scinote-web/spec/controllers/access_permissions/projects_controller_spec.rb

# frozen_string_literal: true

require 'rails_helper'

describe AccessPermissions::ProjectsController, type: :controller do
  login_user

  let!(:user) { subject.current_user }
  let!(:team) { create :team, created_by: user }
  let!(:user_team) { create :user_team, :admin, user: user, team: team }
  let!(:project) { create :project, team: team, created_by: user }
  let!(:owner_role) { create :owner_role }
  let!(:normal_user_role) { create :normal_user_role }
  let!(:technician_role) { create :technician_role }
  let!(:user_project) { create :user_project, user: user, project: project }
  let!(:user_assignment) do
    create :user_assignment,
           assignable: project,
           user: user,
           user_role: owner_role,
           assigned_by: user
  end
  let!(:normal_user) { create :user, confirmed_at: Time.zone.now }
  let!(:normal_user_team) do
    create :user_team,
           :normal_user,
           user: normal_user,
           team: team
  end

  describe 'GET #new' do
    it 'returns a http success response' do
      get :new, params: { id: project.id }, format: :json
      expect(response).to have_http_status :success
    end

    it 'renders new template' do
      get :new, params: { id: project.id }, format: :json
      expect(response).to render_template :new
    end

    it 'renders 404 if project is not set' do
      get :new, params: { id: nil }, format: :json
      expect(response).to have_http_status :not_found
    end

    it 'renders 403 if user does not have manage permissions' do
      sign_in_normal_user
      get :new, params: { id: project.id }, format: :json
      expect(response).to have_http_status :forbidden
    end
  end

  describe 'GET #show' do
    it 'returns a http success response' do
      get :show, params: { id: project.id }, format: :json
      expect(response).to have_http_status :success
    end

    it 'renders show template' do
      get :show, params: { id: project.id }, format: :json
      expect(response).to render_template :show
    end

    it 'renders show template when the user has view permissions on project' do
      create :user_project, user: normal_user, project: project
      create :user_assignment, assignable: project, user: normal_user, user_role: normal_user_role, assigned_by: user

      sign_in_normal_user

      get :show, params: { id: project.id }, format: :json
      expect(response).to have_http_status :success
      expect(response).to render_template :show
    end
  end

  describe 'GET #edit' do
    it 'returns a http success response' do
      get :edit, params: { id: project.id }, format: :json
      expect(response).to have_http_status :success
    end

    it 'renders edit template' do
      get :edit, params: { id: project.id }, format: :json
      expect(response).to render_template :edit
    end

    it 'renders 403 if user does not have manage permissions on project' do
      create :user_project, user: normal_user, project: project
      create :user_assignment, assignable: project, user: normal_user, user_role: normal_user_role, assigned_by: user

      sign_in_normal_user

      get :edit, params: { id: project.id }, format: :json
      expect(response).to have_http_status :forbidden
    end
  end

  describe 'PUT #update' do
    let!(:normal_user_project) { create :user_project, user: normal_user, project: project }
    let!(:normal_user_assignment) do
      create :user_assignment,
             assignable: project,
             user: normal_user,
             user_role: normal_user_role,
             assigned_by: user
    end

    let(:valid_params) do
      {
        id: project.id,
        project_member: {
          user_role_id: technician_role.id,
          user_id: normal_user.id
        }
      }
    end

    it 'updates the user role' do
      put :update, params: valid_params, format: :json
      expect(response).to have_http_status :success
      expect(normal_user_assignment.reload.user_role).to eq technician_role
    end

    it 'does not update the user role when the user has no permissions' do
      sign_in_normal_user

      put :update, params: valid_params, format: :json

      expect(response).to have_http_status :forbidden
      expect(normal_user_assignment.reload.user_role).to eq normal_user_role
    end
  end

  describe 'POST #create' do
    let(:valid_params) do
      {
        id: project.id,
        access_permissions_new_user_project_form: {
          resource_members: {
            0 => {
              assign: '1',
              user_id: normal_user.id,
              user_role_id: technician_role.id
            }
          }
        }
      }
    end

    it 'creates new project user and user assignment' do
      expect {
        post :create, params: valid_params, format: :json
      }.to change(UserProject, :count).by(1).and \
        change(UserAssignment, :count).by(1)
    end

    it 'does not create an assigment if user is already assigned' do
      create :user_project, user: normal_user, project: project

      expect {
        post :create, params: valid_params, format: :json
      }.to change(UserProject, :count).by(0).and \
        change(UserAssignment, :count).by(0)
    end

    it 'does not create an assigment when the user is already assigned with different permission' do
      create :user_project, user: normal_user, project: project
      create :user_assignment, assignable: project, user: normal_user, user_role: normal_user_role, assigned_by: user

