require 'rails_helper' describe ProfilesController do fixtures :all describe 'GET index' do describe 'When logged in as Administrator' do login_fixture_admin it 'assigns all profiles as @profiles' do get :index Sunspot.session.should be_a_search_for(Profile) Sunspot.session.should have_search_params(:fulltext, '') assigns(:profiles).should_not be_nil end end describe 'When logged in as Librarian' do login_fixture_librarian it 'assigns all profiles as @profiles' do get :index Sunspot.session.should be_a_search_for(Profile) Sunspot.session.should have_search_params(:fulltext, '') assigns(:profiles).should_not be_nil end it 'should get index with query' do get :index, params: { query: 'user1' } response.should be_success Sunspot.session.should be_a_search_for(Profile) Sunspot.session.should have_search_params(:fulltext, 'user1') assigns(:profiles).should_not be_nil end it 'should get sorted index' do get :index, params: { query: 'user1', sort_by: 'username', order: 'desc' } response.should be_success Sunspot.session.should be_a_search_for(Profile) Sunspot.session.should have_search_params(:fulltext, 'user1') Sunspot.session.should have_search_params(:order_by, :username, :desc) assigns(:profiles).should_not be_nil end end describe 'When logged in as User' do login_fixture_user it 'assigns all profiles as @profiles' do get :index assigns(:profiles).should be_nil response.should be_forbidden end end describe 'When not logged in' do it 'assigns all profiles as @profiles' do get :index assigns(:profiles).should be_nil response.should redirect_to(new_user_session_url) end end end describe 'GET show' do describe 'When logged in as Administrator' do login_fixture_admin it 'assigns the requested user as @profile' do get :show, params: { id: profiles(:admin).id } assigns(:profile).should eq(profiles(:admin)) end it 'assigns the another requested user as @profile' do admin_profile = FactoryGirl.create :admin_profile get :show, params: { id: admin_profile.id } expect(response).not_to be_forbidden expect(assigns(:profile)).to eq admin_profile end end describe 'When logged in as Librarian' do login_fixture_librarian it 'assigns the requested user as @profile' do get :show, params: { id: profiles(:librarian1).id } assigns(:profile).should eq(profiles(:librarian1)) end it 'should not assign the requested user as @admin' do admin = FactoryGirl.create(:admin_profile) get :show, params: { id: admin.id } response.should be_forbidden end it 'should assign the requested user as @librarian' do librarian = FactoryGirl.create(:librarian_profile) get :show, params: { id: librarian.id } response.should_not be_forbidden assigns(:profile).should eq librarian end end describe 'When logged in as User' do login_fixture_user it 'assigns the requested user as @profile' do get :show, params: { id: profiles(:user1).id } assigns(:profile).should eq(profiles(:user1)) end it 'should redirect to my user account' do get :show, params: { id: profiles(:user1).id } assert_redirected_to my_account_url end it "should show other user's account" do get :show, params: { id: profiles(:admin).id } assigns(:profile).should eq(profiles(:admin)) response.should be_forbidden end end describe 'When not logged in' do it 'assigns the requested user as @profile' do get :show, params: { id: profiles(:admin).id } assigns(:profile).should eq(profiles(:admin)) response.should redirect_to(new_user_session_url) end end end describe 'GET new' do describe 'When logged in as Administrator' do login_fixture_admin it 'assigns the requested user as @profile' do get :new assigns(:profile).should_not be_valid end end describe 'When logged in as Librarian' do login_fixture_librarian it 'should not assign the requested user as @profile' do get :new assigns(:profile).should_not be_valid end end describe 'When logged in as User' do login_fixture_user it 'should not assign the requested user as @profile' do get :new assigns(:profile).should be_nil response.should be_forbidden end end describe 'When not logged in' do it 'should not assign the requested user as @profile' do get :new assigns(:profile).should be_nil response.should redirect_to(new_user_session_url) end end end describe 'GET