diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb index 5f7d41d4..367e8555 100644 --- a/app/controllers/admin_controller.rb +++ b/app/controllers/admin_controller.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true class AdminController < ApplicationController + skip_before_action :require_authenticated_user, only: %i[login validate] skip_before_action :check_date ALLOWED_CONTROLLERS_TO_MODELS = { diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 743fd779..d4b9b0c8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -2,7 +2,12 @@ class ApplicationController < ActionController::Base include Pagy::Backend - before_action :check_date + include UserAuthentication + + prepend_before_action :check_date + + skip_before_action :require_authenticated_user, only: :check_date + skip_before_action :check_date, only: :closed private diff --git a/app/controllers/concerns/user_authentication.rb b/app/controllers/concerns/user_authentication.rb new file mode 100644 index 00000000..c4ecbb63 --- /dev/null +++ b/app/controllers/concerns/user_authentication.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +# The UserAuthentication module provides mechanisms to enforce user authentication +# for actions in controllers where it is included. It utilizes ActiveSupport::Concern +# to add a before_action hook that checks for authenticated users (either admin or submitter) +# before allowing access to controller actions. Unauthenticated users are redirected +# to the root path with an appropriate warning message. +module UserAuthentication + extend ActiveSupport::Concern + + included do + before_action :require_authenticated_user + end + + private + + def require_authenticated_user + return if admin_logged_in? || current_submitter + + flash.keep[:danger] = 'You must submit your information first.' + redirect_to root_path + end + + def admin_logged_in? + session[:admin] + end + + def current_submitter + @current_submitter ||= Submitter.find_by(id: session[:submitter_id]) + end +end diff --git a/app/controllers/publications_controller.rb b/app/controllers/publications_controller.rb index af2a11e3..4af7a7e8 100644 --- a/app/controllers/publications_controller.rb +++ b/app/controllers/publications_controller.rb @@ -128,7 +128,7 @@ def create format.html { redirect_to publications_path } format.json { render :show, status: :created, location: instance_variable } else - format.html { render :new } + format.html { render :new, status: :unprocessable_entity } format.json { render json: instance_variable.errors, status: :unprocessable_entity } end end @@ -142,7 +142,7 @@ def update format.html { redirect_to instance_variable } format.json { render :show, status: :created, location: instance_variable } else - format.html { render :new } + format.html { render :edit, status: :unprocessable_entity } format.json { render json: instance_variable.errors, status: :unprocessable_entity } end end diff --git a/app/controllers/submitters_controller.rb b/app/controllers/submitters_controller.rb index e65f0604..1ba28981 100644 --- a/app/controllers/submitters_controller.rb +++ b/app/controllers/submitters_controller.rb @@ -1,6 +1,8 @@ # frozen_string_literal: true class SubmittersController < ApplicationController + skip_before_action :require_authenticated_user, only: %i[new create finished] + before_action :set_submitter, only: %i[show edit update destroy] # GET /submitters/1 diff --git a/app/helpers/submitters_helper.rb b/app/helpers/submitters_helper.rb index 8f2d58bb..d489f36a 100644 --- a/app/helpers/submitters_helper.rb +++ b/app/helpers/submitters_helper.rb @@ -2,7 +2,7 @@ module SubmittersHelper def find_submitter(id) - Submitter.find(id) + Submitter.find_by(id:) end def find_submitters(id) diff --git a/app/mailers/publication_mailer.rb b/app/mailers/publication_mailer.rb index 120075de..595bc319 100644 --- a/app/mailers/publication_mailer.rb +++ b/app/mailers/publication_mailer.rb @@ -29,6 +29,8 @@ class PublicationMailer < ApplicationMailer SUBJECT = 'Publication received for Artists, Authors, Editors & Composers' def publication_submit(submitter, publication) + return unless submitter + @submitter = submitter @publication = publication sender_name, sender_email = parse_default_sender diff --git a/spec/controllers/admin_controller/admin_controller_citations_spec.rb b/spec/controllers/admin_controller/admin_controller_citations_spec.rb index cc866eef..97744870 100644 --- a/spec/controllers/admin_controller/admin_controller_citations_spec.rb +++ b/spec/controllers/admin_controller/admin_controller_citations_spec.rb @@ -21,7 +21,8 @@ context 'when admin is not logged in' do before do - allow(controller).to receive(:session).and_return(admin: false) + session[:admin] = false + session[:submitter_id] = FactoryBot.create(:submitter).id end it 'redirects to publications_path' do diff --git a/spec/controllers/admin_controller/admin_controller_csv_spec.rb b/spec/controllers/admin_controller/admin_controller_csv_spec.rb index cc2edd82..33aab698 100644 --- a/spec/controllers/admin_controller/admin_controller_csv_spec.rb +++ b/spec/controllers/admin_controller/admin_controller_csv_spec.rb @@ -5,6 +5,7 @@ RSpec.describe AdminController, type: :controller do let(:common_params) { { 'controller_name' => 'other_publications' } } let(:admin_session) { { 'admin' => true } } + let(:submitter_session) { { 'submitter_id' => FactoryBot.create(:submitter).id } } describe 'GET #csv' do context 'when the user is an admin' do @@ -33,7 +34,8 @@ context 'when the user is not an admin' do it 'redirects even if a valid format is provided' do - get(:csv, params: common_params.merge({ format: 'csv' })) + get(:csv, params: common_params.merge({ format: 'csv' }), session: submitter_session) + expect(response).to have_http_status(302) expect(response).to redirect_to('/publications') end end diff --git a/spec/controllers/admin_controller/admin_controller_toggle_links_spec.rb b/spec/controllers/admin_controller/admin_controller_toggle_links_spec.rb index 68e24c6c..1924203d 100644 --- a/spec/controllers/admin_controller/admin_controller_toggle_links_spec.rb +++ b/spec/controllers/admin_controller/admin_controller_toggle_links_spec.rb @@ -4,6 +4,10 @@ RSpec.describe AdminController, type: :controller do describe 'POST #toggle_links' do + before do + session[:admin] = true + end + context 'when session[:links] is true' do before do session[:links] = true diff --git a/spec/controllers/application_controller/application_controller_check_date_spec.rb b/spec/controllers/application_controller/application_controller_check_date_spec.rb index 074ad00e..d8bd7240 100644 --- a/spec/controllers/application_controller/application_controller_check_date_spec.rb +++ b/spec/controllers/application_controller/application_controller_check_date_spec.rb @@ -5,6 +5,9 @@ RSpec.describe ApplicationController, type: :controller do include ApplicationHelper + let(:submitter) { FactoryBot.create(:submitter) } + let(:submitter_session) { { submitter_id: submitter.id } } + controller(ApplicationController) do def index render plain: 'Hello, world!' @@ -20,7 +23,7 @@ def index context 'when EXPIRATION_DATE is in the past and user is not admin' do it 'redirects to the closed page' do allow(ENV).to receive(:fetch).with('EXPIRATION_DATE').and_return('2000-01-01') - get :index + get :index, session: submitter_session expect(response).to redirect_to(page_route('closed')) end end @@ -28,8 +31,9 @@ def index context 'when EXPIRATION_DATE is in the future' do it 'does not redirect' do allow(ENV).to receive(:fetch).with('EXPIRATION_DATE').and_return('3000-01-01') - get :index - expect(response.body).to eq('Hello, world!') + get :index, session: submitter_session + expect(response).to have_http_status(:ok) + expect(response.body).to include('Hello, world!') end end diff --git a/spec/controllers/artworks_controller_spec.rb b/spec/controllers/artworks_controller_spec.rb index b6faca23..a35609e7 100644 --- a/spec/controllers/artworks_controller_spec.rb +++ b/spec/controllers/artworks_controller_spec.rb @@ -11,60 +11,23 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'location' => '', 'date' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - Artwork.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - artwork = Artwork.create! valid_attributes - get :show, params: { id: artwork.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - artwork = Artwork.create! valid_attributes - get :show, params: { id: artwork.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - artwork = Artwork.create! valid_attributes - get :edit, params: { id: artwork.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:artwork) { Artwork.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do - before do - FactoryBot.create(:submitter) - end - - it 'creates a new Other Publication' do + it 'creates a new Artwork' do expect do post :create, params: { artwork: valid_attributes }, session: valid_session end.to change(Artwork, :count).by(1) @@ -77,9 +40,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new Artwork' do + expect do + post :create, params: { artwork: invalid_attributes }, session: valid_session + end.not_to change(Artwork, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { artwork: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +61,6 @@ end it 'updates the requested other publication' do - artwork = Artwork.create! valid_attributes put :update, params: { id: artwork.to_param, artwork: new_attributes }, session: valid_session artwork.reload expect(artwork.date).to eql 'new date' @@ -99,31 +68,32 @@ end it 'redirects to the artwork' do - artwork = Artwork.create! valid_attributes put :update, params: { id: artwork.to_param, artwork: valid_attributes }, session: valid_session expect(response).to redirect_to(artwork) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - artwork = Artwork.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: artwork.to_param, artwork: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + artwork + end + it 'destroys the requested artwork' do - artwork = Artwork.create! valid_attributes expect do delete :destroy, params: { id: artwork.to_param }, session: valid_session end.to change(Artwork, :count).by(-1) end it 'redirects to the artworks list' do - artwork = Artwork.create! valid_attributes delete :destroy, params: { id: artwork.to_param }, session: valid_session expect(response).to redirect_to(artworks_url) end diff --git a/spec/controllers/book_chapters_controller_spec.rb b/spec/controllers/book_chapters_controller_spec.rb index 07536d24..359c2e2a 100644 --- a/spec/controllers/book_chapters_controller_spec.rb +++ b/spec/controllers/book_chapters_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'publisher' => '', 'page_numbers' => '', 'city' => '', 'publication_date' => '', 'url' => '', 'doi' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - BookChapter.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - book_chapter = BookChapter.create! valid_attributes - get :show, params: { id: book_chapter.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - book_chapter = BookChapter.create! valid_attributes - get :show, params: { id: book_chapter.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - book_chapter = BookChapter.create! valid_attributes - get :edit, params: { id: book_chapter.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:book_chapter) { BookChapter.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -64,7 +31,7 @@ FactoryBot.create(:submitter) end - it 'creates a new Other Publication' do + it 'creates a new BookChapter' do expect do post :create, params: { book_chapter: valid_attributes }, session: valid_session end.to change(BookChapter, :count).by(1) @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new Book Chapter' do + expect do + post :create, params: { book_chapter: invalid_attributes }, session: valid_session + end.not_to change(Artwork, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { book_chapter: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - book_chapter = BookChapter.create! valid_attributes put :update, params: { id: book_chapter.to_param, book_chapter: new_attributes }, session: valid_session book_chapter.reload expect(book_chapter.url).to eql 'www.cool.com' @@ -99,31 +72,32 @@ end it 'redirects to the book_chapter' do - book_chapter = BookChapter.create! valid_attributes put :update, params: { id: book_chapter.to_param, book_chapter: valid_attributes }, session: valid_session expect(response).to redirect_to(book_chapter) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - book_chapter = BookChapter.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: book_chapter.to_param, book_chapter: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + book_chapter + end + it 'destroys the requested book_chapter' do - book_chapter = BookChapter.create! valid_attributes expect do delete :destroy, params: { id: book_chapter.to_param }, session: valid_session end.to change(BookChapter, :count).by(-1) end it 'redirects to the book_chapters list' do - book_chapter = BookChapter.create! valid_attributes delete :destroy, params: { id: book_chapter.to_param }, session: valid_session expect(response).to redirect_to(book_chapters_url) end diff --git a/spec/controllers/books_controller_spec.rb b/spec/controllers/books_controller_spec.rb index def4e42e..92f8e682 100644 --- a/spec/controllers/books_controller_spec.rb +++ b/spec/controllers/books_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'publisher' => '', 'city' => '', 'publication_date' => '', 'url' => '', 'doi' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - Book.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - book = Book.create! valid_attributes - get :show, params: { id: book.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - book = Book.create! valid_attributes - get :show, params: { id: book.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - book = Book.create! valid_attributes - get :edit, params: { id: book.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:book) { Book.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new Book' do + expect do + post :create, params: { book: invalid_attributes }, session: valid_session + end.not_to change(Book, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { book: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested book' do - book = Book.create! valid_attributes put :update, params: { id: book.to_param, book: new_attributes }, session: valid_session book.reload expect(book.url).to eql 'www.cool.com' @@ -99,31 +72,31 @@ end it 'redirects to the book' do - book = Book.create! valid_attributes put :update, params: { id: book.to_param, book: valid_attributes }, session: valid_session expect(response).to redirect_to(book) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - book = Book.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: book.to_param, book: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + book + end it 'destroys the requested book' do - book = Book.create! valid_attributes expect do delete :destroy, params: { id: book.to_param }, session: valid_session end.to change(Book, :count).by(-1) end it 'redirects to the books list' do - book = Book.create! valid_attributes delete :destroy, params: { id: book.to_param }, session: valid_session expect(response).to redirect_to(books_url) end diff --git a/spec/controllers/colleges_controller_spec.rb b/spec/controllers/colleges_controller_spec.rb index 3618b909..a3d3af50 100644 --- a/spec/controllers/colleges_controller_spec.rb +++ b/spec/controllers/colleges_controller_spec.rb @@ -40,11 +40,12 @@ # This should return the minimal set of values that should be in the session # in order to pass any filters (e.g. authentication) defined in # CollegesController. Be sure to keep this updated too. - let(:valid_session) { {} } + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:college) { College.create! valid_attributes } describe 'GET #index' do it 'returns a success response' do - College.create! valid_attributes get :index, params: {}, session: valid_session expect(response).to be_successful end @@ -52,7 +53,6 @@ describe 'GET #show' do it 'returns a success response' do - college = College.create! valid_attributes get :show, params: { id: college.to_param }, session: valid_session expect(response).to be_successful end @@ -67,7 +67,6 @@ describe 'GET #edit' do it 'returns a success response' do - college = College.create! valid_attributes get :edit, params: { id: college.to_param }, session: valid_session expect(response).to be_successful end @@ -102,14 +101,12 @@ end it 'updates the requested college' do - college = College.create! valid_attributes put :update, params: { id: college.to_param, college: new_attributes }, session: valid_session college.reload college.name == new_attributes[:name] end it 'redirects to the college' do - college = College.create! valid_attributes put :update, params: { id: college.to_param, college: valid_attributes }, session: valid_session expect(response).to redirect_to(college) end @@ -117,7 +114,6 @@ context 'with invalid params' do it "returns a success response (i.e. to display the 'edit' template)" do - college = College.create! valid_attributes put :update, params: { id: college.to_param, college: invalid_attributes }, session: valid_session expect(response).to be_successful end @@ -125,15 +121,17 @@ end describe 'DELETE #destroy' do + before do + college + end + it 'destroys the requested college' do - college = College.create! valid_attributes expect do delete :destroy, params: { id: college.to_param }, session: valid_session end.to change(College, :count).by(-1) end it 'redirects to the colleges list' do - college = College.create! valid_attributes delete :destroy, params: { id: college.to_param }, session: valid_session expect(response).to redirect_to(colleges_url) end diff --git a/spec/controllers/concerns/user_authentication_spec.rb b/spec/controllers/concerns/user_authentication_spec.rb new file mode 100644 index 00000000..946e2c54 --- /dev/null +++ b/spec/controllers/concerns/user_authentication_spec.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe UserAuthentication, type: :controller do + controller(ApplicationController) do + def index + render plain: 'ok' + end + end + + describe 'Authentication' do + before do + routes.draw { get 'index', to: 'anonymous#index' } + end + + context 'when no user is authenticated' do + it 'redirects to the root path with an alert' do + get :index + expect(response).to redirect_to(root_path) + expect(flash[:danger]).to eq('You must submit your information first.') + end + end + + context 'when admin is logged in' do + it 'does not redirect and allows access' do + session[:admin] = true + get :index + expect(response).to have_http_status(:ok) + end + end + + context 'when submitter is logged in' do + it 'does not redirect and allows access' do + submitter = FactoryBot.create(:submitter) + session[:submitter_id] = submitter.id + get :index + expect(response).to have_http_status(:ok) + end + end + end +end diff --git a/spec/controllers/digital_projects_controller_spec.rb b/spec/controllers/digital_projects_controller_spec.rb index 3d568d61..6f4da41a 100644 --- a/spec/controllers/digital_projects_controller_spec.rb +++ b/spec/controllers/digital_projects_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'name_of_site' => '', 'name_of_affiliated_organization' => '', 'publication_date' => '', 'version' => '', 'url' => '', 'doi' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - DigitalProject.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - digital_project = DigitalProject.create! valid_attributes - get :show, params: { id: digital_project.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - digital_project = DigitalProject.create! valid_attributes - get :show, params: { id: digital_project.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - digital_project = DigitalProject.create! valid_attributes - get :edit, params: { id: digital_project.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:digital_project) { DigitalProject.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -64,7 +31,7 @@ FactoryBot.create(:submitter) end - it 'creates a new Other Publication' do + it 'creates a new DigitalProject' do expect do post :create, params: { digital_project: valid_attributes }, session: valid_session end.to change(DigitalProject, :count).by(1) @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new Digital Project' do + expect do + post :create, params: { digital_project: invalid_attributes }, session: valid_session + end.not_to change(DigitalProject, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { digital_project: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - digital_project = DigitalProject.create! valid_attributes put :update, params: { id: digital_project.to_param, digital_project: new_attributes }, session: valid_session digital_project.reload expect(digital_project.doi).to eql 'done' @@ -99,31 +72,32 @@ end it 'redirects to the digital_project' do - digital_project = DigitalProject.create! valid_attributes put :update, params: { id: digital_project.to_param, digital_project: valid_attributes }, session: valid_session expect(response).to redirect_to(digital_project) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - digital_project = DigitalProject.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: digital_project.to_param, digital_project: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + digital_project + end + it 'destroys the requested digital_project' do - digital_project = DigitalProject.create! valid_attributes expect do delete :destroy, params: { id: digital_project.to_param }, session: valid_session end.to change(DigitalProject, :count).by(-1) end it 'redirects to the digital_projects list' do - digital_project = DigitalProject.create! valid_attributes delete :destroy, params: { id: digital_project.to_param }, session: valid_session expect(response).to redirect_to(digital_projects_url) end diff --git a/spec/controllers/editings_controller_spec.rb b/spec/controllers/editings_controller_spec.rb index 542420a5..b6ce857b 100644 --- a/spec/controllers/editings_controller_spec.rb +++ b/spec/controllers/editings_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'volume' => '', 'issue' => '', 'publisher' => '', 'city' => '', 'publication_date' => '', 'url' => '', 'doi' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - Editing.