discourse/spec/controllers/user_badges_controller_spec.rb

119 lines
3.9 KiB
Ruby
Raw Normal View History

2014-03-05 20:52:20 +08:00
require 'spec_helper'
describe UserBadgesController do
let(:user) { Fabricate(:user) }
let(:badge) { Fabricate(:badge) }
context 'index' do
it 'doest not leak private info' do
badge = Fabricate(:badge, target_posts: true, show_posts: false)
p = create_post
UserBadge.create(badge: badge, user: user, post_id: p.id, granted_by_id: -1, granted_at: Time.now)
xhr :get, :index, badge_id: badge.id
2015-01-10 01:04:02 +08:00
expect(response.status).to eq(200)
parsed = JSON.parse(response.body)
2015-01-10 01:04:02 +08:00
expect(parsed["topics"]).to eq(nil)
expect(parsed["user_badges"][0]["post_id"]).to eq(nil)
end
end
2014-03-05 20:52:20 +08:00
context 'index' do
let!(:user_badge) { UserBadge.create(badge: badge, user: user, granted_by: Discourse.system_user, granted_at: Time.now) }
2014-03-05 20:52:20 +08:00
2014-04-16 22:56:11 +08:00
it 'requires username or badge_id to be specified' do
2014-03-05 20:52:20 +08:00
expect { xhr :get, :index }.to raise_error
end
2014-04-16 22:56:11 +08:00
it 'returns user_badges for a user' do
2014-08-26 04:07:22 +08:00
xhr :get, :username, username: user.username
2014-03-05 20:52:20 +08:00
2015-01-10 01:04:02 +08:00
expect(response.status).to eq(200)
2014-03-05 20:52:20 +08:00
parsed = JSON.parse(response.body)
2015-01-10 01:04:02 +08:00
expect(parsed["user_badges"].length).to eq(1)
2014-03-05 20:52:20 +08:00
end
2014-04-16 22:56:11 +08:00
it 'returns user_badges for a badge' do
xhr :get, :index, badge_id: badge.id
2015-01-10 01:04:02 +08:00
expect(response.status).to eq(200)
2014-04-16 22:56:11 +08:00
parsed = JSON.parse(response.body)
2015-01-10 01:04:02 +08:00
expect(parsed["user_badges"].length).to eq(1)
2014-04-16 22:56:11 +08:00
end
2014-05-21 15:22:42 +08:00
it 'includes counts when passed the aggregate argument' do
2014-08-26 04:07:22 +08:00
xhr :get, :username, username: user.username, grouped: true
2014-05-21 15:22:42 +08:00
2015-01-10 01:04:02 +08:00
expect(response.status).to eq(200)
2014-05-21 15:22:42 +08:00
parsed = JSON.parse(response.body)
2015-01-10 01:04:02 +08:00
expect(parsed["user_badges"].first.has_key?('count')).to eq(true)
2014-05-21 15:22:42 +08:00
end
2014-03-05 20:52:20 +08:00
end
context 'create' do
it 'requires username to be specified' do
expect { xhr :post, :create, badge_id: badge.id }.to raise_error
end
it 'does not allow regular users to grant badges' do
log_in_user Fabricate(:user)
xhr :post, :create, badge_id: badge.id, username: user.username
2015-01-10 01:04:02 +08:00
expect(response.status).to eq(403)
2014-03-05 20:52:20 +08:00
end
it 'grants badges from staff' do
admin = Fabricate(:admin)
post = create_post
2014-03-05 20:52:20 +08:00
log_in_user admin
StaffActionLogger.any_instance.expects(:log_badge_grant).once
xhr :post, :create, badge_id: badge.id,
username: user.username,
reason: Discourse.base_url + post.url
2015-01-10 01:04:02 +08:00
expect(response.status).to eq(200)
user_badge = UserBadge.find_by(user: user, badge: badge)
2015-01-10 01:04:02 +08:00
expect(user_badge).to be_present
expect(user_badge.granted_by).to eq(admin)
expect(user_badge.post_id).to eq(post.id)
2014-03-05 20:52:20 +08:00
end
it 'does not grant badges from regular api calls' do
Fabricate(:api_key, user: user)
xhr :post, :create, badge_id: badge.id, username: user.username, api_key: user.api_key.key
2015-01-10 01:04:02 +08:00
expect(response.status).to eq(403)
2014-03-05 20:52:20 +08:00
end
it 'grants badges from master api calls' do
api_key = Fabricate(:api_key)
StaffActionLogger.any_instance.expects(:log_badge_grant).never
xhr :post, :create, badge_id: badge.id, username: user.username, api_key: api_key.key, api_username: "system"
2015-01-10 01:04:02 +08:00
expect(response.status).to eq(200)
user_badge = UserBadge.find_by(user: user, badge: badge)
2015-01-10 01:04:02 +08:00
expect(user_badge).to be_present
expect(user_badge.granted_by).to eq(Discourse.system_user)
2014-03-05 20:52:20 +08:00
end
end
context 'destroy' do
let!(:user_badge) { UserBadge.create(badge: badge, user: user, granted_by: Discourse.system_user, granted_at: Time.now) }
2014-03-05 20:52:20 +08:00
it 'checks that the user is authorized to revoke a badge' do
xhr :delete, :destroy, id: user_badge.id
2015-01-10 01:04:02 +08:00
expect(response.status).to eq(403)
2014-03-05 20:52:20 +08:00
end
it 'revokes the badge' do
log_in :admin
StaffActionLogger.any_instance.expects(:log_badge_revoke).once
xhr :delete, :destroy, id: user_badge.id
2015-01-10 01:04:02 +08:00
expect(response.status).to eq(200)
expect(UserBadge.find_by(id: user_badge.id)).to eq(nil)
2014-03-05 20:52:20 +08:00
end
end
end