Add tests for evaluation authorization (#268)

kir-dev · Sep 24, 2020 · 4228707 · 4228707
1 parent 5e47fde
commit 4228707
Showing 12 changed files with 253 additions and 16 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -58,7 +58,7 @@ def require_application_or_evaluation_season
   end
 
   def require_application_season_for_group_leader
-    forbidden_page if current_user.leader_of?(current_group) && !SystemAttribute.application_season?
+    redirect_to root_url if current_user.leader_of?(current_group) && !SystemAttribute.application_season?
   end
 
   def require_leader_or_rvt_member

diff --git a/app/controllers/point_details_controller.rb b/app/controllers/point_details_controller.rb
@@ -1,6 +1,5 @@
 class PointDetailsController < ApplicationController
   before_action :require_resort_or_group_leader
-  before_action :require_application_season_for_group_leader
   before_action :set_entities
   before_action :changeable_evaluation
   before_action :validate_correct_group

diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
@@ -41,26 +41,29 @@
 RSpec.configure do |config|
   config.include AuthenticationHelper, type: :request
   config.include RequestHelpers, type: :request
+  config.include SeasonHelpers
   # If you're not using ActiveRecord, or you'd prefer not to run each of your
   # examples within a transaction, remove the following line or assign false
   # instead of true.
   config.use_transactional_fixtures = true
 
   config.before(:suite) do
+    FactoryBot.create(:post_type_leader)
+    FactoryBot.create(:post_type_newbie)
     FactoryBot.create(:group_svie)
     FactoryBot.create(:group_rvt)
     FactoryBot.create(:group_kir_dev)
-    FactoryBot.create(:post_type_leader)
-    FactoryBot.create(:post_type_newbie)
     FactoryBot.create(:post_type_pek_admin)
     FactoryBot.create(:post_type_new_member)
     FactoryBot.create(:system_attribute_semester)
     FactoryBot.create(:system_attribute_app_season)
+    SystemAttribute.update_season(SystemAttribute::OFFSEASON)
   end
 
   config.after(:suite) do
     PostType.delete_all
     Group.delete_all
+    User.delete_all
   end
 
   # RSpec Rails can automatically mix in different behaviours to your tests

diff --git a/spec/requests/entry_requests_spec.rb b/spec/requests/entry_requests_spec.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+describe "EntryRequests", type: :request do
+  let(:entry_request) { create(:entry_request) }
+  let(:evaluation) { entry_request.evaluation }
+  let(:group) { evaluation.group }
+  let(:selected_user) { entry_request.user }
+
+  before(:each) do
+    login_as(current_user)
+  end
+
+  describe "#update" do
+    include_context "application season"
+
+    subject do
+      post "/groups/#{group.id}/evaluations/#{evaluation.id}/entryrequests/update",
+           params: {
+               user_id:    selected_user.id,
+               entry_type: EntryRequest::AB
+           }
+    end
+
+    context "when the user is not authorized" do
+      let(:current_user) { create(:user) }
+
+      it "returns forbidden" do
+        subject
+
+        expect(response).to have_http_status(:forbidden)
+      end
+    end
+
+    context "when the current_user is the group leader" do
+      let(:current_user) { group.leader.user }
+
+      it "updates the entry request" do
+        subject
+
+        expect(response).to have_http_status(:ok)
+      end
+    end
+  end
+end
diff --git a/spec/requests/evalutations_controller_spec.rb b/spec/requests/evalutations_controller_spec.rb
@@ -1,22 +1,53 @@
 # frozen_string_literal: true
 
 describe EvaluationsController do
-  describe '#current' do
-    let(:group) { create(:group) }
 
+  shared_context "current user is the group leader" do
+    let(:user) { group.leader.user }
+  end
+  before(:each) { login_as(user) }
+  let(:group) { evaluation.group }
+  let(:evaluation) { create(:evaluation) }
+
+  describe '#current' do
     context 'when the user is not the group leader' do
-      it 'returns forbidden' do
-        user = create(:user)
-        login_as(user)
+      let(:user) { create(:user) }
 
+      it 'returns forbidden' do
         get "/groups/#{group.id}/evaluations/current"
 
         expect(response).to have_http_status :forbidden
       end
     end
 
     context 'when the user is the group leader' do
-      let(:user)    { group.leader.user }
+      include_context "application season"
+      include_context "current user is the group leader"
+
+      it 'creates new evaluation' do
+        get "/groups/#{group.id}/evaluations/current"
+
+        new_evaluation = Evaluation.find_by(
+            group: group, semester: SystemAttribute.semester.to_s
+        )
+
+        expect(new_evaluation).not_to be nil
+      end
+
+      it 'redirects to the evaluation page' do
+        get "/groups/#{group.id}/evaluations/current"
+
+        new_evaluation = Evaluation.find_by(
+            group: group, semester: SystemAttribute.semester.to_s
+        )
+
+        expect(response).to redirect_to group_evaluation_path(group, new_evaluation)
+      end
+    end
+
+    context 'when the user is the resort leader' do
+      include_context "application season"
+      let(:user) { group.parent.leader.user }
       before(:each) { login_as(user) }
 