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - editing = Editing.create! valid_attributes - get :show, params: { id: editing.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - editing = Editing.create! valid_attributes - get :show, params: { id: editing.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - editing = Editing.create! valid_attributes - get :edit, params: { id: editing.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:editing) { Editing.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -64,7 +31,7 @@ FactoryBot.create(:submitter) end - it 'creates a new Other Publication' do + it 'creates a new Editing' do expect do post :create, params: { editing: valid_attributes }, session: valid_session end.to change(Editing, :count).by(1) @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new Editing' do + expect do + post :create, params: { editing: invalid_attributes }, session: valid_session + end.not_to change(Editing, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { editing: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - editing = Editing.create! valid_attributes put :update, params: { id: editing.to_param, editing: new_attributes }, session: valid_session editing.reload expect(editing.url).to eql 'www.cool.com' @@ -99,31 +72,32 @@ end it 'redirects to the editing' do - editing = Editing.create! valid_attributes put :update, params: { id: editing.to_param, editing: valid_attributes }, session: valid_session expect(response).to redirect_to(editing) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - editing = Editing.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: editing.to_param, editing: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + editing + end + it 'destroys the requested editing' do - editing = Editing.create! valid_attributes expect do delete :destroy, params: { id: editing.to_param }, session: valid_session end.to change(Editing, :count).by(-1) end it 'redirects to the editings list' do - editing = Editing.create! valid_attributes delete :destroy, params: { id: editing.to_param }, session: valid_session expect(response).to redirect_to(editings_url) end diff --git a/spec/controllers/errors_controller_spec.rb b/spec/controllers/errors_controller_spec.rb index 89e0c9a9..540f94d1 100644 --- a/spec/controllers/errors_controller_spec.rb +++ b/spec/controllers/errors_controller_spec.rb @@ -6,9 +6,13 @@ RSpec.describe ErrorsController, type: :controller do describe 'GET #not_found' do + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + before do - get :not_found + get :not_found, session: valid_session end + it 'renders the not_found template' do expect(response).to render_template('errors/404') expect(response).to render_template('layouts/application') diff --git a/spec/controllers/films_controller_spec.rb b/spec/controllers/films_controller_spec.rb index 0f2c744e..b3c8c677 100644 --- a/spec/controllers/films_controller_spec.rb +++ b/spec/controllers/films_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'director' => '', 'release_year' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - Film.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - film = Film.create! valid_attributes - get :show, params: { id: film.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - film = Film.create! valid_attributes - get :show, params: { id: film.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - film = Film.create! valid_attributes - get :edit, params: { id: film.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:film) { Film.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -64,7 +31,7 @@ FactoryBot.create(:submitter) end - it 'creates a new Other Publication' do + it 'creates a new Film' do expect do post :create, params: { film: valid_attributes }, session: valid_session end.to change(Film, :count).by(1) @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new Film' do + expect do + post :create, params: { film: invalid_attributes }, session: valid_session + end.not_to change(Film, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { film: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - film = Film.create! valid_attributes put :update, params: { id: film.to_param, film: new_attributes }, session: valid_session film.reload expect(film.release_year).to eql '2020' @@ -99,31 +72,32 @@ end it 'redirects to the film' do - film = Film.create! valid_attributes put :update, params: { id: film.to_param, film: valid_attributes }, session: valid_session expect(response).to redirect_to(film) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - film = Film.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: film.to_param, film: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + film + end + it 'destroys the requested film' do - film = Film.create! valid_attributes expect do delete :destroy, params: { id: film.to_param }, session: valid_session end.to change(Film, :count).by(-1) end it 'redirects to the films list' do - film = Film.create! valid_attributes delete :destroy, params: { id: film.to_param }, session: valid_session expect(response).to redirect_to(films_url) end diff --git a/spec/controllers/journal_articles_controller_spec.rb b/spec/controllers/journal_articles_controller_spec.rb index f6f15d4b..e87c5569 100644 --- a/spec/controllers/journal_articles_controller_spec.rb +++ b/spec/controllers/journal_articles_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'volume' => '', 'issue' => '', 'page_numbers' => '', 'publication_date' => '', 'url' => '', 'doi' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - JournalArticle.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - journal_article = JournalArticle.create! valid_attributes - get :show, params: { id: journal_article.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - journal_article = JournalArticle.create! valid_attributes - get :show, params: { id: journal_article.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - journal_article = JournalArticle.create! valid_attributes - get :edit, params: { id: journal_article.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:journal_article) { JournalArticle.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -64,7 +31,7 @@ FactoryBot.create(:submitter) end - it 'creates a new Other Publication' do + it 'creates a new JournalArticle' do expect do post :create, params: { journal_article: valid_attributes }, session: valid_session end.to change(JournalArticle, :count).by(1) @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new Journal Article' do + expect do + post :create, params: { journal_article: invalid_attributes }, session: valid_session + end.not_to change(JournalArticle, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { journal_article: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - journal_article = JournalArticle.create! valid_attributes put :update, params: { id: journal_article.to_param, journal_article: new_attributes }, session: valid_session journal_article.reload expect(journal_article.url).to eql 'www.cool.com' @@ -99,31 +72,32 @@ end it 'redirects to the journal_article' do - journal_article = JournalArticle.create! valid_attributes put :update, params: { id: journal_article.to_param, journal_article: valid_attributes }, session: valid_session expect(response).to redirect_to(journal_article) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - journal_article = JournalArticle.