Merge pull request #5293 from AntonKhorev/user-roles-resourceful-routes
Use resourceful routes for granting/revoking user roles
This commit is contained in:
Andy Allan
GitHub
commit
cdf9634d08
8 changed files with 59 additions and 58 deletions
|
|
@ -5,32 +5,32 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
|
|||
# test all routes which lead to this controller
|
||||
def test_routes
|
||||
assert_routing(
|
||||
{ :path => "/user/username/role/rolename/grant", :method => :post },
|
||||
{ :controller => "user_roles", :action => "grant", :display_name => "username", :role => "rolename" }
|
||||
{ :path => "/user/username/roles/rolename", :method => :post },
|
||||
{ :controller => "user_roles", :action => "create", :user_display_name => "username", :role => "rolename" }
|
||||
)
|
||||
assert_routing(
|
||||
{ :path => "/user/username/role/rolename/revoke", :method => :post },
|
||||
{ :controller => "user_roles", :action => "revoke", :display_name => "username", :role => "rolename" }
|
||||
{ :path => "/user/username/roles/rolename", :method => :delete },
|
||||
{ :controller => "user_roles", :action => "destroy", :user_display_name => "username", :role => "rolename" }
|
||||
)
|
||||
end
|
||||
|
||||
##
|
||||
# test the grant action
|
||||
def test_grant
|
||||
# test the grant role action
|
||||
def test_update
|
||||
target_user = create(:user)
|
||||
normal_user = create(:user)
|
||||
administrator_user = create(:administrator_user)
|
||||
super_user = create(:super_user)
|
||||
|
||||
# Granting should fail when not logged in
|
||||
post grant_role_path(target_user, "moderator")
|
||||
post user_role_path(target_user, "moderator")
|
||||
assert_response :forbidden
|
||||
|
||||
# Login as an unprivileged user
|
||||
session_for(normal_user)
|
||||
|
||||
# Granting should still fail
|
||||
post grant_role_path(target_user, "moderator")
|
||||
post user_role_path(target_user, "moderator")
|
||||
assert_redirected_to :controller => :errors, :action => :forbidden
|
||||
|
||||
# Login as an administrator
|
||||
|
|
@ -39,7 +39,7 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
|
|||
UserRole::ALL_ROLES.each do |role|
|
||||
# Granting a role to a non-existent user should fail
|
||||
assert_difference "UserRole.count", 0 do
|
||||
post grant_role_path("non_existent_user", role)
|
||||
post user_role_path("non_existent_user", role)
|
||||
end
|
||||
assert_response :not_found
|
||||
assert_template "users/no_such_user"
|
||||
|
|
@ -47,20 +47,20 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
|
|||
|
||||
# Granting a role to a user that already has it should fail
|
||||
assert_no_difference "UserRole.count" do
|
||||
post grant_role_path(super_user, role)
|
||||
post user_role_path(super_user, role)
|
||||
end
|
||||
assert_redirected_to user_path(super_user)
|
||||
assert_equal "The user already has role #{role}.", flash[:error]
|
||||
|
||||
# Granting a role to a user that doesn't have it should work...
|
||||
assert_difference "UserRole.count", 1 do
|
||||
post grant_role_path(target_user, role)
|
||||
post user_role_path(target_user, role)
|
||||
end
|
||||
assert_redirected_to user_path(target_user)
|
||||
|
||||
# ...but trying a second time should fail
|
||||
assert_no_difference "UserRole.count" do
|
||||
post grant_role_path(target_user, role)
|
||||
post user_role_path(target_user, role)
|
||||
end
|
||||
assert_redirected_to user_path(target_user)
|
||||
assert_equal "The user already has role #{role}.", flash[:error]
|
||||
|
|
@ -68,29 +68,29 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
|
|||
|
||||
# Granting a non-existent role should fail
|
||||
assert_difference "UserRole.count", 0 do
|
||||
post grant_role_path(target_user, "no_such_role")
|
||||
post user_role_path(target_user, "no_such_role")
|
||||
end
|
||||
assert_redirected_to user_path(target_user)
|
||||
assert_equal "The string 'no_such_role' is not a valid role.", flash[:error]
|
||||
end
|
||||
|
||||
##
|
||||
# test the revoke action
|
||||
def test_revoke
|
||||
# test the revoke role action
|
||||
def test_destroy
|
||||
target_user = create(:user)
|
||||
normal_user = create(:user)
|
||||
administrator_user = create(:administrator_user)
|
||||
super_user = create(:super_user)
|
||||
|
||||
# Revoking should fail when not logged in
|
||||
post revoke_role_path(target_user, "moderator")
|
||||
delete user_role_path(target_user, "moderator")
|
||||
assert_response :forbidden
|
||||
|
||||
# Login as an unprivileged user
|
||||
session_for(normal_user)
|
||||
|
||||
# Revoking should still fail
|
||||
post revoke_role_path(target_user, "moderator")
|
||||
delete user_role_path(target_user, "moderator")
|
||||
assert_redirected_to :controller => :errors, :action => :forbidden
|
||||
|
||||
# Login as an administrator
|
||||
|
|
@ -99,7 +99,7 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
|
|||
UserRole::ALL_ROLES.each do |role|
|
||||
# Removing a role from a non-existent user should fail
|
||||
assert_difference "UserRole.count", 0 do
|
||||
post revoke_role_path("non_existent_user", role)
|
||||
delete user_role_path("non_existent_user", role)
|
||||
end
|
||||
assert_response :not_found
|
||||
assert_template "users/no_such_user"
|
||||
|
|
@ -107,20 +107,20 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
|
|||
|
||||
# Removing a role from a user that doesn't have it should fail
|
||||
assert_no_difference "UserRole.count" do
|
||||
post revoke_role_path(target_user, role)
|
||||
delete user_role_path(target_user, role)
|
||||
end
|
||||
assert_redirected_to user_path(target_user)
|
||||
assert_equal "The user does not have role #{role}.", flash[:error]
|
||||
|
||||
# Removing a role from a user that has it should work...
|
||||
assert_difference "UserRole.count", -1 do
|
||||
post revoke_role_path(super_user, role)
|
||||
delete user_role_path(super_user, role)
|
||||
end
|
||||
assert_redirected_to user_path(super_user)
|
||||
|
||||
# ...but trying a second time should fail
|
||||
assert_no_difference "UserRole.count" do
|
||||
post revoke_role_path(super_user, role)
|
||||
delete user_role_path(super_user, role)
|
||||
end
|
||||
assert_redirected_to user_path(super_user)
|
||||
assert_equal "The user does not have role #{role}.", flash[:error]
|
||||
|
|
@ -128,13 +128,13 @@ class UserRolesControllerTest < ActionDispatch::IntegrationTest
|
|||
|
||||
# Revoking a non-existent role should fail
|
||||
assert_difference "UserRole.count", 0 do
|
||||
post revoke_role_path(target_user, "no_such_role")
|
||||
delete user_role_path(target_user, "no_such_role")
|
||||
end
|
||||
assert_redirected_to user_path(target_user)
|
||||
assert_equal "The string 'no_such_role' is not a valid role.", flash[:error]
|
||||
|
||||
# Revoking administrator role from current user should fail
|
||||
post revoke_role_path(administrator_user, "administrator")
|
||||
delete user_role_path(administrator_user, "administrator")
|
||||
assert_redirected_to user_path(administrator_user)
|
||||
assert_equal "Cannot revoke administrator role from current user.", flash[:error]
|
||||
end
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue