WIP Refactor applications controllers

- Add structure to the tests so the contexts are easier to navigate than with long `should` descriptions - Use stubbed policies in the account applications controller so we aren't testing/making assumptions about the policy TODO: finish cleanup up account applications controller index tests
alphagov · Jul 12, 2024 · 63ea311 · 63ea311
1 parent 7a12f09
commit 63ea311
Show file tree

Hide file tree

Showing 2 changed files with 124 additions and 165 deletions.
diff --git a/test/controllers/account/applications_controller_test.rb b/test/controllers/account/applications_controller_test.rb
@@ -12,23 +12,39 @@ class Account::ApplicationsControllerTest < ActionController::TestCase
       assert_redirected_to "/users/sign_in"
     end
 
-    should "redirect authenticated users to /accounts/applications" do
-      user = create(:admin_user)
+    should "prevent unauthorised users" do
+      user = create(:user)
+      sign_in user
+
+      stub_policy user, [:account, Doorkeeper::Application], show?: false
+
+      get :show, params: { id: @application.id }
+
+      assert_not_authorised
+    end
 
+    should "redirect authenticated users to the index path" do
+      user = create(:user)
       sign_in user
 
+      stub_policy user, [:account, Doorkeeper::Application], show?: true
+
       get :show, params: { id: @application.id }
 
       assert_redirected_to "/account/applications"
     end
   end
 
   context "#index" do
+    # can we break this down by stubbed authorisation instead of making a condition for everything that affects the policy? We're arguably double testing the policy buy replicating all of its conditions here
+
     context "logged in as a GOV.UK admin" do
       setup do
-        @user = create(:admin_user)
+        @user = create(:user)
       end
 
+      # add view permissions
+
       should "display the button to grant access to an application" do
         application = create(:application, name: "app-name")
         sign_in @user
@@ -72,6 +88,7 @@ class Account::ApplicationsControllerTest < ActionController::TestCase
         assert_select "a[href='#{edit_account_application_permissions_path(application)}']", count: 0
       end
 
+      # should the next two be in the publishing manager tests too? Can we DRY things up at all?
       should "not display a retired application" do
         create(:application, name: "retired-app-name", retired: true)
         sign_in @user
@@ -97,6 +114,8 @@ class Account::ApplicationsControllerTest < ActionController::TestCase
         @user = create(:organisation_admin_user)
       end
 
+      # update view permissions logic
+
       should "not display the button to grant access to an application" do
         sign_in @user