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: journal_article.to_param, journal_article: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + journal_article + end + it 'destroys the requested journal_article' do - journal_article = JournalArticle.create! valid_attributes expect do delete :destroy, params: { id: journal_article.to_param }, session: valid_session end.to change(JournalArticle, :count).by(-1) end it 'redirects to the journal_articles list' do - journal_article = JournalArticle.create! valid_attributes delete :destroy, params: { id: journal_article.to_param }, session: valid_session expect(response).to redirect_to(journal_articles_url) end diff --git a/spec/controllers/musical_scores_controller_spec.rb b/spec/controllers/musical_scores_controller_spec.rb index 8c30e02b..07f1eacb 100644 --- a/spec/controllers/musical_scores_controller_spec.rb +++ b/spec/controllers/musical_scores_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'publisher' => '', 'city' => '', 'publication_date' => '', 'url' => '', 'doi' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - MusicalScore.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - musical_score = MusicalScore.create! valid_attributes - get :show, params: { id: musical_score.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - musical_score = MusicalScore.create! valid_attributes - get :show, params: { id: musical_score.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - musical_score = MusicalScore.create! valid_attributes - get :edit, params: { id: musical_score.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:musical_score) { MusicalScore.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -64,7 +31,7 @@ FactoryBot.create(:submitter) end - it 'creates a new Other Publication' do + it 'creates a new MusicalScore' do expect do post :create, params: { musical_score: valid_attributes }, session: valid_session end.to change(MusicalScore, :count).by(1) @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new MusicalScore' do + expect do + post :create, params: { musical_score: invalid_attributes }, session: valid_session + end.not_to change(MusicalScore, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { musical_score: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - musical_score = MusicalScore.create! valid_attributes put :update, params: { id: musical_score.to_param, musical_score: new_attributes }, session: valid_session musical_score.reload expect(musical_score.url).to eql 'www.cool.com' @@ -99,31 +72,32 @@ end it 'redirects to the musical_score' do - musical_score = MusicalScore.create! valid_attributes put :update, params: { id: musical_score.to_param, musical_score: valid_attributes }, session: valid_session expect(response).to redirect_to(musical_score) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - musical_score = MusicalScore.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: musical_score.to_param, musical_score: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + musical_score + end + it 'destroys the requested musical_score' do - musical_score = MusicalScore.create! valid_attributes expect do delete :destroy, params: { id: musical_score.to_param }, session: valid_session end.to change(MusicalScore, :count).by(-1) end it 'redirects to the musical_scores list' do - musical_score = MusicalScore.create! valid_attributes delete :destroy, params: { id: musical_score.to_param }, session: valid_session expect(response).to redirect_to(musical_scores_url) end diff --git a/spec/controllers/other_publications_controller_spec.rb b/spec/controllers/other_publications_controller_spec.rb index 5c4a16f0..985d16a6 100644 --- a/spec/controllers/other_publications_controller_spec.rb +++ b/spec/controllers/other_publications_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'volume' => '', 'issue' => '', 'page_numbers' => '', 'publisher' => '', 'city' => '', 'publication_date' => '', 'url' => '', 'doi' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - OtherPublication.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - other_publication = OtherPublication.create! valid_attributes - get :show, params: { id: other_publication.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - other_publication = OtherPublication.create! valid_attributes - get :show, params: { id: other_publication.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - other_publication = OtherPublication.create! valid_attributes - get :edit, params: { id: other_publication.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:other_publication) { OtherPublication.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new OtherPublication' do + expect do + post :create, params: { other_publication: invalid_attributes }, session: valid_session + end.not_to change(OtherPublication, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { other_publication: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - other_publication = OtherPublication.create! valid_attributes put :update, params: { id: other_publication.to_param, other_publication: new_attributes }, session: valid_session other_publication.reload expect(other_publication.url).to eql 'www.cool.com' @@ -99,31 +72,32 @@ end it 'redirects to the other_publication' do - other_publication = OtherPublication.create! valid_attributes put :update, params: { id: other_publication.to_param, other_publication: valid_attributes }, session: valid_session expect(response).to redirect_to(other_publication) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - other_publication = OtherPublication.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: other_publication.to_param, other_publication: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + other_publication + end + it 'destroys the requested other_publication' do - other_publication = OtherPublication.create! valid_attributes expect do delete :destroy, params: { id: other_publication.to_param }, session: valid_session end.to change(OtherPublication, :count).by(-1) end it 'redirects to the other_publications list' do - other_publication = OtherPublication.create! valid_attributes delete :destroy, params: { id: other_publication.to_param }, session: valid_session expect(response).to redirect_to(other_publications_url) end diff --git a/spec/controllers/pages_controller_spec.rb b/spec/controllers/pages_controller_spec.rb index 5b7c2bba..8cd24458 100644 --- a/spec/controllers/pages_controller_spec.rb +++ b/spec/controllers/pages_controller_spec.rb @@ -3,12 +3,15 @@ require 'rails_helper' RSpec.describe PagesController, type: :controller do + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + describe 'GET #show' do render_views context 'when page is valid' do it 'renders the page' do - get :show, params: { page: 'closed' } + get :show, params: { page: 'closed' }, session: valid_session expect(response).to render_template('pages/closed') expect(response.body).to have_text('The deadline for submissions has passed') end @@ -16,12 +19,12 @@ context 'when page is invalid' do it 'returns a 404 status' do - get :show, params: { page: 'bad' } + get :show, params: { page: 'bad' }, session: valid_session expect(response.status).to eq(404) end it 'renders the 404 template' do - get :show, params: { page: 'bad' } + get :show, params: { page: 'bad' }, session: valid_session expect(response).to render_template('errors/404') end end diff --git a/spec/controllers/photographies_controller_spec.rb b/spec/controllers/photographies_controller_spec.rb index a0771234..1f8de937 100644 --- a/spec/controllers/photographies_controller_spec.rb +++ b/spec/controllers/photographies_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'publisher' => '', 'city' => '', 'publication_date' => '', 'url' => '', 'doi' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - Photography.