aboutsummaryrefslogtreecommitdiffstats
path: root/spec/integration/admin_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/integration/admin_spec.rb')
-rw-r--r--spec/integration/admin_spec.rb32
1 files changed, 19 insertions, 13 deletions
diff --git a/spec/integration/admin_spec.rb b/spec/integration/admin_spec.rb
index 8a5e59ba2..25872fb4a 100644
--- a/spec/integration/admin_spec.rb
+++ b/spec/integration/admin_spec.rb
@@ -1,21 +1,27 @@
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
-
-require "base64"
+require File.expand_path(File.dirname(__FILE__) + '/alaveteli_dsl')
describe "When administering the site" do
+
+ before do
+ AlaveteliConfiguration.stub!(:skip_admin_auth).and_return(false)
+ end
+
it "allows an admin to log in as another user" do
# First log in as Joe Admin
- admin_user = users(:admin_user)
- admin_user.email_confirmed = true
- admin_user.save!
- post_via_redirect "/profile/sign_in", :user_signin => {:email => admin_user.email, :password => "jonespassword"}
- response.should be_success
-
+ confirm(:admin_user)
+ admin = login(:admin_user)
+
# Now fetch the "log in as" link to log in as Bob
- get_via_redirect "/admin/user/login_as/#{users(:bob_smith_user).id}", nil, {
- "Authorization" => "Basic " + Base64.encode64("#{AlaveteliConfiguration::admin_username}:#{AlaveteliConfiguration::admin_password}").strip
- }
- response.should be_success
- session[:user_id].should == users(:bob_smith_user).id
+ admin.get_via_redirect "/admin/user/login_as/#{users(:bob_smith_user).id}"
+ admin.response.should be_success
+ admin.session[:user_id].should == users(:bob_smith_user).id
+ end
+
+ it 'does not allow a non-admin user to login as another user' do
+ robin = login(:robin_user)
+ robin.get_via_redirect "/admin/user/login_as/#{users(:bob_smith_user).id}"
+ robin.response.should be_success
+ robin.session[:user_id].should_not == users(:bob_smith_user).id
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-26 19:14:29 +0000