diff options
| author | Luc Donnet | 2018-03-02 11:15:23 +0100 |
|---|---|---|
| committer | GitHub | 2018-03-02 11:15:23 +0100 |
| commit | a6de378529be7ca51ba2d1d7a8f03df263f3d2a8 (patch) | |
| tree | 2be36e14e00afed1d934de285f7c0e412fb6b78a /spec/controllers | |
| parent | f6f29efdac828a8d44130868215307daa1ab07c3 (diff) | |
| parent | 63ab2c81b292fe18c28f9f22232ad3cb712a9717 (diff) | |
| download | chouette-core-a6de378529be7ca51ba2d1d7a8f03df263f3d2a8.tar.bz2 | |
Merge pull request #295 from af83/5865-validate-referential-cloning
5865 Ensure user is allowed to duplicate a referential
Diffstat (limited to 'spec/controllers')
5 files changed, 49 insertions, 11 deletions
diff --git a/spec/controllers/line_referentials_controller_spec.rb b/spec/controllers/line_referentials_controller_spec.rb index 17ffb670d..8e8d48fda 100644 --- a/spec/controllers/line_referentials_controller_spec.rb +++ b/spec/controllers/line_referentials_controller_spec.rb @@ -6,8 +6,8 @@ RSpec.describe LineReferentialsController, :type => :controller do describe 'PUT sync' do let(:request){ put :sync, id: line_referential.id } - it 'should redirect to 403' do - expect(request).to redirect_to "/403" + it 'should respond with 403' do + expect(request).to have_http_status 403 end with_permission "line_referentials.synchronize" do diff --git a/spec/controllers/lines_controller_spec.rb b/spec/controllers/lines_controller_spec.rb index 65fe88b96..96f49bb36 100644 --- a/spec/controllers/lines_controller_spec.rb +++ b/spec/controllers/lines_controller_spec.rb @@ -7,8 +7,8 @@ RSpec.describe LinesController, :type => :controller do describe 'PUT deactivate' do let(:request){ put :deactivate, id: line.id, line_referential_id: line_referential.id } - it 'should redirect to 403' do - expect(request).to redirect_to "/403" + it 'should respond with 403' do + expect(request).to have_http_status 403 end with_permission "lines.change_status" do @@ -24,8 +24,8 @@ RSpec.describe LinesController, :type => :controller do before(:each){ line.deactivate! } - it 'should redirect to 403' do - expect(request).to redirect_to "/403" + it 'should respond with 403' do + expect(request).to have_http_status 403 end with_permission "lines.change_status" do diff --git a/spec/controllers/referentials_controller_spec.rb b/spec/controllers/referentials_controller_spec.rb index 5e0b1e505..ff450c905 100644 --- a/spec/controllers/referentials_controller_spec.rb +++ b/spec/controllers/referentials_controller_spec.rb @@ -6,6 +6,42 @@ describe ReferentialsController, :type => :controller do let(:organisation) { create :organisation } let(:other_referential) { create :referential, organisation: organisation } + describe "GET new" do + let(:request){ get :new, workbench_id: referential.workbench_id } + before{ request } + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + context "when cloning another referential" do + let(:source){ referential } + let(:request){ get :new, workbench_id: referential.workbench_id, from: source.id } + + it 'returns http success' do + expect(response).to have_http_status(200) + end + + context "when the referential is in another organisation but accessible by the user" do + let(:source){ create(:workbench_referential) } + before do + source.workbench.update_attribute :workgroup_id, referential.workbench.workgroup_id + end + + it 'returns http forbidden' do + expect(response).to have_http_status(403) + end + end + + context "when the referential is not accessible by the user" do + let(:source){ create(:workbench_referential) } + it 'returns http forbidden' do + expect(response).to have_http_status(403) + end + end + end + end + describe 'PUT archive' do context "user's organisation matches referential's organisation" do it 'returns http success' do diff --git a/spec/controllers/stop_area_referentials_controller_spec.rb b/spec/controllers/stop_area_referentials_controller_spec.rb index 384323334..737ef631f 100644 --- a/spec/controllers/stop_area_referentials_controller_spec.rb +++ b/spec/controllers/stop_area_referentials_controller_spec.rb @@ -6,7 +6,9 @@ RSpec.describe StopAreaReferentialsController, :type => :controller do describe 'PUT sync' do let(:request){ put :sync, id: stop_area_referential.id } - it { expect(request).to redirect_to "/403" } + it 'should respond with 403' do + expect(request).to have_http_status 403 + end with_permission "stop_area_referentials.synchronize" do it 'returns HTTP success' do diff --git a/spec/controllers/stop_areas_controller_spec.rb b/spec/controllers/stop_areas_controller_spec.rb index 23bca3c36..f39ac5776 100644 --- a/spec/controllers/stop_areas_controller_spec.rb +++ b/spec/controllers/stop_areas_controller_spec.rb @@ -7,8 +7,8 @@ RSpec.describe StopAreasController, :type => :controller do describe 'PUT deactivate' do let(:request){ put :deactivate, id: stop_area.id, stop_area_referential_id: stop_area_referential.id } - it 'should redirect to 403' do - expect(request).to redirect_to "/403" + it 'should respond with 403' do + expect(request).to have_http_status 403 end with_permission "stop_areas.change_status" do @@ -24,8 +24,8 @@ RSpec.describe StopAreasController, :type => :controller do before(:each){ stop_area.deactivate! } - it 'should redirect to 403' do - expect(request).to redirect_to "/403" + it 'should respond with 403' do + expect(request).to have_http_status 403 end with_permission "stop_areas.change_status" do |