5 files changed, 99 insertions, 9 deletions

diff --git a/spec/controllers/admin_user_controller_spec.rb b/spec/controllers/admin_user_controller_spec.rb
index 60ac6969d..c2d645fd2 100644
--- a/spec/controllers/admin_user_controller_spec.rb
+++ b/spec/controllers/admin_user_controller_spec.rb
@@ -24,13 +24,7 @@ describe AdminUserController, "when administering users" do
         post_redirect = PostRedirect.get_last_post_redirect
         response.should redirect_to(:controller => 'user', :action => 'confirm', :email_token => post_redirect.email_token)
     end
-
-    it "logs in as another user when already logged in as an admin" do
-        session[:user_id] = users(:admin_user).id
-        get :login_as,  :id => users(:bob_smith_user).id
-        post_redirect = PostRedirect.get_last_post_redirect
-        response.should redirect_to(:controller => 'user', :action => 'confirm', :email_token => post_redirect.email_token)
-        session[:user_id].should be_nil
-    end
+    
+    # See also "allows an admin to log in as another user" in spec/integration/admin_spec.rb
 end
 
diff --git a/spec/controllers/request_controller_spec.rb b/spec/controllers/request_controller_spec.rb
index 9018f76fe..9add32f1e 100644
--- a/spec/controllers/request_controller_spec.rb
+++ b/spec/controllers/request_controller_spec.rb
@@ -631,7 +631,7 @@ describe RequestController, "when creating a new request" do
 
     it "should accept a public body parameter" do
         get :new, :public_body_id => @body.id
-        assigns[:info_request].public_body.should == @body    
+        assigns[:info_request].public_body.should == @body
         response.should render_template('new')
     end
 
diff --git a/spec/controllers/track_controller_spec.rb b/spec/controllers/track_controller_spec.rb
index 0dc5db607..5d299caa5 100644
--- a/spec/controllers/track_controller_spec.rb
+++ b/spec/controllers/track_controller_spec.rb
@@ -183,6 +183,35 @@ describe TrackController, "when viewing JSON version of a track feed" do
 
 end
 
+describe TrackController, "when tracking a public body" do
 
+    integrate_views
+
+    before(:each) do
+        load_raw_emails_data
+        rebuild_xapian_index
+    end
+    
+    it "should work" do
+        geraldine = public_bodies(:geraldine_public_body)
+        get :track_public_body, :feed => 'feed', :url_name => geraldine.url_name
+        response.should be_success
+        response.should render_template('track/atom_feed')
+        tt = assigns[:track_thing]
+        tt.public_body.should == geraldine
+        tt.track_type.should == 'public_body_updates'
+        tt.track_query.should == "requested_from:" + geraldine.url_name
+    end
 
+    it "should filter by event type" do
+        geraldine = public_bodies(:geraldine_public_body)
+        get :track_public_body, :feed => 'feed', :url_name => geraldine.url_name, :event_type => 'sent'
+        response.should be_success
+        response.should render_template('track/atom_feed')
+        tt = assigns[:track_thing]
+        tt.public_body.should == geraldine
+        tt.track_type.should == 'public_body_updates'
+        tt.track_query.should == "requested_from:" + geraldine.url_name + " variety:sent"
+    end
 
+end
diff --git a/spec/integration/admin_spec.rb b/spec/integration/admin_spec.rb
new file mode 100644
index 000000000..caf741749
--- /dev/null
+++ b/spec/integration/admin_spec.rb
@@ -0,0 +1,23 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+require "base64"
+
+describe "When administering the site" do
+    it "allows an admin to log in as another user" do
+        # First log in as Joe Admin
+        admin_user = users(:admin_user)
+        admin_user.email_confirmed = true
+        admin_user.save!
+        post_via_redirect "/profile/sign_in", :user_signin => {:email => admin_user.email, :password => "jonespassword"}
+        response.should be_success
+        
+        # Now fetch the "log in as" link to log in as Bob
+        admin_username = MySociety::Config.get('ADMIN_USERNAME')
+        admin_password = MySociety::Config.get('ADMIN_PASSWORD')
+        get_via_redirect "/admin/user/login_as/#{users(:bob_smith_user).id}", nil, {
+          "Authorization" => "Basic " + Base64.encode64("#{admin_username}:#{admin_password}").strip
+        }
+        response.should be_success
+        session[:user_id].should == users(:bob_smith_user).id
+    end
+end
diff --git a/spec/integration/create_request_spec.rb b/spec/integration/create_request_spec.rb
new file mode 100644
index 000000000..6f336d406
--- /dev/null
+++ b/spec/integration/create_request_spec.rb
@@ -0,0 +1,44 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe "When creating requests" do
+    it "should associate the request with the requestor, even if it is approved by an admin" do
+        # This is a test for https://github.com/sebbacon/alaveteli/issues/446
+        
+        params = { :info_request => { :public_body_id => public_bodies(:geraldine_public_body).id,
+            :title => "Why is your quango called Geraldine?", :tag_string => "" },
+            :outgoing_message => { :body => "This is a silly letter. It is too short to be interesting." },
+            :submitted_new_request => 1, :preview => 0
+        }
+        
+        # Initially we are not logged in. Try to create a new request.
+        post "/new", params
+        # We expect to be redirected to the login page
+        post_redirect = PostRedirect.get_last_post_redirect
+        response.should redirect_to(:controller => 'user', :action => 'signin', :token => post_redirect.token)
+        follow_redirect!
+        response.should render_template("user/sign")
+        
+        # Now log in as an unconfirmed user.
+        post "/profile/sign_in", :user_signin => {:email => users(:unconfirmed_user).email, :password => "jonespassword"}, :token => post_redirect.token
+        # This will trigger a confirmation mail. Get the PostRedirect for later.
+        response.should render_template("user/confirm")
+        post_redirect = PostRedirect.get_last_post_redirect
+        
+        # Now log in as an admin user, then follow the confirmation link in the email that was sent to the unconfirmed user
+        admin_user = users(:admin_user)
+        admin_user.email_confirmed = true
+        admin_user.save!
+        post_via_redirect "/profile/sign_in", :user_signin => {:email => admin_user.email, :password => "jonespassword"}
+        response.should be_success
+        get "/c/" + post_redirect.email_token
+        follow_redirect!
+        response.location.should =~ %r(/request/(.+)/new)
+        response.location =~ %r(/request/(.+)/new)
+        url_title = $1
+        info_request = InfoRequest.find_by_url_title(url_title)
+        info_request.should_not be_nil
+        
+        # Make sure the request is still owned by the user who made it, not the admin who confirmed it
+        info_request.user_id.should == users(:unconfirmed_user).id
+    end
+end