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - photography = Photography.create! valid_attributes - get :show, params: { id: photography.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - photography = Photography.create! valid_attributes - get :show, params: { id: photography.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - photography = Photography.create! valid_attributes - get :edit, params: { id: photography.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:photography) { Photography.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -64,7 +31,7 @@ FactoryBot.create(:submitter) end - it 'creates a new Other Publication' do + it 'creates a new Photography' do expect do post :create, params: { photography: valid_attributes }, session: valid_session end.to change(Photography, :count).by(1) @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new Photography' do + expect do + post :create, params: { photography: invalid_attributes }, session: valid_session + end.not_to change(Photography, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { photography: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - photography = Photography.create! valid_attributes put :update, params: { id: photography.to_param, photography: new_attributes }, session: valid_session photography.reload expect(photography.url).to eql 'www.cool.com' @@ -99,31 +72,32 @@ end it 'redirects to the photography' do - photography = Photography.create! valid_attributes put :update, params: { id: photography.to_param, photography: valid_attributes }, session: valid_session expect(response).to redirect_to(photography) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - photography = Photography.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: photography.to_param, photography: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + photography + end + it 'destroys the requested photography' do - photography = Photography.create! valid_attributes expect do delete :destroy, params: { id: photography.to_param }, session: valid_session end.to change(Photography, :count).by(-1) end it 'redirects to the photographys list' do - photography = Photography.create! valid_attributes delete :destroy, params: { id: photography.to_param }, session: valid_session expect(response).to redirect_to(photographies_url) end diff --git a/spec/controllers/physical_media_controller_spec.rb b/spec/controllers/physical_media_controller_spec.rb index 55fe7013..a08306ee 100644 --- a/spec/controllers/physical_media_controller_spec.rb +++ b/spec/controllers/physical_media_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'publisher' => '', 'city' => '', 'publication_date' => '', 'url' => '', 'doi' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - PhysicalMedium.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - physical_medium = PhysicalMedium.create! valid_attributes - get :show, params: { id: physical_medium.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - physical_medium = PhysicalMedium.create! valid_attributes - get :show, params: { id: physical_medium.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - physical_medium = PhysicalMedium.create! valid_attributes - get :edit, params: { id: physical_medium.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:physical_medium) { PhysicalMedium.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -64,7 +31,7 @@ FactoryBot.create(:submitter) end - it 'creates a new Other Publication' do + it 'creates a new PysicalMedium' do expect do post :create, params: { physical_medium: valid_attributes }, session: valid_session end.to change(PhysicalMedium, :count).by(1) @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new PhysicalMedium' do + expect do + post :create, params: { physical_medium: invalid_attributes }, session: valid_session + end.not_to change(PhysicalMedium, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { physical_medium: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - physical_medium = PhysicalMedium.create! valid_attributes put :update, params: { id: physical_medium.to_param, physical_medium: new_attributes }, session: valid_session physical_medium.reload expect(physical_medium.url).to eql 'www.cool.com' @@ -99,31 +72,32 @@ end it 'redirects to the physical_medium' do - physical_medium = PhysicalMedium.create! valid_attributes put :update, params: { id: physical_medium.to_param, physical_medium: valid_attributes }, session: valid_session expect(response).to redirect_to(physical_medium) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - physical_medium = PhysicalMedium.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: physical_medium.to_param, physical_medium: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + physical_medium + end + it 'destroys the requested physical_medium' do - physical_medium = PhysicalMedium.create! valid_attributes expect do delete :destroy, params: { id: physical_medium.to_param }, session: valid_session end.to change(PhysicalMedium, :count).by(-1) end it 'redirects to the physical_mediums list' do - physical_medium = PhysicalMedium.create! valid_attributes delete :destroy, params: { id: physical_medium.to_param }, session: valid_session expect(response).to redirect_to(physical_media_url) end diff --git a/spec/controllers/plays_controller_spec.rb b/spec/controllers/plays_controller_spec.rb index c1535f9d..dbd4e77a 100644 --- a/spec/controllers/plays_controller_spec.rb +++ b/spec/controllers/plays_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'publisher' => '', 'city' => '', 'publication_date' => '', 'url' => '', 'doi' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - Play.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - play = Play.create! valid_attributes - get :show, params: { id: play.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - play = Play.create! valid_attributes - get :show, params: { id: play.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - play = Play.create! valid_attributes - get :edit, params: { id: play.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:play) { Play.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -64,7 +31,7 @@ FactoryBot.create(:submitter) end - it 'creates a new Other Publication' do + it 'creates a new Play' do expect do post :create, params: { play: valid_attributes }, session: valid_session end.to change(Play, :count).by(1) @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new Play' do + expect do + post :create, params: { play: invalid_attributes }, session: valid_session + end.not_to change(Play, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { play: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - play = Play.create! valid_attributes put :update, params: { id: play.to_param, play: new_attributes }, session: valid_session play.reload expect(play.url).to eql 'www.cool.com' @@ -99,31 +72,32 @@ end it 'redirects to the play' do - play = Play.create! valid_attributes put :update, params: { id: play.to_param, play: valid_attributes }, session: valid_session expect(response).to redirect_to(play) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - play = Play.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: play.to_param, play: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + play + end + it 'destroys the requested play' do - play = Play.create! valid_attributes expect do delete :destroy, params: { id: play.to_param }, session: valid_session end.to change(Play, :count).by(-1) end it 'redirects to the plays list' do - play = Play.create! valid_attributes delete :destroy, params: { id: play.to_param }, session: valid_session expect(response).to redirect_to(plays_url) end diff --git a/spec/controllers/public_performances_controller_spec.rb b/spec/controllers/public_performances_controller_spec.rb index bdecc845..3f99b0cf 100644 --- a/spec/controllers/public_performances_controller_spec.rb +++ b/spec/controllers/public_performances_controller_spec.rb @@ -11,52 +11,19 @@ { 'author_first_name' => ['Bad'], 'author_last_name' => [''], 'college_ids' => [''], 'uc_department' => '', 'work_title' => '', 'other_title' => '', 'location' => '', 'date' => '', 'time' => '' } end - let(:valid_session) { { submitter_id: 1 } } - - describe 'GET #index' do - before do - FactoryBot.create(:submitter) - end - - it 'returns a success response' do - PublicPerformance.create! valid_attributes - get :index, session: valid_session - expect(response).to redirect_to('/publications') - end - end - - describe 'GET #show' do - it 'returns a success response' do - public_performance = PublicPerformance.create! valid_attributes - get :show, params: { id: public_performance.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #show as admin' do - it 'returns a success response' do - FactoryBot.create(:submitter) - session[:admin] = true - public_performance = PublicPerformance.create! valid_attributes - get :show, params: { id: public_performance.to_param }, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #new' do - it 'returns a success response' do - get :new, params: {}, session: valid_session - expect(response).to be_successful - end - end - - describe 'GET #edit' do - it 'returns a success response' do - public_performance = PublicPerformance.create! valid_attributes - get :edit, params: { id: public_performance.to_param }, session: valid_session - expect(response).to be_successful - end - end + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + let(:public_performance) { PublicPerformance.create! valid_attributes } + + it_behaves_like 'restricts non-logged-in users', { + 'index' => :get, + 'show' => :get, + 'new' => :get, + 'edit' => :get, + 'create' => :post, + 'update' => :put, + 'destroy' => :delete + } describe 'POST #create' do context 'with valid params' do @@ -64,7 +31,7 @@ FactoryBot.create(:submitter) end - it 'creates a new Other Publication' do + it 'creates a new Public Performance' do expect do post :create, params: { public_performance: valid_attributes }, session: valid_session end.to change(PublicPerformance, :count).by(1) @@ -77,9 +44,16 @@ end context 'with invalid params' do - it "returns a success response (i.e. to display the 'new' template)" do + it 'does not create a new Public Performance' do + expect do + post :create, params: { public_performance: invalid_attributes }, session: valid_session + end.not_to change(PublicPerformance, :count) + end + + it "redirects to the 'new' template with status 'unprocessable_entity'" do post :create, params: { public_performance: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:new) + expect(response.status).to eql 422 end end end @@ -91,7 +65,6 @@ end it 'updates the requested other publication' do - public_performance = PublicPerformance.create! valid_attributes put :update, params: { id: public_performance.to_param, public_performance: new_attributes }, session: valid_session public_performance.reload expect(public_performance.time).to eql 'now' @@ -99,31 +72,32 @@ end it 'redirects to the public_performance' do - public_performance = PublicPerformance.create! valid_attributes put :update, params: { id: public_performance.to_param, public_performance: valid_attributes }, session: valid_session expect(response).to redirect_to(public_performance) end end context 'with invalid params' do - it "returns a success response (i.e. to display the 'edit' template)" do - public_performance = PublicPerformance.create! valid_attributes + it "redirects to the 'edit' template with status 'unprocessable_entity'" do put :update, params: { id: public_performance.to_param, public_performance: invalid_attributes }, session: valid_session - expect(response).to be_successful + expect(response).to render_template(:edit) + expect(response.status).to eql 422 end end end describe 'DELETE #destroy' do + before do + public_performance + end + it 'destroys the requested public_performance' do - public_performance = PublicPerformance.create! valid_attributes expect do delete :destroy, params: { id: public_performance.to_param }, session: valid_session end.to change(PublicPerformance, :count).by(-1) end it 'redirects to the public_performances list' do - public_performance = PublicPerformance.create! valid_attributes delete :destroy, params: { id: public_performance.to_param }, session: valid_session expect(response).to redirect_to(public_performances_url) end diff --git a/spec/controllers/submitters_controller_spec.rb b/spec/controllers/submitters_controller_spec.rb index b35a2dac..e6642c50 100644 --- a/spec/controllers/submitters_controller_spec.rb +++ b/spec/controllers/submitters_controller_spec.rb @@ -12,12 +12,16 @@ end let(:old_submitter) { FactoryBot.create(:submitter) } + let(:some_old_value) { 'some_old_value' } let(:old_session) { { submitter_id: old_submitter.id, some_old_key: some_old_value } } let(:submitter) { FactoryBot.create(:submitter) } let(:valid_session) { { submitter_id: submitter.id } } + let(:submitter) { FactoryBot.create(:submitter) } + let(:valid_session) { { submitter_id: submitter.id } } + describe 'GET #show' do it 'returns a success response' do submitter = Submitter.create! valid_attributes @@ -45,7 +49,6 @@ context 'with valid params' do it 'clears the old session' do post :create, params: { submitter: valid_attributes }, session: old_session - expect(session[:submitter_id]).not_to be_nil expect(session[:submitter_id]).to eq(Submitter.last.id) expect(session[:some_old_key]).to be_nil diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb index 299c0f5a..90884638 100644 --- a/spec/rails_helper.rb +++ b/spec/rails_helper.rb @@ -26,7 +26,7 @@ # directory. Alternatively, in the individual `*_spec.rb` files, manually # require only the support files necessary. # -# Dir[Rails.root.join('spec', 'support', '**', '*.rb')].each { |f| require f } +Dir[Rails.root.join('spec', 'support', '**', '*.rb')].each { |f| require f } # Checks for pending migrations and applies them before tests are run. # If you are not using ActiveRecord, you can remove these lines. diff --git a/spec/support/helpers/access_authorization.rb b/spec/support/helpers/access_authorization.rb new file mode 100644 index 00000000..8cea5a89 --- /dev/null +++ b/spec/support/helpers/access_authorization.rb @@ -0,0 +1,70 @@ +# frozen_string_literal: true + +# Configures the user session based on the specified role. +# This helper method sets the