nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/spec/integration/api/aspects_controller_spec.rb
Jonne Haß 16b242fa0f Drop chat_enabled from aspects API
2020-01-21 23:35:01 +01:00

319 lines
8.8 KiB
Ruby
Raw Blame History

# frozen_sTring_literal: true
require "spec_helper"
describe Api::V1::AspectsController do
let(:auth) {
FactoryGirl.create(
:auth_with_default_scopes,
scopes: %w[openid contacts:read contacts:modify]
)
}
let(:auth_read_only) {
FactoryGirl.create(
:auth_with_default_scopes,
scopes: %w[openid contacts:read]
)
}
let(:auth_minimum_scopes) {
FactoryGirl.create(:auth_with_default_scopes)
}
let!(:access_token) { auth.create_access_token.to_s }
let!(:access_token_read_only) { auth_read_only.create_access_token.to_s }
let!(:access_token_minimum_scopes) { auth_minimum_scopes.create_access_token.to_s }
let(:invalid_token) { SecureRandom.hex(9) }
before do
@aspect1 = auth.user.aspects.create(name: "first aspect")
@aspect2 = auth.user.aspects.create(name: "second aspect")
end
describe "#index" do
it "returns list of aspects" do
get(
api_v1_aspects_path,
params: {access_token: access_token}
)
expect(response.status).to eq(200)
aspects = response_body_data(response)
expect(aspects.length).to eq(auth.user.aspects.length)
aspects.each do |aspect|
found_aspect = auth.user.aspects.find_by(id: aspect["id"])
expect(aspect["name"]).to eq(found_aspect.name)
expect(aspect["order"]).to eq(found_aspect.order_id)
end
expect(aspects.to_json).to match_json_schema(:api_v1_schema)
end
context "without impromper credentials" do
it "fails if token doesn't have contacts:read" do
get(
api_v1_aspects_path,
params: {access_token: access_token_minimum_scopes}
)
expect(response.status).to eq(403)
end
it "fails if invalid token" do
get(
api_v1_aspects_path,
params: {access_token: invalid_token}
)
expect(response.status).to eq(401)
end
end
end
describe "#show" do
context "with correct id" do
it "returns aspect" do
get(
api_v1_aspect_path(@aspect2.id),
params: {access_token: access_token}
)
expect(response.status).to eq(200)
aspect = JSON.parse(response.body)
expect(aspect["id"]).to eq(@aspect2.id)
expect(aspect["name"]).to eq(@aspect2.name)
expect(aspect["order"]).to eq(@aspect2.order_id)
expect(aspect.to_json).to match_json_schema(:api_v1_schema)
end
end
context "with incorrect id" do
it "fails to return with error" do
get(
api_v1_aspect_path("-1"),
params: {access_token: access_token}
)
expect(response.status).to eq(404)
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.not_found"))
end
end
context "without impromper credentials" do
it "fails without contacts:read in token" do
get(
api_v1_aspect_path(@aspect2.id),
params: {access_token: access_token_minimum_scopes}
)
expect(response.status).to eq(403)
end
it "fails when not logged in" do
get(
api_v1_aspect_path(@aspect2.id),
params: {access_token: invalid_token}
)
expect(response.status).to eq(401)
end
end
end
describe "#create" do
context "with full aspect settings" do
it "creates aspect" do
new_name = "diaspora developers"
post(
api_v1_aspects_path,
params: {name: new_name, access_token: access_token}
)
expect(response.status).to eq(200)
aspect = JSON.parse(response.body)
expect(aspect["name"]).to eq(new_name)
expect(aspect.has_key?("id")).to be_truthy
expect(aspect.has_key?("order")).to be_truthy
end
it "fails to create duplicate aspect" do
post(
api_v1_aspects_path,
params: {name: @aspect1.name, access_token: access_token}
)
expect(response.status).to eq(422)
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_create"))
end
end
context "with malformed settings" do
it "fails when missing name" do
post(
api_v1_aspects_path,
params: {order: 0, access_token: access_token}
