require 'test_helper'
class TemplatesControllerTest < ActionDispatch::IntegrationTest
include Devise::Test::IntegrationHelpers
setup do
scaffold_template
# Get the first Org Admin
scaffold_org_admin(@template.org)
@regular_user = User.find_by(email: 'org_user@example.com')
end
test "unauthorized user cannot access the templates page" do
# Should redirect user to the root path if they are not logged in!
get org_admin_templates_path
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get org_admin_templates_path
assert_authorized_redirect_to_plans_page
end
test "Org Admin should see the list of their templates and customizable funder templates" do
sign_in @user
get org_admin_templates_path
assert_response :success
assert_select "#organisation-templates table tbody tr", @user.org.templates.length, "expected the Org Admin to only see their own templates"
end
test "Super Admin should see the list of all templates" do
user = User.find_by(email: 'super_admin@example.com')
sign_in user
get org_admin_templates_path
assert_response :success
assert_select "#organisation-templates table tbody tr", Template.where(org: Org.not_funder).pluck(:dmptemplate_id).uniq.length, "expected the Super Admin to see all of the templates"
end
test "unauthorized user cannot access the template edit page" do
# Should redirect user to the root path if they are not logged in!
get edit_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get edit_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "get the template edit page" do
sign_in @user
get edit_org_admin_template_path(@template)
assert_response :success
assert assigns(:template)
assert assigns(:template_hash)
assert assigns(:current)
end
test "unauthorized user cannot access the new template page" do
# Should redirect user to the root path if they are not logged in!
get new_org_admin_template_path(Template.last.id)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get new_org_admin_template_path(Template.last.id)
assert_authorized_redirect_to_plans_page
end
test "get the new template page" do
sign_in @user
get new_org_admin_template_path(Template.last.id)
assert_response :success
end
test "unauthorized user cannot access the template history page" do
# Should redirect user to the root path if they are not logged in!
get history_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get history_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "get the template history page" do
sign_in @user
get history_org_admin_template_path(@template)
assert_response :success
assert assigns(:template)
assert assigns(:templates)
assert assigns(:current)
end
test "unauthorized user cannot delete a template" do
# Should redirect user to the root path if they are not logged in!
delete org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
delete org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "delete the admin template" do
id = @template.id
sign_in @user
family = @template.dmptemplate_id
prior = Template.current(family)
version_the_template
current = Template.current(family)
# Try to delete a historical version should fail
delete org_admin_template_path(prior)
assert_equal _('You cannot delete historical versions of this template.'), flash[:alert]
assert_response :redirect
assert_redirected_to org_admin_templates_path
assert_not Template.find(prior.id).nil?
# Try to delete the current version should work
delete org_admin_template_path(current)
assert_response :redirect
assert_redirected_to org_admin_templates_path
assert_raise ActiveRecord::RecordNotFound do
Template.find(current.id).nil?
end
assert_equal prior, Template.current(family), "expected the old version to now be the current version"
# Should not be able to delete a template that has plans!
end
test "unauthorized user cannot create a template" do
# Should redirect user to the root path if they are not logged in!
post org_admin_templates_path(@user.org), {template: {title: ''}}
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
post org_admin_templates_path(@user.org), {template: {title: ''}}
assert_authorized_redirect_to_plans_page
end
test "create a template" do
params = {title: 'Testing create route'}
sign_in @user
post org_admin_templates_path(@user.org), {template: params}
assert flash[:notice].start_with?('Successfully') && flash[:notice].include?('created')
assert_response :redirect
assert_redirected_to edit_org_admin_template_url(Template.last.id)
assert assigns(:template)
assert_equal 'Testing create route', Template.last.title, "expected the record to have been created!"
# Invalid object
post org_admin_templates_path(@user.org), {template: {title: nil, org_id: @user.org.id}}
assert flash[:alert].starts_with?(_('Could not create your'))
assert_response :success
assert assigns(:template)
assert assigns(:hash)
end
test "unauthorized user cannot update a template" do
# Should redirect user to the root path if they are not logged in!
put org_admin_template_path(@template), {template: {title: ''}}
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
put org_admin_template_path(@template), {template: {title: ''}}
assert_authorized_redirect_to_plans_page
end
test "update the template" do
params = {title: 'ABCD'}
sign_in @user
family = @template.dmptemplate_id
prior = Template.current(family)
version_the_template
current = Template.current(family)
# We shouldn't be able to edit a historical version
put org_admin_template_path(prior), {template: params}
assert_response :forbidden
json_body = ActiveSupport::JSON.decode(response.body)
assert_equal(_('You can not edit a historical version of this template.'), json_body["msg"])
# Make sure we get the right response when editing an unpublished template
put org_admin_template_path(current), {template: params}
assert_response :ok
json_body = ActiveSupport::JSON.decode(response.body)
assert json_body["msg"].start_with?('Successfully') && json_body["msg"].include?('saved')
assert_equal('ABCD', current.reload.title, "expected the record to have been updated")
assert current.reload.dirty?
