 token = Token.create!(:action => 'api')
                 user.api_token = token
                 user.save
                 assert_nil User.find_by_api_key(token.value)
               end
               test "#find_by_api_key should return the user if the key is found for an active user" do
                 user = User.generate!
                 token = Token.create!(:action => 'api')
                 user.api_token = token
                 user.save
                 assert_equal user, User.find_by_api_key(token.value)
               end
               def test_default_admin_account_changed_should_return_false_if_account_was_not_changed
                 user = User.find_by_login("admin")
                 user.password = "admin"
                 assert user.save(:validate => false)
                 assert_equal false, User.default_admin_account_changed?
               end
               def test_default_admin_account_changed_should_return_true_if_password_was_changed
                 user = User.find_by_login("admin")
                 user.password = "newpassword"
                 user.save!
                 assert_equal true, User.default_admin_account_changed?
               end
               def test_default_admin_account_changed_should_return_true_if_account_is_disabled
                 user = User.find_by_login("admin")
                 user.password = "admin"
                 user.status = User::STATUS_LOCKED
                 assert user.save(:validate => false)
                 assert_equal true, User.default_admin_account_changed?
               end
               def test_default_admin_account_changed_should_return_true_if_account_does_not_exist
                 user = User.find_by_login("admin")
                 user.destroy
                 assert_equal true, User.default_admin_account_changed?
               end
               def test_membership_with_project_should_return_membership
                 project = Project.find(1)
                 membership = @jsmith.membership(project)
                 assert_kind_of Member, membership
                 assert_equal @jsmith, membership.user
                 assert_equal project, membership.project
               end
               def test_membership_with_project_id_should_return_membership
                 project = Project.find(1)
                 membership = @jsmith.membership(1)
                 assert_kind_of Member, membership
                 assert_equal @jsmith, membership.user
                 assert_equal project, membership.project
               end
               def test_membership_for_non_member_should_return_nil
                 project = Project.find(1)
                 user = User.generate!
                 membership = user.membership(1)
                 assert_nil membership
               end
               def test_roles_for_project
                 # user with a role
                 roles = @jsmith.roles_for_project(Project.find(1))
                 assert_kind_of Role, roles.first
                 assert_equal "Manager", roles.first.name
                 # user with no role
                 assert_nil @dlopper.roles_for_project(Project.find(2)).detect {|role| role.member?}
               end
               def test_projects_by_role_for_user_with_role
                 user = User.find(2)
                 assert_kind_of Hash, user.projects_by_role
                 assert_equal 2, user.projects_by_role.size
                 assert_equal [1,5], user.projects_by_role[Role.find(1)].collect(&:id).sort
                 assert_equal [2], user.projects_by_role[Role.find(2)].collect(&:id).sort
               end
               def test_accessing_projects_by_role_with_no_projects_should_return_an_empty_array
                 user = User.find(2)
                 assert_equal [], user.projects_by_role[Role.find(3)]
                 # should not update the hash
                 assert_nil user.projects_by_role.values.detect(&:blank?)
               end
               def test_projects_by_role_for_user_with_no_role
                 user = User.generate!
                 assert_equal({}, user.projects_by_role)
               end
               def test_projects_by_role_for_anonymous
                 assert_equal({}, User.anonymous.projects_by_role)
               end
               def test_valid_notification_options
                 # without memberships
                 assert_equal 5, User.find(7).valid_notification_options.size
                 # with memberships
                 assert_equal 6, User.find(2).valid_notification_options.size
               end
               def test_valid_notification_options_class_method
                 assert_equal 5, User.valid_notification_options.size
                 assert_equal 5, User.valid_notification_options(User.find(7)).size
                 assert_equal 6, User.valid_notification_options(User.find(2)).size
               end
               def test_mail_notification_all
                 @jsmith.mail_notification = 'all'
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert @jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_selected
                 @jsmith.mail_notification = 'selected'
                 @jsmith.notified_project_ids = [1]
                 @jsmith.save
                 @jsmith.reload
                 assert Project.find(1).recipients.include?(@jsmith.mail)
               end
               def test_mail_notification_only_my_events
                 @jsmith.mail_notification = 'only_my_events'
                 @jsmith.notified_project_ids = []
                 @jsmith.save
                 @jsmith.reload
                 assert !@jsmith.projects.first.recipients.include?(@jsmith.mail)
               end
               def test_comments_sorting_preference
                 assert !@jsmith.wants_comments_in_reverse_order?
                 @jsmith.pref.comments_sorting = 'asc'
                 assert !@jsmith.wants_comments_in_reverse_order?
