mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-01-08 00:23:01 +08:00
f68d724202
* Rework experiment permissions [SCI-6054]
221 lines
6.8 KiB
Ruby
221 lines
6.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
describe AccessPermissions::ProjectsController, type: :controller do
|
|
login_user
|
|
|
|
let!(:user) { subject.current_user }
|
|
let!(:team) { create :team, created_by: user }
|
|
let!(:user_team) { create :user_team, :admin, user: user, team: team }
|
|
let!(:project) { create :project, team: team, created_by: user }
|
|
let!(:owner_role) { UserRole.find_by(name: I18n.t('user_roles.predefined.owner')) }
|
|
let!(:normal_user_role) { create :normal_user_role }
|
|
let!(:technician_role) { create :technician_role }
|
|
let!(:user_project) { create :user_project, user: user, project: project }
|
|
let!(:user_assignment) do
|
|
create :user_assignment,
|
|
assignable: project,
|
|
user: user,
|
|
user_role: owner_role,
|
|
assigned_by: user
|
|
end
|
|
let!(:normal_user) { create :user, confirmed_at: Time.zone.now }
|
|
let!(:normal_user_team) do
|
|
create :user_team,
|
|
:normal_user,
|
|
user: normal_user,
|
|
team: team
|
|
end
|
|
|
|
describe 'GET #new' do
|
|
it 'returns a http success response' do
|
|
get :new, params: { id: project.id }, format: :json
|
|
expect(response).to have_http_status :success
|
|
end
|
|
|
|
it 'renders new template' do
|
|
get :new, params: { id: project.id }, format: :json
|
|
expect(response).to render_template :new
|
|
end
|
|
|
|
it 'renders 404 if project is not set' do
|
|
get :new, params: { id: nil }, format: :json
|
|
expect(response).to have_http_status :not_found
|
|
end
|
|
|
|
it 'renders 403 if user does not have manage permissions' do
|
|
sign_in_normal_user
|
|
get :new, params: { id: project.id }, format: :json
|
|
expect(response).to have_http_status :forbidden
|
|
end
|
|
end
|
|
|
|
describe 'GET #show' do
|
|
it 'returns a http success response' do
|
|
get :show, params: { id: project.id }, format: :json
|
|
expect(response).to have_http_status :success
|
|
end
|
|
|
|
it 'renders show template' do
|
|
get :show, params: { id: project.id }, format: :json
|
|
expect(response).to render_template :show
|
|
end
|
|
|
|
it 'renders show template when the user has view permissions on project' do
|
|
create :user_project, user: normal_user, project: project
|
|
create :user_assignment, assignable: project, user: normal_user, user_role: normal_user_role, assigned_by: user
|
|
|
|
sign_in_normal_user
|
|
|
|
get :show, params: { id: project.id }, format: :json
|
|
expect(response).to have_http_status :success
|
|
expect(response).to render_template :show
|
|
end
|
|
end
|
|
|
|
describe 'GET #edit' do
|
|
it 'returns a http success response' do
|
|
get :edit, params: { id: project.id }, format: :json
|
|
expect(response).to have_http_status :success
|
|
end
|
|
|
|
it 'renders edit template' do
|
|
get :edit, params: { id: project.id }, format: :json
|
|
expect(response).to render_template :edit
|
|
end
|
|
|
|
it 'renders 403 if user does not have manage permissions on project' do
|
|
create :user_project, user: normal_user, project: project
|
|
create :user_assignment, assignable: project, user: normal_user, user_role: normal_user_role, assigned_by: user
|
|
|
|
sign_in_normal_user
|
|
|
|
get :edit, params: { id: project.id }, format: :json
|
|
expect(response).to have_http_status :forbidden
|
|
end
|
|
end
|
|
|
|
