Merge branch 'master' into redesign

Conflicts: app/controllers/browse_controller.rb app/views/layouts/_head.html.erb config/environments/production.rb config/routes.rb
2013-11-15 16:47:49 -08:00 · 2013-11-15 16:47:49 -08:00 · 2b4f8e92c9
commit 2b4f8e92c9
parent 5ddab68c11 ad368d189f
111 changed files with 23614 additions and 4867 deletions
--- a/test/fixtures/diary_comments.yml
+++ b/test/fixtures/diary_comments.yml
@ -5,6 +5,7 @@ comment_for_geo_post:
  body: Some comment text
  created_at: "2008-11-08 09:45:34"
  updated_at: "2008-11-08 10:34:34"
+  visible: true

 comment_by_suspended_user:
  id: 2
@ -13,6 +14,7 @@ comment_by_suspended_user:
  body: Some comment text
  created_at: "2008-11-08 09:45:34"
  updated_at: "2008-11-08 10:34:34"
+  visible: true

 comment_by_deleted_user:
  id: 3
@ -21,3 +23,13 @@ comment_by_deleted_user:
  body: Some comment text
  created_at: "2008-11-08 09:45:34"
  updated_at: "2008-11-08 10:34:34"
+  visible: true
+
+hidden_comment:
+  id: 4
+  diary_entry_id: 2
+  user_id: 2
+  body: Some comment text
+  created_at: "2008-11-08 09:45:34"
+  updated_at: "2008-11-08 10:34:34"
+  visible: false
--- a/test/fixtures/diary_entries.yml
+++ b/test/fixtures/diary_entries.yml
@ -23,7 +23,6 @@ normal_user_geo_entry:
  visible: true

 deleted_entry:
-
  id: 3
  user_id: 1
  title: Deleted Entry 1
@ -34,3 +33,27 @@ deleted_entry:
  longitude: 
  language_code: en
  visible: false
+
+entry_by_suspended_user:
+  id: 4
+  user_id: 10
+  title: Entry by suspended user
+  body: This is the body of a diary entry by a suspended user.
+  created_at: "2008-11-07 17:43:34"
+  updated_at: "2008-11-07 17:43:34"
+  latitude: 
+  longitude: 
+  language_code: en
+  visible: true
+
+entry_by_deleted_user:
+  id: 5
+  user_id: 11
+  title: Entry by deleted user
+  body: This is the body of a diary entry by a deleted user.
+  created_at: "2008-11-07 17:43:34"
+  updated_at: "2008-11-07 17:43:34"
+  latitude: 
+  longitude: 
+  language_code: en
+  visible: true
--- a/test/fixtures/users.yml
+++ b/test/fixtures/users.yml
@ -46,6 +46,7 @@ inactive_user:
  terms_agreed: "2010-01-01 11:22:33"
  terms_seen: true
  languages: en
+  email_valid: false
  
 second_public_user:
  id: 4
--- a/test/functional/diary_entry_controller_test.rb
+++ b/test/functional/diary_entry_controller_test.rb
@ -310,7 +310,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
    end
    assert_response :redirect
    assert_redirected_to :action => :list, :display_name => users(:normal_user).display_name
-    entry = DiaryEntry.find(4)
+    entry = DiaryEntry.find(6)
    assert_equal users(:normal_user).id, entry.user_id
    assert_equal new_title, entry.title
    assert_equal new_body, entry.body
@ -354,7 +354,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
    assert_match /New comment/, email.text_part.decoded
    assert_match /New comment/, email.html_part.decoded
    ActionMailer::Base.deliveries.clear
-    comment = DiaryComment.find(4)
+    comment = DiaryComment.find(5)
    assert_equal entry.id, comment.diary_entry_id
    assert_equal users(:public_user).id, comment.user_id
    assert_equal "New comment", comment.body
@ -363,7 +363,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
    get :view, :display_name => entry.user.display_name, :id => entry.id
    assert_response :success
    assert_select ".diary-comment", :count => 1 do
-      assert_select "#comment4", :count => 1 do
+      assert_select "#comment5", :count => 1 do
        assert_select "a[href='/user/#{users(:public_user).display_name}']", :text => users(:public_user).display_name, :count => 1
      end
      assert_select ".richtext", :text => /New comment/, :count => 1
@ -421,13 +421,120 @@ class DiaryEntryControllerTest < ActionController::TestCase
  end
  
  def test_rss_nonexisting_user
+    # Try a user that has never existed
    get :rss, {:display_name => 'fakeUsername76543', :format => :rss}
    assert_response :not_found, "Should not be able to get a nonexisting users diary RSS"
+
+    # Try a suspended user
+    get :rss, {:display_name => users(:suspended_user).display_name, :format => :rss}
+    assert_response :not_found, "Should not be able to get a suspended users diary RSS"
+
+    # Try a deleted user
+    get :rss, {:display_name => users(:deleted_user).display_name, :format => :rss}
+    assert_response :not_found, "Should not be able to get a deleted users diary RSS"
  end

  def test_viewing_diary_entry
+    # Try a normal entry that should work
    get :view, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}
    assert_response :success
-    assert_template 'view'
+    assert_template :view
+
+    # Try a deleted entry
+    get :view, {:display_name => users(:normal_user).display_name, :id => diary_entries(:deleted_entry).id}
+    assert_response :not_found
+
+    # Try an entry by a suspended user
+    get :view, {:display_name => users(:suspended_user).display_name, :id => diary_entries(:entry_by_suspended_user).id}
+    assert_response :not_found
+
+    # Try an entry by a deleted user
+    get :view, {:display_name => users(:deleted_user).display_name, :id => diary_entries(:entry_by_deleted_user).id}
+    assert_response :not_found
+  end
+
+  def test_viewing_hidden_comments
+    # Get a diary entry that has hidden comments
+    get :view, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id}
+    assert_response :success
+    assert_template :view
+    assert_select "div.comments" do
+      assert_select "p#comment1", :count => 1 # visible comment
+      assert_select "p#comment2", :count => 0 # comment by suspended user
+      assert_select "p#comment3", :count => 0 # comment by deleted user
+      assert_select "p#comment4", :count => 0 # hidden comment
+    end
+  end
+
+  def test_hide
+    # Try without logging in
+    post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}
+    assert_response :forbidden
+    assert_equal true, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # Now try as a normal user
+    post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {:user => users(:normal_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id
+    assert_equal true, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
+
+    @request.cookies["_osm_username"] = users(:administrator_user).display_name
+
+    # Finally try as an administrator
+    post :hide, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_entry_1).id}, {:user => users(:administrator_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :list, :display_name => users(:normal_user).display_name
+    assert_equal false, DiaryEntry.find(diary_entries(:normal_user_entry_1).id).visible
+  end
+
+  def test_hidecomment
+    # Try without logging in
+    post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}
+    assert_response :forbidden
+    assert_equal true, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # Now try as a normal user
+    post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}, {:user => users(:normal_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id
+    assert_equal true, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
+
+    @request.cookies["_osm_username"] = users(:administrator_user).display_name
+
+    # Finally try as an administrator
+    post :hidecomment, {:display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id, :comment => diary_comments(:comment_for_geo_post).id}, {:user => users(:administrator_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name, :id => diary_entries(:normal_user_geo_entry).id
+    assert_equal false, DiaryComment.find(diary_comments(:comment_for_geo_post).id).visible
+  end
+
+  def test_comments
+    # Test a user with no comments
+    get :comments, :display_name => users(:normal_user).display_name
+    assert_response :success
+    assert_template :comments
+    assert_select "table.messages" do
+      assert_select "tr", :count => 1 # header, no comments
+    end
+
+    # Test a user with a comment
+    get :comments, :display_name => users(:public_user).display_name
