diff --git a/app/controllers/super_admin/orgs_controller.rb b/app/controllers/super_admin/orgs_controller.rb index 72d338b..a208f67 100644 --- a/app/controllers/super_admin/orgs_controller.rb +++ b/app/controllers/super_admin/orgs_controller.rb @@ -21,6 +21,8 @@ org.logo = params[:logo] if params[:logo] if params[:org_links].present? org.links = JSON.parse(params[:org_links]) + else + org.links = { org: [] } end begin diff --git a/app/controllers/super_admin/users_controller.rb b/app/controllers/super_admin/users_controller.rb new file mode 100644 index 0000000..051ce42 --- /dev/null +++ b/app/controllers/super_admin/users_controller.rb @@ -0,0 +1,47 @@ +module SuperAdmin + class UsersController < ApplicationController + + after_action :verify_authorized + + def edit + user = User.find(params[:id]) + if user.present? + authorize user + languages = Language.sorted_by_abbreviation + orgs = Org.where(parent_id: nil).order("name") + identifier_schemes = IdentifierScheme.where(active: true).order(:name) + + render 'super_admin/users/edit', + locals: { user: user, + languages: languages, + orgs: orgs, + identifier_schemes: identifier_schemes, + default_org: user.org } + else + redirect_to admin_index_users_path, alert: _('User not found.') + end + end + + def update + user = User.find(params[:id]) + if user.present? + authorize user + topic = _('%{username}\'s profile') % { username: user.name(false) } + if user.update_attributes(user_params) + redirect_to edit_super_admin_user_path(user), + notice: _('Successfully updated %{username}') % { username: topic } + else + redirect_to edit_super_admin_user_path(user), + alert: _('Unable to update %{username}') % { username: topic } + end + else + redirect_to edit_super_admin_user_path(user), alert: _('User not found.') + end + end + + private + def user_params + params.require(:super_admin_user).permit(:email, :firstname, :surname, :org_id, :language_id) + end + end +end \ No newline at end of file diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 4737072..5da6539 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -52,6 +52,7 @@ authorize @user perms_ids = params[:perm_ids].blank? ? [] : params[:perm_ids].map(&:to_i) perms = Perm.where( id: perms_ids) + privileges_changed = false current_user.perms.each do |perm| if @user.perms.include? perm if ! perms.include? perm @@ -59,20 +60,24 @@ if perm.id == Perm.use_api.id @user.remove_token! end + privileges_changed = true end else if perms.include? perm @user.perms << perm if perm.id == Perm.use_api.id @user.keep_or_generate_token! + privileges_changed = true end end end end if @user.save! - deliver_if(recipients: @user, key: 'users.admin_privileges') do |r| - UserMailer.admin_privileges(r).deliver_now + if privileges_changed + deliver_if(recipients: @user, key: 'users.admin_privileges') do |r| + UserMailer.admin_privileges(r).deliver_now + end end render(json: { code: 1, @@ -123,6 +128,29 @@ end end + # PUT /users/:id/activate + # ----------------------------------------------------- + def activate + authorize current_user + + user = User.find(params[:id]) + if user.present? + begin + user.active = !user.active + user.save! + render json: { + code: 1, + msg: _('Successfully %{action} %{username}\'s account.') % { action: user.active ? _('activated') : _('deactivated'), username: user.name(false) } + } + rescue Exception + render json: { + code: 0, + msg: _('Unable to %{action} %{username}') % { action: user.active ? _('activate') : _('deactivate'), username: user.name(false) } + } + end + end + end + private def org_swap_params params.require(:user).permit(:org_id, :org_name) diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index b54bf09..6fa76b0 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -23,9 +23,11 @@ def