Karavel/fixin.me
0
0
Fork 0
forked from fixin.me/fixin.me
Code Pull Requests Activity

Change User#disguise/revert to GET

Browse Source
This commit is contained in:
cryptogopher 2024-01-15 01:07:45 +01:00
parent a35314e6be
commit 93929f2c07
2 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/routes.rb
View File

@ -6,10 +6,10 @@ Rails.application.routes.draw do
resources :users, only: [:index, :show, :update] do resources :users, only: [:index, :show, :update] do
member do member do
post :disguise get :disguise
end end
collection do collection do
post :revert get :revert
end end
end end

17
test/system/users_test.rb
View File

@ -118,7 +118,7 @@ class UsersTest < ApplicationSystemTestCase
assert_link user.email assert_link user.email
end end
test "disguise disallowed" do test "disguise fails for admin when disallowed" do
user = users.select(&:admin?).select(&:confirmed?).sample user = users.select(&:admin?).select(&:confirmed?).sample
sign_in user: user sign_in user: user
@ -126,12 +126,15 @@ class UsersTest < ApplicationSystemTestCase
text = t("users.index.disguise") text = t("users.index.disguise")
# Pick row without 'disguise' button # Pick row without 'disguise' button
undisguisable = all(:xpath, "//tbody//tr[not(descendant::*[contains(text(),\"#{text}\")])]") undisguisable = all(:xpath, "//tbody//tr[not(descendant::*[contains(text(),\"#{text}\")])]")
within undisguisable.sample do |tr| user_email = undisguisable.sample.first(:link).text
inject_button_to tr.find('td:last-child'), text, visit disguise_user_path(User.find_by_email!(user_email))
disguise_user_path(User.find_by_email!(first(:link).text)) assert_title 'The change you wanted was rejected (422)'
click_on text end
end
assert_title "Bad request received (400)" test "disguise forbidden for non admin" do
sign_in user: users.reject(&:admin?).select(&:confirmed?).sample
visit disguise_user_path(User.all.sample)
assert_title 'Access is forbidden to this page (403)'
end end
test "delete profile" do test "delete profile" do