82 lines
2.1 KiB
Ruby
82 lines
2.1 KiB
Ruby
require "test_helper"
|
|
|
|
class UsersControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
@join_code = accounts(:signal).join_code
|
|
end
|
|
|
|
test "new" do
|
|
get join_url(@join_code)
|
|
assert_response :success
|
|
end
|
|
|
|
test "new does not allow a signed in user" do
|
|
sign_in :david
|
|
|
|
get join_url(@join_code)
|
|
assert_redirected_to root_url
|
|
end
|
|
|
|
test "new requires a join code" do
|
|
get join_url("not")
|
|
assert_response :not_found
|
|
end
|
|
|
|
test "create" do
|
|
assert_difference -> { User.count }, 1 do
|
|
post join_url(@join_code), params: { user: { name: "New Person", email_address: "new@37signals.com", password: "secret123456" } }
|
|
end
|
|
|
|
assert_redirected_to root_url
|
|
|
|
user = User.last
|
|
assert_equal user.id, Session.find_by(token: parsed_cookies.signed[:session_token]).user.id
|
|
end
|
|
|
|
test "creating a new user with an existing email address redirects to login screen" do
|
|
assert_no_difference -> { User.count } do
|
|
post join_url(@join_code), params: { user: { name: "Another David", email_address: users(:david).email_address, password: "secret123456" } }
|
|
end
|
|
|
|
assert_redirected_to new_session_url(email_address: users(:david).email_address)
|
|
end
|
|
|
|
test "update" do
|
|
sign_in :david
|
|
assert users(:david).administrator?
|
|
|
|
put user_url(users(:kevin)), params: { user: { role: "administrator" } }
|
|
|
|
assert_redirected_to users_url
|
|
assert users(:kevin).reload.administrator?
|
|
end
|
|
|
|
test "update does not allow non-admins to change roles" do
|
|
sign_in :kevin
|
|
assert_not users(:kevin).administrator?
|
|
|
|
put user_url(users(:kevin)), params: { user: { role: "administrator" } }
|
|
|
|
assert_response :forbidden
|
|
assert_not users(:kevin).reload.administrator?
|
|
end
|
|
|
|
test "destroy" do
|
|
sign_in :david
|
|
|
|
assert_difference -> { User.active.count }, -1 do
|
|
delete user_url(users(:kevin))
|
|
end
|
|
|
|
assert_redirected_to users_url
|
|
assert_nil User.active.find_by(id: users(:kevin).id)
|
|
end
|
|
|
|
test "destroy is not allowed to non-admins" do
|
|
sign_in :kevin
|
|
|
|
delete user_url(users(:david))
|
|
assert_response :forbidden
|
|
end
|
|
end
|