+    assert_response :success
+    assert_template :comments
+    assert_select "table.messages" do
+      assert_select "tr", :count => 2 # header and one comment
+    end
+
+    # Test a suspended user
+    get :comments, :display_name => users(:suspended_user).display_name
+    assert_response :not_found
+
+    # Test a deleted user
+    get :comments, :display_name => users(:deleted_user).display_name
+    assert_response :not_found
  end
 end
--- a/test/functional/geocoder_controller_test.rb
+++ b/test/functional/geocoder_controller_test.rb
@ -11,6 +11,10 @@ class GeocoderControllerTest < ActionController::TestCase
      { :path => "/geocoder/search", :method => :post },
      { :controller => "geocoder", :action => "search" }
    )
+    assert_routing(
+     { :path => "/geocoder/search_latlon", :method => :get },
+     { :controller => "geocoder", :action => "search_latlon" }
+    )
    assert_routing(
      { :path => "/geocoder/search_us_postcode", :method => :get },
      { :controller => "geocoder", :action => "search_us_postcode" }
@ -52,7 +56,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta 50.06773, @controller.params[:lat]
      assert_in_delta 14.37742, @controller.params[:lon]
@ -70,7 +74,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta 50.06773, @controller.params[:lat]
      assert_in_delta 14.37742, @controller.params[:lon]
@ -88,7 +92,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta 50.06773, @controller.params[:lat]
      assert_in_delta -14.37742, @controller.params[:lon]
@ -106,7 +110,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta -50.06773, @controller.params[:lat]
      assert_in_delta 14.37742, @controller.params[:lon]
@ -124,7 +128,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta -50.06773, @controller.params[:lat]
      assert_in_delta -14.37742, @controller.params[:lon]
@ -145,7 +149,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta 50.06773, @controller.params[:lat]
      assert_in_delta 14.37742, @controller.params[:lon]
@ -166,7 +170,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta 50.06773, @controller.params[:lat]
      assert_in_delta -14.37742, @controller.params[:lon]
@ -187,7 +191,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta -50.06773, @controller.params[:lat]
      assert_in_delta 14.37742, @controller.params[:lon]
@ -208,7 +212,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta -50.06773, @controller.params[:lat]
      assert_in_delta -14.37742, @controller.params[:lon]
@ -228,7 +232,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta 50.06773, @controller.params[:lat]
      assert_in_delta 14.37742, @controller.params[:lon]
@ -248,7 +252,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta 50.06773, @controller.params[:lat]
      assert_in_delta -14.37742, @controller.params[:lon]
@ -268,7 +272,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta -50.06773, @controller.params[:lat]
      assert_in_delta 14.37742, @controller.params[:lon]
@ -288,7 +292,7 @@ class GeocoderControllerTest < ActionController::TestCase
    ].each do |code|
      post :search, :query => code
      assert_response :success
-      assert_equal ['osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
+      assert_equal ['latlon' ,'osm_nominatim_reverse', 'geonames_reverse'], assigns(:sources)
      assert_nil @controller.params[:query]
      assert_in_delta -50.06773, @controller.params[:lat]
      assert_in_delta -14.37742, @controller.params[:lon]
--- a/test/functional/trace_controller_test.rb
+++ b/test/functional/trace_controller_test.rb
@ -4,6 +4,16 @@ class TraceControllerTest < ActionController::TestCase
  fixtures :users, :gpx_files
  set_fixture_class :gpx_files => 'Trace'

+  def setup
+    @gpx_trace_dir = Object.send("remove_const", "GPX_TRACE_DIR")
+    Object.const_set("GPX_TRACE_DIR", File.dirname(__FILE__) + "/../traces")
+  end
+
+  def teardown
+    Object.send("remove_const", "GPX_TRACE_DIR")
+    Object.const_set("GPX_TRACE_DIR", @gpx_trace_dir)
+  end
+
  ##
  # test all routes which lead to this controller
  def test_routes
@ -218,6 +228,229 @@ class TraceControllerTest < ActionController::TestCase
    check_trace_feed users(:public_user).traces.tagged("Birmingham").public
  end

