diff options
| author | Dave Arter <davea@mysociety.org> | 2016-07-20 09:32:55 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2016-07-20 09:32:55 +0100 |
| commit | 5e6d75814fc24da3d298df258989049a57c5d75f (patch) | |
| tree | d1539cb97c1859594d115ad465df0de37f0b3721 /t/app/controller/admin.t | |
| parent | 65545553b5171f1ef1d611ea93c38f138451fb31 (diff) | |
| parent | 5e8ac92d2a38d3ae3802bffee12111e164935b1d (diff) | |
Merge branch 'admin-using-normal-login'
Diffstat (limited to 't/app/controller/admin.t')
| -rw-r--r-- | t/app/controller/admin.t | 122 |
1 files changed, 110 insertions, 12 deletions
diff --git a/t/app/controller/admin.t b/t/app/controller/admin.t index d7fcb30e6..51307f756 100644 --- a/t/app/controller/admin.t +++ b/t/app/controller/admin.t @@ -6,21 +6,16 @@ use FixMyStreet::TestMech; my $mech = FixMyStreet::TestMech->new; -my $user = - FixMyStreet::App->model('DB::User') - ->find_or_create( { email => 'test@example.com' } ); -ok $user, "created test user"; -$user->update({ name => 'Test User' }); +my $user = $mech->create_user_ok('test@example.com', name => 'Test User'); -my $user2 = - FixMyStreet::App->model('DB::User') - ->find_or_create( { email => 'test2@example.com', name => 'Test User 2' } ); -ok $user2, "created second test user"; +my $user2 = $mech->create_user_ok('test2@example.com', name => 'Test User 2'); +my $superuser = $mech->create_user_ok('superuser@example.com', name => 'Super User', is_superuser => 1); -my $user3 = - FixMyStreet::App->model('DB::User') - ->find( { email => 'test3@example.com', name => 'Test User 2' } ); +my $oxfordshire = $mech->create_body_ok(2237, 'Oxfordshire County Council', id => 2237); +my $oxfordshireuser = $mech->create_user_ok('counciluser@example.com', name => 'Council User', from_body => $oxfordshire); + +my $user3 = $mech->create_user_ok('test3@example.com', name => 'Test User 2'); if ( $user3 ) { $mech->delete_user( $user3 ); @@ -70,6 +65,8 @@ my $alert = FixMyStreet::App->model('DB::Alert')->find_or_create( }, ); +$mech->log_in_ok( $superuser->email ); + subtest 'check summary counts' => sub { my $problems = FixMyStreet::App->model('DB::Problem')->search( { state => { -in => [qw/confirmed fixed closed investigating planned/, 'in progress', 'fixed - user', 'fixed - council'] } } ); @@ -1131,6 +1128,7 @@ for my $test ( body => $haringey->id, phone => '', flagged => undef, + is_superuser => undef, }, changes => { name => 'Changed User', @@ -1146,6 +1144,7 @@ for my $test ( body => $haringey->id, phone => '', flagged => undef, + is_superuser => undef, }, changes => { email => 'changed@example.com', @@ -1161,6 +1160,7 @@ for my $test ( body => $haringey->id, phone => '', flagged => undef, + is_superuser => undef, }, changes => { body => $southend->id, @@ -1176,6 +1176,7 @@ for my $test ( body => $southend->id, phone => '', flagged => undef, + is_superuser => undef, }, changes => { flagged => 'on', @@ -1191,6 +1192,7 @@ for my $test ( body => $southend->id, phone => '', flagged => 'on', + is_superuser => undef, }, changes => { flagged => undef, @@ -1198,6 +1200,38 @@ for my $test ( log_count => 4, log_entries => [qw/edit edit edit edit/], }, + { + desc => 'edit user add is_superuser', + fields => { + name => 'Changed User', + email => 'changed@example.com', + body => $southend->id, + phone => '', + flagged => undef, + is_superuser => undef, + }, + changes => { + is_superuser => 'on', + }, + log_count => 5, + log_entries => [qw/edit edit edit edit edit/], + }, + { + desc => 'edit user remove is_superuser', + fields => { + name => 'Changed User', + email => 'changed@example.com', + body => $southend->id, + phone => '', + flagged => undef, + is_superuser => 'on', + }, + changes => { + is_superuser => undef, + }, + log_count => 5, + log_entries => [qw/edit edit edit edit edit/], + }, ) { subtest $test->{desc} => sub { $mech->get_ok( '/admin/user_edit/' . $user->id ); @@ -1237,9 +1271,73 @@ subtest "Check admin_base_url" => sub { 'get_admin_url OK'); }; +# Finished with the superuser tests +$mech->log_out_ok; + +subtest "Users without from_body can't access admin" => sub { + $user->from_body( undef ); + $user->update; + + $mech->log_in_ok( $user->email ); + + $mech->get_ok('/admin'); + is $mech->uri->path, '/my', "redirected to correct page"; + is $mech->res->code, 200, "got 200 for final destination"; + is $mech->res->previous->code, 302, "got 302 for redirect"; + + $mech->log_out_ok; +}; + +subtest "Users with from_body can access their own council's admin" => sub { + FixMyStreet::override_config { + ALLOWED_COBRANDS => [ 'oxfordshire' ], + }, sub { + $mech->log_in_ok( $oxfordshireuser->email ); + + $mech->get_ok('/admin'); + $mech->content_contains( 'FixMyStreet admin:' ); + + $mech->log_out_ok; + }; +}; + +subtest "Users with from_body can't access another council's admin" => sub { + FixMyStreet::override_config { + ALLOWED_COBRANDS => [ 'bristol' ], + }, sub { + $mech->log_in_ok( $oxfordshireuser->email ); + + $mech->get_ok('/admin'); + is $mech->uri->path, '/my', "redirected to correct page"; + is $mech->res->code, 200, "got 200 for final destination"; + is $mech->res->previous->code, 302, "got 302 for redirect"; + + $mech->log_out_ok; + }; +}; + +subtest "Users with from_body can't access fixmystreet.com admin" => sub { + FixMyStreet::override_config { + ALLOWED_COBRANDS => [ 'fixmystreet' ], + }, sub { + $mech->log_in_ok( $oxfordshireuser->email ); + + $mech->get_ok('/admin'); + is $mech->uri->path, '/my', "redirected to correct page"; + is $mech->res->code, 200, "got 200 for final destination"; + is $mech->res->previous->code, 302, "got 302 for redirect"; + + $mech->log_out_ok; + }; +}; + + + $mech->delete_user( $user ); $mech->delete_user( $user2 ); $mech->delete_user( $user3 ); +$mech->delete_user( $superuser ); +$mech->delete_user( $oxfordshireuser ); $mech->delete_user( 'test4@example.com' ); done_testing(); |