      expect {
        post :create, params: valid_params, format: :json
      }.to change(UserProject, :count).by(0).and \
        change(UserAssignment, :count).by(0)
    end

    it 'renders 403 if user does not have manage permissions on project' do
      sign_in_normal_user

      post :create, params: valid_params, format: :json
      expect(response).to have_http_status :forbidden
    end
  end

  describe 'DELETE #destroy' do
    let!(:normal_user_project) { create :user_project, user: normal_user, project: project }
    let!(:normal_user_assignment) do
      create :user_assignment,
             assignable: project,
             user: normal_user,
             user_role: normal_user_role,
             assigned_by: user
    end

    let(:valid_params) do
      {
        id: project.id,
        user_id: normal_user.id
      }
    end

    it 'removes the user project and user assigment record' do
      expect {
        delete :destroy, params: valid_params, format: :json
      }.to change(UserProject, :count).by(-1).and \
        change(UserAssignment, :count).by(-1)
    end

    it 'renders 403 if user does not have manage permissions on project' do
      sign_in_normal_user

      delete :destroy, params: valid_params, format: :json
      expect(response).to have_http_status :forbidden
    end
  end

  def sign_in_normal_user
    sign_out user
    sign_in normal_user
  end
end
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`# frozen_string_literal: true`

			`require 'rails_helper'`

			`describe AccessPermissions::ProjectsController, type: :controller do`
			`login_user`

			`let!(:user) { subject.current_user }`
			`let!(:team) { create :team, created_by: user }`
			`let!(:user_team) { create :user_team, :admin, user: user, team: team }`
			`let!(:project) { create :project, team: team, created_by: user }`
			`let!(:owner_role) { create :owner_role }`
			`let!(:normal_user_role) { create :normal_user_role }`
			`let!(:technician_role) { create :technician_role }`
			`let!(:user_project) { create :user_project, user: user, project: project }`
fix code style 2021-05-30 01:25:46 +08:00			`let!(:user_assignment) do`
fix code style 2021-05-22 20:41:56 +08:00			`create :user_assignment,`
			`assignable: project,`
			`user: user,`
			`user_role: owner_role,`
			`assigned_by: user`
fix code style 2021-05-30 01:25:46 +08:00			`end`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`let!(:normal_user) { create :user, confirmed_at: Time.zone.now }`
fix code style 2021-05-30 01:25:46 +08:00			`let!(:normal_user_team) do`
fix code style 2021-05-22 20:41:56 +08:00			`create :user_team,`
			`:normal_user,`
			`user: normal_user,`
			`team: team`
fix code style 2021-05-30 01:25:46 +08:00			`end`
fix code style 2021-05-22 20:41:56 +08:00
			`describe 'GET #new' do`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`it 'returns a http success response' do`
			`get :new, params: { id: project.id }, format: :json`
			`expect(response).to have_http_status :success`
			`end`

			`it 'renders new template' do`
			`get :new, params: { id: project.id }, format: :json`
			`expect(response).to render_template :new`
			`end`

			`it 'renders 404 if project is not set' do`
			`get :new, params: { id: nil }, format: :json`
			`expect(response).to have_http_status :not_found`
			`end`

			`it 'renders 403 if user does not have manage permissions' do`
			`sign_in_normal_user`
			`get :new, params: { id: project.id }, format: :json`
			`expect(response).to have_http_status :forbidden`
			`end`
			`end`

fix code style 2021-05-22 20:41:56 +08:00			`describe 'GET #show' do`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`it 'returns a http success response' do`
			`get :show, params: { id: project.id }, format: :json`
			`expect(response).to have_http_status :success`
			`end`

			`it 'renders show template' do`
			`get :show, params: { id: project.id }, format: :json`
			`expect(response).to render_template :show`
			`end`

			`it 'renders show template when the user has view permissions on project' do`
			`create :user_project, user: normal_user, project: project`
			`create :user_assignment, assignable: project, user: normal_user, user_role: normal_user_role, assigned_by: user`

			`sign_in_normal_user`

			`get :show, params: { id: project.id }, format: :json`
			`expect(response).to have_http_status :success`
			`expect(response).to render_template :show`
			`end`
			`end`

fix code style 2021-05-22 20:41:56 +08:00			`describe 'GET #edit' do`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`it 'returns a http success response' do`
			`get :edit, params: { id: project.id }, format: :json`
			`expect(response).to have_http_status :success`
			`end`

			`it 'renders edit template' do`
			`get :edit, params: { id: project.id }, format: :json`
			`expect(response).to render_template :edit`
			`end`

			`it 'renders 403 if user does not have manage permissions on project' do`
			`create :user_project, user: normal_user, project: project`
			`create :user_assignment, assignable: project, user: normal_user, user_role: normal_user_role, assigned_by: user`