)
expect(response.status).to eq(422)
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_create"))
end
end
context "improper credentials" do
it "fails when not logged in" do
post(
api_v1_aspects_path,
params: {name: "new_name", access_token: invalid_token}
)
expect(response.status).to eq(401)
end
it "fails when logged in read only" do
post(
api_v1_aspects_path,
params: {name: "new_name", access_token: access_token_read_only}
)
expect(response.status).to eq(403)
end
end
end
describe "#update" do
context "with aspect settings" do
it "updates full aspect" do
new_name = "NewAspectName"
new_order = @aspect2.order_id + 1
patch(
api_v1_aspect_path(@aspect2.id),
params: {name: new_name, order: new_order, access_token: access_token}
)
expect(response.status).to eq(200)
aspect = JSON.parse(response.body)
expect(aspect["name"]).to eq(new_name)
expect(aspect["order"]).to eq(new_order)
expect(aspect["id"]).to eq(@aspect2.id)
end
it "updates name only aspect" do
new_name = "NewAspectName"
patch(
api_v1_aspect_path(@aspect2.id),
params: {name: new_name, access_token: access_token}
)
expect(response.status).to eq(200)
aspect = JSON.parse(response.body)
expect(aspect["name"]).to eq(new_name)
expect(aspect["id"]).to eq(@aspect2.id)
end
it "updates order only" do
new_order = @aspect2.order_id + 1
patch(
api_v1_aspect_path(@aspect2.id),
params: {order: new_order, access_token: access_token}
)
expect(response.status).to eq(200)
aspect = JSON.parse(response.body)
expect(aspect["order"]).to eq(new_order)
expect(aspect["id"]).to eq(@aspect2.id)
end
it "succeds with no arguments" do
patch(
api_v1_aspect_path(@aspect2.id),
params: {access_token: access_token}
)
expect(response.status).to eq(200)
aspect = JSON.parse(response.body)
expect(aspect["name"]).to eq(@aspect2.name)
expect(aspect["id"]).to eq(@aspect2.id)
end
end
context "with bad parameters" do
it "fails with reused name" do
patch(
api_v1_aspect_path(@aspect2.id),
params: {name: @aspect1.name, access_token: access_token}
)
expect(response.status).to eq(422)
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_update"))
end
it "fails with bad id" do
patch(
api_v1_aspect_path("-1"),
params: {name: "NewAspectName", access_token: access_token}
)
expect(response.status).to eq(404)
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_update"))
end
end
context "improper credentials" do
it "fails when not logged in" do
patch(
api_v1_aspect_path(@aspect2.id),
params: {access_token: invalid_token}
)
expect(response.status).to eq(401)
end
it "fails when logged in read only" do
patch(
api_v1_aspect_path(@aspect2.id),
params: {access_token: access_token_read_only}
)
expect(response.status).to eq(403)
end
end
end
describe "#delete" do
context "with correct ID" do
it "deletes aspect" do
delete(
api_v1_aspect_path(@aspect2.id),
params: {access_token: access_token}
)
expect(response.status).to eq(204)
expect(auth.user.aspects.find_by(id: @aspect2.id)).to be_nil
end
end
context "with bad ID" do
it "fails to delete with error" do
delete(
api_v1_aspect_path("-1"),
params: {access_token: access_token}
)
expect(response.status).to eq(422)
expect(response.body).to eq(I18n.t("api.endpoint_errors.aspects.cant_delete"))
end
end
context "improper credentials" do
it "fails when not logged in" do
delete(
api_v1_aspect_path(@aspect2.id),
params: {access_token: invalid_token}
)
expect(response.status).to eq(401)
end
it "fails when logged in read only" do
delete(
api_v1_aspect_path(@aspect2.id),
params: {access_token: access_token_read_only}
)
expect(response.status).to eq(403)
end
end
end
def response_body_data(response)
JSON.parse(response.body)
end
end
Reference in a new issue View git blame Copy permalink