require 'spec_helper'

describe Admin::UsersController do
  before(:each) do
    activate_authlogic
    @user = SpudUserSession.create(FactoryGirl.build(:spud_user, :super_admin => true))
    @role = FactoryGirl.create(:spud_role)
    Spud::Core.admin_applications += [{:name => 'Test', :key => :test}]
    Spud::Core.permissions.push(SpudPermission.new('admin.test.full_access', 'Test', [:test]))
  end
  
  describe :index do
    it "should return an array of users" do
      2.times {|x| FactoryGirl.create(:spud_user) }
      get :index
      
      assigns(:users).count.should be > 1
    end
    
    it "should not return any users if there are no users" do
      get :index
      
      assigns(:users).count.should == 1 # the currently logged in user is the only user
    end
    
    it "should not allow access to users with NO permissions" do
      SpudUserSession.create(FactoryGirl.build(:spud_user, :super_admin => false))
      get :index
      
      response.code.should eq("403")
      response.should render_template('layouts/admin/error_page')
    end
    
    it "should allow access to users with the correct permissions" do
      u = FactoryGirl.create(:spud_user, :super_admin => false)
      @role.permission_tags = ['admin.users.full_access']
      @role.save()
      u.role = @role
      SpudUserSession.create(u)
      get :index
      
      response.should be_success
    end

    it "should not allow access to users without a role, and redirect to render error page if the user has no permissions" do
      u = FactoryGirl.create(:spud_user, :super_admin => false)
      u.role = nil
      SpudUserSession.create(u)
      get :index
      
      response.code.should eq("403")
      response.should render_template('layouts/admin/error_page')
    end

    it "should not allow access to users with a role that contains no permissions, and render error page if the users has no other admin modules" do
      u = FactoryGirl.create(:spud_user, :super_admin => false)
      u.role = @role
      @role.spud_role_permissions = []
      SpudUserSession.create(u)
      get :index
      
      response.code.should eq("403")
      response.should render_template('layouts/admin/error_page')
    end
    
    it "should not allow access to users without permission and render error page if the users has other admin modules" do
      u = FactoryGirl.create(:spud_user, :super_admin => false)
      @role.permission_tags = ['admin.test.full_access']
      u.role = @role
      SpudUserSession.create(u)
      get :index
      
      response.code.should eq("403")
      response.should render_template('layouts/admin/error_page')
    end
  end
  
  describe :show do
    it "should respond successfully" do
      user = FactoryGirl.create(:spud_user)
      get :show, :id => user.id
      
      response.should be_success
    end
    
    it "should show the user" do
      user = FactoryGirl.create(:spud_user)
      get :show, :id => user.id
      
      assigns(:user).id.should == user.id
    end
  end
  
  describe :new do
    it "should respond successfully" do
      get :new, :format => :js
      
      response.should be_success
    end
    
    it "should build a user object for the form" do
      get :new, :format => :js
      
      assigns(:user).should_not be_blank
    end
  end
  
  describe :create do
    context "HTML format" do
      it "should create a new user with a valid form submission" do
        lambda {
          post :create, :spud_user => FactoryGirl.attributes_for(:spud_user)
        }.should change(SpudUser, :count).by(1)
        response.should be_success
      end
    
      it "should not create a user with an invalid form entry" do
        lambda {
          post :create, :spud_user => FactoryGirl.attributes_for(:spud_user, :email => nil)
        }.should_not change(SpudUser, :count)
      end
    end    
  end
  
  describe :edit do
    context "HTML format" do
      it "should load the correct user for the edit form" do
        user = FactoryGirl.create(:spud_user)
        get :edit, :id => user.id
      
        assigns(:user).id.should == user.id
      end
    end

    context "JS format" do
      it "should load the correct user for the edit form" do
        user = FactoryGirl.create(:spud_user)
        get :edit, :id => user.id, :format => :js
      
        assigns(:user).id.should == user.id
      end
      
    end

  end
  
  describe :update do
    it "should update the email when the first name attribute is changed" do
      user = FactoryGirl.create(:spud_user)
      new_name = "Adam"
      lambda {
        put :update, :id => user.id, :spud_user => user.attributes.merge!(:first_name => new_name)
        user.reload
      }.should change(user, :first_name).to(new_name)
    end
    
    it "should redirect to the admin users show view after a successful update" do
      user = FactoryGirl.create(:spud_user)
      put :update, :id => user.id, :spud_user => user.attributes.merge!(:first_name => "Adam")
      
      response.should redirect_to(admin_user_path(user))
    end
  end
  
  describe :destroy do
    it "should destroy the user" do
      user = FactoryGirl.create(:spud_user)
      lambda {
        delete :destroy, :id => user.id
      }.should change(SpudUser, :count).by(-1)
      response.should be_redirect
    end
    
    it "should destroy the user with the wrong id" do
      user = FactoryGirl.create(:spud_user)
      lambda {
        delete :destroy, :id => "23532"
      }.should_not change(SpudUser, :count)
      response.should be_redirect
    end
  end
end