require File.dirname(__FILE__) + '/../spec_helper' class MockControllerUsersController < ActionController::Base end describe "ControllerUsers", :type => :controller do controller_name 'MockControllerUsers' before(:each) do @current_user = mock_model(User) @current_user.stub!(:remember_token).and_return('mock_token') @current_user.stub!(:remember_token_expires_at).and_return(30.days.from_now) User.stub!(:find_by_id).and_return(nil) User.stub!(:authenticate_by_email).and_return(nil) User.stub!(:authenticate_by_login).and_return(nil) User.stub!(:authenticate_by_remember_token).and_return(nil) controller.stub!(:cookies).and_return(:auth_token => 'mock_token') controller.stub!(:session).and_return(:user_id => 'mock_session_id') @credentials = ActionController::HttpAuthentication::Basic.encode_credentials("mock_name", "mock_password") request.env['HTTP_AUTHORIZATION'] = @credentials @format = mock("format") @format.stub!(:js).and_yield(controller) @format.stub!(:html).and_yield(controller) controller.stub!(:respond_to).and_yield(@format) @js = "" controller.stub!(:render).with(:update).and_yield(@js) controller.stub!(:user_login_path).and_return('/login') controller.stub!(:root_path).and_return('/root') end describe "getting the current user" do it "should try the session" do User.should_receive(:find_by_id).with('mock_session_id').and_return(@current_user) controller.current_user.should == @current_user end it "should try basic authentication by email" do User.should_receive(:authenticate_by_email).with("mock_name", "mock_password").and_return(@current_user) controller.current_user.should == @current_user end it "should try basic authentication by login" do User.should_receive(:authenticate_by_login).with("mock_name", "mock_password").and_return(@current_user) controller.current_user.should == @current_user end it "should get the cookie" do User.stub!(:authenticate_by_remember_token).with('mock_token').and_return(@current_user) controller.current_user.should == @current_user end it "should return nil if previous calls to the current user have failed" do controller.current_user.should be_nil controller.current_user.should be_nil end it "should return the current user if previous calls to current user have passed" do User.stub!(:find_by_id).once.and_return(@current_user) controller.current_user.should == @current_user controller.current_user.should == @current_user end end describe "checking the login" do it "should tell us if the user is logged in" do controller.should_receive(:current_user).and_return(@current_user) controller.should be_logged_in end it "should tell us if the user is logged in" do controller.should_receive(:current_user).and_return(nil) controller.should_not be_logged_in end end describe "checking for an administrator" do before(:each) do controller.stub!(:current_user).and_return(@current_user) end it "should tell us if the current user is an administrator" do @current_user.should_receive(:access_level).and_return(User::ACCESS_LEVEL_ADMIN) controller.should be_logged_in controller.should be_logged_in_as_admin end it "should tell us if the current user is not an administrator" do @current_user.should_receive(:access_level).and_return(101) controller.should be_logged_in controller.should_not be_logged_in_as_admin end end describe "checking for a disabled account" do before(:each) do controller.stub!(:current_user).and_return(@current_user) end it "should tell us if the current user's account is disabled" do @current_user.should_receive(:access_level).and_return(User::ACCESS_LEVEL_DISABLED) controller.should be_logged_in controller.should be_logged_in_disabled end end describe "login required" do before(:each) do controller.stub!(:logged_in?).and_return(false) controller.stub!(:redirect_to) end it "should pass if the user is logged in" do controller.should_receive(:logged_in?).and_return(true) controller.login_required flash[:error].should be_blank end it "should set an error message if the user is not logged in" do controller.should_receive(:access_denied) controller.login_required flash[:error].should_not be_blank end it "should redirect to login page if the user is not logged in" do controller.should_receive(:redirect_to).with('/login') controller.login_required end it "should set the js window location to the login page if the user is not logged in" do @format.stub!(:html) controller.should_receive(:render).with(:update).and_yield(@js) controller.login_required @js.should == "window.location.href = '/login';" end end describe "admin access required" do before(:each) do controller.stub!(:logged_in?).and_return(true) controller.stub!(:logged_in_as_admin?).and_return(false) controller.stub!(:redirect_to) controller.stub!(:current_user).and_return(@current_user) end it "should pass if the user is logged in and is an administrator" do controller.stub!(:logged_in_as_admin?).and_return(true) @current_user.stub!(:access_level).and_return(User::ACCESS_LEVEL_ADMIN) controller.admin_access_required flash[:error].should be_blank end it "should set an error message if the user is not logged in" do controller.stub!(:logged_in?).and_return(false) controller.admin_access_required flash[:error].should_not be_blank end it "should redirect to the login page if the user is not logged in" do controller.stub!