scinote-web/spec/controllers/access_permissions/experiments_controller_spec.rb

89 lines
2.8 KiB
Ruby
Raw Normal View History

# frozen_string_literal: true
require 'rails_helper'
describe AccessPermissions::ExperimentsController, type: :controller do
login_user
let!(:user) { subject.current_user }
let!(:team) { create :team, created_by: user }
let!(:experiment) { create :experiment, project: project, created_by: user }
let!(:owner_role) { UserRole.find_by(name: I18n.t('user_roles.predefined.owner')) }
let!(:viewer_user_role) { create :viewer_role }
let!(:technician_role) { create :technician_role }
let!(:project) { create :project, team: team, created_by: user }
let!(:viewer_user) { create :user, confirmed_at: Time.zone.now }
2021-09-09 21:41:42 +08:00
before do
create_user_assignment(team, owner_role, user)
create_user_assignment(team, viewer_user_role, viewer_user)
2021-09-09 21:41:42 +08:00
create_user_assignment(experiment, owner_role, user)
create_user_assignment(experiment, viewer_user_role, viewer_user)
end
2021-05-22 20:41:56 +08:00
describe 'GET #show' do
it 'returns a http success response' do
get :show, params: { project_id: project.id, id: experiment.id }, format: :json
expect(response).to have_http_status :success
end
it 'renders show template' do
get :show, params: { project_id: project.id, id: experiment.id }, format: :json
expect(response).to render_template :show
end
end
2021-05-22 20:41:56 +08:00
describe 'GET #edit' do
it 'returns a http success response' do
2021-05-22 20:41:56 +08:00
get :edit, params: { project_id: project.id, id: experiment.id }, format: :json
expect(response).to have_http_status :success
end
it 'renders edit template' do
get :edit, params: { project_id: project.id, id: experiment.id }, format: :json
expect(response).to render_template :edit
end
it 'renders 403 if user does not have manage permissions on project' do
sign_in_viewer_user
get :edit, params: { project_id: project.id, id: experiment.id }, format: :json
expect(response).to have_http_status :forbidden
end
end
2021-05-22 20:41:56 +08:00
describe 'PUT #update' do
2021-05-30 01:25:46 +08:00
let(:valid_params) do
{
id: experiment.id,
project_id: project.id,
user_assignment: {
user_role_id: technician_role.id,
user_id: viewer_user.id
}
}
2021-05-30 01:25:46 +08:00
end
it 'updates the user role' do
put :update, params: valid_params, format: :json
expect(response).to have_http_status :success
2021-09-09 21:41:42 +08:00
expect(UserAssignment.find_by(assignable: experiment, user: viewer_user).user_role).to eq technician_role
end
it 'does not update the user role when the user has no permissions' do
sign_in_viewer_user
put :update, params: valid_params, format: :json
expect(response).to have_http_status :forbidden
2021-09-09 21:41:42 +08:00
expect(UserAssignment.find_by(assignable: experiment, user: viewer_user).user_role).to eq viewer_user_role
end
end
def sign_in_viewer_user
sign_out user
sign_in viewer_user
end
end