Skip to content

Commit

Permalink
Add delegatable permissions integration tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@yndajas
yndajas committed Aug 9, 2024
1 parent 89e088f commit 4122286
Show file tree
Hide file tree
Showing 2 changed files with 161 additions and 8 deletions.
99 changes: 91 additions & 8 deletions test/integration/account_applications_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,17 +156,76 @@ class AccountApplicationsTest < ActionDispatch::IntegrationTest
end
end

%i[superadmin admin super_organisation_admin organisation_admin].each do |user_role|
context "as a #{user_role}" do
%i[superadmin admin].each do |admin_role|
context "as a #{admin_role}" do
setup do
@application = create(:application, name: "app-name")
@user = create(:"#{admin_role}_user", with_signin_permissions_for: [@application])

visit new_user_session_path
signin_with @user
end

should "support granting self app-specific permissions" do
user = create(:"#{user_role}_user")
application = create(:application, name: "app-name", description: "app-description", with_non_delegatable_supported_permissions: %w[perm1 perm2])
application.signin_permission.update!(delegatable: true)
user.grant_application_signin_permission(application)
user.grant_application_permission(application, "perm1")
create(:supported_permission, application: @application, name: "perm1")
create(:supported_permission, application: @application, name: "perm2")
@user.grant_application_permission(@application, "perm1")

visit account_applications_path

click_on "Update permissions for app-name"

assert page.has_checked_field?("perm1")
assert page.has_unchecked_field?("perm2")

check "perm2"
click_button "Update permissions"

success_flash = find("div[role='alert']")
assert success_flash.has_content?("perm1")
assert success_flash.has_content?("perm2")
end

should "be able to grant delegatable and non-delegatable permissions" do
create(:delegatable_supported_permission, application: @application, name: "delegatable_perm")
create(:non_delegatable_supported_permission, application: @application, name: "non_delegatable_perm")

visit account_applications_path

click_link "Update permissions for app-name"

assert page.has_field?("delegatable_perm")
assert page.has_field?("non_delegatable_perm")
end

should "not be able to grant permissions that are not grantable_from_ui" do
create(:supported_permission, application: @application, grantable_from_ui: true, name: "grantable_from_ui_perm")
create(:supported_permission, application: @application, grantable_from_ui: false, name: "not_grantable_from_ui_perm")

visit account_applications_path

click_link "Update permissions for app-name"

assert page.has_field?("grantable_from_ui_perm")
assert page.has_no_field?("not_grantable_from_ui_perm")
end
end
end

%i[super_organisation_admin organisation_admin].each do |publishing_manager_role|
context "as a #{publishing_manager_role}" do
setup do
@application = create(:application, name: "app-name")
@user = create(:"#{publishing_manager_role}_user", with_signin_permissions_for: [@application])

visit new_user_session_path
signin_with user
signin_with @user
end

should "support granting self app-specific permissions" do
create(:delegatable_supported_permission, application: @application, name: "perm1")
create(:delegatable_supported_permission, application: @application, name: "perm2")
@user.grant_application_permission(@application, "perm1")

visit account_applications_path

Expand All @@ -182,6 +241,30 @@ class AccountApplicationsTest < ActionDispatch::IntegrationTest
assert success_flash.has_content?("perm1")
assert success_flash.has_content?("perm2")
end

should "not be able to grant permissions that are non-delegatable" do
create(:delegatable_supported_permission, application: @application, name: "delegatable_perm")
create(:non_delegatable_supported_permission, application: @application, name: "non_delegatable_perm")

visit account_applications_path

click_link "Update permissions for app-name"

assert page.has_field?("delegatable_perm")
assert page.has_no_field?("non_delegatable_perm")
end

should "not be able to grant permissions that are not grantable_from_ui" do
create(:delegatable_supported_permission, application: @application, grantable_from_ui: true, name: "grantable_from_ui_perm")
create(:delegatable_supported_permission, application: @application, grantable_from_ui: false, name: "not_grantable_from_ui_perm")

visit account_applications_path

click_link "Update permissions for app-name"

assert page.has_field?("grantable_from_ui_perm")
assert page.has_no_field?("not_grantable_from_ui_perm")
end
end
end

Expand Down
70 changes: 70 additions & 0 deletions test/integration/granting_permissions_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,23 @@ class GrantingPermissionsTest < ActionDispatch::IntegrationTest
assert_not_includes @user.permissions_for(app), "never"
end

should "be able to grant delegatable and non-delegatable permissions" do
app = create(
:application,
name: "MyApp",
with_delegatable_supported_permissions: %w[delegatable_perm],
with_non_delegatable_supported_permissions: %w[non_delegatable_perm],
)
@user.grant_application_signin_permission(app)

visit edit_user_path(@user)
click_link "Manage permissions"
click_link "Update permissions for MyApp"

assert page.has_field?("delegatable_perm")
assert page.has_field?("non_delegatable_perm")
end

should "not be able to grant permissions that are not grantable_from_ui" do
app = create(
:application,
Expand Down Expand Up @@ -97,6 +114,23 @@ class GrantingPermissionsTest < ActionDispatch::IntegrationTest
assert_not_includes @user.permissions_for(app), "never"
end

should "be able to grant delegatable and non-delegatable permissions" do
app = create(
:application,
name: "MyApp",
with_delegatable_supported_permissions: %w[delegatable_perm],
with_non_delegatable_supported_permissions: %w[non_delegatable_perm],
)
@user.grant_application_signin_permission(app)

visit edit_user_path(@user)
click_link "Manage permissions"
click_link "Update permissions for MyApp"

assert page.has_field?("delegatable_perm")
assert page.has_field?("non_delegatable_perm")
end

should "not be able to grant permissions that are not grantable_from_ui" do
app = create(
:application,
Expand Down Expand Up @@ -175,6 +209,24 @@ class GrantingPermissionsTest < ActionDispatch::IntegrationTest
assert_not_includes @user.permissions_for(app), "never"
end

should "not be able to grant permissions that are non-delegatable" do
app = create(
:application,
name: "MyApp",
with_delegatable_supported_permissions: %w[delegatable_perm],
with_non_delegatable_supported_permissions: %w[non_delegatable_perm],
)
@super_org_admin.grant_application_signin_permission(app)
@user.grant_application_signin_permission(app)

visit edit_user_path(@user)
click_link "Manage permissions"
click_link "Update permissions for MyApp"

assert page.has_field?("delegatable_perm")
assert page.has_no_field?("non_delegatable_perm")
end

should "not be able to grant permissions that are not grantable_from_ui" do
app = create(
:application,
Expand Down Expand Up @@ -254,6 +306,24 @@ class GrantingPermissionsTest < ActionDispatch::IntegrationTest
assert_not_includes @user.permissions_for(app), "never"
end

should "not be able to grant permissions that are non-delegatable" do
app = create(
:application,
name: "MyApp",
with_delegatable_supported_permissions: %w[delegatable_perm],
with_non_delegatable_supported_permissions: %w[non_delegatable_perm],
)
@organisation_admin.grant_application_signin_permission(app)
@user.grant_application_signin_permission(app)

visit edit_user_path(@user)
click_link "Manage permissions"
click_link "Update permissions for MyApp"

assert page.has_field?("delegatable_perm")
assert page.has_no_field?("non_delegatable_perm")
end

should "not be able to grant permissions that are not grantable_from_ui" do
app = create(
:application,
Expand Down

0 comments on commit 4122286

Please sign in to comment.