"Fossies" - the Fresh Open Source Software Archive

Member "redmine-4.1.1/test/functional/users_controller_test.rb" (6 Apr 2020, 23915 Bytes) of package /linux/www/redmine-4.1.1.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "users_controller_test.rb": 4.1.0_vs_4.1.1.

    1 # frozen_string_literal: true
    2 
    3 # Redmine - project management software
    4 # Copyright (C) 2006-2019  Jean-Philippe Lang
    5 #
    6 # This program is free software; you can redistribute it and/or
    7 # modify it under the terms of the GNU General Public License
    8 # as published by the Free Software Foundation; either version 2
    9 # of the License, or (at your option) any later version.
   10 #
   11 # This program is distributed in the hope that it will be useful,
   12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
   13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   14 # GNU General Public License for more details.
   15 #
   16 # You should have received a copy of the GNU General Public License
   17 # along with this program; if not, write to the Free Software
   18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   19 
   20 require File.expand_path('../../test_helper', __FILE__)
   21 
   22 class UsersControllerTest < Redmine::ControllerTest
   23   include Redmine::I18n
   24 
   25   fixtures :users, :email_addresses, :projects, :members, :member_roles, :roles,
   26            :custom_fields, :custom_values, :groups_users,
   27            :auth_sources,
   28            :enabled_modules,
   29            :issues, :issue_statuses,
   30            :trackers
   31 
   32   def setup
   33     User.current = nil
   34     @request.session[:user_id] = 1 # admin
   35   end
   36 
   37   def test_index
   38     get :index
   39     assert_response :success
   40     assert_select 'table.users'
   41     assert_select 'tr.user.active'
   42     assert_select 'tr.user.locked', 0
   43   end
   44 
   45   def test_index_with_status_filter
   46     get :index, :params => {:status => 3}
   47     assert_response :success
   48     assert_select 'tr.user.active', 0
   49     assert_select 'tr.user.locked'
   50   end
   51 
   52   def test_index_with_name_filter
   53     get :index, :params => {:name => 'john'}
   54     assert_response :success
   55     assert_select 'tr.user td.username', :text => 'jsmith'
   56     assert_select 'tr.user', 1
   57   end
   58 
   59   def test_index_with_group_filter
   60     get :index, :params => {:group_id => '10'}
   61     assert_response :success
   62 
   63     assert_select 'tr.user', Group.find(10).users.count
   64     assert_select 'select[name=group_id]' do
   65       assert_select 'option[value="10"][selected=selected]'
   66     end
   67   end
   68 
   69   def test_index_csv
   70     with_settings :default_language => 'en' do
   71       get :index, :params => { :format => 'csv' }
   72       assert_response :success
   73 
   74       assert_equal User.logged.status(1).count, response.body.chomp.split("\n").size - 1
   75       assert_include 'active', response.body
   76       assert_not_include 'locked', response.body
   77       assert_equal 'text/csv', @response.media_type
   78     end
   79   end
   80 
   81   def test_index_csv_with_status_filter
   82     with_settings :default_language => 'en' do
   83       get :index, :params => { :status => 3, :format => 'csv' }
   84       assert_response :success
   85 
   86       assert_equal User.logged.status(3).count, response.body.chomp.split("\n").size - 1
   87       assert_include 'locked', response.body
   88       assert_not_include 'active', response.body
   89       assert_equal 'text/csv', @response.media_type
   90     end
   91   end
   92 
   93   def test_index_csv_with_name_filter
   94     get :index, :params => {:name => 'John', :format => 'csv'}
   95     assert_response :success
   96 
   97     assert_equal User.logged.like('John').count, response.body.chomp.split("\n").size - 1
   98     assert_include 'John', response.body
   99     assert_equal 'text/csv', @response.media_type
  100   end
  101 
  102   def test_index_csv_with_group_filter
