add a test for the creation of an admin user

ncbo · Nov 28, 2023 · cd8051e · cd8051e
1 parent aa071c1
commit cd8051e
Showing 1 changed file with 39 additions and 1 deletion.
diff --git a/test/controllers/test_users_controller.rb b/test/controllers/test_users_controller.rb
@@ -6,7 +6,7 @@ def self.before_suite
     @@usernames = %w(fred goerge henry ben mark matt charlie)
 
     # Create them again
-    @@usernames.each do |username|
+    @@users = @@usernames.map do |username|
       User.new(username: username, email: "#{username}@example.org", password: "pass_word").save
     end
 
@@ -21,6 +21,17 @@ def self._delete_users
     end
   end
 
+  def test_admin_creation
+    existent_user = @@users.first #no admin
+    refute _create_admin_user(apikey: existent_user.apikey), "A no admin user can't create an admin user or update it to an admin"
+    delete "/users/#{@@username}"
+
+    existent_user = self.class.make_admin(existent_user)
+    assert _create_admin_user(apikey: existent_user.apikey), "Admin can create an admin user or update it to be an admin"
+    delete "/users/#{@@username}"
+    self.class.reset_to_not_admin(existent_user)
+  end
+
   def test_all_users
     get '/users'
     assert last_response.ok?
@@ -100,4 +111,31 @@ def test_authentication
     assert user["username"].eql?(@@usernames.first)
   end
 
+
+  private
+  def _create_admin_user(apikey: nil)
+    user = {email: "#{@@username}@example.org", password: "pass_the_word", role: ['ADMINISTRATOR']}
+
+    put "/users/#{@@username}", MultiJson.dump(user), "CONTENT_TYPE" => "application/json", "Authorization" => "apikey token=#{apikey}"
+    assert last_response.status == 201
+    created_user = MultiJson.load(last_response.body)
+    assert created_user["username"].eql?(@@username)
+
+    get "/users/#{@@username}?apikey=#{apikey}"
+    assert last_response.ok?
+    user = MultiJson.load(last_response.body)
+    assert user["username"].eql?(@@username)
+
+    return true if user["role"].eql?(['ADMINISTRATOR'])
+
+    patch "/users/#{@@username}", MultiJson.dump(role: ['ADMINISTRATOR']), "CONTENT_TYPE" => "application/json", "Authorization" => "apikey token=#{apikey}"
+    assert last_response.status == 204
+
+    get "/users/#{@@username}?apikey=#{apikey}"
+    assert last_response.ok?
+    user = MultiJson.load(last_response.body)
+    assert user["username"].eql?(@@username)
+
+    true if user["role"].eql?(['ADMINISTRATOR'])
+  end
 end