Fork: 0
opidor / dmpopidor
Transfer to URL with SHA Find file
Newer
Older
dmpopidor / test / functional / org_admin / sections_controller_test.rb
@briley briley on 23 May 2018 7 KB Template Versioning
Raw Blame History 
require 'test_helper'

class SectionsControllerTest < ActionDispatch::IntegrationTest
  
  include Devise::Test::IntegrationHelpers
  
  setup do
    @institution = init_institution
    @researcher = init_researcher(@institution)
    @org_admin = init_org_admin(@institution)
    @template = init_template(@institution, {
      title: 'Test Template', 
      published: true, 
      visibility: Template.visibilities[:publicly_visible]
    })
    @phase = init_phase(@template)
    @section = init_section(@phase)
  end

  test "unauthorized user cannot access the index page" do
    get org_admin_template_phase_sections_path(@template, @phase)
    assert_unauthorized_redirect_to_root_path
  end

  test 'authorized user can access the index page' do
    [@researcher, @org_admin].each do |user|
      sign_in user
      get org_admin_template_phase_sections_path(@template, @phase)
      assert_response :success, "expected #{user.name(false)} to be able to access the section_controller#index page"
      assert_nil flash[:notice]
      assert_nil flash[:alert]
    end
  end

  test "unauthorized user cannot access the section_controller#show page" do
    get org_admin_template_phase_section_path(@template, @phase, @section)
    assert_unauthorized_redirect_to_root_path
  end

  test 'authorized user can access the section_controller#show page' do
    [@researcher, @org_admin].each do |user|
      sign_in user
      get org_admin_template_phase_section_path(@template, @phase, @section)
      assert_response :success, "expected #{user.name(false)} to be able to access the section_controller#show page"
      assert_nil flash[:notice]
      assert_nil flash[:alert]
    end
  end

  test "unauthorized user cannot access the section_controller#edit page" do
    get edit_org_admin_template_phase_section_path(@template, @phase, @section)
    assert_unauthorized_redirect_to_root_path
    sign_in @researcher
    get edit_org_admin_template_phase_section_path(@template, @phase, @section)
    assert_authorized_redirect_to_plans_page
  end

  test 'authorized user can access the section_controller#edit page' do
    sign_in @org_admin
    get edit_org_admin_template_phase_section_path(@template, @phase, @section)
    assert_response :success
    assert_nil flash[:notice]
    assert_nil flash[:alert]
  end

  test 'unauthorized user cannot call section_controller#create' do
    params = { section: { title: 'New section', number: 2 } }
    post org_admin_template_phase_sections_path(@template, @phase), params
    assert_unauthorized_redirect_to_root_path
    sign_in @researcher
    post org_admin_template_phase_sections_path(@template, @phase), params
    assert_authorized_redirect_to_plans_page
  end
  
  test 'unauthorized user cannot call section_controller#create for another org\'s template' do
    params = { section: { title: 'New section', number: 2 } }
    funder = init_funder
    funder_template = init_template(funder)
    funder_phase = init_phase(funder_template)
    sign_in @org_admin
    post org_admin_template_phase_sections_path(funder_template, funder_phase), params
    assert_authorized_redirect_to_plans_page
  end
  
  test 'authorized user can call section_controller#create for an unpublished template' do
    @template.update!(published: false)
    params = { section: { title: 'New section', number: 2 } }
    sign_in @org_admin
    post org_admin_template_phase_sections_path(@template, @phase), params
    assert_response :redirect
    assert_redirected_to edit_org_admin_template_phase_path(template_id: @template.id, id: @phase.id, section: @phase.sections.last.id)
  end
  
  test 'authorized user can call section_controller#create for a published template' do
    params = { section: { title: 'New section', number: 2 } }
    sign_in @org_admin
    post org_admin_template_phase_sections_path(@template, @phase), params
    assert_response :redirect
    template = Template.latest_version(@template.family_id).first
    assert_redirected_to edit_org_admin_template_phase_path(template_id: template.id, id: template.phases.first.id, section: template.phases.first.sections.last.id)
  end
  
  test 'unauthorized user cannot call section_controller#edit' do
    params = { section: { title: 'Edited section' } }
    put org_admin_template_phase_section_path(@template, @phase, @section), params
    assert_unauthorized_redirect_to_root_path
    sign_in @researcher
    put org_admin_template_phase_section_path(@template, @phase, @section), params
    assert_authorized_redirect_to_plans_page
  end

  test 'unauthorized user cannot call section_controller#edit for another org\'s template' do
    params = { section: { title: 'Edited section' } }
    funder = init_funder
    funder_template = init_template(funder)
    funder_phase = init_phase(funder_template)
    funder_section = init_section(funder_phase)
    sign_in @org_admin
    put org_admin_template_phase_section_path(funder_template, funder_phase, funder_section), params
    assert_authorized_redirect_to_plans_page
  end
  
  test 'authorized user can call section_controller#edit for an unpublished template' do
    @template.update!(published: false)
    params = { section: { title: 'Edited section' } }
    sign_in @org_admin
    put org_admin_template_phase_section_path(@template, @phase, @section), params
    assert_response :redirect
    assert_redirected_to edit_org_admin_template_phase_path(template_id: @template.id, id: @phase.id, section: @phase.sections.last.id)
  end
  
  test 'authorized user can call section_controller#edit for a published template' do
    params = { section: { title: 'Edited section' } }
    sign_in @org_admin
    put org_admin_template_phase_section_path(@template, @phase, @section), params
    assert_response :redirect
    template = Template.latest_version(@template.family_id).first
    assert_redirected_to edit_org_admin_template_phase_path(template_id: template.id, id: template.phases.first.id, section: template.phases.first.sections.last.id)
  end
  
  test 'unauthorized user cannot call section_controller#destroy' do
    delete org_admin_template_phase_section_path(@template, @phase, @section)
    assert_unauthorized_redirect_to_root_path
    sign_in @researcher
    delete org_admin_template_phase_section_path(@template, @phase, @section)
    assert_authorized_redirect_to_plans_page
  end
  
  test 'unauthorized user cannot call section_controller#destroy for another org\'s template' do
    funder = init_funder
    funder_template = init_template(funder)
    funder_phase = init_phase(funder_template)
    funder_section = init_section(funder_phase)
    sign_in @org_admin
    delete org_admin_template_phase_section_path(funder_template, funder_phase, funder_section)
    assert_authorized_redirect_to_plans_page
  end
  
  test 'authorized user can call section_controller#destroy for an unpublished template' do
    @template.update!(published: false)
    sign_in @org_admin
    delete org_admin_template_phase_section_path(@template, @phase, @section)
    assert_response :redirect
    assert_redirected_to edit_org_admin_template_phase_path(template_id: @template.id, id: @phase.id)
  end
  
  test 'authorized user can call section_controller#destroy for a published template' do
    sign_in @org_admin
    delete org_admin_template_phase_section_path(@template, @phase, @section)
    assert_response :redirect
    template = Template.latest_version(@template.family_id).first
    assert_redirected_to edit_org_admin_template_phase_path(template_id: template.id, id: template.phases.first.id)
  end
end