edit' do describe 'When logged in as Administrator' do login_fixture_admin it 'assigns the requested user as @profile' do profile = FactoryGirl.create(:profile) get :edit, params: { id: profile.id } assigns(:profile).should eq(profile) end end describe 'When logged in as Librarian' do login_fixture_librarian it 'should assign the requested user as @profile' do profile = FactoryGirl.create(:profile) get :edit, params: { id: profile.id } assigns(:profile).should eq(profile) end it 'should not get edit page for admin required user' do admin = FactoryGirl.create(:admin_profile) get :edit, params: { id: admin.id } response.should be_forbidden # assigns(:profile).should_not eq(admin) end it 'should get edit page for other librarian user' do librarian = FactoryGirl.create(:librarian_profile) get :edit, params: { id: librarian.id } response.should_not be_forbidden assigns(:profile).should eq librarian end it 'should get edit page for other librarian user' do admin = FactoryGirl.create(:admin_profile, required_role_id: Role.where(name: 'Librarian').first.id) get :edit, params: { id: admin.id } response.should be_forbidden assigns(:profile).should eq admin end end describe 'When logged in as User' do login_fixture_user it 'should not assign the requested user as @profile' do profile = FactoryGirl.create(:profile) get :edit, params: { id: profile.id } assigns(:profile).should eq(profile) response.should be_forbidden end it 'should edit myself' do get :edit, params: { id: profiles(:user1).id } response.should redirect_to edit_my_account_url end end describe 'When not logged in' do it 'should not assign the requested user as @profile' do profile = FactoryGirl.create(:profile) get :edit, params: { id: profile.id } assigns(:profile).should eq(profile) response.should redirect_to(new_user_session_url) end end end describe 'POST create' do before(:each) do @attrs = FactoryGirl.attributes_for(:profile) @invalid_attrs = { user_group_id: '', user_number: '日本語' } end describe 'When logged in as Administrator' do login_fixture_admin describe 'with valid params' do it 'assigns a newly created user as @profile' do post :create, params: { profile: @attrs } assigns(:profile).should be_valid end it 'redirects to the created user' do post :create, params: { profile: @attrs } response.should redirect_to(profile_url(assigns(:profile))) end end describe 'with invalid params' do it 'assigns a newly created but unsaved user as @profile' do post :create, params: { profile: @invalid_attrs } assigns(:profile).should_not be_valid end it "re-renders the 'new' template" do post :create, params: { profile: @invalid_attrs } response.should render_template('new') end end end describe 'When logged in as Librarian' do login_fixture_librarian describe 'with valid params' do it 'assigns a newly created user as @profile' do post :create, params: { profile: @attrs } assigns(:profile).should be_valid end it 'redirects to the created user' do post :create, params: { profile: @attrs } response.should redirect_to(profile_url(assigns(:profile))) end end describe 'with invalid params' do it 'assigns a newly created but unsaved user as @profile' do post :create, params: { profile: @invalid_attrs } assigns(:profile).should_not be_valid end it "re-renders the 'new' template" do post :create, params: { profile: @invalid_attrs } response.should render_template('new') end end end describe 'When logged in as User' do login_fixture_user it 'should not create user' do post :create, params: { profile: { username: 'test10' } } assigns(:profile).should be_nil response.should be_forbidden end end describe 'When not logged in' do it 'should not create user' do post :create, params: { profile: { username: 'test10' } } response.should redirect_to new_user_session_url end end end describe 'PUT update' do before(:each) do @profile = profiles(:user1) @attrs = { user_group_id: user_groups(:user_group_00003).id, locale: 'en' } @invalid_attrs = { user_group_id: '', user_number: '日本語' } end describe 'When logged in as Administrator' do login_fixture_admin describe 'with valid params' do it 'updates the requested user' do put :update, params: { id: @profile.id, profile: @attrs } end it 