			`sign_in_normal_user`

			`get :edit, params: { id: project.id }, format: :json`
			`expect(response).to have_http_status :forbidden`
			`end`
			`end`

fix code style 2021-05-22 20:41:56 +08:00			`describe 'PUT #update' do`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`let!(:normal_user_project) { create :user_project, user: normal_user, project: project }`
fix code style 2021-05-30 01:25:46 +08:00			`let!(:normal_user_assignment) do`
fix code style 2021-05-22 20:41:56 +08:00			`create :user_assignment,`
			`assignable: project,`
			`user: normal_user,`
			`user_role: normal_user_role,`
			`assigned_by: user`
fix code style 2021-05-30 01:25:46 +08:00			`end`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00
fix code style 2021-05-30 01:25:46 +08:00			`let(:valid_params) do`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`{`
			`id: project.id,`
			`project_member: {`
			`user_role_id: technician_role.id,`
			`user_id: normal_user.id`
			`}`
			`}`
fix code style 2021-05-30 01:25:46 +08:00			`end`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00
			`it 'updates the user role' do`
			`put :update, params: valid_params, format: :json`
			`expect(response).to have_http_status :success`
			`expect(normal_user_assignment.reload.user_role).to eq technician_role`
			`end`

			`it 'does not update the user role when the user has no permissions' do`
			`sign_in_normal_user`

			`put :update, params: valid_params, format: :json`

			`expect(response).to have_http_status :forbidden`
			`expect(normal_user_assignment.reload.user_role).to eq normal_user_role`
			`end`
			`end`

fix code style 2021-05-30 01:25:46 +08:00			`describe 'POST #create' do`
			`let(:valid_params) do`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`{`
			`id: project.id,`
			`access_permissions_new_user_project_form: {`
			`resource_members: {`
			`0 => {`
			`assign: '1',`
			`user_id: normal_user.id,`
			`user_role_id: technician_role.id`
			`}`
			`}`
			`}`
			`}`
fix code style 2021-05-30 01:25:46 +08:00			`end`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00
			`it 'creates new project user and user assignment' do`
			`expect {`
			`post :create, params: valid_params, format: :json`
			`}.to change(UserProject, :count).by(1).and \`
fix code style 2021-05-22 20:41:56 +08:00			`change(UserAssignment, :count).by(1)`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`end`

			`it 'does not create an assigment if user is already assigned' do`
			`create :user_project, user: normal_user, project: project`

			`expect {`
			`post :create, params: valid_params, format: :json`
			`}.to change(UserProject, :count).by(0).and \`
fix code style 2021-05-22 20:41:56 +08:00			`change(UserAssignment, :count).by(0)`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`end`

			`it 'does not create an assigment when the user is already assigned with different permission' do`
			`create :user_project, user: normal_user, project: project`
			`create :user_assignment, assignable: project, user: normal_user, user_role: normal_user_role, assigned_by: user`

			`expect {`
			`post :create, params: valid_params, format: :json`
			`}.to change(UserProject, :count).by(0).and \`
fix code style 2021-05-22 20:41:56 +08:00			`change(UserAssignment, :count).by(0)`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`end`

			`it 'renders 403 if user does not have manage permissions on project' do`
			`sign_in_normal_user`

			`post :create, params: valid_params, format: :json`
			`expect(response).to have_http_status :forbidden`
			`end`
			`end`

fix code style 2021-05-22 20:41:56 +08:00			`describe 'DELETE #destroy' do`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`let!(:normal_user_project) { create :user_project, user: normal_user, project: project }`
fix code style 2021-05-30 01:25:46 +08:00			`let!(:normal_user_assignment) do`
fix code style 2021-05-22 20:41:56 +08:00			`create :user_assignment,`
			`assignable: project,`
			`user: normal_user,`
			`user_role: normal_user_role,`
			`assigned_by: user`
fix code style 2021-05-30 01:25:46 +08:00			`end`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00
fix code style 2021-05-30 01:25:46 +08:00			`let(:valid_params) do`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`{`
			`id: project.id,`
			`user_id: normal_user.id`
			`}`
fix code style 2021-05-30 01:25:46 +08:00			`end`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00
			`it 'removes the user project and user assigment record' do`
			`expect {`
			`delete :destroy, params: valid_params, format: :json`
			`}.to change(UserProject, :count).by(-1).and \`
fix code style 2021-05-22 20:41:56 +08:00			`change(UserAssignment, :count).by(-1)`
update scenarios and UI logic to handle project page reload after modal close 2021-05-02 17:22:59 +08:00			`end`

			`it 'renders 403 if user does not have manage permissions on project' do`
			`sign_in_normal_user`

			`delete :destroy, params: valid_params, format: :json`
			`expect(response).to have_http_status :forbidden`
			`end`
			`end`

			`def sign_in_normal_user`
			`sign_out user`
			`sign_in normal_user`
			`end`
			`end`