+  # Test viewing a trace
+  def test_view
+    # First with no auth, which should work since the trace is public
+    get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}
+    check_trace_view gpx_files(:public_trace_file)
+
+    @request.cookies["_osm_username"] = users(:public_user).display_name
+
+    # Now with some other user, which should work since the trace is public
+    get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
+    check_trace_view gpx_files(:public_trace_file)
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # And finally we should be able to do it with the owner of the trace
+    get :view, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
+    check_trace_view gpx_files(:public_trace_file)
+  end
+
+  # Check an anonymous trace can't be viewed by another user
+  def test_view_anon
+    # First with no auth
+    get :view, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}
+    assert_response :redirect
+    assert_redirected_to :action => :list
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # Now with some other user, which should work since the trace is anon
+    get :view, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:normal_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :list
+
+    @request.cookies["_osm_username"] = users(:public_user).display_name
+
+    # And finally we should be able to do it with the owner of the trace
+    get :view, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:public_user).id}
+    check_trace_view gpx_files(:anon_trace_file)
+  end
+
+  # Test viewing a trace that doesn't exist
+  def test_view_not_found
+    # First with no auth, which should work since the trace is public
+    get :view, {:display_name => users(:public_user).display_name, :id => 0}
+    assert_response :redirect
+    assert_redirected_to :action => :list
+
+    @request.cookies["_osm_username"] = users(:public_user).display_name
+
+    # Now with some other user, which should work since the trace is public
+    get :view, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :list
+
+    # And finally we should be able to do it with the owner of the trace
+    get :view, {:display_name => users(:public_user).display_name, :id => 5}, {:user => users(:public_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :list
+  end
+
+  # Test downloading a trace
+  def test_data
+    # First with no auth, which should work since the trace is public
+    get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}
+    check_trace_data gpx_files(:public_trace_file)
+
+    @request.cookies["_osm_username"] = users(:public_user).display_name
+
+    # Now with some other user, which should work since the trace is public
+    get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
+    check_trace_data gpx_files(:public_trace_file)
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # And finally we should be able to do it with the owner of the trace
+    get :data, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
+    check_trace_data gpx_files(:public_trace_file)
+  end
+
+  # Test downloading a compressed trace
+  def test_data_compressed
+    # First get the data as is
+    get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:identifiable_trace_file).id}
+    check_trace_data gpx_files(:identifiable_trace_file), "application/x-gzip", "gpx.gz"
+
+    # Now ask explicitly for XML format
+    get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:identifiable_trace_file).id, :format => "xml"}
+    check_trace_data gpx_files(:identifiable_trace_file), "application/xml", "xml"
+
+    # Now ask explicitly for GPX format
+    get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:identifiable_trace_file).id, :format => "gpx"}
+    check_trace_data gpx_files(:identifiable_trace_file)
+  end
+
+  # Check an anonymous trace can't be downloaded by another user
+  def test_data_anon
+    # First with no auth
+    get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}
+    assert_response :not_found
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # Now with some other user, which should work since the trace is anon
+    get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:normal_user).id}
+    assert_response :not_found
+
+    @request.cookies["_osm_username"] = users(:public_user).display_name
+
+    # And finally we should be able to do it with the owner of the trace
+    get :data, {:display_name => users(:public_user).display_name, :id => gpx_files(:anon_trace_file).id}, {:user => users(:public_user).id}
+    check_trace_data gpx_files(:anon_trace_file)
+  end
+
+  # Test downloading a trace that doesn't exist
+  def test_data_not_found
+    # First with no auth, which should work since the trace is public
+    get :data, {:display_name => users(:public_user).display_name, :id => 0}
+    assert_response :not_found
+
+    @request.cookies["_osm_username"] = users(:public_user).display_name
+
+    # Now with some other user, which should work since the trace is public
+    get :data, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id}
+    assert_response :not_found
+