'assigns the requested user as @profile' do put :update, params: { id: @profile.id, profile: @attrs } assigns(:profile).should eq(@profile) end it 'redirects to the user' do put :update, params: { id: @profile.id, profile: @attrs } assigns(:profile).should eq(@profile) response.should redirect_to(@profile) end end describe 'with invalid params' do it 'assigns the requested user as @profile' do put :update, params: { id: @profile.id, profile: @invalid_attrs } assigns(:profile).should eq(@profile) end it "re-renders the 'edit' template" do put :update, params: { id: @profile, profile: @invalid_attrs } response.should render_template('edit') end end it "should update other user's role" do put :update, params: { id: profiles(:user1).id, profile: { user_attributes: { user_has_role_attributes: { role_id: 4 }, email: profiles(:user1).user.email, locale: 'en', id: profiles(:user1).user.id } } } response.should redirect_to profile_url(assigns(:profile)) assigns(:profile).reload assigns(:profile).user.role.should eq Role.where(name: 'Administrator').first end end describe 'When logged in as Librarian' do login_fixture_librarian describe 'with valid params' do it 'updates the requested user' do put :update, params: { id: @profile.id, profile: @attrs } end it 'assigns the requested user as @profile' do put :update, params: { id: @profile.id, profile: @attrs } assigns(:profile).should eq(@profile) end it 'redirects to the user' do put :update, params: { id: @profile.id, profile: @attrs } assigns(:profile).should eq(@profile) response.should redirect_to(@profile) end end describe 'with invalid params' do it 'assigns the user as @profile' do put :update, params: { id: @profile, profile: @invalid_attrs } assigns(:profile).should_not be_valid end it "re-renders the 'edit' template" do put :update, params: { id: @profile, profile: @invalid_attrs } response.should render_template('edit') end end it 'should update other user' do put :update, params: { id: profiles(:user1).id, profile: { user_number: '00003', locale: 'en', user_group_id: user_groups(:user_group_00003).id, library_id: libraries(:library_00003).id, note: 'test' } } response.should redirect_to profile_url(assigns(:profile)) end it 'should not update other admin' do put :update, params: { id: profiles(:admin).id, profile: { user_number: '00003', locale: 'en', user_group_id: user_groups(:user_group_00003).id, library_id: libraries(:library_00003).id, note: 'test' } } response.should be_forbidden end it "should update other user's user_group" do put :update, params: { id: profiles(:user1).id, profile: { user_group_id: user_groups(:user_group_00003).id, library_id: libraries(:library_00003).id, locale: 'en' } } response.should redirect_to profile_url(assigns(:profile)) assigns(:profile).user_group_id.should eq user_groups(:user_group_00003).id end it "should update other user's note" do put :update, params: { id: profiles(:user1).id, profile: { user_group_id: user_groups(:user_group_00003).id, library_id: libraries(:library_00003).id, note: 'test', locale: 'en' } } response.should redirect_to profile_url(assigns(:profile)) assert_equal assigns(:profile).note, 'test' end it "should update other user's locked status" do put :update, params: { id: profiles(:user1).id, profile: { user_attributes: { id: 3, locked: '1', username: 'user1' } } } response.should redirect_to profile_url(assigns(:profile)) assigns(:profile).user.locked_at.should be_truthy assigns(:profile).user.access_locked?.should be_truthy end end describe 'When logged in as User' do login_fixture_user describe 'with valid params' do it 'updates the requested user' do put :update, params: { id: @profile.id, profile: @attrs } end it 'assigns the requested user as @profile' do put :update, params: { id: @profile.id, profile: @attrs } assigns(:profile).should be_valid response.should redirect_to profile_url(assigns(:profile)) end end describe 'with invalid params' do it 'assigns the requested user as @profile' do put :update, params: { id: @profile.id, profile: @invalid_attrs } # assigns(:profile).should_not be_valid # response.should be_success assigns(:profile).should be_valid response.should redirect_to