Chris@1494: # Redmine - project management software Chris@1494: # Copyright (C) 2006-2014 Jean-Philippe Lang Chris@1494: # Chris@1494: # This program is free software; you can redistribute it and/or Chris@1494: # modify it under the terms of the GNU General Public License Chris@1494: # as published by the Free Software Foundation; either version 2 Chris@1494: # of the License, or (at your option) any later version. Chris@1494: # Chris@1494: # This program is distributed in the hope that it will be useful, Chris@1494: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@1494: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@1494: # GNU General Public License for more details. Chris@1494: # Chris@1494: # You should have received a copy of the GNU General Public License Chris@1494: # along with this program; if not, write to the Free Software Chris@1494: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@1494: Chris@1494: require File.expand_path('../../../test_helper', __FILE__) Chris@1494: Chris@1494: class Redmine::ApiTest::UsersTest < Redmine::ApiTest::Base Chris@1494: fixtures :users, :members, :member_roles, :roles, :projects Chris@1494: Chris@1494: def setup Chris@1494: Setting.rest_api_enabled = '1' Chris@1494: end Chris@1494: Chris@1494: should_allow_api_authentication(:get, "/users.xml") Chris@1494: should_allow_api_authentication(:get, "/users.json") Chris@1494: should_allow_api_authentication(:post, Chris@1494: '/users.xml', Chris@1494: {:user => { Chris@1494: :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', Chris@1494: :mail => 'foo@example.net', :password => 'secret123' Chris@1494: }}, Chris@1494: {:success_code => :created}) Chris@1494: should_allow_api_authentication(:post, Chris@1494: '/users.json', Chris@1494: {:user => { Chris@1494: :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', Chris@1494: :mail => 'foo@example.net' Chris@1494: }}, Chris@1494: {:success_code => :created}) Chris@1494: should_allow_api_authentication(:put, Chris@1494: '/users/2.xml', Chris@1494: {:user => { Chris@1494: :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', Chris@1494: :mail => 'jsmith@somenet.foo' Chris@1494: }}, Chris@1494: {:success_code => :ok}) Chris@1494: should_allow_api_authentication(:put, Chris@1494: '/users/2.json', Chris@1494: {:user => { Chris@1494: :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', Chris@1494: :mail => 'jsmith@somenet.foo' Chris@1494: }}, Chris@1494: {:success_code => :ok}) Chris@1494: should_allow_api_authentication(:delete, Chris@1494: '/users/2.xml', Chris@1494: {}, Chris@1494: {:success_code => :ok}) Chris@1494: should_allow_api_authentication(:delete, Chris@1494: '/users/2.xml', Chris@1494: {}, Chris@1494: {:success_code => :ok}) Chris@1494: Chris@1494: test "GET /users/:id.xml should return the user" do Chris@1494: get '/users/2.xml' Chris@1494: Chris@1494: assert_response :success Chris@1494: assert_tag :tag => 'user', Chris@1494: :child => {:tag => 'id', :content => '2'} Chris@1494: end Chris@1494: Chris@1494: test "GET /users/:id.json should return the user" do Chris@1494: get '/users/2.json' Chris@1494: Chris@1494: assert_response :success Chris@1494: json = ActiveSupport::JSON.decode(response.body) Chris@1494: assert_kind_of Hash, json Chris@1494: assert_kind_of Hash, json['user'] Chris@1494: assert_equal 2, json['user']['id'] Chris@1494: end Chris@1494: Chris@1494: test "GET /users/:id.xml with include=memberships should include memberships" do Chris@1494: get '/users/2.xml?include=memberships' Chris@1494: Chris@1494: assert_response :success Chris@1494: assert_tag :tag => 'memberships', Chris@1494: :parent => {:tag => 'user'}, Chris@1494: :children => {:count => 1} Chris@1494: end Chris@1494: Chris@1494: test "GET /users/:id.json with include=memberships should include memberships" do Chris@1494: get '/users/2.json?include=memberships' Chris@1494: Chris@1494: assert_response :success Chris@1494: json = ActiveSupport::JSON.decode(response.body) Chris@1494: assert_kind_of Array, json['user']['memberships'] Chris@1494: assert_equal [{ Chris@1494: "id"=>1, Chris@1494: "project"=>{"name"=>"eCookbook", "id"=>1}, Chris@1494: "roles"=>[{"name"=>"Manager", "id"=>1}] Chris@1494: }], json['user']['memberships'] Chris@1494: end Chris@1494: Chris@1494: test "GET /users/current.xml should require authentication" do Chris@1494: get '/users/current.xml' Chris@1494: Chris@1494: assert_response 401 Chris@1494: end Chris@1494: Chris@1494: test "GET /users/current.xml should return current user" do Chris@1494: get '/users/current.xml', {}, credentials('jsmith') Chris@1494: Chris@1494: assert_tag :tag => 'user', Chris@1494: :child => {:tag => 'id', :content => '2'} Chris@1494: end Chris@1494: Chris@1494: test "GET /users/:id should not return login for other user" do Chris@1494: get '/users/3.xml', {}, credentials('jsmith') Chris@1494: assert_response :success Chris@1494: assert_no_tag 'user', :child => {:tag => 'login'} Chris@1494: end Chris@1494: Chris@1494: test "GET /users/:id should return login for current user" do Chris@1494: get '/users/2.xml', {}, credentials('jsmith') Chris@1494: assert_response :success Chris@1494: assert_tag 'user', :child => {:tag => 'login', :content => 'jsmith'} Chris@1494: end Chris@1494: Chris@1494: test "GET /users/:id should not return api_key for other user" do Chris@1494: get '/users/3.xml', {}, credentials('jsmith') Chris@1494: assert_response :success Chris@1494: assert_no_tag 'user', :child => {:tag => 'api_key'} Chris@1494: end Chris@1494: Chris@1494: test "GET /users/:id should return api_key for current user" do Chris@1494: get '/users/2.xml', {}, credentials('jsmith') Chris@1494: assert_response :success Chris@1494: assert_tag 'user', :child => {:tag => 'api_key', :content => User.find(2).api_key} Chris@1494: end Chris@1494: Chris@1494: test "GET /users/:id should not return status for standard user" do Chris@1494: get '/users/3.xml', {}, credentials('jsmith') Chris@1494: assert_response :success Chris@1494: assert_no_tag 'user', :child => {:tag => 'status'} Chris@1494: end Chris@1494: Chris@1494: test "GET /users/:id should return status for administrators" do Chris@1494: get '/users/2.xml', {}, credentials('admin') Chris@1494: assert_response :success Chris@1494: assert_tag 'user', :child => {:tag => 'status', :content => User.find(1).status.to_s} Chris@1494: end Chris@1494: Chris@1494: test "POST /users.xml with valid parameters should create the user" do Chris@1494: assert_difference('User.count') do Chris@1494: post '/users.xml', { Chris@1494: :user => { Chris@1494: :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', Chris@1494: :mail => 'foo@example.net', :password => 'secret123', Chris@1494: :mail_notification => 'only_assigned'} Chris@1494: }, Chris@1494: credentials('admin') Chris@1494: end Chris@1494: Chris@1494: user = User.first(:order => 'id DESC') Chris@1494: assert_equal 'foo', user.login Chris@1494: assert_equal 'Firstname', user.firstname Chris@1494: assert_equal 'Lastname', user.lastname Chris@1494: assert_equal 'foo@example.net', user.mail Chris@1494: assert_equal 'only_assigned', user.mail_notification Chris@1494: assert !user.admin? Chris@1494: assert user.check_password?('secret123') Chris@1494: Chris@1494: assert_response :created Chris@1494: assert_equal 'application/xml', @response.content_type Chris@1494: assert_tag 'user', :child => {:tag => 'id', :content => user.id.to_s} Chris@1494: end Chris@1494: Chris@1494: test "POST /users.json with valid parameters should create the user" do Chris@1494: assert_difference('User.count') do Chris@1494: post '/users.json', { Chris@1494: :user => { Chris@1494: :login => 'foo', :firstname => 'Firstname', :lastname => 'Lastname', Chris@1494: :mail => 'foo@example.net', :password => 'secret123', Chris@1494: :mail_notification => 'only_assigned'} Chris@1494: }, Chris@1494: credentials('admin') Chris@1494: end Chris@1494: Chris@1494: user = User.first(:order => 'id DESC') Chris@1494: assert_equal 'foo', user.login Chris@1494: assert_equal 'Firstname', user.firstname Chris@1494: assert_equal 'Lastname', user.lastname Chris@1494: assert_equal 'foo@example.net', user.mail Chris@1494: assert !user.admin? Chris@1494: Chris@1494: assert_response :created Chris@1494: assert_equal 'application/json', @response.content_type Chris@1494: json = ActiveSupport::JSON.decode(response.body) Chris@1494: assert_kind_of Hash, json Chris@1494: assert_kind_of Hash, json['user'] Chris@1494: assert_equal user.id, json['user']['id'] Chris@1494: end Chris@1494: Chris@1494: test "POST /users.xml with with invalid parameters should return errors" do Chris@1494: assert_no_difference('User.count') do Chris@1494: post '/users.xml', {:user => {:login => 'foo', :lastname => 'Lastname', :mail => 'foo'}}, credentials('admin') Chris@1494: end Chris@1494: Chris@1494: assert_response :unprocessable_entity Chris@1494: assert_equal 'application/xml', @response.content_type Chris@1494: assert_tag 'errors', :child => { Chris@1494: :tag => 'error', Chris@1494: :content => "First name can't be blank" Chris@1494: } Chris@1494: end Chris@1494: Chris@1494: test "POST /users.json with with invalid parameters should return errors" do Chris@1494: assert_no_difference('User.count') do Chris@1494: post '/users.json', {:user => {:login => 'foo', :lastname => 'Lastname', :mail => 'foo'}}, credentials('admin') Chris@1494: end Chris@1494: Chris@1494: assert_response :unprocessable_entity Chris@1494: assert_equal 'application/json', @response.content_type Chris@1494: json = ActiveSupport::JSON.decode(response.body) Chris@1494: assert_kind_of Hash, json Chris@1494: assert json.has_key?('errors') Chris@1494: assert_kind_of Array, json['errors'] Chris@1494: end Chris@1494: Chris@1494: test "PUT /users/:id.xml with valid parameters should update the user" do Chris@1494: assert_no_difference('User.count') do Chris@1494: put '/users/2.xml', { Chris@1494: :user => { Chris@1494: :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', Chris@1494: :mail => 'jsmith@somenet.foo'} Chris@1494: }, Chris@1494: credentials('admin') Chris@1494: end Chris@1494: Chris@1494: user = User.find(2) Chris@1494: assert_equal 'jsmith', user.login Chris@1494: assert_equal 'John', user.firstname Chris@1494: assert_equal 'Renamed', user.lastname Chris@1494: assert_equal 'jsmith@somenet.foo', user.mail Chris@1494: assert !user.admin? Chris@1494: Chris@1494: assert_response :ok Chris@1494: assert_equal '', @response.body Chris@1494: end Chris@1494: Chris@1494: test "PUT /users/:id.json with valid parameters should update the user" do Chris@1494: assert_no_difference('User.count') do Chris@1494: put '/users/2.json', { Chris@1494: :user => { Chris@1494: :login => 'jsmith', :firstname => 'John', :lastname => 'Renamed', Chris@1494: :mail => 'jsmith@somenet.foo'} Chris@1494: }, Chris@1494: credentials('admin') Chris@1494: end Chris@1494: Chris@1494: user = User.find(2) Chris@1494: assert_equal 'jsmith', user.login Chris@1494: assert_equal 'John', user.firstname Chris@1494: assert_equal 'Renamed', user.lastname Chris@1494: assert_equal 'jsmith@somenet.foo', user.mail Chris@1494: assert !user.admin? Chris@1494: Chris@1494: assert_response :ok Chris@1494: assert_equal '', @response.body Chris@1494: end Chris@1494: Chris@1494: test "PUT /users/:id.xml with invalid parameters" do Chris@1494: assert_no_difference('User.count') do Chris@1494: put '/users/2.xml', { Chris@1494: :user => { Chris@1494: :login => 'jsmith', :firstname => '', :lastname => 'Lastname', Chris@1494: :mail => 'foo'} Chris@1494: }, Chris@1494: credentials('admin') Chris@1494: end Chris@1494: Chris@1494: assert_response :unprocessable_entity Chris@1494: assert_equal 'application/xml', @response.content_type Chris@1494: assert_tag 'errors', :child => { Chris@1494: :tag => 'error', Chris@1494: :content => "First name can't be blank" Chris@1494: } Chris@1494: end Chris@1494: Chris@1494: test "PUT /users/:id.json with invalid parameters" do Chris@1494: assert_no_difference('User.count') do Chris@1494: put '/users/2.json', { Chris@1494: :user => { Chris@1494: :login => 'jsmith', :firstname => '', :lastname => 'Lastname', Chris@1494: :mail => 'foo'} Chris@1494: }, Chris@1494: credentials('admin') Chris@1494: end Chris@1494: Chris@1494: assert_response :unprocessable_entity Chris@1494: assert_equal 'application/json', @response.content_type Chris@1494: json = ActiveSupport::JSON.decode(response.body) Chris@1494: assert_kind_of Hash, json Chris@1494: assert json.has_key?('errors') Chris@1494: assert_kind_of Array, json['errors'] Chris@1494: end Chris@1494: Chris@1494: test "DELETE /users/:id.xml should delete the user" do Chris@1494: assert_difference('User.count', -1) do Chris@1494: delete '/users/2.xml', {}, credentials('admin') Chris@1494: end Chris@1494: Chris@1494: assert_response :ok Chris@1494: assert_equal '', @response.body Chris@1494: end Chris@1494: Chris@1494: test "DELETE /users/:id.json should delete the user" do Chris@1494: assert_difference('User.count', -1) do Chris@1494: delete '/users/2.json', {}, credentials('admin') Chris@1494: end Chris@1494: Chris@1494: assert_response :ok Chris@1494: assert_equal '', @response.body Chris@1494: end Chris@1494: end