+    # And finally we should be able to do it with the owner of the trace
+    get :data, {:display_name => users(:public_user).display_name, :id => 5}, {:user => users(:public_user).id}
+    assert_response :not_found
+  end
+
+  # Test fetching the edit page for a trace
+  def test_edit_get
+    # First with no auth
+    get :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}
+    assert_response :redirect
+    assert_redirected_to :controller => :user, :action => :login, :referer => trace_edit_path(:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id)
+
+    @request.cookies["_osm_username"] = users(:public_user).display_name
+
+    # Now with some other user, which should fail
+    get :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
+    assert_response :forbidden
+
+    # Now with a trace which doesn't exist
+    get :edit, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id}
+    assert_response :not_found
+
+    # Now with a trace which has been deleted
+    get :edit, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id}, {:user => users(:public_user).id}
+    assert_response :not_found
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # Finally with a trace that we are allowed to edit
+    get :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
+    assert_response :success
+  end
+
+  # Test saving edits to a trace
+  def test_edit_post
+    # New details
+    new_details = { :description => "Changed description", :tagstring => "new_tag", :visibility => "private" }
+
+    # First with no auth
+    post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}
+    assert_response :forbidden
+
+    @request.cookies["_osm_username"] = users(:public_user).display_name
+
+    # Now with some other user, which should fail
+    post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}, {:user => users(:public_user).id}
+    assert_response :forbidden
+
+    # Now with a trace which doesn't exist
+    post :edit, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id, :trace => new_details}
+    assert_response :not_found
+
+    # Now with a trace which has been deleted
+    post :edit, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id, :trace => new_details}, {:user => users(:public_user).id}
+    assert_response :not_found
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # Finally with a trace that we are allowed to edit
+    post :edit, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id, :trace => new_details}, {:user => users(:normal_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
+    trace = Trace.find(gpx_files(:public_trace_file).id)
+    assert_equal new_details[:description], trace.description
+    assert_equal new_details[:tagstring], trace.tagstring
+    assert_equal new_details[:visibility], trace.visibility
+  end
+
+  # Test deleting a trace
+  def test_delete
+    # First with no auth
+    post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id,}
+    assert_response :forbidden
+
+    @request.cookies["_osm_username"] = users(:public_user).display_name
+
+    # Now with some other user, which should fail
+    post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:public_user).id}
+    assert_response :forbidden
+
+    # Now with a trace which doesn't exist
+    post :delete, {:display_name => users(:public_user).display_name, :id => 0}, {:user => users(:public_user).id}
+    assert_response :not_found
+
+    # Now with a trace has already been deleted
+    post :delete, {:display_name => users(:public_user).display_name, :id => gpx_files(:deleted_trace_file).id}, {:user => users(:public_user).id}
+    assert_response :not_found
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # Finally with a trace that we are allowed to delete
+    post :delete, {:display_name => users(:normal_user).display_name, :id => gpx_files(:public_trace_file).id}, {:user => users(:normal_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :list, :display_name => users(:normal_user).display_name
+    trace = Trace.find(gpx_files(:public_trace_file).id)
+    assert_equal false, trace.visible
+  end
+
  # Check getting a specific trace through the api
  def test_api_read
    # First with no auth
@ -385,4 +618,21 @@ private
      assert_select "h4", /Nothing here yet/
    end
  end
+
+  def check_trace_view(trace)
+    assert_response :success
+    assert_template "view"
+
+    assert_select "table", :count => 1 do
+      assert_select "td", /^#{Regexp.quote(trace.name)} /
+      assert_select "td", trace.user.display_name
+      assert_select "td", trace.description
+    end
+  end
+
+  def check_trace_data(trace, content_type = "application/gpx+xml", extension = "gpx")
+    assert_response :success
+    assert_equal content_type, @response.content_type
+    assert_equal "attachment; filename=\"#{trace.id}.#{extension}\"", @response.header["Content-Disposition"]
+  end
 end
--- a/test/functional/user_controller_test.rb
+++ b/test/functional/user_controller_test.rb
@ -359,6 +359,15 @@ class UserControllerTest < ActionController::TestCase
    assert_redirected_to :action => :account, :display_name => user.display_name
  end

