discourse/spec/requests/user_actions_controller_spec.rb
2023-01-09 11:49:28 +00:00

150 lines
4.5 KiB
Ruby

# frozen_string_literal: true
RSpec.describe UserActionsController do
describe "GET index" do
subject(:user_actions) { get "/user_actions.json", params: params }
context "when 'username' is not specified" do
let(:params) { {} }
it "fails" do
user_actions
expect(response).to have_http_status :bad_request
end
end
context "when 'username' is specified" do
let(:username) { post.user.username }
let(:params) { { username: username } }
let(:actions) { response.parsed_body["user_actions"] }
let(:post) { create_post }
before { UserActionManager.enable }
it "renders list correctly" do
user_actions
expect(response).to have_http_status :ok
expect(actions.first).to include "acting_name" => post.user.name, "post_number" => 1
expect(actions.first).not_to include "email"
end
context "when 'acting_username' is provided" do
let(:user) { Fabricate(:user) }
before do
PostActionNotifier.enable
PostActionCreator.like(user, post)
params[:acting_username] = user.username
end
it "filters its results" do
user_actions
expect(response).to have_http_status :ok
expect(actions.first).to include "acting_username" => user.username
end
end
context "when user's profile is hidden" do
fab!(:post) { Fabricate(:post) }
before { post.user.user_option.update_column(:hide_profile_and_presence, true) }
context "when `allow_users_to_hide_profile` is disabled" do
before { SiteSetting.allow_users_to_hide_profile = false }
it "succeeds" do
user_actions
expect(response).to have_http_status :ok
end
end
context "when `allow_users_to_hide_profile` is enabled" do
it "returns a 404" do
user_actions
expect(response).to have_http_status :not_found
end
end
end
context "when checking other users' activity" do
fab!(:another_user) { Fabricate(:user) }
context "when user is anonymous" do
UserAction.private_types.each do |action_type|
action_name = UserAction.types.key(action_type)
it "cannot list other users' actions of type: #{action_name}" do
list_and_check(action_type, 404)
end
end
end
context "when user is logged in" do
fab!(:user) { Fabricate(:user) }
before { sign_in(user) }
UserAction.private_types.each do |action_type|
action_name = UserAction.types.key(action_type)
it "cannot list other users' actions of type: #{action_name}" do
list_and_check(action_type, 404)
end
end
end
context "when user is a moderator" do
fab!(:moderator) { Fabricate(:moderator) }
before { sign_in(moderator) }
UserAction.private_types.each do |action_type|
action_name = UserAction.types.key(action_type)
it "cannot list other users' actions of type: #{action_name}" do
list_and_check(action_type, 404)
end
end
end
context "when user is an admin" do
fab!(:admin) { Fabricate(:admin) }
before { sign_in(admin) }
UserAction.private_types.each do |action_type|
action_name = UserAction.types.key(action_type)
it "can list other users' actions of type: #{action_name}" do
list_and_check(action_type, 200)
end
end
end
def list_and_check(action_type, expected_response)
get "/user_actions.json", params: { filter: action_type, username: another_user.username }
expect(response.status).to eq(expected_response)
end
end
context "when bad data is provided" do
fab!(:user) { Fabricate(:user) }
let(:params) { { filter: filter, username: username, offset: offset, limit: limit } }
let(:filter) { "1,2" }
let(:username) { user.username }
let(:offset) { "0" }
let(:limit) { "10" }
%i[filter username offset limit].each do |parameter|
context "when providing bad data for '#{parameter}'" do
let(parameter) { { bad: "data" } }
it "doesn't raise an error" do
user_actions
expect(response).not_to have_http_status :error
end
end
end
end
end
end
end