diff --git a/app/views/experiments/canvas.html.erb b/app/views/experiments/canvas.html.erb index 12e72f293..46e98f102 100644 --- a/app/views/experiments/canvas.html.erb +++ b/app/views/experiments/canvas.html.erb @@ -1,6 +1,6 @@ <% provide(:head_title, t("experiments.canvas.head_title", project: h(@project.name)).html_safe) %> <% provide(:sidebar_title, t("sidebar.my_modules.sidebar_title")) %> -<% provide(:sidebar_url, experiment_sidebar_path(@experiment)) %> +<% provide(:sidebar_url, sidebar_experiment_path(@experiment)) %> <%= content_for :sidebar do %> <%= render partial: 'shared/sidebar/my_modules.html.erb', locals: { experiment: @experiment, my_modules: @active_modules } %> diff --git a/app/views/experiments/module_archive.html.erb b/app/views/experiments/module_archive.html.erb index 68dac2f20..e9cf7f52d 100644 --- a/app/views/experiments/module_archive.html.erb +++ b/app/views/experiments/module_archive.html.erb @@ -1,6 +1,6 @@ <% provide(:head_title, t("experiments.module_archive.head_title", experiment: h(@experiment.name)).html_safe) %> <% provide(:sidebar_title, t("sidebar.my_modules.sidebar_title_archived")) %> -<% provide(:sidebar_url, experiment_sidebar_path(@experiment)) %> +<% provide(:sidebar_url, sidebar_experiment_path(@experiment)) %> <%= content_for :sidebar do %> <%= render partial: 'shared/sidebar/archived_my_modules.html.erb', locals: { experiment: @experiment, my_modules: @my_modules } %> diff --git a/config/routes.rb b/config/routes.rb index 7f2bbc957..c973ec907 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -347,9 +347,8 @@ Rails.application.routes.draw do post 'move' # move experiment get 'fetch_workflow_img' # Get udated workflow img post 'restore_my_modules', to: 'my_modules#restore_group' + get 'sidebar' end - - get 'sidebar', to: 'experiments#sidebar', as: 'sidebar' end # Show action is a popup (JSON) for individual module in full-zoom canvas, diff --git a/spec/permissions/controllers/experiments_controller_spec.rb b/spec/permissions/controllers/experiments_controller_spec.rb new file mode 100644 index 000000000..dec31fbcd --- /dev/null +++ b/spec/permissions/controllers/experiments_controller_spec.rb @@ -0,0 +1,130 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe ExperimentsController, type: :controller do + include PermissionExtends + + it_behaves_like "a controller with authentication", { + new: { project_id: 1 }, + create: { project_id: 1 }, + show: { id: 1 }, + canvas: { id: 1 }, + edit: { id: 1 }, + update: { id: 1 }, + archive: { id: 1 }, + archive_group: { project_id: 1 }, + restore_group: { project_id: 1 }, + clone: { id: 1 }, + move: { id: 1 }, + module_archive: { id: 1 }, + fetch_workflow_img: { id: 1 }, + sidebar: { id: 1 } + }, [] + + login_user + + describe 'permissions checking' do + include_context 'reference_project_structure', { + team_role: :normal_user + } + + it_behaves_like "a controller action with permissions checking", :get, :new do + let(:testable) { project } + let(:permissions) { [ProjectPermissions::EXPERIMENTS_CREATE] } + let(:action_params) { { project_id: project.id } } + end + + it_behaves_like "a controller action with permissions checking", :post, :create do + let(:testable) { project } + let(:permissions) { [ProjectPermissions::EXPERIMENTS_CREATE] } + let(:action_params) { { project_id: project.id, experiment: { name: 'Test' } } } + end + + it_behaves_like "a controller action with permissions checking", :get, :show do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::READ] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :get, :canvas do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::READ] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :get, :edit do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::MANAGE] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :put, :update do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::MANAGE, ExperimentPermissions::RESTORE] } + let(:action_params) { { id: experiment.id, experiment: { name: 'Test1' } } } + end + + it_behaves_like "a controller action with permissions checking", :post, :archive do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::ARCHIVE] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :post, :archive_group do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::ARCHIVE] } + let(:action_params) { { project_id: project.id, experiments_ids: [experiment.id] } } + let(:custom_response_status) { :unprocessable_entity } + end + + it_behaves_like "a controller action with permissions checking", :post, :restore_group do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::RESTORE] } + let(:action_params) { { project_id: project.id, experiments_ids: [experiment.id] } } + let(:custom_response_status) { :unprocessable_entity } + end + + it_behaves_like "a controller action with permissions checking", :get, :clone_modal do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::CLONE] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :post, :clone do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::CLONE] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :get, :move_modal do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::MOVE] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :post, :move do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::MOVE] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :get, :module_archive do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::READ] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :get, :fetch_workflow_img do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::READ] } + let(:action_params) { { id: experiment.id } } + end + + it_behaves_like "a controller action with permissions checking", :get, :sidebar do + let(:testable) { experiment } + let(:permissions) { [ExperimentPermissions::READ] } + let(:action_params) { { id: experiment.id } } + end + end +end