# Make sure we get the right response when providing an invalid template
put org_admin_template_path(current), {template: {title: nil}}
assert_response :bad_request
json_body = ActiveSupport::JSON.decode(response.body)
assert json_body["msg"].starts_with?(_('Could not update your'))
end
test "unauthorized user cannot customize a template" do
# Make sure we are redirected if we're not logged in
get customize_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get customize_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "customize a funder template" do
funder_template = Template.create(org: Org.funder.first, title: 'Testing integration')
# Sign in as the funder so that we cna publish the template
sign_in User.find_by(org: funder_template.org)
get publish_org_admin_template_path(funder_template)
assert_response :redirect
assert_redirected_to org_admin_templates_path
# Sign in as the regular user so we can customize the funder template
sign_in @user
template = Template.live(funder_template.dmptemplate_id)
get customize_org_admin_template_path(template)
customization = Template.where(customization_of: template.dmptemplate_id).last
assert_response :redirect
assert_redirected_to edit_org_admin_template_url(Template.last)
assert assigns(:template)
assert_equal 0, customization.version
assert_not customization.published?
assert customization.dirty?
# Make sure the funder templates data is not modifiable!
customization.phases.each do |p|
assert_not p.modifiable
p.sections.each do |s|
assert_not s.modifiable
s.questions.each do |q|
assert_not q.modifiable
end
end
end
end
test "unauthorized user cannot publish a template" do
# Should redirect user to the root path if they are not logged in!
get publish_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get publish_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "publish a template" do
sign_in @user
family = @template.dmptemplate_id
prior = Template.current(family)
version_the_template
current = Template.current(family)
# We shouldn't be able to edit a historical version
get publish_org_admin_template_path(prior)
assert_equal _('You can not publish a historical version of this template.'), flash[:alert]
assert_response :redirect
assert_redirected_to org_admin_templates_path
assert assigns(:template)
# Publish the current template
get publish_org_admin_template_path(current)
assert_equal _('Your template has been published and is now available to users.'), flash[:notice]
assert_response :redirect
assert_redirected_to org_admin_templates_path
current = Template.current(family)
# Update the description so that the template gets versioned
get edit_org_admin_template_path(current) # Click on 'edit'
new_version = Template.current(family) # Edit working copy
put org_admin_template_path(new_version), {template: {description: "this is an update"}}
# Make sure it versioned properly
new_version = Template.current(family)
assert_not_equal current.id = new_version.id, "expected it to create a new version"
assert_equal (current.version + 1), new_version.version, "expected the version to have incremented"
assert current.published?, "expected the old version to be published"
assert_not new_version.published?, "expected the new version to NOT be published"
assert_not current.dirty?, "expected the old dirty flag to be false"
assert new_version.dirty?, "expected the new dirty flag to be true"
assert_equal current.dmptemplate_id, new_version.dmptemplate_id, "expected the old and new versions to share the same dmptemplate_id"
end
test "unauthorized user cannot unpublish a template" do
# Should redirect user to the root path if they are not logged in!
get unpublish_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get unpublish_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "unpublish a template" do
sign_in @user
family = @template.dmptemplate_id
prior = Template.current(family)
version_the_template
current = Template.current(family)
# Publish it so we can unpublish
get publish_org_admin_template_path(current)
assert_not Template.live(family).nil?
get unpublish_org_admin_template_path(current)
assert_equal _('Your template is no longer published. Users will not be able to create new DMPs for this template until you re-publish it'), flash[:notice]
assert_response :redirect
assert_redirected_to org_admin_templates_path
# Make sure there are no published versions
assert Template.live(family).nil?
end
test "unauthorized user cannot copy a template" do
# Should redirect user to the root path if they are not logged in!
get copy_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get copy_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "copy a template" do
sign_in @user
get copy_org_admin_template_path(@template)
assert_response :redirect
assert_redirected_to "#{edit_org_admin_template_url(Template.last)}?edit=true"
end
test "unauthorized user cannot transfer a template customization" do
# Should redirect user to the root path if they are not logged in!
get transfer_customization_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get transfer_customization_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "transfer a template customization" do
# TODO add test for this. Could not get working, getting a nil for max_version within the method (NOT SURE IF THIS IS STILL IN USE!)
end
end
Jose Lloret