(:logged_in?).and_return(false) controller.should_receive(:redirect_to).with('/login') controller.admin_access_required end it "should set the js window location to the login page if the user is not logged in" do controller.stub!(:logged_in?).and_return(false) @format.stub!(:html) controller.should_receive(:render).with(:update).and_yield(@js) controller.admin_access_required @js.should == "window.location.href = '/login';" end it "should set an error message if the user is not an administrator" do @current_user.stub!(:access_level).and_return(101) controller.admin_access_required flash[:error].should_not be_blank end it "should redirect to root path if the user is not an administrator" do @current_user.stub!(:access_level).and_return(101) controller.should_receive(:redirect_to).with('/root') controller.admin_access_required end it "should set the js window location to the login page if the user is not an administrator" do @current_user.stub!(:access_level).and_return(101) @format.stub!(:html) controller.should_receive(:render).with(:update).and_yield(@js) controller.admin_access_required @js.should == "window.location.href = '/root';" end end describe "user access level" do it "should return the admin access level" do @current_user.stub!(:access_level).and_return(User::ACCESS_LEVEL_ADMIN) controller.user_access_level(@current_user).should == "Administrator" end it "should return the account disabled access level" do @current_user.stub!(:access_level).and_return(User::ACCESS_LEVEL_DISABLED) controller.user_access_level(@current_user).should == "Account Disabled" end end describe "user access levels" do it "should return the access levels" do controller.user_access_levels.should include ["Administrator", User::ACCESS_LEVEL_ADMIN] controller.user_access_levels.should include ["Account Disabled", User::ACCESS_LEVEL_DISABLED] end end describe "defining new access levels" do before(:each) do MockControllerUsersController.define_access_level(:reporter, 200) end describe "_access_level" do it "should return the access level" do ActionController::Base.reporter_access_level.should == 200 end end describe "logged_in_as_? method" do before(:each) do controller.stub!(:current_user).and_return(@current_user) end it "should pass if the current user has the access level" do @current_user.stub!(:access_level).and_return(200) controller.should be_logged_in controller.should be_reporter end it "should pass if the current user has an access level greater than that required" do @current_user.stub!(:access_level).and_return(201) controller.should be_logged_in controller.should be_reporter end it "should fail if the current user has an access level less than that required" do @current_user.stub!(:access_level).and_return(199) controller.should be_logged_in controller.should_not be_reporter end end describe "_access_required method" do before(:each) do controller.stub!(:logged_in?).and_return(true) controller.stub!(:redirect_to) controller.stub!(:current_user).and_return(@current_user) end it "should pass if the user is logged in and has the access level" do controller.stub!(:logged_in_as_admin?).and_return(true) @current_user.stub!(:access_level).and_return(200) controller.reporter_access_required flash[:error].should be_blank end it "should pass if the user is logged in and has an access level greater than that required" do controller.stub!(:logged_in_as_admin?).and_return(true) @current_user.stub!(:access_level).and_return(201) controller.reporter_access_required flash[:error].should be_blank end it "should set an error message if the user is not logged in" do controller.stub!(:logged_in?).and_return(false) controller.admin_access_required flash[:error].should_not be_blank end it "should redirect to the login page if the user is not logged in" do controller.stub!(:logged_in?).and_return(false) controller.should_receive(:access_denied) controller.reporter_access_required end it "should set an error message if the user is does not have the access level required" do controller.stub!(:logged_in_as_admin?).and_return(false) @current_user.stub!(:access_level).and_return(199) controller.should_receive(:user_access_denied) controller.reporter_access_required flash[:error].should_not be_blank end it "should redirect to root path if the user is does not have the access level required" do controller.stub!(:logged_in_as_admin?).and_return(false) @current_user.stub!(:access_level).and_return(199) controller.should_receive(:user_access_denied) controller.reporter_access_required end end describe "user access level" do it "should return the admin access level" do @current_user.stub!(:access_level).and_return(200) controller.user_access_level(@current_user).should == "Reporter" end end describe "user access levels" do it "should return the access levels" do controller.user_access_levels.should include ["Reporter", 200] end end describe "user time zone" do it "Set the time zone to the user's timezone" do controller.stub!(:current_user).and_return(@current_user) @current_user.stub!(:time_zone).and_return('mock time zone') Time.should_receive(:zone=).with('mock time zone') controller.set_timezone end it "Set the time zone to the default timezone when not set" do controller.stub!(:current_user).and_return(nil) # @current_user.stub!(:time_zone).and_return('mock time zone') Time.should_receive(:zone=).with('Eastern Time (US & Canada)') controller.set_timezone end end end end