From 0fdc192db473ae022cbc4c129e0d9b0599adcf0e Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Tue, 30 Oct 2012 15:42:12 +0000
Subject: Pull out a bit of shared setup code.

---
 .../admin_public_body_controller_spec.rb           | 24 ++++++++++------------
 1 file changed, 11 insertions(+), 13 deletions(-)

(limited to 'spec/controllers/admin_public_body_controller_spec.rb')

diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb
index be33802c5..c8563e0a4 100644
--- a/spec/controllers/admin_public_body_controller_spec.rb
+++ b/spec/controllers/admin_public_body_controller_spec.rb
@@ -166,6 +166,13 @@ describe AdminPublicBodyController, "when administering public bodies and paying
         config['SKIP_ADMIN_AUTH'] = true
     end
 
+    def setup_emergency_credentials(username, password)
+        config = MySociety::Config.load_default()
+        config['SKIP_ADMIN_AUTH'] = false
+        config['ADMIN_USERNAME'] = username
+        config['ADMIN_PASSWORD'] = password
+        @request.env["HTTP_AUTHORIZATION"] = ""
+    end
 
     it "disallows non-authenticated users to do anything" do
         @request.env["HTTP_AUTHORIZATION"] = ""
@@ -180,19 +187,14 @@ describe AdminPublicBodyController, "when administering public bodies and paying
         config = MySociety::Config.load_default()
         config['SKIP_ADMIN_AUTH'] = true
         @request.env["HTTP_AUTHORIZATION"] = ""
-
         n = PublicBody.count
         post :destroy, { :id => public_bodies(:forlorn_public_body).id }
         PublicBody.count.should == n - 1
         session[:using_admin].should == 1
     end
 
-    it "doesn't let people with bad credentials log in" do
-        config = MySociety::Config.load_default()
-        config['SKIP_ADMIN_AUTH'] = false
-        config['ADMIN_USERNAME'] = 'biz'
-        config['ADMIN_PASSWORD'] = 'fuz'
-        @request.env["HTTP_AUTHORIZATION"] = ""
+    it "doesn't let people with bad emergency account credentials log in" do
+        setup_emergency_credentials('biz', 'fuz')
         n = PublicBody.count
         basic_auth_login(@request, "baduser", "badpassword")
         post :destroy, { :id => public_bodies(:forlorn_public_body).id }
@@ -201,12 +203,8 @@ describe AdminPublicBodyController, "when administering public bodies and paying
         session[:using_admin].should == nil
     end
 
-    it "allows people with good credentials log in using HTTP Basic Auth" do
-        config = MySociety::Config.load_default()
-        config['SKIP_ADMIN_AUTH'] = false
-        config['ADMIN_USERNAME'] = 'biz'
-        config['ADMIN_PASSWORD'] = 'fuz'
-        @request.env["HTTP_AUTHORIZATION"] = ""
+    it "allows people with good emergency account credentials log in using HTTP Basic Auth" do
+        setup_emergency_credentials('biz', 'fuz')
         n = PublicBody.count
         basic_auth_login(@request, "biz", "fuz")
         post :show, { :id => public_bodies(:humpadink_public_body).id, :emergency => 1}
-- 
cgit v1.2.3


From 081d912ee868843c5b73b201761b1d8d19239e34 Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Tue, 30 Oct 2012 15:42:40 +0000
Subject: Add some specs for admin_current_user

---
 .../admin_public_body_controller_spec.rb           | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'spec/controllers/admin_public_body_controller_spec.rb')

diff --git a/spec/controllers/admin_public_body_controller_spec.rb b/spec/controllers/admin_public_body_controller_spec.rb
index c8563e0a4..504ddc5cc 100644
--- a/spec/controllers/admin_public_body_controller_spec.rb
+++ b/spec/controllers/admin_public_body_controller_spec.rb
@@ -233,6 +233,33 @@ describe AdminPublicBodyController, "when administering public bodies and paying
         PublicBody.count.should == n
         session[:using_admin].should == nil
     end
+
+    describe 'when asked for the admin current user' do
+
+        it 'returns the emergency account name for someone who logged in with the emergency account' do
+            setup_emergency_credentials('biz', 'fuz')
+            basic_auth_login(@request, "biz", "fuz")
+            post :show, { :id => public_bodies(:humpadink_public_body).id, :emergency => 1 }
+            controller.send(:admin_current_user).should == 'biz'
+        end
+
+        it 'returns the current user url_name for a superuser' do
+            session[:user_id] = users(:admin_user).id
+            @request.env["HTTP_AUTHORIZATION"] = ""
+            post :show, { :id => public_bodies(:humpadink_public_body).id }
+            controller.send(:admin_current_user).should == users(:admin_user).url_name
+        end
+
+        it 'returns the REMOTE_USER value from the request environment when skipping admin auth' do
+            config = MySociety::Config.load_default()
+            config['SKIP_ADMIN_AUTH'] = true
+            @request.env["HTTP_AUTHORIZATION"] = ""
+            @request.env["REMOTE_USER"] = "i_am_admin"
+            post :show, { :id => public_bodies(:humpadink_public_body).id }
+            controller.send(:admin_current_user).should == "i_am_admin"
+        end
+
+    end
 end
 
 describe AdminPublicBodyController, "when administering public bodies with i18n" do
-- 
cgit v1.2.3