diff options
Diffstat (limited to 'spec/controllers')
| -rw-r--r-- | spec/controllers/admin_public_body_controller_spec.rb | 10 | ||||
| -rw-r--r-- | spec/controllers/api_controller_spec.rb | 263 | ||||
| -rw-r--r-- | spec/controllers/request_controller_spec.rb | 35 |
3 files changed, 304 insertions, 4 deletions
diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb index 171cb21b5..55a6649b2 100644 --- a/spec/controllers/admin_public_body_controller_spec.rb +++ b/spec/controllers/admin_public_body_controller_spec.rb @@ -146,7 +146,15 @@ describe AdminPublicBodyController, "when administering public bodies and paying session[:using_admin].should == 1 end - + it "doesn't allow non-superusers to do stuff" do + session[:user_id] = users(:robin_user).id + @request.env["HTTP_AUTHORIZATION"] = "" + n = PublicBody.count + post :destroy, { :id => public_bodies(:forlorn_public_body).id } + response.should redirect_to(:controller=>'user', :action=>'signin', :token=>PostRedirect.get_last_post_redirect.token) + PublicBody.count.should == n + session[:using_admin].should == nil + end end describe AdminPublicBodyController, "when administering public bodies with i18n" do diff --git a/spec/controllers/api_controller_spec.rb b/spec/controllers/api_controller_spec.rb new file mode 100644 index 000000000..1f65576b6 --- /dev/null +++ b/spec/controllers/api_controller_spec.rb @@ -0,0 +1,263 @@ +require File.expand_path(File.dirname(__FILE__) + '/../spec_helper') + +def normalise_whitespace(s) + s = s.gsub(/^\s+|\s+$/, "") + s = s.gsub(/\s+/, " ") + return s +end + +Spec::Matchers.define :be_equal_modulo_whitespace_to do |expected| + match do |actual| + normalise_whitespace(actual) == normalise_whitespace(expected) + end +end + +describe ApiController, "when using the API" do + it "should check the API key" do + request_data = { + "title" => "Tell me about your chickens", + "body" => "Dear Sir,\n\nI should like to know about your chickens.\n\nYours in faith,\nBob\n", + + "external_url" => "http://www.example.gov.uk/foi/chickens_23", + "external_user_name" => "Bob Smith", + } + + number_of_requests = InfoRequest.count + expect { + post :create_request, :k => "This is not really an API key", :request_json => request_data.to_json + }.to raise_error ApplicationController::PermissionDenied + + InfoRequest.count.should == number_of_requests + end + + it "should create a new request from a POST" do + number_of_requests = InfoRequest.count( + :conditions => [ + "public_body_id = ?", + public_bodies(:geraldine_public_body).id + ] + ) + + request_data = { + "title" => "Tell me about your chickens", + "body" => "Dear Sir,\n\nI should like to know about your chickens.\n\nYours in faith,\nBob\n", + + "external_url" => "http://www.example.gov.uk/foi/chickens_23", + "external_user_name" => "Bob Smith", + } + + post :create_request, :k => public_bodies(:geraldine_public_body).api_key, :request_json => request_data.to_json + response.should be_success + + response.content_type.should == "application/json" + + response_body = ActiveSupport::JSON.decode(response.body) + response_body["errors"].should be_nil + response_body["url"].should =~ /^http/ + + InfoRequest.count(:conditions => [ + "public_body_id = ?", + public_bodies(:geraldine_public_body).id] + ).should == number_of_requests + 1 + + new_request = InfoRequest.find(response_body["id"]) + new_request.user_id.should be_nil + new_request.external_user_name.should == request_data["external_user_name"] + new_request.external_url.should == request_data["external_url"] + + new_request.title.should == request_data["title"] + new_request.last_event_forming_initial_request.outgoing_message.body.should == request_data["body"].strip + + new_request.public_body_id.should == public_bodies(:geraldine_public_body).id + end + + def _create_request + post :create_request, + :k => public_bodies(:geraldine_public_body).api_key, + :request_json => { + "title" => "Tell me about your chickens", + "body" => "Dear Sir,\n\nI should like to know about your chickens.\n\nYours in faith,\nBob\n", + + "external_url" => "http://www.example.gov.uk/foi/chickens_23", + "external_user_name" => "Bob Smith", + }.to_json + response.content_type.should == "application/json" + return ActiveSupport::JSON.decode(response.body)["id"] + end + + it "should add a response to a request" do + # First we need an external request + request_id = info_requests(:external_request).id + + # Initially it has no incoming messages + IncomingMessage.count(:conditions => ["info_request_id = ?", request_id]).should == 0 + + # Now add one + sent_at = "2012-05-28T12:35:39+01:00" + response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :correspondence_json => { + "direction" => "response", + "sent_at" => sent_at, + "body" => response_body + }.to_json + + # And make sure it worked + response.should be_success + incoming_messages = IncomingMessage.all(:conditions => ["info_request_id = ?", request_id]) + incoming_messages.count.should == 1 + incoming_message = incoming_messages[0] + + incoming_message.sent_at.should == Time.iso8601(sent_at) + incoming_message.get_main_body_text_folded.should be_equal_modulo_whitespace_to(response_body) + end + + it "should add a followup to a request" do + # First we need an external request + request_id = info_requests(:external_request).id + + # Initially it has one outgoing message + OutgoingMessage.count(:conditions => ["info_request_id = ?", request_id]).should == 1 + + # Add another, as a followup + sent_at = "2012-05-29T12:35:39+01:00" + followup_body = "Pls answer ASAP.\nkthxbye\n" + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :correspondence_json => { + "direction" => "request", + "sent_at" => sent_at, + "body" => followup_body + }.to_json + + # Make sure it worked + response.should be_success + followup_messages = OutgoingMessage.all( + :conditions => ["info_request_id = ? and message_type = 'followup'", request_id] + ) + followup_messages.size.should == 1 + followup_message = followup_messages[0] + + followup_message.last_sent_at.should == Time.iso8601(sent_at) + followup_message.body.should == followup_body.strip + end + + it "should not allow internal requests to be updated" do + n_incoming_messages = IncomingMessage.count + n_outgoing_messages = OutgoingMessage.count + + expect { + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => info_requests(:naughty_chicken_request).id, + :correspondence_json => { + "direction" => "request", + "sent_at" => Time.now.iso8601, + "body" => "xxx" + }.to_json + }.to raise_error ActiveRecord::RecordNotFound + + IncomingMessage.count.should == n_incoming_messages + OutgoingMessage.count.should == n_outgoing_messages + end + + it "should not allow other people’s requests to be updated" do + request_id = _create_request + n_incoming_messages = IncomingMessage.count + n_outgoing_messages = OutgoingMessage.count + + expect { + post :add_correspondence, + :k => public_bodies(:humpadink_public_body).api_key, + :id => request_id, + :correspondence_json => { + "direction" => "request", + "sent_at" => Time.now.iso8601, + "body" => "xxx" + }.to_json + }.to raise_error ActiveRecord::RecordNotFound + + IncomingMessage.count.should == n_incoming_messages + OutgoingMessage.count.should == n_outgoing_messages + end + + it "should not allow files to be attached to a followup" do + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => info_requests(:external_request).id, + :correspondence_json => { + "direction" => "request", + "sent_at" => Time.now.iso8601, + "body" => "Are you joking, or are you serious?" + }.to_json, + :attachments => [ + fixture_file_upload("files/tfl.pdf") + ] + + + # Make sure it worked + response.status.to_i.should == 500 + errors = ActiveSupport::JSON.decode(response.body)["errors"] + errors.should == ["You cannot attach files to messages in the 'request' direction"] + end + + it "should allow files to be attached to a response" do + # First we need an external request + request_id = info_requests(:external_request).id + + # Initially it has no incoming messages + IncomingMessage.count(:conditions => ["info_request_id = ?", request_id]).should == 0 + + # Now add one + sent_at = "2012-05-28T12:35:39+01:00" + response_body = "Thank you for your request for information, which we are handling in accordance with the Freedom of Information Act 2000. You will receive a response within 20 working days or before the next full moon, whichever is sooner.\n\nYours sincerely,\nJohn Gandermulch,\nExample Council FOI Officer\n" + post :add_correspondence, + :k => public_bodies(:geraldine_public_body).api_key, + :id => request_id, + :correspondence_json => { + "direction" => "response", + "sent_at" => sent_at, + "body" => response_body + }.to_json, + :attachments => [ + fixture_file_upload("files/tfl.pdf") + ] + + # And make sure it worked + response.should be_success + incoming_messages = IncomingMessage.all(:conditions => ["info_request_id = ?", request_id]) + incoming_messages.count.should == 1 + incoming_message = incoming_messages[0] + + incoming_message.sent_at.should == Time.iso8601(sent_at) + incoming_message.get_main_body_text_folded.should be_equal_modulo_whitespace_to(response_body) + + # Get