From e53e0a0ccbb4695dbbb01a56598b7c832a9c5a0c Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Thu, 1 Aug 2013 14:53:10 +0100
Subject: Refactor some common setup steps in integration tests into a DSL.

Add a failing test for what should happen on request hiding.
---
 spec/integration/admin_spec.rb | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

(limited to 'spec/integration/admin_spec.rb')

diff --git a/spec/integration/admin_spec.rb b/spec/integration/admin_spec.rb
index 8a5e59ba2..25872fb4a 100644
--- a/spec/integration/admin_spec.rb
+++ b/spec/integration/admin_spec.rb
@@ -1,21 +1,27 @@
 require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
-
-require "base64"
+require File.expand_path(File.dirname(__FILE__) + '/alaveteli_dsl')
 
 describe "When administering the site" do
+
+    before do
+        AlaveteliConfiguration.stub!(:skip_admin_auth).and_return(false)
+    end
+
     it "allows an admin to log in as another user" do
         # First log in as Joe Admin
-        admin_user = users(:admin_user)
-        admin_user.email_confirmed = true
-        admin_user.save!
-        post_via_redirect "/profile/sign_in", :user_signin => {:email => admin_user.email, :password => "jonespassword"}
-        response.should be_success
-        
+        confirm(:admin_user)
+        admin = login(:admin_user)
+
         # Now fetch the "log in as" link to log in as Bob
-        get_via_redirect "/admin/user/login_as/#{users(:bob_smith_user).id}", nil, {
-          "Authorization" => "Basic " + Base64.encode64("#{AlaveteliConfiguration::admin_username}:#{AlaveteliConfiguration::admin_password}").strip
-        }
-        response.should be_success
-        session[:user_id].should == users(:bob_smith_user).id
+        admin.get_via_redirect "/admin/user/login_as/#{users(:bob_smith_user).id}"
+        admin.response.should be_success
+        admin.session[:user_id].should == users(:bob_smith_user).id
+    end
+
+    it 'does not allow a non-admin user to login as another user' do
+        robin = login(:robin_user)
+        robin.get_via_redirect "/admin/user/login_as/#{users(:bob_smith_user).id}"
+        robin.response.should be_success
+        robin.session[:user_id].should_not == users(:bob_smith_user).id
     end
 end
-- 
cgit v1.2.3