diff options
| -rw-r--r-- | app/controllers/application.rb | 5 | ||||
| -rw-r--r-- | app/models/post_redirect.rb | 12 | ||||
| -rw-r--r-- | spec/controllers/request_controller_spec.rb | 55 | ||||
| -rw-r--r-- | spec/fixtures/incoming_messages.yml | 1 |
4 files changed, 63 insertions, 10 deletions
diff --git a/app/controllers/application.rb b/app/controllers/application.rb index c997a356d..2149c7b09 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -6,7 +6,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: application.rb,v 1.24 2007-11-19 12:36:57 francis Exp $ +# $Id: application.rb,v 1.25 2008-01-09 17:47:31 francis Exp $ class ApplicationController < ActionController::Base @@ -40,7 +40,8 @@ class ApplicationController < ActionController::Base else # They are already logged in, but as the wrong user @reason_params = reason_params - render 'user/wrong_user' + render :template => 'user/wrong_user' + return end end # They are not logged in at all diff --git a/app/models/post_redirect.rb b/app/models/post_redirect.rb index e7494c483..ba9d0946f 100644 --- a/app/models/post_redirect.rb +++ b/app/models/post_redirect.rb @@ -21,7 +21,7 @@ # Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. # Email: francis@mysociety.org; WWW: http://www.mysociety.org/ # -# $Id: post_redirect.rb,v 1.9 2008-01-04 11:19:18 francis Exp $ +# $Id: post_redirect.rb,v 1.10 2008-01-09 17:47:31 francis Exp $ require 'openssl' # for random bytes function @@ -70,6 +70,16 @@ class PostRedirect < ActiveRecord::Base end end + # Used by test code + def self.get_last_post_redirect + # XXX yeuch - no other easy way of getting the token so we can check + # the redirect URL, as it is by definition opaque to the controller + # apart from in the place that it redirects to. + post_redirects = PostRedirect.find_by_sql("select * from post_redirects order by id desc limit 1") + post_redirects.size.should == 1 + return post_redirects[0] + end + end diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb index 94892081c..1e20ca8ab 100644 --- a/spec/controllers/request_controller_spec.rb +++ b/spec/controllers/request_controller_spec.rb @@ -114,12 +114,7 @@ describe RequestController, "when creating a new request" do :submitted_new_request => 1 } post :new, params - # XXX yeuch - no other easy way of getting the token so we can check - # the redirect URL, as it is by definition opaque to the controller - # apart from in the place that it redirects to. - post_redirects = PostRedirect.find_by_sql("select * from post_redirects order by id desc limit 1") - post_redirects.size.should == 1 - post_redirect = post_redirects[0] + post_redirect = PostRedirect.get_last_post_redirect response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token) # post_redirect.post_params.should == params # XXX get this working. there's a : vs '' problem amongst others end @@ -148,6 +143,54 @@ describe RequestController, "when creating a new request" do end end +describe RequestController, "when viewing an individual response" do + integrate_views + fixtures :info_requests, :public_bodies, :users, :incoming_messages, :outgoing_messages # all needed as integrating views + + it "should require login if not logged in" do + get :classify, :incoming_message_id => 1 + post_redirect = PostRedirect.get_last_post_redirect + response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token) + end + + it "should say you are the wrong user if logged in as wrong user" do + session[:user_id] = users(:silly_name_user).id + get :classify, :incoming_message_id => 1 + response.should render_template('user/wrong_user') + end + + it "should show classification page if logged in as user controlling request" do + session[:user_id] = users(:bob_smith_user).id + get :classify, :incoming_message_id => 1 + response.should render_template('classify') + end +end + +describe RequestController, "when classifying an individual response" do + integrate_views + fixtures :info_requests, :public_bodies, :users, :incoming_messages, :outgoing_messages # all needed as integrating views + + it "should require login" do + post :classify, :incoming_message => { :contains_information => true }, :incoming_message_id => incoming_messages(:useless_incoming_message) + post_redirect = PostRedirect.get_last_post_redirect + response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token) + end + + it "should not classify response if logged in as wrong user" do + session[:user_id] = users(:silly_name_user).id + post :classify, :incoming_message => { :contains_information => true }, :incoming_message_id => incoming_messages(:useless_incoming_message) + response.should render_template('user/wrong_user') + end + + it "should successfully classify response if logged in as user controlling request" do + incoming_messages(:useless_incoming_message).user_classified.should == false + session[:user_id] = users(:bob_smith_user).id + post :classify, :incoming_message => { :contains_information => true }, :incoming_message_id => incoming_messages(:useless_incoming_message) + response.should redirect_to(:controller => 'request', :action => 'show', :id => info_requests(:fancy_dog_request)) + incoming_messages(:useless_incoming_message).reload + incoming_messages(:useless_incoming_message).user_classified.should == true + end +end diff --git a/spec/fixtures/incoming_messages.yml b/spec/fixtures/incoming_messages.yml index 2e3c74f69..63c2ebfdf 100644 --- a/spec/fixtures/incoming_messages.yml +++ b/spec/fixtures/incoming_messages.yml @@ -18,6 +18,5 @@ useless_incoming_message: On Wed, Oct 24, 2007 at 11:30:06AM +0100, Bob Smith wrote: > Why do you have such a fancy dog? - created_at: 2007-11-13 18:09:20.042061 |