From ea53faeb3f62a6c656631100a064c0945a3873cb Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Mon, 17 Feb 2025 04:25:25 -0500 Subject: [PATCH] Convert `admin/users/roles` spec controller->system/request (#33930) --- .../admin/users/roles_controller_spec.rb | 77 ------------------- spec/requests/admin/users/roles_spec.rb | 28 +++++++ spec/system/admin/users/roles_spec.rb | 38 +++++++++ 3 files changed, 66 insertions(+), 77 deletions(-) delete mode 100644 spec/controllers/admin/users/roles_controller_spec.rb create mode 100644 spec/system/admin/users/roles_spec.rb diff --git a/spec/controllers/admin/users/roles_controller_spec.rb b/spec/controllers/admin/users/roles_controller_spec.rb deleted file mode 100644 index a7d59181d6..0000000000 --- a/spec/controllers/admin/users/roles_controller_spec.rb +++ /dev/null @@ -1,77 +0,0 @@ -# frozen_string_literal: true - -require 'rails_helper' - -RSpec.describe Admin::Users::RolesController do - render_views - - let(:current_role) { UserRole.create(name: 'Foo', permissions: UserRole::FLAGS[:manage_roles], position: 10) } - let(:current_user) { Fabricate(:user, role: current_role) } - - let(:previous_role) { nil } - let(:user) { Fabricate(:user, role: previous_role) } - - before do - sign_in current_user, scope: :user - end - - describe 'GET #show' do - before do - get :show, params: { user_id: user.id } - end - - it 'returns http success' do - expect(response).to have_http_status(:success) - end - - context 'when target user is higher ranked than current user' do - let(:previous_role) { UserRole.create(name: 'Baz', permissions: UserRole::FLAGS[:administrator], position: 100) } - - it 'returns http forbidden' do - expect(response).to have_http_status(403) - end - end - end - - describe 'PUT #update' do - let(:selected_role) { UserRole.create(name: 'Bar', permissions: permissions, position: position) } - - before do - put :update, params: { user_id: user.id, user: { role_id: selected_role.id } } - end - - context 'with manage roles permissions' do - let(:permissions) { UserRole::FLAGS[:manage_roles] } - let(:position) { 1 } - - it 'updates user role and redirects' do - expect(user.reload.role_id).to eq selected_role&.id - - expect(response).to redirect_to(admin_account_path(user.account_id)) - end - end - - context 'when selected role has higher position than current user\'s role' do - let(:permissions) { UserRole::FLAGS[:administrator] } - let(:position) { 100 } - - it 'does not update user role and renders edit' do - expect(user.reload.role_id).to eq previous_role&.id - - expect(response).to render_template(:show) - end - end - - context 'when target user is higher ranked than current user' do - let(:previous_role) { UserRole.create(name: 'Baz', permissions: UserRole::FLAGS[:administrator], position: 100) } - let(:permissions) { UserRole::FLAGS[:manage_roles] } - let(:position) { 1 } - - it 'does not update user role and returns http forbidden' do - expect(user.reload.role_id).to eq previous_role&.id - - expect(response).to have_http_status(403) - end - end - end -end diff --git a/spec/requests/admin/users/roles_spec.rb b/spec/requests/admin/users/roles_spec.rb index b39e3f8bae..fb88e4c87a 100644 --- a/spec/requests/admin/users/roles_spec.rb +++ b/spec/requests/admin/users/roles_spec.rb @@ -3,6 +3,34 @@ require 'rails_helper' RSpec.describe 'Admin Users Roles' do + context 'when target user is higher ranked than current user' do + let(:current_role) { UserRole.create(name: 'Foo', permissions: UserRole::FLAGS[:manage_roles], position: 10) } + let(:current_user) { Fabricate(:user, role: current_role) } + + let(:previous_role) { UserRole.create(name: 'Baz', permissions: UserRole::FLAGS[:administrator], position: 100) } + let(:user) { Fabricate(:user, role: previous_role) } + + before { sign_in(current_user) } + + describe 'GET /admin/users/:user_id/role' do + it 'returns http forbidden' do + get admin_user_role_path(user.id) + + expect(response) + .to have_http_status(403) + end + end + + describe 'PUT /admin/users/:user_id/role' do + it 'returns http forbidden' do + put admin_user_role_path(user.id) + + expect(response) + .to have_http_status(403) + end + end + end + describe 'PUT /admin/users/:user_id/role' do before { sign_in Fabricate(:admin_user) } diff --git a/spec/system/admin/users/roles_spec.rb b/spec/system/admin/users/roles_spec.rb new file mode 100644 index 0000000000..8b163c4d79 --- /dev/null +++ b/spec/system/admin/users/roles_spec.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe 'Admin Users Roles' do + let(:current_role) { UserRole.create(name: 'Foo', permissions: UserRole::FLAGS[:manage_roles], position: 10) } + let(:current_user) { Fabricate(:user, role: current_role) } + + let(:previous_role) { nil } + let(:user) { Fabricate(:user, role: previous_role) } + + before do + sign_in current_user, scope: :user + end + + describe 'Managing user roles' do + let!(:too_high_role) { UserRole.create(name: 'TooHigh', permissions: UserRole::FLAGS[:administrator], position: 100) } + let!(:usable_role) { UserRole.create(name: 'Usable', permissions: UserRole::FLAGS[:manage_roles], position: 1) } + + it 'selects and updates user roles' do + visit admin_user_role_path(user) + expect(page) + .to have_title I18n.t('admin.accounts.change_role.title', username: user.account.username) + + # Fails to assign not allowed role + select too_high_role.name, from: 'user_role_id' + expect { click_on submit_button } + .to_not(change { user.reload.role_id }) + expect(page) + .to have_title I18n.t('admin.accounts.change_role.title', username: user.account.username) + + # Assigns allowed role + select usable_role.name, from: 'user_role_id' + expect { click_on submit_button } + .to(change { user.reload.role_id }.to(usable_role.id)) + end + end +end