describe Spotlight::ContactEmailController, type: :controller do routes { Spotlight::Engine.routes } let(:contact_email) { FactoryBot.create(:contact_email) } context 'when not logged in' do describe 'DELETE destroy' do it 'redirects to the login page' do # note about odd behavior: it was discovered in testing that if format: :json is explicitly specified here, the user is redirected # to login on rails 4, but gets a 401 on rails 5. we suspect differing CanCan behavior, but didn't investigate in depth. delete :destroy, params: { id: contact_email, exhibit_id: contact_email.exhibit } # custom logic in ApplicationController redirects user to app login page on CanCan::AccessDenied if user can't read current exhibit expect(response).to redirect_to main_app.new_user_session_path end end end context 'when logged in' do before { sign_in user } context 'as a visitor' do let(:user) { FactoryBot.create(:exhibit_visitor) } describe 'DELETE destroy' do it 'redirects to the home page' do delete :destroy, params: { id: contact_email, exhibit_id: contact_email.exhibit } # custom logic in ApplicationController redirects user to app root on CanCan::AccessDenied if user's allowed to view current exhibit expect(response).to redirect_to main_app.root_path end end end context 'as an exhibit curator' do let(:user) { FactoryBot.create(:exhibit_curator, exhibit: contact_email.exhibit) } describe 'DELETE destroy' do it 'redirects to the home page' do delete :destroy, params: { id: contact_email, exhibit_id: contact_email.exhibit } # custom logic in ApplicationController redirects user to app root on CanCan::AccessDenied if user's allowed to view current exhibit expect(response).to redirect_to main_app.root_path end end end context 'as an exhibit admin' do let(:user) { FactoryBot.create(:exhibit_admin, exhibit: contact_email.exhibit) } describe 'DELETE destroy' do it 'is successful when the record exists' do delete :destroy, params: { id: contact_email, exhibit_id: contact_email.exhibit } expect(response).to be_successful expect(JSON.parse(response.body)).to eq('success' => true, 'error' => nil) end it 'gives a 404 with appropriate message when the record no longer exists' do contact_email.destroy delete :destroy, params: { id: contact_email, exhibit_id: contact_email.exhibit } expect(response.status).to eq 404 expect(JSON.parse(response.body)).to eq('success' => false, 'error' => 'Not Found') end end end end end