require 'test_helper'
class TemplatesControllerTest < ActionDispatch::IntegrationTest
include Devise::Test::IntegrationHelpers
setup do
scaffold_template
# Get the first Org Admin
scaffold_org_admin(@template.org)
@regular_user = User.find_by(email: 'org_user@example.com')
end
test "unauthorized user cannot access the templates page" do
# Should redirect user to the root path if they are not logged in!
get org_admin_templates_path
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get org_admin_templates_path
assert_authorized_redirect_to_plans_page
end
test "Org admin sees the correct templates on the templates page" do
init_templates
sign_in @org_admin
get org_admin_templates_path
verify_all_templates_table(@org_admin)
verify_own_templates_table(@org_admin)
verify_funder_templates_table(@org_admin)
end
test "Funder admin sees the correct templates on the templates page" do
init_templates
sign_in @funder_admin
get org_admin_templates_path
verify_all_templates_table(@funder_admin)
verify_own_templates_table(@funder_admin)
verify_funder_templates_table(@funder_admin)
end
test "Super admin sees the correct templates on the templates page" do
init_templates
sign_in @super_admin
get org_admin_templates_path
verify_all_templates_table(@super_admin)
verify_own_templates_table(@super_admin)
verify_funder_templates_table(@super_admin)
end
test "Predefined scopes correctly filter results on all templates table" do
init_templates
sign_in @super_admin
get org_admin_templates_path
verify_all_templates_table(@super_admin)
published = Template.latest_version.where(published: true, customization_of: nil)
unpublished = Template.latest_version.where(published: false, customization_of: nil)
verify_templates_table_scoping(all_org_admin_templates_path('ALL'), '#all-templates', published, unpublished)
end
test "Predefined scopes correctly filter results on own templates table" do
init_templates
sign_in @org_admin
get org_admin_templates_path
verify_all_templates_table(@org_admin)
published = Template.get_latest_template_versions(@org_admin.org).where(published: true, customization_of: nil)
unpublished = Template.get_latest_template_versions(@org_admin.org).where(published: false, customization_of: nil)
verify_templates_table_scoping(orgs_org_admin_templates_path('ALL'), '#organisation-templates', published, unpublished)
end
test "Predefined scopes correctly filter results on customizable templates table" do
init_templates
sign_in @org_admin
get org_admin_templates_path
verify_all_templates_table(@org_admin)
published = Template.where(title: 'UOS customization of Default template')
unpublished = Template.where('published = 1 AND visibility = 1 AND is_default = 0')
verify_templates_table_scoping(funders_org_admin_templates_path('ALL'), '#funders-templates', published, unpublished)
end
test "unauthorized user cannot access the template edit page" do
# Should redirect user to the root path if they are not logged in!
get edit_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get edit_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "get the template edit page" do
sign_in @user
get edit_org_admin_template_path(@template)
assert_response :success
assert assigns(:template)
assert assigns(:template_hash)
assert assigns(:current)
end
test "unauthorized user cannot access the new template page" do
# Should redirect user to the root path if they are not logged in!
get new_org_admin_template_path(Template.last.id)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get new_org_admin_template_path(Template.last.id)
assert_authorized_redirect_to_plans_page
end
test "get the new template page" do
sign_in @user
get new_org_admin_template_path(Template.last.id)
assert_response :success
end
test "unauthorized user cannot access the template history page" do
# Should redirect user to the root path if they are not logged in!
get history_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get history_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "get the template history page" do
sign_in @user
get history_org_admin_template_path(@template)
assert_response :success
assert assigns(:template)
assert assigns(:templates)
assert assigns(:current)
end
test "unauthorized user cannot delete a template" do
# Should redirect user to the root path if they are not logged in!
delete org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
delete org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "delete the admin template" do
id = @template.id
sign_in @user
family = @template.dmptemplate_id
prior = Template.current(family)
version_the_template
current = Template.current(family)
# Try to delete a historical version should fail
delete org_admin_template_path(prior)
assert_equal _('You cannot delete historical versions of this template.'), flash[:alert]
assert_response :redirect
assert_redirected_to org_admin_templates_path
assert_not Template.find(prior.id).nil?
# Try to delete the current version should work
delete org_admin_template_path(current)
assert_response :redirect
assert_redirected_to org_admin_templates_path
assert_raise ActiveRecord::RecordNotFound do
Template.find(current.id).nil?
end
assert_equal prior, Template.current(family), "expected the old version to now be the current version"
# Should not be able to delete a template that has plans!
end
test "unauthorized user cannot create a template" do
# Should redirect user to the root path if they are not logged in!
post org_admin_templates_path(@user.org), {template: {title: ''}}
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
post org_admin_templates_path(@user.org), {template: {title: ''}}
assert_authorized_redirect_to_plans_page
end
test "create a template" do
params = {title: 'Testing create route'}
sign_in @user
post org_admin_templates_path(@user.org), {template: params}
assert flash[:notice].start_with?('Successfully') && flash[:notice].include?('created')
assert_response :redirect
assert_redirected_to edit_org_admin_template_url(Template.last.id)
assert assigns(:template)
assert_equal 'Testing create route', Template.last.title, "expected the record to have been created!"
# Invalid object
post org_admin_templates_path(@user.org), {template: {title: nil, org_id: @user.org.id}}
assert flash[:alert].starts_with?(_('Could not create your'))
assert_response :success
assert assigns(:template)
assert assigns(:hash)
end
test "unauthorized user cannot update a template" do
# Should redirect user to the root path if they are not logged in!
put org_admin_template_path(@template), {template: {title: ''}}
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
put org_admin_template_path(@template), {template: {title: ''}}
assert_authorized_redirect_to_plans_page
end
test "update the template" do
params = {title: 'ABCD'}
sign_in @user
family = @template.dmptemplate_id
prior = Template.current(family)
version_the_template
current = Template.current(family)
# We shouldn't be able to edit a historical version
put org_admin_template_path(prior), {template: params}
assert_response :forbidden
json_body = ActiveSupport::JSON.decode(response.body)
assert_equal(_('You can not edit a historical version of this template.'), json_body["msg"])
# Make sure we get the right response when editing an unpublished template
put org_admin_template_path(current), {template: params}
assert_response :ok
json_body = ActiveSupport::JSON.decode(response.body)
assert json_body["msg"].start_with?('Successfully') && json_body["msg"].include?('saved')
assert_equal('ABCD', current.reload.title, "expected the record to have been updated")
assert current.reload.dirty?
# Make sure we get the right response when providing an invalid template
put org_admin_template_path(current), {template: {title: nil}}
assert_response :bad_request
json_body = ActiveSupport::JSON.decode(response.body)
assert json_body["msg"].starts_with?(_('Could not update your'))
end
test "unauthorized user cannot customize a template" do
# Make sure we are redirected if we're not logged in
get customize_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get customize_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "customize a funder template" do
funder_template = Template.create(org: Org.funder.first, title: 'Testing integration')
# Sign in as the funder so that we cna publish the template
sign_in User.find_by(org: funder_template.org)
get publish_org_admin_template_path(funder_template)
assert_response :redirect
assert_redirected_to "#{org_admin_templates_path}#organisation-templates"
# Sign in as the regular user so we can customize the funder template
sign_in @user
template = Template.live(funder_template.dmptemplate_id)
get customize_org_admin_template_path(template)
customization = Template.where(customization_of: template.dmptemplate_id).last
assert_response :redirect
assert_redirected_to edit_org_admin_template_url(Template.last)
assert assigns(:template)
assert_equal 0, customization.version
assert_not customization.published?
assert customization.dirty?
