require 'test_helper' class TemplatesControllerTest < ActionDispatch::IntegrationTest include Devise::Test::IntegrationHelpers setup do @funder = init_funder @institution = init_institution @organisation = init_organisation @researcher = init_researcher(@institution) @org_admin = init_org_admin(@institution) @super_admin = init_super_admin(@organisation) @funder_template = init_template(@funder, { title: 'Test Funder Template', published: true, visibility: Template.visibilities[:publicly_visible] }) @org_template = init_template(@institution, { title: 'Test Org Template', published: true }) end test "unauthorized user cannot access the templates#index page" do get org_admin_templates_path assert_unauthorized_redirect_to_root_path sign_in @researcher get org_admin_templates_path assert_authorized_redirect_to_plans_page sign_in @org_admin get org_admin_templates_path assert_authorized_redirect_to_plans_page end test "authorized user can access the templates#index page" do sign_in @super_admin get org_admin_templates_path assert_response :success end test "unauthorized user cannot access the templates#organisational page" do get organisational_org_admin_templates_path assert_unauthorized_redirect_to_root_path sign_in @researcher get organisational_org_admin_templates_path assert_authorized_redirect_to_plans_page end test "authorized user can access the templates#organisational page" do sign_in @org_admin get organisational_org_admin_templates_path assert_response :success end test "unauthorized user cannot access the templates#customisable page" do get customisable_org_admin_templates_path assert_unauthorized_redirect_to_root_path sign_in @researcher get customisable_org_admin_templates_path assert_authorized_redirect_to_plans_page end test "authorized user can access the templates#customisable page" do sign_in @org_admin get customisable_org_admin_templates_path assert_response :success end test "unauthorized user cannot access the template#edit page" do get edit_org_admin_template_path(@org_template) assert_unauthorized_redirect_to_root_path sign_in @researcher get edit_org_admin_template_path(@org_template) assert_authorized_redirect_to_plans_page end test "authorized user can access the template#edit page" do sign_in @org_admin get edit_org_admin_template_path(@org_template) assert_response :success end test "admin cannot access another org's template#edit page" do sign_in @org_admin get edit_org_admin_template_path(@funder_template) assert_authorized_redirect_to_plans_page end test "super admin can access any org's template#edit page" do sign_in @super_admin [@org_template, @funder_template].each do |template| get edit_org_admin_template_path(template) assert_response :success end end test 'get templates#edit returns ok when template is latest' do sign_in @org_admin get(edit_org_admin_template_path(@org_template)) assert_response :success assert_nil flash[:notice], 'expected no warning messages' end test 'get templates#edit returns ok with flash notice when template is not latest' do new_version = @org_template.generate_version! sign_in @org_admin get(edit_org_admin_template_path(@org_template.id)) assert_response :success assert_not_nil flash[:notice], 'expected a warning message' end test "unauthorized user cannot access the template#new page" do get new_org_admin_template_path assert_unauthorized_redirect_to_root_path sign_in @researcher get new_org_admin_template_path assert_authorized_redirect_to_plans_page end test "authorized user can access the template#new page" do sign_in @org_admin get new_org_admin_template_path assert_response :success end test "unauthorized user cannot access the template#history page" do get history_org_admin_template_path(@org_template) assert_unauthorized_redirect_to_root_path sign_in @researcher get history_org_admin_template_path(@org_template) assert_authorized_redirect_to_plans_page end test "authorized user can access the template#history page" do sign_in @org_admin get history_org_admin_template_path(@org_template) assert_response :success end test "unauthorized user cannot access template#delete" do delete org_admin_template_path(@org_template) assert_unauthorized_redirect_to_root_path sign_in @researcher delete org_admin_template_path(@org_template) assert_authorized_redirect_to_plans_page end test "authorized user can access template#delete" do sign_in @org_admin delete org_admin_template_path(@org_template) assert_response :redirect assert_redirected_to org_admin_templates_path assert_nil flash[:alert] end test "unauthorized user cannot create a template#create" do post org_admin_templates_path(@institution), {template: {title: ''}} assert_unauthorized_redirect_to_root_path sign_in @researcher post org_admin_templates_path(@institution), {template: {title: ''}} assert_authorized_redirect_to_plans_page end test "authorized user can create a template#create" do params = {title: 'Testing create route'} sign_in @org_admin post org_admin_templates_path(@institution), {template: params} assert flash[:notice].start_with?('Successfully') && flash[:notice].include?