Merge pull request #295 from af83/5865-validate-referential-cloning

5865 Ensure user is allowed to duplicate a referential
author: Luc Donnet 2018-03-02 11:15:23 +0100
committer: GitHub 2018-03-02 11:15:23 +0100
commit: a6de378529be7ca51ba2d1d7a8f03df263f3d2a8 (patch)
tree: 2be36e14e00afed1d934de285f7c0e412fb6b78a /spec
parent: f6f29efdac828a8d44130868215307daa1ab07c3 (diff)
parent: 63ab2c81b292fe18c28f9f22232ad3cb712a9717 (diff)
download: chouette-core-a6de378529be7ca51ba2d1d7a8f03df263f3d2a8.tar.bz2
7 files changed, 65 insertions, 21 deletions
diff --git a/spec/controllers/line_referentials_controller_spec.rb b/spec/controllers/line_referentials_controller_spec.rb
index 17ffb670d..8e8d48fda 100644
--- a/spec/controllers/line_referentials_controller_spec.rb
+++ b/spec/controllers/line_referentials_controller_spec.rb
@@ -6,8 +6,8 @@ RSpec.describe LineReferentialsController, :type => :controller do
   describe 'PUT sync' do
     let(:request){ put :sync, id: line_referential.id }
 
-    it 'should redirect to 403' do
-       expect(request).to redirect_to "/403"
+    it 'should respond with 403' do
+       expect(request).to have_http_status 403
     end
 
     with_permission "line_referentials.synchronize" do
diff --git a/spec/controllers/lines_controller_spec.rb b/spec/controllers/lines_controller_spec.rb
index 65fe88b96..96f49bb36 100644
--- a/spec/controllers/lines_controller_spec.rb
+++ b/spec/controllers/lines_controller_spec.rb
@@ -7,8 +7,8 @@ RSpec.describe LinesController, :type => :controller do
   describe 'PUT deactivate' do
     let(:request){ put :deactivate, id: line.id, line_referential_id: line_referential.id }
 
-    it 'should redirect to 403' do
-      expect(request).to redirect_to "/403"
+    it 'should respond with 403' do
+      expect(request).to have_http_status 403
     end
 
     with_permission "lines.change_status" do
@@ -24,8 +24,8 @@ RSpec.describe LinesController, :type => :controller do
     before(:each){
       line.deactivate!
     }
-    it 'should redirect to 403' do
-       expect(request).to redirect_to "/403"
+    it 'should respond with 403' do
+      expect(request).to have_http_status 403
     end
 
     with_permission "lines.change_status" do
diff --git a/spec/controllers/referentials_controller_spec.rb b/spec/controllers/referentials_controller_spec.rb
index 5e0b1e505..ff450c905 100644
--- a/spec/controllers/referentials_controller_spec.rb
+++ b/spec/controllers/referentials_controller_spec.rb
@@ -6,6 +6,42 @@ describe ReferentialsController, :type => :controller do
   let(:organisation) { create :organisation }
   let(:other_referential) { create :referential, organisation: organisation }
 
+  describe "GET new" do
+    let(:request){ get :new, workbench_id: referential.workbench_id }
+    before{ request }
+
+    it 'returns http success' do
+      expect(response).to have_http_status(200)
+    end
+
+    context "when cloning another referential" do
+      let(:source){ referential }
+      let(:request){ get :new, workbench_id: referential.workbench_id, from: source.id }
+
+      it 'returns http success' do
+        expect(response).to have_http_status(200)
+      end
+
+      context "when the referential is in another organisation but accessible by the user" do
+        let(:source){ create(:workbench_referential) }
+        before do
+          source.workbench.update_attribute :workgroup_id, referential.workbench.workgroup_id
+        end
+
+        it 'returns http forbidden' do
+          expect(response).to have_http_status(403)
+        end
+      end
+
+      context "when the referential is not accessible by the user" do
+        let(:source){ create(:workbench_referential) }
+        it 'returns http forbidden' do
+          expect(response).to have_http_status(403)
+        end
+      end
+    end
+  end
+
   describe 'PUT archive' do
     context "user's organisation matches referential's organisation" do
       it 'returns http success' do
diff --git a/spec/controllers/stop_area_referentials_controller_spec.rb b/spec/controllers/stop_area_referentials_controller_spec.rb
index 384323334..737ef631f 100644
--- a/spec/controllers/stop_area_referentials_controller_spec.rb
+++ b/spec/controllers/stop_area_referentials_controller_spec.rb
@@ -6,7 +6,9 @@ RSpec.describe StopAreaReferentialsController, :type => :controller do
   describe 'PUT sync' do
     let(:request){ put :sync, id: stop_area_referential.id }
 