       it 'creates new evaluation' do
@@ -40,4 +71,63 @@
       end
     end
   end
+
+  describe "#show" do
+    context "when evaluation exists and the current user is the group leader and off season " do
+      include_context "current user is the group leader"
+
+      it "shows the evaluation" do
+        get "/groups/#{group.id}/evaluations/#{evaluation.id}"
+
+        expect(response).to redirect_to(root_url)
+      end
+    end
+
+    context "when evaluation exists and the current user is the group leader and application season " do
+      include_context "application season"
+      include_context "current user is the group leader"
+
+      it "shows the evaluation" do
+        get "/groups/#{group.id}/evaluations/#{evaluation.id}"
+
+        expect(response).to have_http_status(:ok)
+      end
+    end
+
+    context "when evaluation exists and the current user is the group leader and evaluation season " do
+      include_context "evaluation season"
+      include_context "current user is the group leader"
+
+      it "shows the evaluation" do
+        get "/groups/#{group.id}/evaluations/#{evaluation.id}"
+
+        expect(response).to redirect_to(root_url)
+      end
+    end
+  end
+
+  describe "#submit_point_request" do
+
+    context "when the current user is the group leader and off season" do
+      include_context "current user is the group leader"
+      include_context "off season"
+
+      it "redirects" do
+        post "/groups/#{group.id}/evaluations/#{evaluation.id}/pointrequest"
+
+        expect(response).to redirect_to(root_url)
+      end
+    end
+
+    context "when the current user is the group leader and application season" do
+      include_context "current user is the group leader"
+      include_context "application season"
+
+      it "redirects" do
+        post "/groups/#{group.id}/evaluations/#{evaluation.id}/pointrequest"
+
+        expect(response).to redirect_to group_evaluation_path(group, evaluation)
+      end
+    end
+  end
 end
diff --git a/spec/requests/point_details_spec.rb b/spec/requests/point_details_spec.rb
@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+describe "PointDetails" do
+  describe "#update" do
+    let(:point_detail) { create(:point_detail) }
+    let(:evaluation) { point_detail.point_request.evaluation }
+    let(:group) { evaluation.group }
+    let(:params) do
+      principle = point_detail.principle
+      {
+          user_id:       point_detail.point_request.user.id,
+          principle_id:  principle.id,
+          evaluation_id: evaluation.id,
+          point:         principle.max_per_member
+      }
+    end
+
+    subject do
+      headers = { "ACCEPT" => "application/js" }
+      post "/groups/#{group.id}/evaluations/#{evaluation.id}/pointdetails/update", params: params, headers: headers
+    end
+
+    before(:each) { login_as(current_user) }
+
+    context "when the user has no permission" do
+      let(:current_user) { create(:user) }
+
+      it "returns forbidden" do
+        subject
+
+        expect(response).to have_http_status(:forbidden)
+      end
+    end
+
+    context "when the current user is the group leader" do
+      let(:current_user) { group.leader.user }
+
+      context "when application season" do
+        include_context "application season"
+
+        context "when the point detail already exists" do
+          it "updates the point detail" do
+            subject
+
+            expect(response).to have_http_status(:ok)
+          end
+
+          it "doesn't change the PointDetail count" do
+            expect { subject }.to_not change { PointDetail.count }
+          end
+
+          it "has the correct attributes" do
+            subject
+
+            expected_attributes = { principle_id: params[:principle_id], point: params[:point] }
+            expect(PointDetail.last).to have_attributes(expected_attributes)
+          end
+
+          it "belongs to the correct user" do
+            subject
+
+            expect(PointDetail.last.point_request.user).to eql(point_detail.point_request.user)
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/support/season_contexts.rb b/spec/support/season_contexts.rb
@@ -0,0 +1,19 @@
+module SeasonHelpers
+  shared_context "off season" do
+    before(:each) do
+      SystemAttribute.update_season(SystemAttribute::OFFSEASON)
+    end
+  end
+
+  shared_context "application season" do
+    before(:each) do
+      SystemAttribute.update_season(SystemAttribute::APPLICATION_SEASON)
+    end
+  end
+
+  shared_context "evaluation season" do
+    before(:each) do
+      SystemAttribute.update_season(SystemAttribute::EVALUATION_SEASON)
+    end
+  end
+end
diff --git a/test/factories/enty_requests.rb b/test/factories/enty_requests.rb
@@ -0,0 +1,13 @@
+FactoryBot.define do
+  factory :entry_request do
+    association :evaluation
+    association :user
+
+    after(:build) do |er|
+      create(:membership, user: er.user, group: er.evaluation.group)
+    end
+
+    entry_type { EntryRequest::DEFAULT_TYPE }
+    justification { "Kifejezettem aktív volt a félévben." }
+  end
+end
diff --git a/test/factories/evaulations.rb b/test/factories/evaulations.rb
@@ -1,6 +1,6 @@
 FactoryBot.define do
   factory :evaluation do
-    association :group
+    association(:group, factory: :group_with_parent)
 
     date { '201720181' }
     justification { 'Lyo lesz' }

diff --git a/test/factories/groups.rb b/test/factories/groups.rb
@@ -18,6 +18,10 @@
     end
   end
 
+  factory :group_with_parent, parent: :group do
+    parent { create(:group) }
+  end
+
   factory :group_svie, parent: :basic_group do
     id { Group::SVIE_ID }
     name { 'SVIE' }

diff --git a/test/factories/post_types.rb b/test/factories/post_types.rb
@@ -2,7 +2,7 @@
 
 FactoryBot.define do
   factory :post_type do
-    group { build(:group) }
+    group { build(:basic_group) }
     sequence(:name) { |n| "Post type #{n}" }
     sequence(:id, 150)
   end

diff --git a/test/factories/users.rb b/test/factories/users.rb
@@ -7,10 +7,7 @@
     sequence(:nickname) { |n| "nickname_sanyi#{n}" }
     sequence(:email) { |n| "sanyi_#{n}@example.org" }
     sequence(:cell_phone) { |n| "66677788#{n}" }
-    sequence(:neptun) do |n|
-      random_character = (n % 26 + 65).chr(Encoding::UTF_8)
-      "AAAAA#{random_character}"
-    end
+    sequence(:neptun) { |n| (36 ** 6 - 1 - n).to_s(36).upcase }
     auth_sch_id { SecureRandom.uuid }
 
     trait :with_primary_membership do