  103     get :index, :params => {:group_id => '10', :format => 'csv'}
  104     assert_response :success
  105 
  106     assert_equal Group.find(10).users.count, response.body.chomp.split("\n").size - 1
  107     assert_equal 'text/csv', @response.media_type
  108   end
  109 
  110   def test_show
  111     @request.session[:user_id] = nil
  112     get :show, :params => {:id => 2}
  113     assert_response :success
  114     assert_select 'h2', :text => /John Smith/
  115 
  116     # groups block should not be rendeder for users which are not part of any group
  117     assert_select 'div#groups', 0
  118   end
  119 
  120   def test_show_should_display_visible_custom_fields
  121     @request.session[:user_id] = nil
  122     UserCustomField.find_by_name('Phone number').update_attribute :visible, true
  123     get :show, :params => {:id => 2}
  124     assert_response :success
  125 
  126     assert_select 'li[class=?]', 'cf_4', :text => /Phone number/
  127   end
  128 
  129   def test_show_should_not_display_hidden_custom_fields
  130     @request.session[:user_id] = nil
  131     UserCustomField.find_by_name('Phone number').update_attribute :visible, false
  132     get :show, :params => {:id => 2}
  133     assert_response :success
  134 
  135     assert_select 'li', :text => /Phone number/, :count => 0
  136   end
  137 
  138   def test_show_should_not_fail_when_custom_values_are_nil
  139     user = User.find(2)
  140 
  141     # Create a custom field to illustrate the issue
  142     custom_field = CustomField.create!(:name => 'Testing', :field_format => 'text')
  143     custom_value = user.custom_values.build(:custom_field => custom_field).save!
  144 
  145     get :show, :params => {:id => 2}
  146     assert_response :success
  147   end
  148 
  149   def test_show_inactive
  150     @request.session[:user_id] = nil
  151     get :show, :params => {:id => 5}
  152     assert_response 404
  153   end
  154 
  155   def test_show_inactive_by_admin
  156     @request.session[:user_id] = 1
  157     get :show, :params => {:id => 5}
  158     assert_response 200
  159     assert_select 'h2', :text => /Dave2 Lopper2/
  160   end
  161 
  162   def test_show_user_who_is_not_visible_should_return_404
  163     Role.anonymous.update! :users_visibility => 'members_of_visible_projects'
  164     user = User.generate!
  165 
  166     @request.session[:user_id] = nil
  167     get :show, :params => {:id => user.id}
  168     assert_response 404
  169   end
  170 
  171   def test_show_displays_memberships_based_on_project_visibility
  172     @request.session[:user_id] = 1
  173     get :show, :params => {:id => 2}
  174     assert_response :success
  175 
  176     assert_select 'table.list.projects>tbody' do
  177       assert_select 'tr:nth-of-type(1)' do
  178         assert_select 'td:nth-of-type(1)>span>a', :text => 'eCookbook'
  179         assert_select 'td:nth-of-type(2)', :text => 'Manager'
  180       end
  181       assert_select 'tr:nth-of-type(2)' do
  182         assert_select 'td:nth-of-type(1)>span>a', :text => 'Private child of eCookbook'
  183         assert_select 'td:nth-of-type(2)', :text => 'Manager'
  184       end
  185       assert_select 'tr:nth-of-type(3)' do
  186         assert_select 'td:nth-of-type(1)>span>a', :text => 'OnlineStore'
  187         assert_select 'td:nth-of-type(2)', :text => 'Developer'
  188       end
  189     end
  190   end
  191 
  192   def test_show_current_should_require_authentication
  193     @request.session[:user_id] = nil
  194     get :show, :params => {:id => 'current'}
  195     assert_response 302
  196   end
  197 
  198   def test_show_current
  199     @request.session[:user_id] = 2
  200     get :show, :params => {:id => 'current'}
  201     assert_response :success
  202     assert_select 'h2', :text => /John Smith/
  203   end
  204 
  205   def test_show_issues_counts
  206     @request.session[:user_id] = 2
  207     get :show, :params => {:id => 2}
  208     assert_select 'table.list.issue-report>tbody' do
  209       assert_select 'tr:nth-of-type(1)' do
  210         assert_select 'td:nth-of-type(1)>a', :text => 'Assigned issues'