                 @jsmith.pref.comments_sorting = 'desc'
                 assert @jsmith.wants_comments_in_reverse_order?
               end
               def test_find_by_mail_should_be_case_insensitive
                 u = User.find_by_mail('JSmith@somenet.foo')
                 assert_not_nil u
                 assert_equal 'jsmith@somenet.foo', u.mail
               end
               def test_random_password
                 u = User.new
                 u.random_password
                 assert !u.password.blank?
                 assert !u.password_confirmation.blank?
               end
               test "#change_password_allowed? should be allowed if no auth source is set" do
                 user = User.generate!
                 assert user.change_password_allowed?
               end
               test "#change_password_allowed? should delegate to the auth source" do
                 user = User.generate!
                 allowed_auth_source = AuthSource.generate!
                 def allowed_auth_source.allow_password_changes?; true; end
                 denied_auth_source = AuthSource.generate!
                 def denied_auth_source.allow_password_changes?; false; end
                 assert user.change_password_allowed?
                 user.auth_source = allowed_auth_source
                 assert user.change_password_allowed?, "User not allowed to change password, though auth source does"
                 user.auth_source = denied_auth_source
                 assert !user.change_password_allowed?, "User allowed to change password, though auth source does not"
               end
               def test_own_account_deletable_should_be_true_with_unsubscrive_enabled
                 with_settings :unsubscribe => '1' do
                   assert_equal true, User.find(2).own_account_deletable?
                 end
               end
               def test_own_account_deletable_should_be_false_with_unsubscrive_disabled
                 with_settings :unsubscribe => '0' do
                   assert_equal false, User.find(2).own_account_deletable?
                 end
               end
               def test_own_account_deletable_should_be_false_for_a_single_admin
                 User.delete_all(["admin = ? AND id <> ?", true, 1])
                 with_settings :unsubscribe => '1' do
                   assert_equal false, User.find(1).own_account_deletable?
                 end
               end
               def test_own_account_deletable_should_be_true_for_an_admin_if_other_admin_exists
                 User.generate! do |user|
                   user.admin = true
                 end
                 with_settings :unsubscribe => '1' do
                   assert_equal true, User.find(1).own_account_deletable?
                 end
               end
               context "#allowed_to?" do
                 context "with a unique project" do
                   should "return false if project is archived" do
                     project = Project.find(1)
                     Project.any_instance.stubs(:status).returns(Project::STATUS_ARCHIVED)
                     assert_equal false, @admin.allowed_to?(:view_issues, Project.find(1))
                   end
                   should "return false for write action if project is closed" do
                     project = Project.find(1)
                     Project.any_instance.stubs(:status).returns(Project::STATUS_CLOSED)
                     assert_equal false, @admin.allowed_to?(:edit_project, Project.find(1))
                   end
                   should "return true for read action if project is closed" do
                     project = Project.find(1)
                     Project.any_instance.stubs(:status).returns(Project::STATUS_CLOSED)
                     assert_equal true, @admin.allowed_to?(:view_project, Project.find(1))
                   end
                   should "return false if related module is disabled" do
                     project = Project.find(1)
                     project.enabled_module_names = ["issue_tracking"]
                     assert_equal true, @admin.allowed_to?(:add_issues, project)
                     assert_equal false, @admin.allowed_to?(:view_wiki_pages, project)
                   end
                   should "authorize nearly everything for admin users" do
                     project = Project.find(1)
                     assert ! @admin.member_of?(project)
                     %w(edit_issues delete_issues manage_news add_documents manage_wiki).each do |p|
                       assert_equal true, @admin.allowed_to?(p.to_sym, project)
                     end
                   end
                   should "authorize normal users depending on their roles" do
                     project = Project.find(1)
                     assert_equal true, @jsmith.allowed_to?(:delete_messages, project)    #Manager
                     assert_equal false, @dlopper.allowed_to?(:delete_messages, project) #Developper
                   end
                 end
                 context "with multiple projects" do
                   should "return false if array is empty" do
                     assert_equal false, @admin.allowed_to?(:view_project, [])
                   end
                   should "return true only if user has permission on all these projects" do
                     assert_equal true, @admin.allowed_to?(:view_project, Project.all)
                     assert_equal false, @dlopper.allowed_to?(:view_project, Project.all) #cannot see Project(2)
                     assert_equal true, @jsmith.allowed_to?(:edit_issues, @jsmith.projects) #Manager or Developer everywhere
                     assert_equal false, @jsmith.allowed_to?(:delete_issue_watchers, @jsmith.projects) #Dev cannot delete_issue_watchers
                   end
                   should "behave correctly with arrays of 1 project" do
                     assert_equal false, User.anonymous.allowed_to?(:delete_issues, [Project.first])
                   end
                 end
                 context "with options[:global]" do
                   should "authorize if user has at least one role that has this permission" do
                     @dlopper2 = User.find(5) #only Developper on a project, not Manager anywhere
                     @anonymous = User.find(6)
                     assert_equal true, @jsmith.allowed_to?(:delete_issue_watchers, nil, :global => true)
                     assert_equal false, @dlopper2.allowed_to?(:delete_issue_watchers, nil, :global => true)
                     assert_equal true, @dlopper2.allowed_to?(:add_issues, nil, :global => true)
                     assert_equal false, @anonymous.allowed_to?(:add_issues, nil, :global => true)
                     assert_equal true, @anonymous.allowed_to?(:view_issues, nil, :global => true)
                   end
                 end
               end
+              # this is just a proxy method, the test only calls it to ensure it doesn't break trivially
+              context "#allowed_to_globally?" do
+                should "proxy to #allowed_to? and reflect global permissions" do
+                  @dlopper2 = User.find(5) #only Developper on a project, not Manager anywhere
+                  @anonymous = User.find(6)
+                  assert_equal true, @jsmith.allowed_to_globally?(:delete_issue_watchers)
+                  assert_equal false, @dlopper2.allowed_to_globally?(:delete_issue_watchers)
+                  assert_equal true, @dlopper2.allowed_to_globally?(:add_issues)
+                  assert_equal false, @anonymous.allowed_to_globally?(:add_issues)
+                  assert_equal true, @anonymous.allowed_to_globally?(:view_issues)
+                end
+              end
               context "User#notify_about?" do
                 context "Issues" do
                   setup do
                     @project = Project.find(1)
                     @author = User.generate!