permissions_change_notification(role, user) @role = role @user = user - FastGettext.with_locale FastGettext.default_locale do - mail(to: @role.user.email, - subject: _('Changed permissions on a Data Management Plan in %{tool_name}') %{ :tool_name => Rails.configuration.branding[:application][:name] }) + if user.active? + FastGettext.with_locale FastGettext.default_locale do + mail(to: @role.user.email, + subject: _('Changed permissions on a Data Management Plan in %{tool_name}') %{ :tool_name => Rails.configuration.branding[:application][:name] }) + end end end @@ -33,24 +35,18 @@ @user = user @plan = plan @current_user = current_user - FastGettext.with_locale FastGettext.default_locale do - mail(to: @user.email, - subject: "#{_('Permissions removed on a DMP in %{tool_name}') %{ :tool_name => Rails.configuration.branding[:application][:name] }}") - end - end - - def api_token_granted_notification(user) - @user = user + if user.active? FastGettext.with_locale FastGettext.default_locale do mail(to: @user.email, - subject: _('API rights in %{tool_name}') %{ :tool_name => Rails.configuration.branding[:application][:name] }) + subject: "#{_('Permissions removed on a DMP in %{tool_name}') %{ :tool_name => Rails.configuration.branding[:application][:name] }}") end + end end def feedback_notification(recipient, plan, requestor) @user = requestor - if @user.org.present? + if @user.org.present? && recipient.active? @org = @user.org @plan = plan @recipient = recipient @@ -67,16 +63,18 @@ @user = recipient @plan = plan - FastGettext.with_locale FastGettext.default_locale do - mail(to: recipient.email, - subject: _("%{application_name}: Expert feedback has been provided for %{plan_title}") % {application_name: Rails.configuration.branding[:application][:name], plan_title: @plan.title}) + if recipient.active? + FastGettext.with_locale FastGettext.default_locale do + mail(to: recipient.email, + subject: _("%{application_name}: Expert feedback has been provided for %{plan_title}") % {application_name: Rails.configuration.branding[:application][:name], plan_title: @plan.title}) + end end end def feedback_confirmation(recipient, plan, requestor) user = requestor - if user.org.present? + if user.org.present? && recipient.active? org = user.org plan = plan @@ -96,9 +94,11 @@ def plan_visibility(user, plan) @user = user @plan = plan - FastGettext.with_locale FastGettext.default_locale do - mail(to: @user.email, - subject: _('DMP Visibility Changed: %{plan_title}') %{ :plan_title => @plan.title }) + if user.active? + FastGettext.with_locale FastGettext.default_locale do + mail(to: @user.email, + subject: _('DMP Visibility Changed: %{plan_title}') %{ :plan_title => @plan.title }) + end end end @@ -106,7 +106,8 @@ # @param plan - Plan for which the comment is associated to def new_comment(commenter, plan) if commenter.is_a?(User) && plan.is_a?(Plan) - if plan.owner.present? + owner = plan.owner + if owner.present? && owner.active? @commenter = commenter @plan = plan FastGettext.with_locale FastGettext.default_locale do @@ -119,9 +120,11 @@ def admin_privileges(user) @user = user - FastGettext.with_locale FastGettext.default_locale do - mail(to: user.email, subject: - _('Administrator privileges granted in %{tool_name}') %{ :tool_name => Rails.configuration.branding[:application][:name] }) + if user.active? + FastGettext.with_locale FastGettext.default_locale do + mail(to: user.email, subject: + _('Administrator privileges granted in %{tool_name}') %{ :tool_name => Rails.configuration.branding[:application][:name] }) + end end end end diff --git a/app/models/user.rb b/app/models/user.rb index 4fca8fc..0bee5c5 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -50,8 +50,8 @@ # Retrieves all of the org_admins for the specified org scope :org_admins, -> (org_id) { - joins(:perms).where("users.org_id = ? AND perms.name IN (?)", org_id, - ['grant_permissions', 'modify_templates', 'modify_guidance', 'change_org_details']) + joins(:perms).where("users.org_id = ? AND perms.name IN (?) AND users.active = ?", org_id, + ['grant_permissions', 'modify_templates', 'modify_guidance', 'change_org_details'], true) } scope :search, -> (term) { @@ -67,6 +67,12 @@ after_update :when_org_changes + ## + # This method uses Devise's built-in handling for inactive users + def active_for_authentication? + super && self.active? + end + # EVALUATE CLASS AND INSTANCE METHODS BELOW # # What do they do? do they do it efficiently, and do we need them? diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb index 070e52f..f9f6f47 100644 --- a/app/policies/user_policy.rb +++ b/app/policies/user_policy.rb @@ -28,6 +28,18 @@ user.can_super_admin? end + def activate? + user.can_super_admin? + end + + def edit? + user.can_super_admin? + end + + def update? + user.can_super_admin? + end + class Scope < Scope def resolve scope.where(org_id: user.org_id) diff --git a/app/views/paginable/users/_index.html.erb b/app/views/paginable/users/_index.html.erb index 377b95f..af5a861 100644 --- a/app/views/paginable/users/_index.html.erb +++ b/app/views/paginable/users/_index.html.erb @@ -1,3 +1,4 @@ +<% is_super_admin = current_user.can_super_admin? %>
@@ -6,10 +7,13 @@ <%= _('Name') %> <%= paginable_sort_link('firstname') %> <%= _('Email') %> <%= paginable_sort_link('email') %> - <%= _('Last activity') %> <%= paginable_sort_link('last_sign_in_at') %> + <%= _('Organisation') %> <%= paginable_sort_link('orgs.name') %> + <%= _('Created date') %> <%= paginable_sort_link('created_at') %> + <%= _('Last activity') %> <%= paginable_sort_link('last_sign_in_at') %> <%= _('Plans') %> <%= _('Current Privileges') %> - <%= _('Edit Privileges') %> + <%= _('Active') %> + <%= _('Privileges') %> @@ -18,11 +22,17 @@ <% if !user.name.nil? %> - <%= user.name(false) %> + <%= is_super_admin ? link_to(user.name(false), edit_super_admin_user_path(user)) : user.name(false) %> + <% else %> + <%= is_super_admin ? link_to(_('Edit Profile'), edit_user_registration_path(user)) : '' %> <% end %> - - <%= user.email %> + <%= user.email %> + <%= user.org.name if user.org.present? %> + + <% if !user.created_at.nil? %> + <%= l user.created_at.to_date, :formats => :short %> + <% end %> <% if !user.last_sign_in_at.nil? %> @@ -38,12 +48,20 @@ <%= render partial: 'users/current_privileges', locals: { user: user } %> + + <% if is_super_admin %> + <%= form_for user, url: activate_user_path(user), html: { method: :put, remote: true, class: 'activate-user' } do |f| %> + <%= check_box_tag(:active, "1", user.active) %> + <%= f.submit(_('Update'), style: 'display: none;') %> + <% end %> + <% else %> + <%= user.active? ? _('Yes') : _('No') %> + <% end %> + <%# Do not allow a user to change their own permissions or a super admin's permissions if they are not a super admin %> - <% unless current_user == user || - !current_user.can_super_admin? && user.can_super_admin? %> - <% b_label = _('Edit') %> - <%= link_to( b_label, admin_grant_permissions_user_path(user)) %> + <% unless current_user == user || !is_super_admin && user.can_super_admin? %> + <%= link_to( _('Edit'), admin_grant_permissions_user_path(user)) %> <% end %> diff --git a/app/views/shared/_my_org.html.erb b/app/views/shared/_my_org.html.erb index 11a7051..076501a 100644 --- a/app/views/shared/_my_org.html.erb +++ b/app/views/shared/_my_org.html.erb @@ -1,7 +1,7 @@ <%= f.label :org_name, _('Organisation'), class: 'control-label' %> <%= render partial: "shared/accessible_combobox", - locals: {name: "user[org_name]", - id: "user_org_name", + locals: {name: "#{f.object_name}[org_name]", + id: "#{f.object_name}_org_name", default_selection: default_org, models: orgs, attribute: 'name'} %> diff --git a/app/views/super_admin/users/edit.html.erb b/app/views/super_admin/users/edit.html.erb new file mode 100644 index 0000000..afd88bb --- /dev/null +++ b/app/views/super_admin/users/edit.html.erb @@ -0,0 +1,47 @@ +
+
+

+ <%= _('Editing profile for %{username}') % { username: user.name(false) } %> + <%= link_to(_('View all users'), admin_index_users_path, class: 'btn btn-default pull-right', role: 'button') %> +

+
+
+ +
+
+ <%= form_for(user, as: :super_admin_user, url: super_admin_user_path(user), html: {method: :put, id: 'super_admin_user_edit' }) do |f| %> +
+ <%= f.label(:email, _('Email'), class: 'control-label') %> + <%= f.email_field(:email, class: "form-control", "aria-required": true, value: user.email) %> +
+ +
+ <%= f.label(:firstname, _('First name'), class: 'control-label') %> + <%= f.text_field(:firstname, class: "form-control", "aria-required": true, value: user.firstname) %> +
+ +
+ <%= f.label(:surname, _('Last name'), class: 'control-label') %> + <%= f.text_field(:surname, class: "form-control", "aria-required": true, value: user.surname) %> +
+ +
+ <%= render partial: "shared/my_org", locals: {f: f, default_org: default_org, orgs: orgs, allow_other_orgs: true} %> +
+ + <% if MANY_LANGUAGES %> +
+ <% lang_id = user.language.nil? ? Language.id_for(FastGettext.default_locale) : user.language.id %> + <%= f.label(:language_id, _('Language'), class: 'control-label') %> + <%= select_tag(:super_admin_user_language_id, + options_from_collection_for_select(languages, "id", "name", lang_id), + class: "form-control", name: 'super_admin_user[language_id]') %> +
+ <% end %> + +
+ <%= f.button(_('Save'), class: 'btn btn-default', type: "submit", id: "personal_details_registration_form_submit") %> +
+ <% end %> +
+
diff --git a/app/views/users/_admin_grant_permissions.html.erb b/app/views/users/_admin_grant_permissions.html.erb index 9d3c407..15ae0a4 100644 --- a/app/views/users/_admin_grant_permissions.html.erb +++ b/app/views/users/_admin_grant_permissions.html.erb @@ -6,12 +6,11 @@ data-dismiss="modal" aria-label="Close"> -

<%= _('Edit user privileges') %>

+

<%= _('Editing privileges for %{username}') % { username: user.name(false) } %>

- <%= form_tag( admin_update_permissions_user_path(user), method: :put, remote: true, class: 'admin_update_permissions' ) do %> + <%= form_for user, url: admin_update_permissions_user_path(user), html: { method: :put, remote: true, class: 'admin_update_permissions' } do |f| %>
-

<%= user.name(false) %><%= _(' current user privileges are: ') %>

    <%= label_tag :organisational_admin_privileges %> diff --git a/config/locales/devise/devise.de.yml b/config/locales/devise/devise.de.yml index 72df6c7..d968088 100644 --- a/config/locales/devise/devise.de.yml +++ b/config/locales/devise/devise.de.yml @@ -10,7 +10,7 @@ send_paranoid_instructions: "Falls Ihre E-Mail-Adresse in unserer Datenbank existiert, erhalten Sie in wenigen Minuten eine E-Mail mit einer Anleitung zur Bestätigung Ihres Zugangs." failure: already_authenticated: "Sie sind bereits angemeldet." - inactive: "Ihr Zugang ist noch nicht aktiviert worden." + inactive: "Ihr Konto ist nicht mehr aktiv. Bitte kontaktieren Sie uns, um Ihr Konto zu reaktivieren." invalid: "E-Mail-Adresse oder Passwort ungültig." invalid_token: "Ungültiges Authentifizierungs-Token." locked: "Ihr Zugang ist gesperrt." diff --git a/config/locales/devise/devise.en_GB.yml b/config/locales/devise/devise.en_GB.yml index 3961e3b..f6e8719 100644 --- a/config/locales/devise/devise.en_GB.yml +++ b/config/locales/devise/devise.en_GB.yml @@ -8,7 +8,7 @@ send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." failure: already_authenticated: "You are already signed