cirandas.net

ref: master

test/functional/profile_roles_controller_test.rb

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112

require_relative '../test_helper'

class ProfileRolesControllerTest < ActionController::TestCase

  def setup
    @controller = ProfileRolesController.new

    @role = Role.first
  end

  should 'create a custom role' do
    community = fast_create(Community)
    admin = create_user_with_permission('admin_user', 'manage_custom_roles', community)
    login_as :admin_user
    post :create, :profile => community.identifier, :role => {:name => "some_role", :permissions => ["edit_profile"] }
    role = Role.where(:name => 'some_role').first

    assert_not_nil role
    assert_equal community.id, role.profile_id
  end

  should 'not create a custom role without permission' do
    community = fast_create(Community)
    moderator = create_user_with_permission('profile_admin', 'edit_profile', community)
    login_as :profile_admin
    post :create, :profile => community.identifier, :role => {:name => "new_admin", :permissions => ["edit_profile"] }

    assert_response 403
    assert_template 'shared/access_denied'

    role = Role.where(:name => 'new_admin')

    assert_empty role
  end


  should 'delete a custom role not used' do
    community = fast_create(Community)
    admin = create_user_with_permission('admin_user', 'manage_custom_roles', community)
    login_as :admin_user
    role = Role.create!({:name => 'delete_article', :key => 'profile_delete_article', :profile_id => community.id, :environment => Environment.default}, :without_protection => true)
    post :remove , :profile => community.identifier, :id => role.id

    assert_response :redirect
    assert_redirected_to :action => 'index'

    assert_not_includes Role.all, role
  end

  should 'delete a custom role being used' do
    community = fast_create(Community)
    admin = create_user_with_permission('admin_user', 'manage_custom_roles', community)
    login_as :admin_user
    role = Role.create!({:name => 'delete_article', :key => 'profile_delete_article', :profile_id => community.id, :environment => Environment.default}, :without_protection => true)
    admin.add_role(role, community)
    moderator_role = Role.find_by(name: "moderator")

    assert_not_includes community.members_by_role(moderator_role), admin

    post :remove , :profile => community.identifier, :id => role.id, :roles => [moderator_role.id]

    assert_response :redirect
    assert_redirected_to :action => 'index'

    assert_not_includes Role.all, role
    assert_includes community.members_by_role(moderator_role), admin
  end

  should 'assign a custom role to single user' do
    community = fast_create(Community)
    admin = create_user_with_permission('admin_user', 'manage_custom_roles', community)
    login_as :admin_user
    role = Role.create!({:name => 'delete_article', :key => 'profile_delete_article', :profile_id => community.id, :environment => Environment.default}, :without_protection => true)

    assert_not_includes community.members_by_role(role), admin

    post :define, :profile => community.identifier, :id => role.id, :assign_role_by => "members", :person_id => admin.id

    assert_includes community.members_by_role(role), admin
  end

  should  'replace a role with a custom role' do
    community = fast_create(Community)
    admin = create_user_with_permission('admin_user', 'manage_custom_roles', community)
    moderator = create_user_with_permission('profile_admin', 'edit_profile', community)
    login_as :admin_user
    role = Role.create!({:name => 'delete_article', :key => 'profile_delete_article', :profile_id => community.id, :environment => Environment.default}, :without_protection => true)
    moderator_role = Role.find_by(name: "moderator")
    admin.add_role(moderator_role, community)

    assert_not_includes community.members_by_role(role), admin

    assert_not_includes community.members_by_role(role), moderator
    assert_not_includes community.members_by_role(moderator_role), moderator

    post :define, :profile => community.identifier, :id => role.id, :assign_role_by => "roles", :selected_role => moderator_role.id

    assert_not_includes community.members_by_role(moderator_role), admin
    assert_includes community.members_by_role(role), admin

    assert_not_includes community.members_by_role(role), moderator
    assert_not_includes community.members_by_role(moderator_role), moderator
  end

  should 'avoid access with person profile' do
    person = create_user('sample_user').person
    login_as person.identifier
    get :index , :profile => person.identifier

    assert_response 404
  end
end