session state to mimic different user roles (:admin, :submitter, or :none). +# For an admin user, it sets session[:admin] to true and removes any submitter_id. +# For a submitter user, it sets session[:submitter_id] to a submitter's ID and ensures session[:admin] is false. +# For a non-logged-in user (:none), it clears both admin and submitter_id from the session. +# This method is used in testing to simulate different user access scenarios in controller actions. +# Parameters: +# - user_role: Symbol representing the user role (:admin, :submitter, or :none). +def configure_user_session(user_role) + case user_role + when :admin + session[:admin] = true + session.delete(:submitter_id) + when :submitter + session[:admin] = false + session[:submitter_id] = FactoryBot.create(:submitter).id + when :none + session.delete(:admin) + session.delete(:submitter_id) + end +end + +# Generates parameters for controller action tests based on the specified action. +# This helper method provides a convenient way to create the necessary parameters for various controller actions. +# It returns a hash containing the record's ID for actions that typically require an identifier +# (show, edit, update, destroy). +# For other actions that do not require specific parameters (like index or new), it returns an empty hash. +# This method simplifies test setup by dynamically generating appropriate parameters for each action. +# Parameters: +# - action: The controller action for which parameters are needed (e.g., 'show', 'edit'). +# - record: The record object used to extract the ID for parameter generation. +def params_for(action) + case action + when 'create' + create_params + when 'update' + update_params + when 'edit', 'destroy', 'show' + id_params + else + {} + end +end + +private + +def create_params + model_name_underscore = model_name_underscored + { model_name_underscore => FactoryBot.attributes_for(model_name_underscore.to_sym) } +end + +def update_params + model_name_underscore = model_name_underscored + record = FactoryBot.create(model_name_underscore.to_sym) + updated_attributes = FactoryBot.attributes_for(model_name_underscore.to_sym) + { id: record.id, model_name_underscore => updated_attributes } +end + +def id_params + model_name_underscore = model_name_underscored + record = FactoryBot.create(model_name_underscore.to_sym) + { id: record.id } +end + +def model_name_underscored + model = controller.controller_name.classify.constantize + model.to_s.underscore +end diff --git a/spec/support/shared_examples/allowed_access.rb b/spec/support/shared_examples/allowed_access.rb new file mode 100644 index 00000000..d6195617 --- /dev/null +++ b/spec/support/shared_examples/allowed_access.rb @@ -0,0 +1,43 @@ +# frozen_string_literal: true + +# Shared examples for verifying access control based on user roles. +# This example tests that a user with a specified role (e.g., admin, submitter) has appropriate access to different controller actions. +# - For 'create' actions, it expects a redirect to a dynamically determined URL based on the controller name. +# - For 'update' actions, it expects a redirect to the show page of the updated instance, dynamically determined from the controller. +# - For 'destroy' actions, it expects a redirect to the index page of the respective controller. +# - For 'new', 'edit', 'index', and 'show' actions, it expects a successful response. +# The user session is configured based on the provided user role, and the action is triggered using the appropriate HTTP method. +RSpec.shared_examples 'allowed access' do |action, method, user_role| + it "allows #{user_role} users to access #{action}" do + configure_user_session(user_role) + public_send(method, action, params: params_for(action)) + + case action + when 'create' + expect(response).to redirect_to(expected_url_after_create) + when 'update' + instance_var = instance_variable_get("@#{controller.controller_name.singularize}") + expect(response).to redirect_to(instance_var) + when 'destroy' + expect(response).to redirect_to(index_url_for(controller.controller_name)) + when 'new', 'edit', 'show' + expect(response).to be_successful + when 'index' + if controller.controller_name == 'colleges' + expect(response).to be_successful + else + expect(response).to redirect_to(publications_url) + end + end + end +end + +private + +def expected_url_after_create + controller.controller_name == 'colleges' ? College.last : publications_url +end + +def index_url_for(controller_name) + Rails.application.routes.url_helpers.url_for(controller: controller_name, action: :index, only_path: true) +end diff --git a/spec/support/shared_examples/redirect_to_root.rb b/spec/support/shared_examples/redirect_to_root.rb new file mode 100644 index 00000000..5570ed4f --- /dev/null +++ b/spec/support/shared_examples/redirect_to_root.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +# Shared examples for 'redirect to root' to test access control. +# This example verifies that users with the specified role (e.g., :admin, :submitter, +# or :none for non-logged-in users) are properly restricted from accessing certain +# controller actions, resulting in a redirection to the root url to log in. +# +# It configures the user session according to the given role and then makes a request to the specified action. +# +# Parameters: +# - action: The controller action being tested (e.g., :index, :show). +# - method: The HTTP method used for the request (e.g., :get, :post). +# - user_role: The user role being tested for restriction (default is :none for non-logged-in users). +RSpec.shared_examples 'redirect to root' do |action, method, user_role = :none| + it 'redirects to the root url' do + configure_user_session(user_role) + public_send(method, action, params: params_for(action)) + expect(response).to redirect_to(root_url) + end +end diff --git a/spec/support/shared_examples/restricts_non_logged_in_users.rb b/spec/support/shared_examples/restricts_non_logged_in_users.rb new file mode 100644 index 00000000..2b47fb58 --- /dev/null +++ b/spec/support/shared_examples/restricts_non_logged_in_users.rb @@ -0,0 +1,29 @@ +# frozen_string_literal: true + +# Shared examples for testing that only logged in users have access to certain actions. +# This example dynamically determines the model based on the controller and creates a record for it. +# It then iterates over a provided hash of actions and methods, setting up tests for each. +# For each action, it tests three contexts: +# 1. Non-admin and non-submitter users are restricted (expecting a 404 response). +# 2. Submitter users are allowed access (expecting a successful response or redirect as appropriate). +# 3. Admin users are allowed access (expecting a successful response or redirect as appropriate). +# This ensures that only logged in users can access these specific actions in the controller. +# Parameters: +# - actions: A hash where keys are action names and values are the corresponding HTTP methods. +RSpec.shared_examples 'restricts non-logged-in users' do |actions| + actions.each do |action, method| + describe "#{method.upcase} ##{action}" do + context 'when non-admin and non-submitter user' do + include_examples 'redirect to root', action, method, :none + end + + context 'when submitter user' do + include_examples 'allowed access', action, method, :submitter + end + + context 'when admin user' do + include_examples 'allowed access', action, method, :admin + end + end + end +end