+  def test_user_go_public
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    post :go_public, {}, { :user => users(:normal_user) }
+    assert_response :redirect
+    assert_redirected_to :action => :account, :display_name => users(:normal_user).display_name
+    assert_equal true, User.find(users(:normal_user).id).data_public
+  end
+
  def test_user_lost_password
    # Test fetching the lost password page
    get :lost_password
@ -416,6 +425,34 @@ class UserControllerTest < ActionController::TestCase
    assert_equal users(:public_user).email, ActionMailer::Base.deliveries.last.to[0]
  end

+  def test_reset_password
+    # Test a request with no token
+    get :reset_password
+    assert_response :bad_request
+
+    # Test a request with a bogus token
+    get :reset_password, :token => "made_up_token"
+    assert_response :redirect
+    assert_redirected_to :action => :lost_password
+
+    # Create a valid token for a user
+    token = User.find(users(:inactive_user).id).tokens.create
+
+    # Test a request with a valid token
+    get :reset_password, :token => token.token
+    assert_response :success
+    assert_template :reset_password
+
+    # Test setting a new password
+    post :reset_password, :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" }
+    assert_response :redirect
+    assert_redirected_to :action => :login
+    user = User.find(users(:inactive_user).id)
+    assert_equal "active", user.status
+    assert_equal true, user.email_valid
+    assert_equal user, User.authenticate(:username => "inactive@openstreetmap.org", :password => "new_password")
+  end
+
  def test_user_update
    # Get a user to work with - note that this user deliberately
    # conflicts with uppercase_user in the email and display name
@ -794,4 +831,59 @@ class UserControllerTest < ActionController::TestCase
    assert_match /is not one of your friends/, flash[:error]
    assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
  end
+
+  def test_set_status
+    # Try without logging in
+    get :set_status, {:display_name => users(:normal_user).display_name, :status => "suspended"}
+    assert_response :redirect
+    assert_redirected_to :action => :login, :referer => set_status_user_path(:status => "suspended")
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # Now try as a normal user
+    get :set_status, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:normal_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
+
+    @request.cookies["_osm_username"] = users(:administrator_user).display_name
+
+    # Finally try as an administrator
+    get :set_status, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:administrator_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
+    assert_equal "suspended", User.find(users(:normal_user).id).status
+  end
+
+  def test_delete
+    # Try without logging in
+    get :delete, {:display_name => users(:normal_user).display_name, :status => "suspended"}
+    assert_response :redirect
+    assert_redirected_to :action => :login, :referer => delete_user_path(:status => "suspended")
+
+    @request.cookies["_osm_username"] = users(:normal_user).display_name
+
+    # Now try as a normal user
+    get :delete, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:normal_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
+
+    @request.cookies["_osm_username"] = users(:administrator_user).display_name
+
+    # Finally try as an administrator
+    get :delete, {:display_name => users(:normal_user).display_name, :status => "suspended"}, {:user => users(:administrator_user).id}
+    assert_response :redirect
+    assert_redirected_to :action => :view, :display_name => users(:normal_user).display_name
+
+    # Check that the user was deleted properly
+    user = User.find(users(:normal_user).id)
+    assert_equal "user_1", user.display_name
+    assert_equal "", user.description
+    assert_nil user.home_lat
+    assert_nil user.home_lon
+    assert_equal false, user.image.file?
+    assert_equal false, user.email_valid
+    assert_nil user.new_email
+    assert_nil user.openid_url
+    assert_equal "deleted", user.status
+  end
 end
--- a/test/traces/1.gpx
+++ b/test/traces/1.gpx
@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<gpx
+  version="1.0"
+  creator="GPSBabel - http://www.gpsbabel.org"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns="http://www.topografix.com/GPX/1/0"
+  xsi:schemaLocation="http://www.topografix.com/GPX/1/0 http://www.topografix.com/GPX/1/0/gpx.xsd">
+<time>2008-10-01T10:10:10.000Z</time>
+<bounds minlat="1.0" minlon="1.0" maxlat="1.0" maxlon="1.0"/>
+<trk>
+<trkseg>
+<trkpt lat="1.0" lon="1.0">
+  <ele>134.0</ele>
+  <time>2008-10-01T10:10:10.000Z</time>
+  <course>112.430000</course>
+  <speed>0.072022</speed>
+  <fix>3d</fix>
+  <sat>4</sat>
+  <hdop>2.400000</hdop>
+  <vdop>2.600000</vdop>
+  <pdop>3.600000</pdop>
+</trkpt>
+</trkseg>
+</trk>
+</gpx>
--- a/test/traces/2.gpx
+++ b/test/traces/2.gpx
@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<gpx
+  version="1.0"
+  creator="GPSBabel - http://www.gpsbabel.org"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns="http://www.topografix.com/GPX/1/0"
+  xsi:schemaLocation="http://www.topografix.com/GPX/1/0 http://www.topografix.com/GPX/1/0/gpx.xsd">
+<time>2009-05-06T13:34:34.000Z</time>
+<bounds minlat="51.3" minlon="-0.56" maxlat="51.3" maxlon="-0.56"/>
+<trk>
+<trkseg>
+<trkpt lat="51.3" lon="-0.56">
+  <time>2009-05-06T13:34:34.000Z</time>
+  <course>112.430000</course>
+  <speed>0.072022</speed>
+  <fix>3d</fix>
+  <sat>4</sat>
+  <hdop>2.400000</hdop>
+  <vdop>2.600000</vdop>
+  <pdop>3.600000</pdop>
+</trkpt>
+</trkseg>
+</trk>
+</gpx>
--- a/test/traces/4.gpx
+++ b/test/traces/4.gpx
--- a/test/unit/diary_comment_test.rb
+++ b/test/unit/diary_comment_test.rb
@ -5,6 +5,6 @@ class DiaryCommentTest < ActiveSupport::TestCase
  fixtures :diary_comments
  
