cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use resourceful routes for granting/revoking user roles

Browse source
This commit is contained in:
Anton Khorev 2024-10-28 03:44:10 +03:00
parent e15a92a302
commit b8247478f4
8 changed files with 59 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

6
test/abilities/abilities_test.rb
View file

@ -45,7 +45,7 @@ class GuestAbilityTest < AbilityTest
test "user roles permissions for a guest" do
ability = Ability.new nil
[:grant, :revoke].each do |action|
[:create, :destroy].each do |action|
assert ability.cannot?(action, UserRole), "should not be able to #{action} UserRoles"
end
end
@ -86,7 +86,7 @@ class ModeratorAbilityTest < AbilityTest
test "User Roles permissions" do
ability = Ability.new create(:moderator_user)
[:grant, :revoke].each do |action|
[:create, :destroy].each do |action|
assert ability.cannot?(action, UserRole), "should not be able to #{action} UserRoles"
end
@ -159,7 +159,7 @@ class AdministratorAbilityTest < AbilityTest
test "User Roles permissions for an administrator" do
ability = Ability.new create(:administrator_user)
[:grant, :revoke].each do |action|
[:create, :destroy].each do |action|
assert ability.can?(action, UserRole), "should be able to #{action} UserRoles"
end
end

46
test/controllers/user_roles_controller_test.rb
View file

@ -5,32 +5,32 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
# test all routes which lead to this controller
def test_routes
assert_routing(
{ :path => "/user/username/role/rolename/grant", :method => :post },
{ :controller => "user_roles", :action => "grant", :display_name => "username", :role => "rolename" }
{ :path => "/user/username/roles/rolename", :method => :post },
{ :controller => "user_roles", :action => "create", :user_display_name => "username", :role => "rolename" }
)
assert_routing(
{ :path => "/user/username/role/rolename/revoke", :method => :post },
{ :controller => "user_roles", :action => "revoke", :display_name => "username", :role => "rolename" }
{ :path => "/user/username/roles/rolename", :method => :delete },
{ :controller => "user_roles", :action => "destroy", :user_display_name => "username", :role => "rolename" }
)
end
##
# test the grant action
def test_grant
# test the grant role action
def test_update
target_user = create(:user)
normal_user = create(:user)
administrator_user = create(:administrator_user)
super_user = create(:super_user)
# Granting should fail when not logged in
post grant_role_path(target_user, "moderator")
post user_role_path(target_user, "moderator")
assert_response :forbidden
# Login as an unprivileged user
session_for(normal_user)
# Granting should still fail
post grant_role_path(target_user, "moderator")
post user_role_path(target_user, "moderator")
assert_redirected_to :controller => :errors, :action => :forbidden
# Login as an administrator
@ -39,7 +39,7 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
UserRole::ALL_ROLES.each do |role|
# Granting a role to a non-existent user should fail
assert_difference "UserRole.count", 0 do
post grant_role_path("non_existent_user", role)
post user_role_path("non_existent_user", role)
end
assert_response :not_found
assert_template "users/no_such_user"
@ -47,20 +47,20 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
# Granting a role to a user that already has it should fail
assert_no_difference "UserRole.count" do
post grant_role_path(super_user, role)
post user_role_path(super_user, role)
end
assert_redirected_to user_path(super_user)
assert_equal "The user already has role #{role}.", flash[:error]
# Granting a role to a user that doesn't have it should work...
assert_difference "UserRole.count", 1 do
post grant_role_path(target_user, role)
post user_role_path(target_user, role)
end
assert_redirected_to user_path(target_user)
# ...but trying a second time should fail
assert_no_difference "UserRole.count" do
post grant_role_path(target_user, role)
post user_role_path(target_user, role)
end
assert_redirected_to user_path(target_user)
assert_equal "The user already has role #{role}.", flash[:error]
@ -68,29 +68,29 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
# Granting a non-existent role should fail
assert_difference "UserRole.count", 0 do
post grant_role_path(target_user, "no_such_role")
post user_role_path(target_user, "no_such_role")
end
assert_redirected_to user_path(target_user)
assert_equal "The string 'no_such_role' is not a valid role.", flash[:error]
end
##
# test the revoke action
def test_revoke
# test the revoke role action
def test_destroy
target_user = create(:user)
normal_user = create(:user)
administrator_user = create(:administrator_user)
super_user = create(:super_user)
# Revoking should fail when not logged in
post revoke_role_path(target_user, "moderator")
delete user_role_path(target_user, "moderator")
assert_response :forbidden
# Login as an unprivileged user
session_for(normal_user)
# Revoking should still fail
post revoke_role_path(target_user, "moderator")
delete user_role_path(target_user, "moderator")
assert_redirected_to :controller => :errors, :action => :forbidden
# Login as an administrator
@ -99,7 +99,7 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
UserRole::ALL_ROLES.each do |role|
# Removing a role from a non-existent user should fail
assert_difference "UserRole.count", 0 do
post revoke_role_path("non_existent_user", role)
delete user_role_path("non_existent_user", role)
end
assert_response :not_found
assert_template "users/no_such_user"
@ -107,20 +107,20 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
# Removing a role from a user that doesn't have it should fail
assert_no_difference "UserRole.count" do
post revoke_role_path(target_user, role)
delete user_role_path(target_user, role)
end
assert_redirected_to user_path(target_user)
assert_equal "The user does not have role #{role}.", flash[:error]
# Removing a role from a user that has it should work...
assert_difference "UserRole.count", -1 do
post revoke_role_path(super_user, role)
delete user_role_path(super_user, role)
end
assert_redirected_to user_path(super_user)
# ...but trying a second time should fail
assert_no_difference "UserRole.count" do
post revoke_role_path(super_user, role)
delete user_role_path(super_user, role)
end
assert_redirected_to user_path(super_user)
assert_equal "The user does not have role #{role}.", flash[:error]
@ -128,13 +128,13 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
# Revoking a non-existent role should fail
assert_difference "UserRole.count", 0 do
post revoke_role_path(target_user, "no_such_role")
delete user_role_path(target_user, "no_such_role")
end
assert_redirected_to user_path(target_user)
assert_equal "The string 'no_such_role' is not a valid role.", flash[:error]
# Revoking administrator role from current user should fail
post revoke_role_path(administrator_user, "administrator")
delete user_role_path(administrator_user, "administrator")
assert_redirected_to user_path(administrator_user)
assert_equal "Cannot revoke administrator role from current user.", flash[:error]
end

