-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix misplaced helper functions, add tests for those scenarios
- Loading branch information
1 parent
299ef5c
commit 5d14e45
Showing
9 changed files
with
165 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
77 changes: 77 additions & 0 deletions
77
spec/features/specific_page_access/book_page_access_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
# frozen_string_literal: true | ||
|
||
# We are verifying the access to a book's view and edit pages., | ||
|
||
# The application is within open dates. | ||
# The user has a valid authentication token. | ||
# The user is logged in as either a submitter or admin | ||
require 'rails_helper' | ||
|
||
RSpec.describe 'Book Submission Ownership', type: :feature do | ||
let(:submitter) { FactoryBot.create(:submitter) } | ||
let(:another_submitter) { FactoryBot.create(:submitter) } | ||
|
||
before do | ||
submitter | ||
another_submitter | ||
end | ||
|
||
context 'when admin is logged in' do | ||
before do | ||
login_as_admin | ||
create_book_as_new_submitter | ||
click_on("I'm Finished") | ||
end | ||
|
||
it 'allows access to the book view page' do | ||
visit book_path(Book.first.id) | ||
expect(page).to have_http_status(:ok) | ||
end | ||
|
||
it 'allows access to the book edit page' do | ||
visit edit_book_path(Book.first.id) | ||
expect(page).to have_http_status(:ok) | ||
end | ||
end | ||
|
||
context 'when submitter owns the resource' do | ||
before do | ||
create_book_as_new_submitter | ||
end | ||
|
||
it 'allows access to the book show page' do | ||
visit book_path(Book.first.id) | ||
expect(page).to have_http_status(:ok) | ||
end | ||
|
||
it 'allows access to the edit book page' do | ||
visit edit_book_path(Book.first.id) | ||
expect(page).to have_http_status(:ok) | ||
end | ||
end | ||
|
||
context 'when another submitter is logged in' do | ||
before do | ||
create_book_as_new_submitter | ||
click_on("I'm Finished") | ||
create_submitter(another_submitter) | ||
end | ||
|
||
it 'restricts access to the book view page' do | ||
expect { visit book_path(Book.first.id) }.to raise_error(ActiveRecord::RecordNotFound) | ||
end | ||
|
||
it 'restricts access to the book edit page' do | ||
expect { visit edit_book_path(Book.first.id) }.to raise_error(ActiveRecord::RecordNotFound) | ||
end | ||
end | ||
|
||
def create_book_as_new_submitter | ||
create_submitter(submitter) | ||
visit new_book_path | ||
fill_in('book[work_title]', with: 'The History of Unicorns') | ||
fill_in('book[author_first_name][]', with: 'Juan') | ||
fill_in('book[author_last_name][]', with: 'Dela Cruz') | ||
click_on('Submit') | ||
end | ||
end |
67 changes: 67 additions & 0 deletions
67
spec/features/specific_page_access/submitter_page_access_spec.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
# frozen_string_literal: true | ||
|
||
# We are verifying access to user profile view and edit pages. | ||
|
||
# The application is within open dates. | ||
# The user has a valid authentication token. | ||
# The user is logged in as either a submitter or admin | ||
require 'rails_helper' | ||
|
||
RSpec.describe 'Submitter Profile Ownership', type: :feature do | ||
let(:submitter) { FactoryBot.create(:submitter) } | ||
let(:another_submitter) { FactoryBot.create(:submitter) } | ||
|
||
before do | ||
submitter | ||
another_submitter | ||
end | ||
|
||
context 'when admin is logged in' do | ||
before do | ||
login_as_admin | ||
end | ||
|
||
it 'allows access to the submitter profile page' do | ||
visit submitter_path(submitter.id) | ||
expect(page).to have_http_status(:ok) | ||
end | ||
|
||
it 'allows access to the edit-submitter profile page' do | ||
visit edit_submitter_path(submitter.id) | ||
expect(page).to have_http_status(:ok) | ||
end | ||
end | ||
|
||
context 'when submitter owns the resource' do | ||
before do | ||
create_submitter(submitter) | ||
end | ||
|
||
it 'allows access to the submitter profile page' do | ||
find('a[href*="submitters/"][href*="/edit"]').click | ||
click_button 'Next' # This is the only way to get to the submitter profile page | ||
expect(page).to have_http_status(:ok) | ||
end | ||
|
||
it 'allows access to the edit submitter profile page' do | ||
find('a[href*="submitters/"][href*="/edit"]').click | ||
expect(page).to have_http_status(:ok) | ||
end | ||
end | ||
|
||
context 'when another submitter is logged in' do | ||
before do | ||
create_submitter(submitter) | ||
end | ||
|
||
it 'restricts access to the submitter profile page' do | ||
create_submitter(submitter) | ||
expect { visit submitter_path(another_submitter.id) }.to raise_error(ActiveRecord::RecordNotFound) | ||
end | ||
|
||
it 'restricts access to the edit-submitter profile page' do | ||
create_submitter(submitter) | ||
expect { visit edit_submitter_path(another_submitter.id) }.to raise_error(ActiveRecord::RecordNotFound) | ||
end | ||
end | ||
end |
7 changes: 7 additions & 0 deletions
7
spec/support/helpers/access_authorization_for_feature_tests.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters