openstreetmap-website/test/controllers/api/permissions_controller_test.rb

require "test_helper"

module Api
  class PermissionsControllerTest < ActionDispatch::IntegrationTest
    ##
    # test all routes which lead to this controller
    def test_routes
      assert_routing(
        { :path => "/api/0.6/permissions", :method => :get },
        { :controller => "api/permissions", :action => "show" }
      )
      assert_routing(
        { :path => "/api/0.6/permissions.json", :method => :get },
        { :controller => "api/permissions", :action => "show", :format => "json" }
      )
    end

    def test_permissions_anonymous
      get permissions_path
      assert_response :success
      assert_select "osm > permissions", :count => 1 do
        assert_select "permission", :count => 0
      end

      # Test json
      get permissions_path(:format => "json")
      assert_response :success
      assert_equal "application/json", @response.media_type

      js = ActiveSupport::JSON.decode(@response.body)
      assert_not_nil js
      assert_equal 0, js["permissions"].count
    end

    def test_permissions_basic_auth
      auth_header = basic_authorization_header create(:user).email, "test"
      get permissions_path, :headers => auth_header
      assert_response :success
      assert_select "osm > permissions", :count => 1 do
        assert_select "permission", :count => ClientApplication.all_permissions.size
        ClientApplication.all_permissions.each do |p|
          assert_select "permission[name='#{p}']", :count => 1
        end
      end

      # Test json
      get permissions_path(:format => "json"), :headers => auth_header
      assert_response :success
      assert_equal "application/json", @response.media_type

      js = ActiveSupport::JSON.decode(@response.body)
      assert_not_nil js
      assert_equal ClientApplication.all_permissions.size, js["permissions"].count
      ClientApplication.all_permissions.each do |p|
        assert_includes js["permissions"], p.to_s
      end
    end

    def test_permissions_oauth1
      token = create(:access_token,
                     :allow_read_prefs => true,
                     :allow_write_api => true,
                     :allow_read_gpx => false)
      signed_get permissions_path, :oauth => { :token => token }
      assert_response :success
      assert_select "osm > permissions", :count => 1 do
        assert_select "permission", :count => 2
        assert_select "permission[name='allow_read_prefs']", :count => 1
        assert_select "permission[name='allow_write_api']", :count => 1
        assert_select "permission[name='allow_read_gpx']", :count => 0
      end
    end

    def test_permissions_oauth2
      user = create(:user)
      token = create(:oauth_access_token,
                     :resource_owner_id => user.id,
                     :scopes => %w[read_prefs write_api])
      get permissions_path, :headers => bearer_authorization_header(token.token)
      assert_response :success
      assert_select "osm > permissions", :count => 1 do
        assert_select "permission", :count => 2
        assert_select "permission[name='allow_read_prefs']", :count => 1
        assert_select "permission[name='allow_write_api']", :count => 1
        assert_select "permission[name='allow_read_gpx']", :count => 0
      end
    end
  end
end