profile_url(assigns(:profile)) end end it 'should update myself' do put :update, params: { id: profiles(:user1).id, profile: { keyword_list: 'test' } } response.should redirect_to profile_url(assigns(:profile)) end it 'should not update my role' do put :update, params: { id: profiles(:user1).id, profile: { user_has_role_attributes: { role_id: 4 } } } response.should redirect_to profile_url(assigns(:profile)) assigns(:profile).user.role.should_not eq Role.where(name: 'Administrator').first end it 'should not update my user_group' do put :update, params: { id: profiles(:user1).id, profile: { user_group_id: user_groups(:user_group_00003).id, library_id: libraries(:library_00003).id } } response.should redirect_to profile_url(assigns(:profile)) assigns(:profile).user_group_id.should eq user_groups(:user_group_00001).id end it 'should not update my note' do put :update, params: { id: profiles(:user1).id, profile: { user_group_id: user_groups(:user_group_00003).id, library_id: libraries(:library_00003).id, note: 'test' } } response.should redirect_to profile_url(assigns(:profile)) assigns(:profile).note.should be_nil end it 'should update my keyword_list' do put :update, params: { id: profiles(:user1).id, profile: { keyword_list: 'test' } } response.should redirect_to profile_url(assigns(:profile)) assigns(:profile).keyword_list.should eq 'test' assigns(:profile).user.role.name.should eq 'User' end it 'should not update other user' do put :update, params: { id: profiles(:user2).id, profile: {} } assigns(:profile).should be_valid response.should be_forbidden end end describe 'When not logged in' do describe 'with valid params' do it 'updates the requested user' do put :update, params: { id: @profile.id, profile: @attrs } end it 'should be forbidden' do put :update, params: { id: @profile.id, profile: @attrs } response.should redirect_to(new_user_session_url) end end describe 'with invalid params' do it 'assigns the requested user as @profile' do put :update, params: { id: @profile.id, profile: @invalid_attrs } response.should redirect_to(new_user_session_url) end end end end describe 'DELETE destroy' do before(:each) do @profile = FactoryGirl.create(:profile) end describe 'When logged in as Administrator' do login_fixture_admin it 'destroys the requested user' do delete :destroy, params: { id: @profile.id } end it 'redirects to the profiles list' do delete :destroy, params: { id: @profile.id } response.should redirect_to(profiles_url) end it 'should destroy librarian' do delete :destroy, params: { id: FactoryGirl.create(:librarian).profile.id } response.should redirect_to(profiles_url) end end describe 'When logged in as Librarian' do login_fixture_librarian it 'destroys the requested user' do delete :destroy, params: { id: @profile.id } response.should redirect_to(profiles_url) end it 'redirects to the profiles list' do delete :destroy, params: { id: @profile.id } response.should redirect_to(profiles_url) end it 'should not destroy librarian' do delete :destroy, params: { id: FactoryGirl.create(:librarian_profile).id } response.should be_forbidden end it 'should not destroy admin' do delete :destroy, params: { id: profiles(:admin).id } response.should be_forbidden end it 'should not destroy myself' do delete :destroy, params: { id: profiles(:librarian1).id } response.should be_forbidden end it 'should not be able to delete other librarian user' do delete :destroy, params: { id: FactoryGirl.create(:librarian_profile).id } response.should be_forbidden end end describe 'When logged in as User' do login_fixture_user it 'destroys the requested user' do delete :destroy, params: { id: @profile.id } end it 'should be forbidden' do delete :destroy, params: { id: @profile.id } response.should be_forbidden end it 'should not destroy myself' do delete :destroy, params: { id: profiles(:user1).id } response.should be_forbidden end end describe 'When not logged in' do it 'destroys the requested user' do delete :destroy, params: { id: @profile.id } response.should redirect_to(new_user_session_url) end it 'should be forbidden' do delete :destroy, params: { id: @profile.id } response.should redirect_to(new_user_session_url) end end end end