  def test_diary_comment_count
-    assert_equal 3, DiaryComment.count
+    assert_equal 4, DiaryComment.count
  end
 end
--- a/test/unit/diary_entry_test.rb
+++ b/test/unit/diary_entry_test.rb
@ -5,7 +5,7 @@ class DiaryEntryTest < ActiveSupport::TestCase
  fixtures :diary_entries, :diary_comments, :languages
  
  def test_diary_entry_count
-    assert_equal 3, DiaryEntry.count
+    assert_equal 5, DiaryEntry.count
  end
  
  def test_diary_entry_validations
@ -25,7 +25,7 @@ class DiaryEntryTest < ActiveSupport::TestCase
  end

  def test_diary_entry_visible
-    assert_equal 2, DiaryEntry.visible.count
+    assert_equal 4, DiaryEntry.visible.count
    assert_raise ActiveRecord::RecordNotFound do
      DiaryEntry.visible.find(diary_entries(:deleted_entry).id)
    end
@ -33,7 +33,7 @@ class DiaryEntryTest < ActiveSupport::TestCase
  
  def test_diary_entry_comments
    assert_equal 0, diary_entries(:normal_user_entry_1).comments.count
-    assert_equal 3, diary_entries(:normal_user_geo_entry).comments.count
+    assert_equal 4, diary_entries(:normal_user_geo_entry).comments.count
  end
  
  def test_diary_entry_visible_comments