-    it { expect(request).to redirect_to "/403" }
+    it 'should respond with 403' do
+      expect(request).to have_http_status 403
+    end
 
     with_permission "stop_area_referentials.synchronize" do
       it 'returns HTTP success' do
diff --git a/spec/controllers/stop_areas_controller_spec.rb b/spec/controllers/stop_areas_controller_spec.rb
index 23bca3c36..f39ac5776 100644
--- a/spec/controllers/stop_areas_controller_spec.rb
+++ b/spec/controllers/stop_areas_controller_spec.rb
@@ -7,8 +7,8 @@ RSpec.describe StopAreasController, :type => :controller do
   describe 'PUT deactivate' do
     let(:request){ put :deactivate, id: stop_area.id, stop_area_referential_id: stop_area_referential.id }
 
-    it 'should redirect to 403' do
-       expect(request).to redirect_to "/403"
+    it 'should respond with 403' do
+      expect(request).to have_http_status 403
     end
 
     with_permission "stop_areas.change_status" do
@@ -24,8 +24,8 @@ RSpec.describe StopAreasController, :type => :controller do
     before(:each){
       stop_area.deactivate!
     }
-    it 'should redirect to 403' do
-       expect(request).to redirect_to "/403"
+    it 'should respond with 403' do
+      expect(request).to have_http_status 403
     end
 
     with_permission "stop_areas.change_status" do
diff --git a/spec/models/referential_spec.rb b/spec/models/referential_spec.rb
index 025ad80f9..1d9b3d78a 100644
--- a/spec/models/referential_spec.rb
+++ b/spec/models/referential_spec.rb
@@ -58,16 +58,21 @@ describe Referential, :type => :model do
       Referential.new_from(ref, [])
     end
 
-    # let(:saved_clone) do
-    #   clone.tap do |clone|
-    #     clone.organisation = ref.organisation
-    #     clone.metadatas.each do |metadata|
-    #       metadata.line_ids = ref.lines.where(id: clone.line_ids, objectid: JSON.parse(ref.organisation.sso_attributes["functional_scope"]).collect(&:id)
-    #       metadata.periodes = metadata.periodes.map { |period| Range.new(period.end+1, period.end+10) }
-    #     end
-    #     clone.save!
-    #   end
-    # end
+    let!(:workbench){ create :workbench }
+
+    let(:saved_clone) do
+      clone.tap do |clone|
+        clone.organisation = workbench.organisation
+        clone.workbench = workbench
+        clone.metadatas = [create(:referential_metadata, referential: clone)]
+        clone.save!
+      end
+    end
+
+    it 'should create a Referential' do
+      ref
+      expect { saved_clone }.to change{Referential.count}.by(1)
+    end
 
     xit 'should create a ReferentialCloning' do
       expect { saved_clone }.to change{ReferentialCloning.count}.by(1)
diff --git a/spec/views/referentials/show.html.erb_spec.rb b/spec/views/referentials/show.html.erb_spec.rb
index a7f37d180..82328cb8e 100644
--- a/spec/views/referentials/show.html.erb_spec.rb
+++ b/spec/views/referentials/show.html.erb_spec.rb
@@ -11,6 +11,7 @@ describe "referentials/show", type: :view do
   let(:organisation){ referential.try(:organisation) }
   let(:permissions){ [] }
   let(:current_organisation) { organisation }
+  let(:organisation) { referential.organisation }
   let(:readonly){ false }
 
   before :each do
author	Luc Donnet	2018-03-02 11:15:23 +0100
committer	GitHub	2018-03-02 11:15:23 +0100
commit	a6de378529be7ca51ba2d1d7a8f03df263f3d2a8 (patch)
tree	2be36e14e00afed1d934de285f7c0e412fb6b78a /spec
parent	f6f29efdac828a8d44130868215307daa1ab07c3 (diff)
parent	63ab2c81b292fe18c28f9f22232ad3cb712a9717 (diff)
download	chouette-core-a6de378529be7ca51ba2d1d7a8f03df263f3d2a8.tar.bz2