tests for dendros

xronos-ch · Dec 19, 2024 · 525e81f · 525e81f
1 parent 4b90cac
commit 525e81f
Show file tree

Hide file tree

Showing 13 changed files with 150 additions and 207 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -13,8 +13,18 @@ def after_sign_in_path_for(resource_or_scope)
   end
 
   # Return 404 for unauthorised resources
+  #rescue_from CanCan::AccessDenied do |exception|
+  #  raise ActionController::RoutingError.new('Not Found')
+  #end
+
+
+  # Redirect to the custom unauthorized page for unauthorized access
   rescue_from CanCan::AccessDenied do |exception|
-    raise ActionController::RoutingError.new('Not Found')
+    respond_to do |format|
+      format.html { redirect_to unauthorized_path, alert: exception.message, status: :forbidden }
+      format.json { render json: { error: exception.message }, status: :forbidden }
+      format.any { head :forbidden }
+    end
   end
 
   def info_for_paper_trail

diff --git a/app/controllers/dendros_controller.rb b/app/controllers/dendros_controller.rb
@@ -54,10 +54,7 @@ def show
   # GET /dendros/new
   def new
     @dendro = Dendro.new
-    @dendro.build_sample.build_context(site: @site) # Prebuild the nested structure
-#    @context = @site.contexts.build
-#    @sample = @context.samples.build
-#    @dendro = @sample.dendros.build
+    @dendro.build_sample.build_context(site: @site)
   end
 
   # GET /dendros/1/edit

diff --git a/app/controllers/pages_controller.rb b/app/controllers/pages_controller.rb
@@ -9,5 +9,9 @@ def home
       .includes([splash_attachment: :blob])
       .includes(:user)
   end
+
+  def unauthorized
+    render status: :forbidden, layout: false
+  end
 
 end
diff --git a/app/views/dendros/_fields.html.erb b/app/views/dendros/_fields.html.erb
@@ -24,6 +24,12 @@
   </div>
 </div
 
+<div class="row">
+  <div class="col">
+    <%= f.text_area :description, label: "Description" %>
+  </div>
+</div>
+
 <%# f.collection_select :sample_id, 
   Sample.joins(:context).where('contexts.site_id' => @dendro.site.id), 
   :id, :position_description,

diff --git a/app/views/pages/unauthorized.html.erb b/app/views/pages/unauthorized.html.erb
@@ -0,0 +1,11 @@
+<div class="container">
+	<div class="row m-3">
+
+		<div class="col">
+			<h1>403 - Forbidden</h1>
+			<p>You do not have the necessary permissions to access this page.</p>
+			<a href="<%= root_path %>">Return to the home page</a>
+
+		</div>
+	</div>
+</div>
diff --git a/config/routes.rb b/config/routes.rb
@@ -6,6 +6,7 @@
   get '/home' => 'pages#home'
   get '/database' => 'pages#database'
   get '/api' => 'pages#api'
+  get "/unauthorized", to: "pages#unauthorized", as: :unauthorized
 
   # Articles (news posts and other pseudo-static pages)
   get '/news', to: 'articles#index', section: 'news'

diff --git a/spec/rails_helper.rb b/spec/rails_helper.rb
@@ -89,5 +89,7 @@
   config.include Devise::Test::ControllerHelpers, type: :controller
   config.include Devise::Test::ControllerHelpers, type: :view
   config.include Devise::Test::IntegrationHelpers
+
+  config.include FactoryBot::Syntax::Methods
 
 end
diff --git a/spec/requests/dendros_spec.rb b/spec/requests/dendros_spec.rb
@@ -1,61 +1,48 @@
- require 'rails_helper'
-
-# This spec was generated by rspec-rails when you ran the scaffold generator.
-# It demonstrates how one might use RSpec to test the controller code that
-# was generated by Rails when you ran the scaffold generator.
-#
-# It assumes that the implementation code is generated by the rails scaffold
-# generator. If you are using any extension libraries to generate different
-# controller code, this generated spec may or may not pass.
-#
-# It only uses APIs available in rails and/or rspec-rails. There are a number
-# of tools you can use to make these specs even more expressive, but we're
-# sticking to rails and rspec-rails APIs to keep things simple and stable.
+require 'rails_helper'
 
 RSpec.describe "/dendros", type: :request do
-  # Dendro. As you add validations to Dendro, be sure to
-  # adjust the attributes here as well.
+  # Create users with and without admin privileges
+  let(:admin_user) { create(:user, :admin) }
+  let(:regular_user) { create(:user) }
+
+  # Valid and invalid attributes for the Dendro model
   let(:valid_attributes) {
-    skip("Add a hash of attributes valid for your model")
+    {
+      sample_id: create(:sample).id, # Ensure a valid associated sample is created
+      series_code: "RUSS068EN",
+      name: "Dendro Sample",
+      start_year: 1246,
+      end_year: 1698
+    }
   }
 
   let(:invalid_attributes) {
-    skip("Add a hash of attributes invalid for your model")
+    { series_code: nil, name: nil, sample_id: nil }
   }
 
+  # Devise helpers for authentication
+  include Devise::Test::IntegrationHelpers
+
   describe "GET /index" do
-    it "renders a successful response" do
-      Dendro.create! valid_attributes
+    it "renders a successful response for visitors" do
+      create(:dendro)
       get dendros_url
       expect(response).to be_successful
     end
   end
 
   describe "GET /show" do
-    it "renders a successful response" do
-      dendro = Dendro.create! valid_attributes
+    it "renders a successful response for visitors" do
+      dendro = create(:dendro)
       get dendro_url(dendro)
       expect(response).to be_successful
     end
   end
 
-  describe "GET /new" do
-    it "renders a successful response" do
-      get new_dendro_url
-      expect(response).to be_successful
-    end
-  end
-
-  describe "GET /edit" do
-    it "render a successful response" do
-      dendro = Dendro.create! valid_attributes
-      get edit_dendro_url(dendro)
-      expect(response).to be_successful
-    end
-  end
-
   describe "POST /create" do
-    context "with valid parameters" do
+    context "as an admin user" do
+      before { sign_in admin_user }
+
       it "creates a new Dendro" do
         expect {
           post dendros_url, params: { dendro: valid_attributes }
@@ -68,62 +55,94 @@
       end
     end
 
-    context "with invalid parameters" do
-      it "does not create a new Dendro" do
+    context "as a regular user" do
+      before { sign_in regular_user }
+
+      it "creates a new Dendro" do
         expect {
-          post dendros_url, params: { dendro: invalid_attributes }
-        }.to change(Dendro, :count).by(0)
+          post dendros_url, params: { dendro: valid_attributes }
+        }.to change(Dendro, :count).by(1)
       end
 
-      it "renders a successful response (i.e. to display the 'new' template)" do
-        post dendros_url, params: { dendro: invalid_attributes }
-        expect(response).to be_successful
+      it "redirects to the created dendro" do
+        post dendros_url, params: { dendro: valid_attributes }
+        expect(response).to redirect_to(dendro_url(Dendro.last))
       end
     end
   end
 
   describe "PATCH /update" do
-    context "with valid parameters" do
-      let(:new_attributes) {
-        skip("Add a hash of attributes valid for your model")
-      }
+    let(:new_attributes) {
+      { name: "Updated Name" }
+    }
+
+    context "as an admin user" do
+      before { sign_in admin_user }
 
       it "updates the requested dendro" do
-        dendro = Dendro.create! valid_attributes
+        dendro = create(:dendro)
         patch dendro_url(dendro), params: { dendro: new_attributes }
         dendro.reload
-        skip("Add assertions for updated state")
+        expect(dendro.name).to eq("Updated Name")
       end
 
       it "redirects to the dendro" do
-        dendro = Dendro.create! valid_attributes
+        dendro = create(:dendro)
         patch dendro_url(dendro), params: { dendro: new_attributes }
-        dendro.reload
         expect(response).to redirect_to(dendro_url(dendro))
       end
     end
 
-    context "with invalid parameters" do
-      it "renders a successful response (i.e. to display the 'edit' template)" do
-        dendro = Dendro.create! valid_attributes
-        patch dendro_url(dendro), params: { dendro: invalid_attributes }
-        expect(response).to be_successful
+    context "as a regular user" do
+      before { sign_in regular_user }
+
+      it "does not update the dendro" do
+        dendro = create(:dendro)
+        patch dendro_url(dendro), params: { dendro: new_attributes }
+        dendro.reload
+        expect(dendro.name).not_to eq("Updated Name")
+      end
+
+      it "returns a forbidden status" do
+        dendro = create(:dendro)
+        patch dendro_url(dendro), params: { dendro: new_attributes }
+        expect(response).to have_http_status(:forbidden)
       end
     end
   end
 
   describe "DELETE /destroy" do
-    it "destroys the requested dendro" do
-      dendro = Dendro.create! valid_attributes
-      expect {
+    context "as an admin user" do
+      before { sign_in admin_user }
+
+      it "destroys the requested dendro" do
+        dendro = create(:dendro)
+        expect {
+          delete dendro_url(dendro)
+        }.to change(Dendro, :count).by(-1)
+      end
+      it "redirects to the dendros list" do
+        dendro = create(:dendro)
         delete dendro_url(dendro)
-      }.to change(Dendro, :count).by(-1)
+        expect(response).to redirect_to(dendros_url)
+      end
     end
 
-    it "redirects to the dendros list" do
-      dendro = Dendro.create! valid_attributes
-      delete dendro_url(dendro)
-      expect(response).to redirect_to(dendros_url)
+    context "as a regular user" do
+      before { sign_in regular_user }
+
+      it "does not destroy the dendro" do
+        dendro = create(:dendro)
+        expect {
+          delete dendro_url(dendro)
+        }.not_to change(Dendro, :count)
+      end
+
+      it "returns a forbidden status" do
+        dendro = create(:dendro)
+        delete dendro_url(dendro)
+        expect(response).to have_http_status(:forbidden)
+      end
     end
   end
-end
+end
diff --git a/spec/views/dendros/edit.html.erb_spec.rb b/spec/views/dendros/edit.html.erb_spec.rb
diff --git a/spec/views/dendros/index.html.erb_spec.rb b/spec/views/dendros/index.html.erb_spec.rb
@@ -2,42 +2,23 @@
 
 RSpec.describe "dendros/index", type: :view do
   before(:each) do
-    assign(:dendros, [
-      Dendro.create!(
-        sample: nil,
-        series_code: "Series Code",
-        name: "Name",
-        description: "MyText",
-        start_year: 2,
-        end_year: 3,
-        is_anchored: false,
-        offset: 4,
-        measurements: ""
-      ),
-      Dendro.create!(
-        sample: nil,
-        series_code: "Series Code",
-        name: "Name",
-        description: "MyText",
-        start_year: 2,
-        end_year: 3,
-        is_anchored: false,
-        offset: 4,
-        measurements: ""
-      )
-    ])
+    @sample1 = create(:sample)
+    @sample2 = create(:sample)
+    assign(:pagy, Pagy.new(count: 2, page: 1))
+    @dendro1 = create(:dendro, sample: @sample1)
+    @dendro2 = create(:dendro, sample: @sample2)
+    assign(:dendros, [@dendro1, @dendro2])
   end
 
   it "renders a list of dendros" do
     render
-    assert_select "tr>td", text: nil.to_s, count: 2
-    assert_select "tr>td", text: "Series Code".to_s, count: 2
-    assert_select "tr>td", text: "Name".to_s, count: 2
-    assert_select "tr>td", text: "MyText".to_s, count: 2
-    assert_select "tr>td", text: 2.to_s, count: 2
-    assert_select "tr>td", text: 3.to_s, count: 2
-    assert_select "tr>td", text: false.to_s, count: 2
-    assert_select "tr>td", text: 4.to_s, count: 2
-    assert_select "tr>td", text: "".to_s, count: 2
+    assert_select "tr>td", text: @dendro1.site.name, count: 1
+    assert_select "tr>td", text: @dendro2.site.name, count: 1
+    assert_select "tr>td", text: @dendro1.name, count: 1
+    assert_select "tr>td", text: @dendro2.name, count: 1
+    assert_select "tr>td", text: @dendro1.start_year.to_s, count: 1
+    assert_select "tr>td", text: @dendro1.end_year.to_s, count: 1
+    assert_select "tr>td", text: @dendro2.start_year.to_s, count: 1
+    assert_select "tr>td", text: @dendro2.end_year.to_s, count: 1
   end
-end
+end