  211         assert_select 'td:nth-of-type(2)>a', :text => '1'   # open
  212         assert_select 'td:nth-of-type(3)>a', :text => '0'   # closed
  213         assert_select 'td:nth-of-type(4)>a', :text => '1'   # total
  214       end
  215       assert_select 'tr:nth-of-type(2)' do
  216         assert_select 'td:nth-of-type(1)>a', :text => 'Reported issues'
  217         assert_select 'td:nth-of-type(2)>a', :text => '11'  # open
  218         assert_select 'td:nth-of-type(3)>a', :text => '2'   # closed
  219         assert_select 'td:nth-of-type(4)>a', :text => '13'  # total
  220       end
  221     end
  222   end
  223 
  224   def test_show_user_should_list_user_groups
  225     @request.session[:user_id] = 1
  226     get :show, :params => {:id => 8}
  227 
  228     assert_select 'div#groups', 1 do
  229       assert_select 'h3', :text => 'Groups'
  230       assert_select 'li', 2
  231       assert_select 'a[href=?]', '/groups/10/edit', :text => 'A Team'
  232       assert_select 'a[href=?]', '/groups/11/edit', :text => 'B Team'
  233     end
  234   end
  235 
  236   def test_new
  237     get :new
  238     assert_response :success
  239     assert_select 'input[name=?]', 'user[login]'
  240   end
  241 
  242   def test_create
  243     Setting.bcc_recipients = '1'
  244 
  245     assert_difference 'User.count' do
  246       assert_difference 'ActionMailer::Base.deliveries.size' do
  247         post :create, :params => {
  248           :user => {
  249             :firstname => 'John',
  250             :lastname => 'Doe',
  251             :login => 'jdoe',
  252             :password => 'secret123',
  253             :password_confirmation => 'secret123',
  254             :mail => 'jdoe@gmail.com',
  255             :mail_notification => 'none'
  256           },
  257           :send_information => '1'
  258         }
  259       end
  260     end
  261 
  262     user = User.order('id DESC').first
  263     assert_redirected_to :controller => 'users', :action => 'edit', :id => user.id
  264 
  265     assert_equal 'John', user.firstname
  266     assert_equal 'Doe', user.lastname
  267     assert_equal 'jdoe', user.login
  268     assert_equal 'jdoe@gmail.com', user.mail
  269     assert_equal 'none', user.mail_notification
  270     assert user.check_password?('secret123')
  271 
  272     mail = ActionMailer::Base.deliveries.last
  273     assert_not_nil mail
  274     assert_equal [user.mail], mail.bcc
  275     assert_mail_body_match 'secret', mail
  276   end
  277 
  278   def test_create_with_preferences
  279     assert_difference 'User.count' do
  280       post :create, :params => {
  281         :user => {
  282           :firstname => 'John',
  283           :lastname => 'Doe',
  284           :login => 'jdoe',
  285           :password => 'secret123',
  286           :password_confirmation => 'secret123',
  287           :mail => 'jdoe@gmail.com',
  288           :mail_notification => 'none'
  289         },
  290         :pref => {
  291           'hide_mail' => '1',
  292           'time_zone' => 'Paris',
  293           'comments_sorting' => 'desc',
  294           'warn_on_leaving_unsaved' => '0',
  295           'textarea_font' => 'proportional',
  296           'history_default_tab' => 'history'
  297         }
  298       }
  299     end
  300     user = User.order('id DESC').first
  301     assert_equal 'jdoe', user.login
  302     assert_equal true, user.pref.hide_mail
  303     assert_equal 'Paris', user.pref.time_zone
  304     assert_equal 'desc', user.pref[:comments_sorting]
  305     assert_equal '0', user.pref[:warn_on_leaving_unsaved]
  306     assert_equal 'proportional', user.pref[:textarea_font]
  307     assert_equal 'history', user.pref[:history_default_tab]
  308   end
  309 
  310   def test_create_with_generate_password_should_email_the_password
  311     assert_difference 'User.count' do
  312       post :create, :params => {
  313         :user => {
  314           :login => 'randompass',
  315           :firstname => 'Random',
  316           :lastname => 'Pass',
  317           :mail => 'randompass@example.net',
  318           :language => 'en',
  319           :generate_password => '1',
  320           :password => '',
  321           :password_confirmation => ''
  322         },
  323         :send_information => 1
  324       }
  325     end
  326     user = User.order('id DESC').first
  327     assert_equal 'randompass', user.login
  328 
  329     mail = ActionMailer::Base.deliveries.last
  330     assert_not_nil mail
  331     m = mail_body(mail).match(/Password: ([a-zA-Z0-9]+)/)
  332     assert m
  333     password = m[1]
  334     assert user.check_password?(password)
  335   end
  336 
  337   def test_create_and_continue
  338     post :create, :params => {
  339       :user => {
  340         :login => 'randompass',
  341         :firstname => 'Random',
  342         :lastname => 'Pass',
  343         :mail => 'randompass@example.net',
  344         :generate_password => '1'
  345       },
  346       :continue => '1'
  347     }
  348     assert_redirected_to '/users/new?user%5Bgenerate_password%5D=1'
  349   end
  350 
  351   def test_create_with_failure
  352     assert_no_difference 'User.count' do
  353       post :create, :params => {:user => {:login => 'foo'}}
  354     end
  355     assert_response :success
  356     assert_select_error /Email cannot be blank/
  357   end
  358 
  359   def test_create_with_failure_sould_preserve_preference
  360     assert_no_difference 'User.count' do
  361       post :create, :params => {
  362         :user => {
  363           :login => 'foo'
  364         },
  365         :pref => {
  366           'no_self_notified' => '1',
  367           'hide_mail' => '1',
  368           'time_zone' => 'Paris',
  369           'comments_sorting' => 'desc',
  370           'warn_on_leaving_unsaved' => '0'
  371         }
  372       }
  373     end
  374     assert_response :success
  375 
  376     assert_select 'select#pref_time_zone option[selected=selected]', :text => /Paris/
  377     assert_select 'input#pref_no_self_notified[value="1"][checked=checked]'
  378   end
  379 
  380   def test_create_admin_should_send_security_notification
  381     ActionMailer::Base.deliveries.clear
  382     post :create, :params => {
  383       :user => {
  384         :firstname => 'Edgar',
  385         :lastname => 'Schmoe',
  386         :login => 'eschmoe',
  387         :password => 'secret123',
  388         :password_confirmation => 'secret123',
  389         :mail => 'eschmoe@example.foo',
  390         :admin => '1'
  391       }
  392     }
  393 
  394     assert_not_nil (mail = ActionMailer::Base.deliveries.last)
  395     assert_mail_body_match '0.0.0.0', mail
  396     assert_mail_body_match I18n.t(:mail_body_security_notification_add, field: I18n.t(:field_admin), value: 'eschmoe'), mail
  397     assert_select_email do
  398       assert_select 'a[href^=?]', 'http://localhost:3000/users', :text => 'Users'
  399     end
  400 
  401     # All admins should receive this
  402     User.where(admin: true, status: Principal::STATUS_ACTIVE).each do |admin|
  403       assert_not_nil ActionMailer::Base.deliveries.detect{|mail| [mail.bcc, mail.cc].flatten.include?(admin.mail) }
  404     end
  405   end
  406 
  407   def test_create_non_admin_should_not_send_security_notification
  408     ActionMailer::Base.deliveries.clear
  409     post :create, :params => {
  410       :user => {
  411         :firstname => 'Edgar',
  412         :lastname => 'Schmoe',
  413         :login => 'eschmoe',
  414         :password => 'secret123',
  415         :password_confirmation => 'secret123',
  416         :mail => 'eschmoe@example.foo',
  417         :admin => '0'
  418       }
  419     }
  420     assert_nil ActionMailer::Base.deliveries.last
  421   end
  422 
  423   def test_edit
  424     with_settings :gravatar_enabled => '1' do
  425       get :edit, :params => {:id => 2}
  426     end
  427     assert_response :success
  428     assert_select 'h2>a+img.gravatar'
  429     assert_select 'input[name=?][value=?]', 'user[login]', 'jsmith'
  430   end
  431 
  432   def test_edit_registered_user
  433     assert User.find(2).register!
  434 
  435     get :edit, :params => {:id => 2}
  436     assert_response :success
  437     assert_select 'a', :text => 'Activate'
  438   end
  439 
  440   def test_edit_should_be_denied_for_anonymous
  441     assert User.find(6).anonymous?
  442     get :edit, :params => {:id => 6}
  443     assert_response 404
  444   end
  445 
  446   def test_edit_user_with_full_text_formatting_custom_field_should_not_fail
  447     field = UserCustomField.find(4)
  448     field.update_attribute :text_formatting, 'full'
  449 
  450     get :edit, :params => {:id => 2}
  451     assert_response :success
  452   end
  453 
  454   def test_update
  455     ActionMailer::Base.deliveries.clear
  456     put :update, :params => {
  457       :id => 2,
  458       :user => {:firstname => 'Changed', :mail_notification => 'only_assigned'},
  459       :pref => {:hide_mail => '1', :comments_sorting => 'desc'}
  460     }
  461     user = User.find(2)
  462     assert_equal 'Changed', user.firstname
  463     assert_equal 'only_assigned', user.mail_notification
  464     assert_equal true, user.pref[:hide_mail]
  465     assert_equal 'desc', user.pref[:comments_sorting]
  466     assert ActionMailer::Base.deliveries.empty?
  467   end
  468 
  469   def test_update_with_failure
  470     assert_no_difference 'User.count' do
  471       put :update, :params => {
  472         :id => 2,
  473         :user => {:firstname => ''}
  474       }
  475     end
  476     assert_response :success
  477     assert_select_error /First name cannot be blank/
  478   end
  479 
  480   def test_update_with_group_ids_should_assign_groups
  481     put :update, :params => {
  482       :id => 2,
  483       :user => {:group_ids => ['10']}
  484     }
  485     user = User.find(2)
  486     assert_equal [10], user.group_ids
  487   end
  488 
  489   def test_update_with_activation_should_send_a_notification
  490     u = User.new(:firstname => 'Foo', :lastname => 'Bar', :mail => 'foo.bar@somenet.foo', :language => 'fr')
  491     u.login = 'foo'
  492     u.status = User::STATUS_REGISTERED
  493     u.save!
  494     ActionMailer::Base.deliveries.clear
  495     Setting.bcc_recipients = '1'
  496 
  497     put :update, :params => {
  498       :id => u.id,
  499       :user => {:status => User::STATUS_ACTIVE}
  500     }
  501     assert u.reload.active?
  502     mail = ActionMailer::Base.deliveries.last
  503     assert_not_nil mail
  504     assert_equal ['foo.bar@somenet.foo'], mail.bcc
  505     assert_mail_body_match ll('fr', :notice_account_activated), mail
  506   end
  507 
  508   def test_update_with_password_change_should_send_a_notification
  509     ActionMailer::Base.deliveries.clear
  510     Setting.bcc_recipients = '1'
  511 
  512     put :update, :params => {
  513       :id => 2,
  514       :user => {:password => 'newpass123', :password_confirmation => 'newpass123'},
  515       :send_information => '1'
  516     }
  517     u = User.find(2)
  518     assert u.check_password?('newpass123')
  519 
  520     mail = ActionMailer::Base.deliveries.last
  521     assert_not_nil mail
  522     assert_equal [u.mail], mail.bcc
  523     assert_mail_body_match 'newpass123', mail
  524   end
  525 
  526   def test_update_with_generate_password_should_email_the_password
  527     ActionMailer::Base.deliveries.clear
  528     Setting.bcc_recipients = '1'
  529 
  530     put :update, :params => {
  531       :id => 2,
  532       :user => {
  533         :generate_password => '1',
  534         :password => '',
  535         :password_confirmation => ''
  536       },
  537       :send_information => '1'
  538     }
  539 
  540     mail = ActionMailer::Base.deliveries.last
  541     assert_not_nil mail
  542     m = mail_body(mail).match(/Password: ([a-zA-Z0-9]+)/)
  543     assert m
  544     password = m[1]
  545     assert User.find(2).check_password?(password)
  546   end
  547 
  548   def test_update_without_generate_password_should_not_change_password
  549     put :update, :params => {
  550       :id => 2, :user => {
  551         :firstname => 'changed',
  552         :generate_password => '0',
  553         :password => '',
  554         :password_confirmation => ''
  555       },
  556       :send_information => '1'
  557     }
  558 
  559     user = User.find(2)
  560     assert_equal 'changed', user.firstname
  561     assert user.check_password?('jsmith')
  562   end
  563 
  564   def test_update_user_switchin_from_auth_source_to_password_authentication
  565     # Configure as auth source
  566     u = User.find(2)
  567     u.auth_source = AuthSource.find(1)
  568     u.save!
  569 
  570     put :update, :params => {
  571       :id => u.id,
  572       :user => {:auth_source_id => '', :password => 'newpass123', :password_confirmation => 'newpass123'}
  573     }
  574 
  575     assert_nil u.reload.auth_source
  576     assert u.check_password?('newpass123')
  577   end
  578 
  579   def test_update_notified_project
  580     get :edit, :params => {:id => 2}
  581     assert_response :success
  582     u = User.find(2)
  583     assert_equal [1, 2, 5], u.projects.collect{|p| p.id}.sort
  584     assert_equal [1, 2, 5], u.notified_projects_ids.sort
  585     assert_select 'input[name=?][value=?]', 'user[notified_project_ids][]', '1'
  586     assert_equal 'all', u.mail_notification
  587     put :update, :params => {
  588       :id => 2,
  589       :user => {
  590         :mail_notification => 'selected',
  591         :notified_project_ids => [1, 2]
  592       }
  593     }
  594     u = User.find(2)
  595     assert_equal 'selected', u.mail_notification
  596     assert_equal [1, 2], u.notified_projects_ids.sort
  597   end
  598 
  599   def test_update_status_should_not_update_attributes
  600     user = User.find(2)
  601     user.pref[:no_self_notified] = '1'
  602     user.pref.save
  603 
  604     put :update, :params => {
  605       :id => 2,
  606       :user => {:status => 3}
  607     }
  608     assert_response 302
  609     user = User.find(2)
  610     assert_equal 3, user.status
  611     assert_equal '1', user.pref[:no_self_notified]
  612   end
  613 
  614   def test_update_assign_admin_should_send_security_notification
  615     ActionMailer::Base.deliveries.clear
  616     put :update, :params => {
  617       :id => 2,
  618       :user => {:admin => 1}
  619     }
  620 
  621     assert_not_nil (mail = ActionMailer::Base.deliveries.last)
  622     assert_mail_body_match I18n.t(:mail_body_security_notification_add, field: I18n.t(:field_admin), value: User.find(2).login), mail
  623 
  624     # All admins should receive this
  625     User.where(admin: true, status: Principal::STATUS_ACTIVE).each do |admin|
  626       assert_not_nil ActionMailer::Base.deliveries.detect{|mail| [mail.bcc, mail.cc].flatten.include?(admin.mail) }
  627     end
  628   end
  629 
  630   def test_update_unassign_admin_should_send_security_notification
  631     user = User.find(2)
  632     user.admin = true
  633     user.save!
  634 
  635     ActionMailer::Base.deliveries.clear
  636     put :update, :params => {
  637       :id => user.id,
  638       :user => {:admin => 0}
  639     }
  640 
  641     assert_not_nil (mail = ActionMailer::Base.deliveries.last)
  642     assert_mail_body_match I18n.t(:mail_body_security_notification_remove, field: I18n.t(:field_admin), value: user.login), mail
  643 
  644     # All admins should receive this
  645     User.where(admin: true, status: Principal::STATUS_ACTIVE).each do |admin|
  646       assert_not_nil ActionMailer::Base.deliveries.detect{|mail| [mail.bcc, mail.cc].flatten.include?(admin.mail) }
  647     end
  648   end
  649 
  650   def test_update_lock_admin_should_send_security_notification
  651     user = User.find(2)
  652     user.admin = true
  653     user.save!
  654 
  655     ActionMailer::Base.deliveries.clear
  656     put :update, :params => {
  657       :id => 2,
  658       :user => {:status => Principal::STATUS_LOCKED}
  659     }
  660 
  661     assert_not_nil (mail = ActionMailer::Base.deliveries.last)
  662     assert_mail_body_match I18n.t(:mail_body_security_notification_remove, field: I18n.t(:field_admin), value: User.find(2).login), mail
  663 
  664     # All admins should receive this
  665     User.where(admin: true, status: Principal::STATUS_ACTIVE).each do |admin|
  666       assert_not_nil ActionMailer::Base.deliveries.detect{|mail| [mail.bcc, mail.cc].flatten.include?(admin.mail) }
  667     end
  668 
  669     # if user is already locked, destroying should not send a second mail
  670     # (for active admins see furtherbelow)
  671     ActionMailer::Base.deliveries.clear
  672     delete :destroy, :params => {:id => 1}
  673     assert_nil ActionMailer::Base.deliveries.last
  674 
  675   end
  676 
  677   def test_update_unlock_admin_should_send_security_notification
  678     user = User.find(5) # already locked
  679     user.admin = true
  680     user.save!
  681     ActionMailer::Base.deliveries.clear
  682     put :update, :params => {
  683       :id => user.id,
  684       :user => {:status => Principal::STATUS_ACTIVE}
  685     }
  686 
  687     assert_not_nil (mail = ActionMailer::Base.deliveries.last)
  688     assert_mail_body_match I18n.t(:mail_body_security_notification_add, field: I18n.t(:field_admin), value: user.login), mail
  689 
  690     # All admins should receive this
  691     User.where(admin: true, status: Principal::STATUS_ACTIVE).each do |admin|
  692       assert_not_nil ActionMailer::Base.deliveries.detect{|mail| [mail.bcc, mail.cc].flatten.include?(admin.mail) }
  693     end
  694   end
  695 
  696   def test_update_admin_unrelated_property_should_not_send_security_notification
  697     ActionMailer::Base.deliveries.clear
  698     put :update, :params => {
  699       :id => 1,
  700       :user => {:firstname => 'Jimmy'}
  701     }
  702     assert_nil ActionMailer::Base.deliveries.last
  703   end
  704 
  705   def test_update_should_be_denied_for_anonymous
  706     assert User.find(6).anonymous?
  707     put :update, :params => {:id => 6}
  708     assert_response 404
  709   end
  710 
  711   def test_destroy
  712     assert_difference 'User.count', -1 do
  713       delete :destroy, :params => {:id => 2}
  714     end
  715     assert_redirected_to '/users'
  716     assert_nil User.find_by_id(2)
  717   end
  718 
  719   def test_destroy_should_be_denied_for_non_admin_users
  720     @request.session[:user_id] = 3
  721 
  722     assert_no_difference 'User.count' do
  723       get :destroy, :params => {:id => 2}
  724     end
  725     assert_response 403
  726   end
  727 
  728   def test_destroy_should_be_denied_for_anonymous
  729     assert User.find(6).anonymous?
  730     assert_no_difference 'User.count' do
  731       put :destroy, :params => {:id => 6}
  732     end
  733     assert_response 404
  734   end
  735 
  736   def test_destroy_should_redirect_to_back_url_param
  737     assert_difference 'User.count', -1 do
  738       delete :destroy, :params => {:id => 2, :back_url => '/users?name=foo'}
  739     end
  740     assert_redirected_to '/users?name=foo'
  741   end
  742 
  743   def test_destroy_active_admin_should_send_security_notification
  744     user = User.find(2)
  745     user.admin = true
  746     user.save!
  747     ActionMailer::Base.deliveries.clear
  748     delete :destroy, :params => {:id => user.id}
  749 
  750     assert_not_nil (mail = ActionMailer::Base.deliveries.last)
  751     assert_mail_body_match I18n.t(:mail_body_security_notification_remove, field: I18n.t(:field_admin), value: user.login), mail
  752 
  753     # All admins should receive this
  754     User.where(admin: true, status: Principal::STATUS_ACTIVE).each do |admin|
  755       assert_not_nil ActionMailer::Base.deliveries.detect{|mail| [mail.bcc, mail.cc].flatten.include?(admin.mail) }
  756     end
  757   end
  758 end