36
test/helpers/user_roles_helper_test.rb
View file

@ -31,7 +31,7 @@ class UserRolesHelperTest < ActionView::TestCase
create(:user) do |user|
icon = role_icon(user, "moderator")
icon_dom = Rails::Dom::Testing.html_document_fragment.parse(icon)
assert_dom icon_dom, "a:root[href='#{grant_role_path(user, 'moderator')}']", :count => 1 do
assert_dom icon_dom, "a:root[href='#{user_role_path(user, 'moderator')}'][data-method='post']", :count => 1 do
assert_dom "> svg", :count => 1 do
assert_dom "> title", :text => "Grant moderator access"
end
@ -39,7 +39,7 @@ class UserRolesHelperTest < ActionView::TestCase
icon = role_icon(user, "importer")
icon_dom = Rails::Dom::Testing.html_document_fragment.parse(icon)
assert_dom icon_dom, "a:root[href='#{grant_role_path(user, 'importer')}']", :count => 1 do
assert_dom icon_dom, "a:root[href='#{user_role_path(user, 'importer')}'][data-method='post']", :count => 1 do
assert_dom "> svg", :count => 1 do
assert_dom "> title", :text => "Grant importer access"
end
@ -49,7 +49,7 @@ class UserRolesHelperTest < ActionView::TestCase
create(:moderator_user) do |user|
icon = role_icon(user, "moderator")
icon_dom = Rails::Dom::Testing.html_document_fragment.parse(icon)
assert_dom icon_dom, "a:root[href='#{revoke_role_path(user, 'moderator')}']", :count => 1 do
assert_dom icon_dom, "a:root[href='#{user_role_path(user, 'moderator')}'][data-method='delete']", :count => 1 do
assert_dom "> svg", :count => 1 do
assert_dom "> title", :text => "Revoke moderator access"
end
@ -57,7 +57,7 @@ class UserRolesHelperTest < ActionView::TestCase
icon = role_icon(user, "importer")
icon_dom = Rails::Dom::Testing.html_document_fragment.parse(icon)
assert_dom icon_dom, "a:root[href='#{grant_role_path(user, 'importer')}']", :count => 1 do
assert_dom icon_dom, "a:root[href='#{user_role_path(user, 'importer')}'][data-method='post']", :count => 1 do
assert_dom "> svg", :count => 1 do
assert_dom "> title", :text => "Grant importer access"
end
@ -67,7 +67,7 @@ class UserRolesHelperTest < ActionView::TestCase
create(:importer_user) do |user|
icon = role_icon(user, "moderator")
icon_dom = Rails::Dom::Testing.html_document_fragment.parse(icon)
assert_dom icon_dom, "a:root[href='#{grant_role_path(user, 'moderator')}']", :count => 1 do
assert_dom icon_dom, "a:root[href='#{user_role_path(user, 'moderator')}'][data-method='post']", :count => 1 do
assert_dom "> svg", :count => 1 do
assert_dom "> title", :text => "Grant moderator access"
end
@ -75,7 +75,7 @@ class UserRolesHelperTest < ActionView::TestCase
icon = role_icon(user, "importer")
icon_dom = Rails::Dom::Testing.html_document_fragment.parse(icon)
assert_dom icon_dom, "a:root[href='#{revoke_role_path(user, 'importer')}']", :count => 1 do
assert_dom icon_dom, "a:root[href='#{user_role_path(user, 'importer')}'][data-method='delete']", :count => 1 do
assert_dom "> svg", :count => 1 do
assert_dom "> title", :text => "Revoke importer access"
end
@ -113,13 +113,13 @@ class UserRolesHelperTest < ActionView::TestCase
icons = role_icons(user)
icons_dom = Rails::Dom::Testing.html_document_fragment.parse(icons)
assert_dom icons_dom, "a:root", :count => 3
assert_dom icons_dom, "a:root[href='#{grant_role_path(user, 'administrator')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'administrator')}'][data-method='post']" do