describe 'PUT #update' do
|
|
let!(:normal_user_project) { create :user_project, user: normal_user, project: project }
|
|
let!(:normal_user_assignment) do
|
|
create :user_assignment,
|
|
assignable: project,
|
|
user: normal_user,
|
|
user_role: normal_user_role,
|
|
assigned_by: user
|
|
end
|
|
|
|
let(:valid_params) do
|
|
{
|
|
id: project.id,
|
|
project_member: {
|
|
user_role_id: technician_role.id,
|
|
user_id: normal_user.id
|
|
}
|
|
}
|
|
end
|
|
|
|
it 'updates the user role' do
|
|
put :update, params: valid_params, format: :json
|
|
expect(response).to have_http_status :success
|
|
expect(normal_user_assignment.reload.user_role).to eq technician_role
|
|
end
|
|
|
|
it 'does not update the user role when the user has no permissions' do
|
|
sign_in_normal_user
|
|
|
|
put :update, params: valid_params, format: :json
|
|
|
|
expect(response).to have_http_status :forbidden
|
|
expect(normal_user_assignment.reload.user_role).to eq normal_user_role
|
|
end
|
|
end
|
|
|
|
describe 'POST #create' do
|
|
let(:valid_params) do
|
|
{
|
|
id: project.id,
|
|
access_permissions_new_user_project_form: {
|
|
resource_members: {
|
|
0 => {
|
|
assign: '1',
|
|
user_id: normal_user.id,
|
|
user_role_id: technician_role.id
|
|
}
|
|
}
|
|
}
|
|
}
|
|
end
|
|
|
|
it 'creates new project user and user assignment' do
|
|
expect {
|
|
post :create, params: valid_params, format: :json
|
|
}.to change(UserProject, :count).by(1).and \
|
|
change(UserAssignment, :count).by(1)
|
|
end
|
|
|
|
it 'does not create an assigment if user is already assigned' do
|
|
create :user_project, user: normal_user, project: project
|
|
|
|
expect {
|
|
post :create, params: valid_params, format: :json
|
|
}.to change(UserProject, :count).by(0).and \
|
|
change(UserAssignment, :count).by(0)
|
|
end
|
|
|
|
it 'does not create an assigment when the user is already assigned with different permission' do
|
|
create :user_project, user: normal_user, project: project
|
|
create :user_assignment, assignable: project, user: normal_user, user_role: normal_user_role, assigned_by: user
|
|
|
|
expect {
|
|
post :create, params: valid_params, format: :json
|
|
}.to change(UserProject, :count).by(0).and \
|
|
change(UserAssignment, :count).by(0)
|
|
end
|
|
|
|
it 'renders 403 if user does not have manage permissions on project' do
|
|
sign_in_normal_user
|
|
|
|
post :create, params: valid_params, format: :json
|
|
expect(response).to have_http_status :forbidden
|
|
end
|
|
end
|
|
|
|
describe 'DELETE #destroy' do
|
|
let!(:normal_user_project) { create :user_project, user: normal_user, project: project }
|
|
let!(:normal_user_assignment) do
|
|
create :user_assignment,
|
|
assignable: project,
|
|
user: normal_user,
|
|
user_role: normal_user_role,
|
|
assigned_by: user
|
|
end
|
|
|
|
let(:valid_params) do
|
|
{
|
|
id: project.id,
|
|
user_id: normal_user.id
|
|
}
|
|
end
|
|
|
|
it 'removes the user project and user assigment record' do
|
|
expect {
|
|
delete :destroy, params: valid_params, format: :json
|
|
}.to change(UserProject, :count).by(-1).and \
|
|
change(UserAssignment, :count).by(-1)
|
|
end
|
|
|
|
it 'renders 403 if user does not have manage permissions on project' do
|
|
sign_in_normal_user
|
|
|
|
delete :destroy, params: valid_params, format: :json
|
|
expect(response).to have_http_status :forbidden
|
|
end
|
|
end
|
|
|
|
def sign_in_normal_user
|
|
sign_out user
|
|
sign_in normal_user
|
|
end
|
|
end
|