in." - inactive: "Your account was not activated yet." + inactive: "Your account is no longer active. Please contact us to reactivate your account." invalid: "Invalid email or password." invalid_token: "Invalid authentication token." invited: "You have a pending invitation, accept it to finish creating your account." diff --git a/config/locales/devise/devise.en_US.yml b/config/locales/devise/devise.en_US.yml index 826ae0f..db03c5d 100644 --- a/config/locales/devise/devise.en_US.yml +++ b/config/locales/devise/devise.en_US.yml @@ -8,7 +8,7 @@ send_paranoid_instructions: "If your email address exists in our database, you will receive an email with instructions about how to confirm your account in a few minutes." failure: already_authenticated: "You are already signed in." - inactive: "Your account was not activated yet." + inactive: "Your account is no longer active. Please contact us to reactivate your account." invalid: "Invalid email or password." invalid_token: "Invalid authentication token." invited: "You have a pending invitation, accept it to finish creating your account." diff --git a/config/locales/devise/devise.es.yml b/config/locales/devise/devise.es.yml index c664f5a..d1ac440 100644 --- a/config/locales/devise/devise.es.yml +++ b/config/locales/devise/devise.es.yml @@ -8,7 +8,7 @@ send_paranoid_instructions: "Si su correo electrónico existe en nuestra base de datos recibirás un correo electrónico en unos minutos con instrucciones sobre cómo reiniciar su contraseña." failure: already_authenticated: "Ya ha sido identificado." - inactive: "su cuenta aún no ha sido activada." + inactive: "Su cuenta ya no está activa. Por favor contáctenos para reactivar su cuenta." invalid: "Correo o contraseña inválidos." invalid_token: "Cadena de autenticación invalida." locked: "Su cuenta ha sido bloqueada." diff --git a/config/locales/devise/devise.fr.yml b/config/locales/devise/devise.fr.yml index 59c4f02..e968038 100644 --- a/config/locales/devise/devise.fr.yml +++ b/config/locales/devise/devise.fr.yml @@ -9,7 +9,7 @@ send_paranoid_instructions: "Si votre adresse électronique existe dans notre base de données, vous recevrez dans quelques minutes un courriel contenant les directives pour valider votre compte." failure: already_authenticated: "Vous êtes déjà connecté(e)." - inactive: "Votre compte n'est pas encore activé." + inactive: "Votre compte n'est plus actif. Merci de nous contacter pour réactiver votre compte." invalid: "Courriel ou mot de passe incorrect." invalid_token: "Jeton d'authentification incorrect." locked: "Votre compte est verrouillé." diff --git a/config/routes.rb b/config/routes.rb index 4de6205..5e2376b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -71,6 +71,7 @@ member do get 'admin_grant_permissions' put 'admin_update_permissions' + put 'activate' end end @@ -313,5 +314,6 @@ namespace :super_admin do resources :orgs, only: [:index, :new, :create, :edit, :update, :destroy] resources :themes, only: [:index, :new, :create, :edit, :update, :destroy] + resources :users, only: [:edit, :update] end end diff --git a/db/migrate/20180315161757_add_active_to_users.rb b/db/migrate/20180315161757_add_active_to_users.rb new file mode 100644 index 0000000..8a5fd16 --- /dev/null +++ b/db/migrate/20180315161757_add_active_to_users.rb @@ -0,0 +1,8 @@ +class AddActiveToUsers < ActiveRecord::Migration + def up + add_column :users, :active, :boolean, default: true + end + def down + remove_column :users, :active + end +end diff --git a/db/schema.rb b/db/schema.rb index b38c962..ca41822 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20180313120831) do +ActiveRecord::Schema.define(version: 20180315161757) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -413,6 +413,7 @@ t.string "invited_by_type" t.integer "language_id" t.string "recovery_email" + t.boolean "active", default: true end add_index "users", ["email"], name: "index_users_on_email", unique: true diff --git a/lib/assets/javascripts/application.js b/lib/assets/javascripts/application.js index f0c99af..8f6ef35 100644 --- a/lib/assets/javascripts/application.js +++ b/lib/assets/javascripts/application.js @@ -45,6 +45,7 @@ import './views/shared/my_org'; import './views/shared/sign_in_form'; import './views/super_admin/themes/new_edit'; +import './views/super_admin/users/edit'; import './views/usage/index'; import './views/users/notification_preferences'; import './views/users/admin_grant_permissions'; diff --git a/lib/assets/javascripts/utils/autoComplete.js b/lib/assets/javascripts/utils/autoComplete.js index ff0628f..1e735ec 100644 --- a/lib/assets/javascripts/utils/autoComplete.js +++ b/lib/assets/javascripts/utils/autoComplete.js @@ -11,7 +11,6 @@ const updateIdField = (el) => { const crosswalk = $(`#${$(el).attr('id')}_crosswalk`); const idField = $(el).attr('id').replace(/_name/, '_id'); - if (isObject(crosswalk) && isObject($(idField))) { const json = JSON.parse(`${$(crosswalk).val().replace(/\\"/g, '"').replace(/\\'/g, '\'')}`); const selection = (json[$(el).val()] === undefined ? '' : json[$(el).val()]); diff --git a/lib/assets/javascripts/views/super_admin/users/edit.js b/lib/assets/javascripts/views/super_admin/users/edit.js new file mode 100644 index 0000000..00b14e4 --- /dev/null +++ b/lib/assets/javascripts/views/super_admin/users/edit.js @@ -0,0 +1,5 @@ +import ariatiseForm from '../../../utils/ariatiseForm'; + +$(() => { + ariatiseForm({ selector: '#super_admin_user_edit' }); +}); diff --git a/lib/assets/javascripts/views/users/admin_grant_permissions.js b/lib/assets/javascripts/views/users/admin_grant_permissions.js index bb32354..95b0155 100644 --- a/lib/assets/javascripts/views/users/admin_grant_permissions.js +++ b/lib/assets/javascripts/views/users/admin_grant_permissions.js @@ -1,9 +1,26 @@ import { paginableSelector } from '../../utils/paginable'; import { isObject, isString } from '../../utils/isType'; -import { renderNotice, renderAlert } from '../../utils/notificationHelper'; +import { renderNotice, renderAlert, hideNotifications } from '../../utils/notificationHelper'; import { scrollTo } from '../../utils/scrollTo'; $(() => { + // Activate/Deactivate user account + $(paginableSelector).on('click, change', '.activate-user input[type="checkbox"]', (e) => { + const form = $(e.target).closest('form'); + hideNotifications(); + form.submit(); + }); + $(paginableSelector).on('ajax:success', '.activate-user', (e, data) => { + if (data.code === 1 && data.msg && data.msg !== '') { + renderNotice(data.msg); + } else { + renderAlert(data.msg); + } + }); + $(paginableSelector).on('ajax:error', '.activate-user', () => { + renderAlert('Unexpected error'); + }); + let currentPrivileges = null; $(paginableSelector).on('click', 'a[href$="admin_grant_permissions"]', (e) => { e.preventDefault(); diff --git a/lib/assets/stylesheets/overrides.scss b/lib/assets/stylesheets/overrides.scss index d8a3e33..a833b18 100644 --- a/lib/assets/stylesheets/overrides.scss +++ b/lib/assets/stylesheets/overrides.scss @@ -49,6 +49,9 @@ .table-hover tbody tr:hover td, .table-hover tbody tr:hover th { background-color: #CCC; } +th.date-column { + min-width: 120px; +} // Fix issues with dropdwon within tables being cut off .table-responsive > .table { @@ -84,6 +87,12 @@ } } +/* MODAL DIALOG STYLING */ +.modal-dialog { + background-color: $white; +} + + /* nav-tabs and nav-pills styling */ .nav-tabs, .nav-pills { background-color: $grey; diff --git a/test/functional/super_admin/orgs_controller_test.rb b/test/functional/super_admin/orgs_controller_test.rb index b7c2f5f..0a8d623 100644 --- a/test/functional/super_admin/orgs_controller_test.rb +++ b/test/functional/super_admin/orgs_controller_test.rb @@ -51,6 +51,7 @@ test 'super admin can create an org' do params = {name: 'Test Org create', abbreviation: 'ABCD'} sign_in @super_admin + post super_admin_orgs_path, {org: params} assert_response :redirect end diff --git a/test/functional/super_admin/users_controller_test.rb b/test/functional/super_admin/users_controller_test.rb new file mode 100644 index 0000000..36a7c1a --- /dev/null +++ b/test/functional/super_admin/users_controller_test.rb @@ -0,0 +1,48 @@ +require 'test_helper' + +class UsersControllerTest < ActionDispatch::IntegrationTest + include Devise::Test::IntegrationHelpers + + setup do + @user = User.create!(email: "super-admin-user-test@example.com", + firstname: "Testing", surname: "User", + password: "password123", password_confirmation: "password123", + org: Org.last, accept_terms: true, confirmed_at: Time.zone.now) + @super_admin = User.find_by(email: 'super_admin@example.com') + end + + test 'unauthorized user cannot access edit user page' do + get edit_super_admin_user_path(@user) + assert_unauthorized_redirect_to_root_path + + sign_in @user + get edit_super_admin_user_path(@user) + assert_authorized_redirect_to_plans_page + end + + test 'super admin can access edit user page' do + sign_in @super_admin + get edit_super_admin_user_path(@user) + assert_response :success + end + + test 'unauthorized user cannot edit a user' do + params = { firstname: 'Foo', surname: 'Bar' } + put super_admin_user_path(@user), { super_admin_user: params } + assert_unauthorized_redirect_to_root_path + + sign_in @user + put super_admin_user_path(@user), { super_admin_user: params } + assert_authorized_redirect_to_plans_page + end + + test 'super admin can edit a user' do + params = { firstname: 'Foo', surname: 'Bar' } + sign_in @super_admin + put super_admin_user_path(@user), { super_admin_user: params } + assert_response :redirect + @user.reload + assert_equal 'Foo', @user.firstname, "expected the User's firstname to have been updated" + end + +end diff --git a/test/integration/user_activation_test.rb b/test/integration/user_activation_test.rb new file mode 100644 index 0000000..89aaaf0 --- /dev/null +++ b/test/integration/user_activation_test.rb @@ -0,0 +1,39 @@ +require 'test_helper' + +class AnswerLockingTest < ActionDispatch::IntegrationTest + include Devise::Test::IntegrationHelpers + + setup do + @user = User.create!(email: "super-admin-user-test@example.com", + firstname: "Testing", surname: "User", + password: "password123", password_confirmation: "password123", + org: Org.last, accept_terms: true, confirmed_at: Time.zone.now) + end + + test 'user can login when their account is active' do + sign_in @user + get root_path + assert_authorized_redirect_to_plans_page + end + + test 'user cannot login when their account is inactive' do + @user.active = false + @user.save! + + sign_in @user + # Sign in throws an Exception when the user is inactive + assert_raise do + get root_path + end + end + + test 'logged in user is logged out when their account is deactivated' do + sign_in @user + get root_path + assert_authorized_redirect_to_plans_page + @user.active = false + @user.save! + get root_path + assert_unauthorized_redirect_to_root_path + end +end \ No newline at end of file diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb index 73d966f..0fa96b6 100644 --- a/test/unit/user_test.rb +++ b/test/unit/user_test.rb @@ -139,6 +139,11 @@ end # --------------------------------------------------- + test "new user is active by default" do + assert @user.active? + end + + # --------------------------------------------------- test "can only have one identifier per IdentifierScheme" do @scheme = IdentifierScheme.first