diff --git a/app/controllers/roles_controller.rb b/app/controllers/roles_controller.rb index 8b2b71c..465048e 100644 --- a/app/controllers/roles_controller.rb +++ b/app/controllers/roles_controller.rb @@ -2,60 +2,63 @@ respond_to :html after_action :verify_authorized - def create - @role = Role.new(params[:role]) + def create + @role = Role.new(role_params) authorize @role - @role.access_level = params[:role][:access_level].to_i - if params[:role][:email].present? - message = _('User added to project') - if @role.save - if @role.user.nil? then - if User.find_by_email(params[:role][:email]).nil? then - User.invite!(email: params[:role][:email]) - message = _('Invitation issued successfully.') - @role.user = User.find_by_email(params[:role][:email]) - @role.save - else - @role.user = User.find_by_email(params[:role][:email]) - @role.save - UserMailer.sharing_notification(@role).deliver - end - else - UserMailer.sharing_notification(@role).deliver - end - flash[:notice] = message - redirect_to controller: 'plans', action: 'share', id: @role.plan.slug - else - render action: "new" - end - else - flash[:notice] = _('Please enter an email address') - redirect_to controller: 'plans', action: 'share', id: @role.plan.slug - end - end + + @role.access_level = role_params[:access_level].to_i + if role_params[:email].present? + message = _('User added to project') + if @role.save + if @role.user.nil? then + if User.find_by_email(role_params[:email]).nil? then + User.invite!(email: role_params[:email]) + message = _('Invitation issued successfully.') + @role.user = User.find_by_email(role_params[:email]) + @role.save + else + @role.user = User.find_by_email(role_params[:email]) + @role.save + UserMailer.sharing_notification(@role).deliver + end + else + UserMailer.sharing_notification(@role).deliver + end + redirect_to share_plan_path(@role.plan), notice: message + else + redirect_to share_plan_path(@role.plan), notice: generate_error_notice(@role) + end + else + redirect_to share_plan_path(@role.plan), _('Please enter an email address') + end + end - def update - @role = Role.find(params[:id]) + def update + @role = Role.find(params[:id]) authorize @role - @role.access_level = params[:role][:access_level].to_i - if @role.update_attributes(params[:role]) - flash[:notice] = _('Sharing details successfully updated.') - UserMailer.permissions_change_notification(@role).deliver - redirect_to controller: 'plans', action: 'share', id: @role.plan.slug - else - render action: "edit" - end - end + @role.access_level = role_params[:access_level].to_i + if @role.update_attributes(role_params) + UserMailer.permissions_change_notification(@role).deliver + redirect_to share_plan_path(@role.plan), notice: _('Sharing details successfully updated.') + else + redirect_to share_plan_path(@role.plan), notice: generate_error_notice(@role) + end + end - def destroy - @role = Role.find(params[:id]) + def destroy + @role = Role.find(params[:id]) authorize @role - user = @role.user - plan = @role.plan - @role.destroy + user = @role.user + plan = @role.plan + @role.destroy - flash[:notice] = _('Access removed') - UserMailer.project_access_removed_notification(user, plan).deliver - redirect_to controller: 'plans', action: 'share', id: @role.plan.slug - end + UserMailer.project_access_removed_notification(user, plan).deliver + redirect_to controller: 'plans', action: 'share', id: @role.plan.slug + redirect_to share_plan_path(@role.plan), notice: _('Access removed') + end + + private + def role_params + params.require(:role).permit(:plan_id, :access_level, user: [:email]) + end end \ No newline at end of file diff --git a/app/policies/role_policy.rb b/app/policies/role_policy.rb index 7aebf02..cf2b691 100644 --- a/app/policies/role_policy.rb +++ b/app/policies/role_policy.rb @@ -9,14 +9,14 @@ end def create? - @role.plan.administerable_by(@user.id) + @role.plan.administerable_by?(@user.id) end def update? - @role.plan.administerable_by(@user.id) + @role.plan.administerable_by?