# Make sure the funder templates data is not modifiable!
customization.phases.each do |p|
assert_not p.modifiable
p.sections.each do |s|
assert_not s.modifiable
s.questions.each do |q|
assert_not q.modifiable
end
end
end
end
test "unauthorized user cannot publish a template" do
# Should redirect user to the root path if they are not logged in!
get publish_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get publish_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "publish a template" do
sign_in @user
family = @template.dmptemplate_id
prior = Template.current(family)
version_the_template
current = Template.current(family)
# We shouldn't be able to edit a historical version
get publish_org_admin_template_path(prior)
assert_equal _('You can not publish a historical version of this template.'), flash[:alert]
assert_response :redirect
assert_redirected_to org_admin_templates_path
# Publish the current template
get publish_org_admin_template_path(current)
assert_equal _('Your template has been published and is now available to users.'), flash[:notice]
assert_response :redirect
assert_redirected_to "#{org_admin_templates_path}#organisation-templates"
current = Template.current(family)
# Update the description so that the template gets versioned
get edit_org_admin_template_path(current) # Click on 'edit'
new_version = Template.current(family) # Edit working copy
put org_admin_template_path(new_version), {template: {description: "this is an update"}}
# Make sure it versioned properly
new_version = Template.current(family)
assert_not_equal current.id = new_version.id, "expected it to create a new version"
assert_equal (current.version + 1), new_version.version, "expected the version to have incremented"
assert current.published?, "expected the old version to be published"
assert_not new_version.published?, "expected the new version to NOT be published"
assert_not current.dirty?, "expected the old dirty flag to be false"
assert new_version.dirty?, "expected the new dirty flag to be true"
assert_equal current.dmptemplate_id, new_version.dmptemplate_id, "expected the old and new versions to share the same dmptemplate_id"
end
test "unauthorized user cannot unpublish a template" do
# Should redirect user to the root path if they are not logged in!
get unpublish_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get unpublish_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "unpublish a template" do
sign_in @user
family = @template.dmptemplate_id
prior = Template.current(family)
version_the_template
current = Template.current(family)
# Publish it so we can unpublish
get publish_org_admin_template_path(current)
assert_not Template.live(family).nil?
get unpublish_org_admin_template_path(current)
assert_equal _('Your template is no longer published. Users will not be able to create new DMPs for this template until you re-publish it'), flash[:notice]
assert_response :redirect
assert_redirected_to "#{org_admin_templates_path}#organisation-templates"
# Make sure there are no published versions
assert Template.live(family).nil?
end
test "unauthorized user cannot copy a template" do
# Should redirect user to the root path if they are not logged in!
get copy_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get copy_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "copy a template" do
sign_in @user
get copy_org_admin_template_path(@template)
assert_response :redirect
assert_redirected_to "#{edit_org_admin_template_url(Template.last)}?edit=true"
end
test "unauthorized user cannot transfer a template customization" do
# Should redirect user to the root path if they are not logged in!
get transfer_customization_org_admin_template_path(@template)
assert_unauthorized_redirect_to_root_path
# Non Org-Admin cannot perform this action
sign_in @regular_user
get transfer_customization_org_admin_template_path(@template)
assert_authorized_redirect_to_plans_page
end
test "transfer a template customization" do
# TODO add test for this. Could not get working, getting a nil for max_version within the method (NOT SURE IF THIS IS STILL IN USE!)
end
private
def init_templates
# First clear out any existing templates
Template.all.each do |template|
template.destroy!