the attachment + attachments = incoming_message.get_attachments_for_display + attachments.size.should == 1 + attachment = attachments[0] + + attachment.filename.should == "tfl.pdf" + attachment.body.should == load_file_fixture("tfl.pdf") + end + + it "should show information about a request" do + info_request = info_requests(:naughty_chicken_request) + get :show_request, + :k => public_bodies(:geraldine_public_body).api_key, + :id => info_request.id + + response.should be_success + assigns[:request].id.should == info_request.id + + r = ActiveSupport::JSON.decode(response.body) + r["title"].should == info_request.title + # Let’s not test all the fields here, because it would + # essentially just be a matter of copying the code that + # assigns them and changing assignment to an equality + # check, which does not really test anything at all. + end +end diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb index 01a663bf8..530e9b2c3 100644 --- a/spec/controllers/request_controller_spec.rb +++ b/spec/controllers/request_controller_spec.rb @@ -193,6 +193,7 @@ describe RequestController, "when changing things that appear on the request pag end describe RequestController, "when showing one request" do + integrate_views before(:each) do load_raw_emails_data @@ -209,6 +210,12 @@ describe RequestController, "when showing one request" do response.should render_template('show') end + it "should show the request" do + get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' + response.should be_success + response.body.should include("Why do you have such a fancy dog?") + end + it "should assign the request" do get :show, :url_title => 'why_do_you_have_such_a_fancy_dog' assigns[:info_request].should == info_requests(:fancy_dog_request) @@ -1486,7 +1493,7 @@ describe RequestController, "sending unclassified new response reminder alerts" deliveries = ActionMailer::Base.deliveries deliveries.size.should == 3 # sufficiently late it sends reminders too mail = deliveries[0] - mail.body.should =~ /To let us know/ + mail.body.should =~ /To let everyone know/ mail.to_addrs.first.to_s.should == info_requests(:fancy_dog_request).user.name_and_email mail.body =~ /(http:\/\/.*\/c\/(.*))/ mail_url = $1 @@ -1843,9 +1850,17 @@ describe RequestController, "when showing similar requests" do end -describe RequestController, "when reporting a request" do - integrate_views +describe RequestController, "when reporting a request when not logged in" do + it "should only allow logged-in users to report requests" do + get :report_request, :url_title => info_requests(:badger_request).url_title + post_redirect = PostRedirect.get_last_post_redirect + response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token) + end +end +describe RequestController, "when reporting a request (logged in)" do + integrate_views + before do @user = users(:robin_user) session[:user_id] = @user.id @@ -1856,19 +1871,29 @@ describe RequestController, "when reporting a request" do title = ir.url_title get :show, :url_title => title assigns[:info_request].attention_requested.should == false + post :report_request, :url_title => title + response.should redirect_to(:action => :show, :url_title => title) + get :show, :url_title => title + response.should be_success assigns[:info_request].attention_requested.should == true assigns[:info_request].described_state.should == "attention_requested" end it "should not allow a request to be reported twice" do title = info_requests(:badger_request).url_title + post :report_request, :url_title => title + response.should redirect_to(:action => :show, :url_title => title) get :show, :url_title => title + response.should be_success response.body.should include("has been reported") + post :report_request, :url_title => title + response.should redirect_to(:action => :show, :url_title => title) get :show, :url_title => title + response.should be_success response.body.should include("has already been reported") end @@ -1876,10 +1901,14 @@ describe RequestController, "when reporting a request" do title = info_requests(:badger_request).url_title get :show, :url_title => title response.body.should include("Offensive?") + post :report_request, :url_title => title + response.should redirect_to(:action => :show, :url_title => title) + get :show, :url_title => title response.body.should_not include("Offensive?") response.body.should include("This request has been reported") + info_requests(:badger_request).set_described_state("successful") get :show, :url_title => title response.body.should_not include("This request has been reported") |