(@user.id) end def destroy? - @role.plan.administerable_by(@user.id) + @role.plan.administerable_by?(@user.id) end end \ No newline at end of file diff --git a/app/views/orgs/admin_edit.html.erb b/app/views/orgs/admin_edit.html.erb index 9bf8d6c..58ac1fd 100644 --- a/app/views/orgs/admin_edit.html.erb +++ b/app/views/orgs/admin_edit.html.erb @@ -63,7 +63,7 @@ <%= _('Organisation type') %> - <%= @org.org_type %> + <%= @org.type %> diff --git a/test/functional/roles_controller_test.rb b/test/functional/roles_controller_test.rb new file mode 100644 index 0000000..79a0d94 --- /dev/null +++ b/test/functional/roles_controller_test.rb @@ -0,0 +1,106 @@ +require 'test_helper' + +class RolesControllerTest < ActionDispatch::IntegrationTest + + include Devise::Test::IntegrationHelpers + + setup do + scaffold_plan + scaffold_org_admin(@plan.template.org) + + @invitee = User.last + end + +# TODO: Cleanup routes for this one. The controller currently only responds to create, update, destroy + +# CURRENT RESULTS OF `rake routes` +# -------------------------------------------------- +# roles POST /roles roles#create +# role PATCH /roles/:id roles#update +# PUT /roles/:id roles#update +# DELETE /roles/:id roles#destroy + +# POST /roles (roles_path) + # ---------------------------------------------------------- + test "create a new role" do + params = {email: @invitee.email, plan_id: @plan.id, access_level: 1} + + # Should redirect user to the root path if they are not logged in! + post roles_path, {role: params} + assert_unauthorized_redirect_to_root_path + +puts @plan.owner.inspect + + sign_in @plan.owner + + post roles_path, {role: params} + assert_equal _('User added to project'), flash[:notice] + assert_response :redirect + assert_redirected_to share_plan_path(@plan) + assert_equal @invitee.id, Role.last.user_id, "expected the record to have been created!" + assert assigns(:role) + + # Missing email + post roles_path, {role: {plan_id: @plan.id, access_level: 2}} + assert_equal _('Please enter an email address'), flash[:notice] + assert_response :redirect + assert_redirected_to share_plan_path(@plan) + assert assigns(:role) + + # Invalid object + post roles_path, {role: {email: @invitee.email, access_level: 2}} + assert flash[:notice].starts_with?(_('Unable to save your changes.')) + assert_response :redirect + assert_redirected_to share_plan_path(@plan) + assert assigns(:role) + end + + # PUT /role/:id (role_path) + # ---------------------------------------------------------- + test "update the role" do + role = Role.create(user: @invitee, plan: @plan, access_level: 1) + params = {access_level: 2} + + # Should redirect user to the root path if they are not logged in! + put role_path(role), {role: params} + assert_unauthorized_redirect_to_root_path + + sign_in @user + + # Valid save + put role_path(role), {role: params} + assert_equal _('Sharing details successfully updated.'), flash[:notice] + assert_response :redirect + assert_redirected_to share_plan_path(@plan) + assert assigns(:role) + assert_equal 'Phase - UPDATE', @phase.sections.first.title, "expected the record to have been updated" + + # Invalid save + put role_path(role), {role: {access_level: nil}} + assert flash[:notice].starts_with?(_('Unable to save your changes.')) + assert_response :redirect + assert_redirected_to share_plan_path(@plan) + assert assigns(:role) + end + + # DELETE /role/:id (role_path) + # ---------------------------------------------------------- + test "delete the section" do + role = Role.create(user: @invitee, plan: @plan, access_level: 1) + + # Should redirect user to the root path if they are not logged in! + delete role_path(role) + assert_unauthorized_redirect_to_root_path + + sign_in @user + + delete role_path(role) + assert_equal _('Access removed'), flash[:notice] + assert_response :redirect + assert_redirected_to share_plan_path(@plan) + assert_raise ActiveRecord::RecordNotFound do + Role.find(role.id).nil? + end + end + +end \ No newline at end of file