assert_dom "> svg > title", :text => "Grant administrator access"
end
assert_dom icons_dom, "a:root[href='#{grant_role_path(user, 'moderator')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'moderator')}'][data-method='post']" do
assert_dom "> svg > title", :text => "Grant moderator access"
end
assert_dom icons_dom, "a:root[href='#{grant_role_path(user, 'importer')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'importer')}'][data-method='post']" do
assert_dom "> svg > title", :text => "Grant importer access"
end
end
@ -128,13 +128,13 @@ class UserRolesHelperTest < ActionView::TestCase
icons = role_icons(user)
icons_dom = Rails::Dom::Testing.html_document_fragment.parse(icons)
assert_dom icons_dom, "a:root", :count => 3
assert_dom icons_dom, "a:root[href='#{grant_role_path(user, 'administrator')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'administrator')}'][data-method='post']" do
assert_dom "> svg > title", :text => "Grant administrator access"
end
assert_dom icons_dom, "a:root[href='#{revoke_role_path(user, 'moderator')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'moderator')}'][data-method='delete']" do
assert_dom "> svg > title", :text => "Revoke moderator access"
end
assert_dom icons_dom, "a:root[href='#{grant_role_path(user, 'importer')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'importer')}'][data-method='post']" do
assert_dom "> svg > title", :text => "Grant importer access"
end
end
@ -143,13 +143,13 @@ class UserRolesHelperTest < ActionView::TestCase
icons = role_icons(user)
icons_dom = Rails::Dom::Testing.html_document_fragment.parse(icons)
assert_dom icons_dom, "a:root", :count => 3
assert_dom icons_dom, "a:root[href='#{grant_role_path(user, 'administrator')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'administrator')}'][data-method='post']" do
assert_dom "> svg > title", :text => "Grant administrator access"
end
assert_dom icons_dom, "a:root[href='#{grant_role_path(user, 'moderator')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'moderator')}'][data-method='post']" do
assert_dom "> svg > title", :text => "Grant moderator access"
end
assert_dom icons_dom, "a:root[href='#{revoke_role_path(user, 'importer')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'importer')}'][data-method='delete']" do
assert_dom "> svg > title", :text => "Revoke importer access"
end
end
@ -158,13 +158,13 @@ class UserRolesHelperTest < ActionView::TestCase
icons = role_icons(user)
icons_dom = Rails::Dom::Testing.html_document_fragment.parse(icons)
assert_dom icons_dom, "a:root", :count => 3
assert_dom icons_dom, "a:root[href='#{revoke_role_path(user, 'administrator')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'administrator')}'][data-method='delete']" do
assert_dom "> svg > title", :text => "Revoke administrator access"
end
assert_dom icons_dom, "a:root[href='#{revoke_role_path(user, 'moderator')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'moderator')}'][data-method='delete']" do
assert_dom "> svg > title", :text => "Revoke moderator access"
end
assert_dom icons_dom, "a:root[href='#{revoke_role_path(user, 'importer')}']" do
assert_dom icons_dom, "a:root[href='#{user_role_path(user, 'importer')}'][data-method='delete']" do
assert_dom "> svg > title", :text => "Revoke importer access"
end
end