end
@super_admin = User.find_by(email: 'super_admin@example.com')
@org_admin = User.find_by(email: 'org_admin@example.com')
@funder_admin = User.find_by(email: 'funder_admin@example.com')
default_org = Org.find_by(org_type: 4)
funder_org = Org.find_by(org_type: 2)
institution_org = Org.find_by(org_type: 1)
other_org = Org.create!(name: 'Another Org', abbreviation: 'BLAH', org_type: 3, links: {"org":[]})
params = [{ title: 'Default template', org: default_org, migrated: false, dmptemplate_id: '00000100', published: true, version: 0, visibility: Template.visibilities[:publicly_visible], is_default: true },
{ title: 'UOS published A', org: institution_org, migrated: false, dmptemplate_id: '00000099', published: true, version: 0, visibility: Template.visibilities[:organisationally_visible], is_default: false },
{ title: 'UOS published B', org: institution_org, migrated: false, dmptemplate_id: '00000098', published: true, version: 0, visibility: Template.visibilities[:organisationally_visible], is_default: false },
{ title: 'UOS unpublished C', org: institution_org, migrated: false, dmptemplate_id: '00000097', published: false, version: 0, visibility: Template.visibilities[:organisationally_visible], is_default: false },
{ title: 'UOS unpublished Dv0', org: institution_org, migrated: false, dmptemplate_id: '00000096', published: false, version: 0, visibility: Template.visibilities[:organisationally_visible], is_default: false },
{ title: 'UOS published Dv1', org: institution_org, migrated: false, dmptemplate_id: '00000096', published: true, version: 1, visibility: Template.visibilities[:organisationally_visible], is_default: false },
{ title: 'UOS published Ev0', org: institution_org, migrated: false, dmptemplate_id: '00000095', published: true, version: 0, visibility: Template.visibilities[:organisationally_visible], is_default: false },
{ title: 'UOS unpublished Ev1', org: institution_org, migrated: false, dmptemplate_id: '00000095', published: false, version: 1, visibility: Template.visibilities[:organisationally_visible], is_default: false },
{ title: 'BLAH internal published A', org: other_org, migrated: false, dmptemplate_id: '00000079', published: true, version: 0, visibility: Template.visibilities[:organisationally_visible], is_default: false },
{ title: 'BLAH public published B', org: other_org, migrated: false, dmptemplate_id: '00000078', published: true, version: 0, visibility: Template.visibilities[:publicly_visible], is_default: false },
{ title: 'Funder public published A', org: funder_org, migrated: false, dmptemplate_id: '00000089', published: true, version: 0, visibility: Template.visibilities[:publicly_visible], is_default: false },
{ title: 'Funder internal published B', org: funder_org, migrated: false, dmptemplate_id: '00000088', published: true, version: 0, visibility: Template.visibilities[:organisationally_visible], is_default: false },
{ title: 'Funder internal unpublished B', org: funder_org, migrated: false, dmptemplate_id: '00000088', published: false, version: 1, visibility: Template.visibilities[:organisationally_visible], is_default: false },
{ title: 'Funder public unpublished C', org: funder_org, migrated: false, dmptemplate_id: '00000087', published: false, version: 0, visibility: Template.visibilities[:publicly_visible], is_default: false },
{ title: 'Funder public unpublished Dv0', org: funder_org, migrated: false, dmptemplate_id: '00000086', published: false, version: 0, visibility: Template.visibilities[:publicly_visible], is_default: false },
{ title: 'Funder public published Dv1', org: funder_org, migrated: false, dmptemplate_id: '00000086', published: true, version: 1, visibility: Template.visibilities[:publicly_visible], is_default: false },
{ title: 'Funder public published Ev0', org: funder_org, migrated: false, dmptemplate_id: '00000085', published: true, version: 0, visibility: Template.visibilities[:publicly_visible], is_default: false },
{ title: 'Funder public unpublished Ev1', org: funder_org, migrated: false, dmptemplate_id: '00000085', published: false, version: 1, visibility: Template.visibilities[:publicly_visible], is_default: false }]
params.each do |hash|
begin
template = Template.new(hash)
template.save!
# Template's have default values when created, so override those defaults
template.update_attributes!(published: hash[:published], visibility: hash[:visibility], is_default: hash[:is_default], dmptemplate_id: hash[:dmptemplate_id])
if template.is_default?
cust = Template.create!({ title: 'UOS customization of Default template', org: institution_org, migrated: false, version: 0})
cust.update_attributes(published: true, customization_of: template.dmptemplate_id, visibility: Template.visibilities[:organisationally_visible])
elsif template.title == 'Funder public published A'
cust = Template.create!({ title: 'UOS customization of Funder public published A', org: institution_org, migrated: false, version: 0})
cust.update_attributes(published: false, customization_of: template.dmptemplate_id, visibility: Template.visibilities[:organisationally_visible])
end
rescue ActiveRecord::RecordInvalid
puts "EXCEPTION: #{template.errors.collect{ |e, m| "#{e}: #{m}" }.join(', ')}"
end
end
end
def verify_all_templates_table(user)
if user.can_super_admin?
assert_select "#all-templates table tbody", true, "expected a super admin to be able to see the all templates table"
else
assert_select "#all-templates table tbody", false, "expected a non-super admin to NOT see the all templates table"
end
end
def verify_own_templates_table(user)
assert_select "#organisation-templates table tbody" do |el|
templates = Template.where(org: user.org, customization_of: nil)
# Org Admins (funder or non-funder)
if user.can_org_admin?
# An Org Admin (for a non-funder Org) should only see their current templates in the own templates table
templates.each do |template|
# Expect to see the most current version of organisational templates
current = Template.current(template.dmptemplate_id)
if template == current
assert el.to_s.include?(template.title), "expected #{user.email}'s own templates table to have the institutional template: '#{template.title}'"
else
assert_not el.to_s.include?(template.title), "expected #{user.email}'s own templates table to NOT have an older version of an the org's template: '#{template.title}'"
end
end
# Expect to see no templates for other orgs in the own templates table
Template.where.not(id: templates.collect(&:id)).each do |template|
assert_not el.to_s.include?(template.title), " expected #{user.email}'s own templates table to NOT have: '#{template.title}'"
end
# Expect the funder templates table to contain NO 'Edit/Publish menus
assert_not el.to_s.include?('Customise'), "expected #{user.email}'s own templates table to NOT contain any of the Customization menu items in the funder templates table"
end
end
end
def verify_funder_templates_table(user)
assert_select "#funder-templates table tbody" do |el|
# An Org Admin should see all of the funder/default templates (except ones that belong to their org)
templates = Template.where("(org_id IN (?) OR is_default = ?) AND org_id != ?", Org.where(org_type: [2,3]).collect(&:id), true, user.org.id)
if user.can_org_admin?
templates.each do |template|
# Expect to only see published public templates
if template.publicly_visible? && template.published?
assert el.to_s.include?(template.title), "expected #{user.email}'s customizable table to have the funder (or default) template: '#{template.title}'"
else
assert_not el.to_s.include?(template.title), "expected #{user.email}'s customizable table to NOT have the unpublished/non-public funder template: '#{template.title}' (from org: #{template.org.abbreviation})"
end
end
# Expect to see only the current org's customizations
Template.where.not(id: templates.collect(&:id)).each do |template|
if template.customization_of.nil?
assert_not el.to_s.include?(template.title), "expected #{user.email}'s customizable table to NOT have the template from a non-funder org: '#{template.title}'"
else
if template.org == user.org
assert el.to_s.include?(template.title), "expected #{user.email}'s customizable table to have their own customization: '#{template.title}'"
else
assert_not el.to_s.include?(template.title), "expected #{user.email}'s customizable table to NOT have a customization from another organisation: '#{template.title}'"
end
end
end
end
end
end
def verify_templates_table_scoping(path, selector, published, unpublished)
get "#{path}?scope=published"
assert_select "table tbody" do |el|
published.each do |template|
assert el.to_s.include?(template.title), "expected to see '#{template.title}' in #{selector} after clicking the 'published' predefined scope"
end
unpublished.each do |template|
assert_not el.to_s.include?(template.title), "expected to NOT see '#{template.title}' in #{selector} after clicking the 'published' predefined scope"
end
end
get "#{path}?scope=unpublished"
assert_select "table tbody" do |el|
published.each do |template|
assert_not el.to_s.include?(template.title), "expected to NOT see '#{template.title}' in #{selector} after clicking the 'unpublished' predefined scope"
end
unpublished.each do |template|
assert el.to_s.include?(template.title), "expected to see '#{template.title}' #{selector} after clicking the 'unpublished' predefined scope"
end
end
get "#{path}?scope=all"
assert_select "table tbody" do |el|
published.each do |template|
assert el.to_s.include?(template.title), "expected to see '#{template.title}' in #{selector} after clicking the 'all' predefined scope"
end
unpublished.each do |template|
assert el.to_s.include?(template.title), "expected to see '#{template.title}' in #{selector} after clicking the 'all' predefined scope"
end
end
end
end
bhavi