('created') assert_response :redirect assert_redirected_to edit_org_admin_template_url(Template.last.id) end test "unauthorized user cannot update a template#update" do put org_admin_template_path(@org_template), {template: {title: ''}} assert_unauthorized_redirect_to_root_path sign_in @researcher put org_admin_template_path(@org_template), {template: {title: ''}} assert_authorized_redirect_to_plans_page end test "authorized user can update the template#update" do params = {title: 'ABCD'} sign_in @org_admin put org_admin_template_path(@org_template), {template: params} assert_response :ok json_body = ActiveSupport::JSON.decode(response.body) assert json_body["msg"].start_with?('Successfully') && json_body["msg"].include?('saved') end test "unauthorized user cannot customize a template#customize" do post customize_org_admin_template_path(@org_template) assert_unauthorized_redirect_to_root_path sign_in @researcher post customize_org_admin_template_path(@org_template) assert_authorized_redirect_to_plans_page end test "authorized user can customize a funder template#customize" do @funder_template.update!({ published: true }) sign_in @org_admin post customize_org_admin_template_path(@funder_template) assert_response :redirect assert_redirected_to org_admin_template_url(Template.latest_customized_version(@funder_template.family_id, @institution.id).first) end test "unauthorized user cannot publish a template#publish" do patch publish_org_admin_template_path(@org_template) assert_unauthorized_redirect_to_root_path sign_in @researcher patch publish_org_admin_template_path(@org_template) assert_authorized_redirect_to_plans_page end test "authorized user cannot publish another org's template#publish" do sign_in @org_admin patch publish_org_admin_template_path(@funder_template) assert_authorized_redirect_to_plans_page end test "authorized user can publish a template#publish" do sign_in @org_admin patch publish_org_admin_template_path(@org_template) assert_equal _('Your template has been published and is now available to users.'), flash[:notice] assert_response :redirect assert_redirected_to org_admin_templates_path end test "unauthorized user cannot unpublish a template#unpublish" do patch unpublish_org_admin_template_path(@org_template) assert_unauthorized_redirect_to_root_path sign_in @researcher patch unpublish_org_admin_template_path(@org_template) assert_authorized_redirect_to_plans_page end test "authorized user can unpublish a template#unpublish" do sign_in @org_admin patch unpublish_org_admin_template_path(@org_template) assert_response :redirect assert_redirected_to org_admin_templates_path end test "unauthorized user cannot copy a template#copy" do post copy_org_admin_template_path(@org_template) assert_unauthorized_redirect_to_root_path sign_in @researcher post copy_org_admin_template_path(@org_template) assert_authorized_redirect_to_plans_page end test "unauthorized user cannot copy another org's template template#copy" do sign_in @researcher post copy_org_admin_template_path(@funder_template) assert_response :redirect assert_authorized_redirect_to_plans_page end test "authorized super admin can copy another org's template template#copy" do sign_in @super_admin post copy_org_admin_template_path(@funder_template) assert_response :redirect assert_redirected_to edit_org_admin_template_url(Template.where(org_id: @organisation.id).order(id: :desc).last) end test "authorized user can copy a template#copy" do sign_in @org_admin post copy_org_admin_template_path(@org_template) assert_response :redirect assert_redirected_to edit_org_admin_template_url(Template.where(org_id: @institution.id).last) end test "unauthorized user cannot transfer a template customization template#transfer_customization" do post transfer_customization_org_admin_template_path(@org_template) assert_unauthorized_redirect_to_root_path sign_in @researcher post transfer_customization_org_admin_template_path(@org_template) assert_authorized_redirect_to_plans_page end test "authorized user can transfer a template customization template#transfer_customization" do # TODO: This will not work because Rails is persisting these transactions to the DB at the same time, so their created_at # timestamps match even if we add a 'sleep' statement. The template.upgrade_customization? will fail because of this. # sign_in @org_admin # original = @funder_template.customize!(@organisation) # # Add a phase to the funder template and republish it # phase = init_phase(@funder_template, { title: 'testing transfer of customizations' }) # phase.template.update!({ published: true, title: 'upgraded funder template' }) # post transfer_customization_org_admin_template_path(original) # assert_response :redirect # assert_redirected_to edit_org_admin_template_url(Template.latest_customized_version(@funder_template.family_id, @organisation.id).first) end test "unauthorized user cannot get template#template_options" do get "#{org_admin_template_options_path}?plan[org_id]=#{@institution.id}&plan[funder_id]=#{@funder.id}" assert_unauthorized_redirect_to_root_path end test "authorized user can get template#template_options" do sign_in @researcher get "#{org_admin_template_options_path}?plan[org_id]=#{@institution.id}&plan[funder_id]=#{@funder.id}" assert_response :success json_body = JSON.parse(@response.body) assert json_body["templates"].length > 0 end end