                     @assignee = User.generate!
                     @issue = Issue.generate!(:project => @project, :assigned_to => @assignee, :author => @author)
                   end
                   should "be true for a user with :all" do
                     @author.update_attribute(:mail_notification, 'all')
                     assert @author.notify_about?(@issue)
                   end
                   should "be false for a user with :none" do
                     @author.update_attribute(:mail_notification, 'none')
                     assert ! @author.notify_about?(@issue)
                   end
                   should "be false for a user with :only_my_events and isn't an author, creator, or assignee" do
                     @user = User.generate!(:mail_notification => 'only_my_events')
                     Member.create!(:user => @user, :project => @project, :role_ids => [1])
                     assert ! @user.notify_about?(@issue)
                   end
                   should "be true for a user with :only_my_events and is the author" do
                     @author.update_attribute(:mail_notification, 'only_my_events')
                     assert @author.notify_about?(@issue)
                   end
                   should "be true for a user with :only_my_events and is the assignee" do
                     @assignee.update_attribute(:mail_notification, 'only_my_events')
                     assert @assignee.notify_about?(@issue)
                   end
                   should "be true for a user with :only_assigned and is the assignee" do
                     @assignee.update_attribute(:mail_notification, 'only_assigned')
                     assert @assignee.notify_about?(@issue)
                   end
                   should "be false for a user with :only_assigned and is not the assignee" do
                     @author.update_attribute(:mail_notification, 'only_assigned')
                     assert ! @author.notify_about?(@issue)
                   end
                   should "be true for a user with :only_owner and is the author" do
                     @author.update_attribute(:mail_notification, 'only_owner')
                     assert @author.notify_about?(@issue)
                   end
                   should "be false for a user with :only_owner and is not the author" do
                     @assignee.update_attribute(:mail_notification, 'only_owner')
                     assert ! @assignee.notify_about?(@issue)
                   end
                   should "be true for a user with :selected and is the author" do
                     @author.update_attribute(:mail_notification, 'selected')
                     assert @author.notify_about?(@issue)
                   end
                   should "be true for a user with :selected and is the assignee" do
                     @assignee.update_attribute(:mail_notification, 'selected')
                     assert @assignee.notify_about?(@issue)
                   end
                   should "be false for a user with :selected and is not the author or assignee" do
                     @user = User.generate!(:mail_notification => 'selected')
                     Member.create!(:user => @user, :project => @project, :role_ids => [1])
                     assert ! @user.notify_about?(@issue)
                   end
                 end
               end
               def test_notify_about_news
                 user = User.generate!
                 news = News.new
                 User::MAIL_NOTIFICATION_OPTIONS.map(&:first).each do |option|
                   user.mail_notification = option
                   assert_equal (option != 'none'), user.notify_about?(news)
                 end
               end
               def test_salt_unsalted_passwords
                 # Restore a user with an unsalted password
                 user = User.find(1)
                 user.salt = nil
                 user.hashed_password = User.hash_password("unsalted")
                 user.save!
                 User.salt_unsalted_passwords!
                 user.reload
                 # Salt added
                 assert !user.salt.blank?
                 # Password still valid
                 assert user.check_password?("unsalted")
                 assert_equal user, User.try_to_login(user.login, "unsalted")
               end
               if Object.const_defined?(:OpenID)
                 def test_setting_identity_url
                   normalized_open_id_url = 'http://example.com/'
                   u = User.new( :identity_url => 'http://example.com/' )
                   assert_equal normalized_open_id_url, u.identity_url
                 end
                 def test_setting_identity_url_without_trailing_slash
                   normalized_open_id_url = 'http://example.com/'
                   u = User.new( :identity_url => 'http://example.com' )
                   assert_equal normalized_open_id_url, u.identity_url
                 end
                 def test_setting_identity_url_without_protocol
                   normalized_open_id_url = 'http://example.com/'
                   u = User.new( :identity_url => 'example.com' )
                   assert_equal normalized_open_id_url, u.identity_url
                 end
                 def test_setting_blank_identity_url
                   u = User.new( :identity_url => 'example.com' )
                   u.identity_url = ''
                   assert u.identity_url.blank?
                 end
                 def test_setting_invalid_identity_url
                   u = User.new( :identity_url => 'this is not an openid url' )
                   assert u.identity_url.blank?
                 end
               else
                 puts "Skipping openid tests."
               end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages