2019-04-29 20:27:42 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2022-07-27 22:27:38 -04:00
|
|
|
RSpec.describe Admin::ImpersonateController do
|
2018-06-11 00:47:14 -04:00
|
|
|
|
|
|
|
it "is a subclass of AdminController" do
|
|
|
|
expect(Admin::ImpersonateController < Admin::AdminController).to eq(true)
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'while logged in as an admin' do
|
2019-05-06 23:12:20 -04:00
|
|
|
fab!(:admin) { Fabricate(:admin) }
|
|
|
|
fab!(:user) { Fabricate(:user) }
|
|
|
|
fab!(:another_admin) { Fabricate(:admin) }
|
2018-06-11 00:47:14 -04:00
|
|
|
|
|
|
|
before do
|
|
|
|
sign_in(admin)
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#index' do
|
|
|
|
it 'returns success' do
|
|
|
|
get "/admin/impersonate.json"
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#create' do
|
|
|
|
it 'requires a username_or_email parameter' do
|
|
|
|
post "/admin/impersonate.json"
|
|
|
|
expect(response.status).to eq(400)
|
|
|
|
expect(session[:current_user_id]).to eq(admin.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns 404 when that user does not exist' do
|
|
|
|
post "/admin/impersonate.json", params: { username_or_email: 'hedonismbot' }
|
|
|
|
expect(response.status).to eq(404)
|
|
|
|
expect(session[:current_user_id]).to eq(admin.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an invalid access error if the user can't be impersonated" do
|
|
|
|
post "/admin/impersonate.json", params: { username_or_email: another_admin.email }
|
|
|
|
expect(response.status).to eq(403)
|
|
|
|
expect(session[:current_user_id]).to eq(admin.id)
|
|
|
|
end
|
|
|
|
|
2022-07-27 12:14:14 -04:00
|
|
|
context 'with success' do
|
2018-06-11 00:47:14 -04:00
|
|
|
it "succeeds and logs the impersonation" do
|
|
|
|
expect do
|
|
|
|
post "/admin/impersonate.json", params: { username_or_email: user.username }
|
|
|
|
end.to change { UserHistory.where(action: UserHistory.actions[:impersonate]).count }.by(1)
|
|
|
|
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(session[:current_user_id]).to eq(user.id)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "also works with an email address" do
|
|
|
|
post "/admin/impersonate.json", params: { username_or_email: user.email }
|
|
|
|
expect(response.status).to eq(200)
|
|
|
|
expect(session[:current_user_id]).to eq(user.id)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|